RSA and Cisco released the first ever Findings Report from the RSA Conference 2019 Security Operations Center (SOC).

The RSA® Conference SOC analyzes the Moscone Center wireless traffic, which is an open network during the week of the Conference. The SOC began collecting traffic on Monday, March 4, 2019 and through 4:00PM Thursday, March 7, 2019.  There were 70,440,988 sessions throughout this period.

The role of the SOC at RSA Conference is an educational exhibit sponsored by RSA and Cisco. It is not a true SOC like you would create to protect an organization. The RSAC SOC doesn’t have an infrastructure at the Moscone Center and only has a SPAN of the network traffic from the Moscone Center wireless network. There are not any logs, firewalls or endpoint protection infrastructure; just a copy in real time of the traffic traversing the wireless network.

The goal of the RSAC SOC is to use technology to educate conference attendees about what happens on a typical wireless network. The education comes in the form of daily SOC tours, an RSA Conference session and after the event, a RSA Conference virtual webcast reviewed the findings and a Cisco Security webinar on the technology in the SOC.

This year did have encouraging metrics in that our encrypted traffic increased over last year. Keep it up! Use a VPN!

The findings report addresses several security topics, including:

  • Plain text passwords
  • Unencrypted network traffic
  • Malware
  • DNS security
  • Cryptomining…and more

We will be back in 2020 and we’ll report once again how we’re doing as a community.


Download the RSA Conference 2019: Lessons from Monitoring the Wireless Network report here.

Acknowledgements: Special thanks to Neal R. Wyler and Percy Tucker of RSA Security; and to the team members of the RSA and Cisco SOC staff.

As always, we welcome your comments below. Did anything in the report surprise you? Are you in the process of setting up a SOC?


Jessica Bair

Director, Cisco Secure Strategic Alliances

Advanced Threat Solutions