RSA and Cisco released the second annual Findings Report from the RSA Conference® 2020 Security Operations Center (SOC).
The RSA® Conference SOC analyzes the Moscone Center wireless traffic, which is an open network during the week of the Conference.
The role of the SOC at RSA Conference is an educational exhibit sponsored by RSA and Cisco. It has elements of SOC like you would create to protect an organization. The RSAC SOC coordinated with the Moscone Center Network Operation Center for a SPAN of the network traffic from the Moscone Center wireless network. In addition to the copy in real time of the traffic traversing the wireless network, the SOC had automated malware analysis, threat intelligence, DNS visibility and Intrusion Detection. There was no endpoint security, as in a production SOC environment.
The goal of the RSAC SOC is to use technology to educate conference attendees about what happens on a typical wireless network. The education comes in the form of daily SOC tours, an RSA Conference session, RSAC Day Four wrap-up, an interview with ITSP Magazine in the SOC, and a podcast.
The findings report addresses several security topics, including:
- Plain text passwords
- Unencrypted network traffic
- Mobile devices
- Malware analysis
- DNS security
- App security
- Intrusion Detection…and more
We plan to be back for RSAC 2021, pandemic allowing.
Acknowledgements: Special thanks to Neal R. Wyler and Percy Tucker of RSA Security, Michael Auger of Cisco Security and to the team members of the RSA and Cisco SOC staff.