For October Cybersecurity Awareness month, Cisco and NetWitness released the Security Operations Center (SOC) Findings Report from RSA Conference (RSAC) 2024.
Since 2017, the SOC has been an educational exhibit at RSAC. The purpose is to monitor the network activity during the event and provide SOC tours and a session during the conference. From the tours and session — and this Findings Report published by sponsors Cisco and NetWitness — you can learn about what happens on an open, unsecured wireless network. The network infrastructure at RSAC is managed by the Moscone Center. You can watch the replay of the 2024 session.
The technology stack in the SOC at RSAC continues to evolve. In 2024, we deployed the NetWitness platform, including NetWitness® Network, NetWitness® Logs and NetWitness® Orchestrator. We also utilized Secure Firewall and the Cisco Security Cloud (Cisco Breach Protection Suite, User Protection Suite and Cloud Protection Suite).
Incidents under investigation were correlated with threat intelligence, provided by Cisco Talos, and licenses provided by alphaMountain, IBM X-Force Exchange, Pulsedive and Recorded Future, and community sources.
For the first time in the SOC, Splunk Enterprise Security was used as a Security Incident and Event Management (SIEM) platform. Several integrations were enabled, including NetWitness NDR, Cisco Firewall logs and enrichment with Recorded Future, for investigations with Cisco XDR.
The Findings Report includes sections about:
- Technology used in the SOC at RSA Conference
- The Data, by NetWitness
- Integration and Threat Hunting
- Malware Analysis
- Security Incident and Event Management
- Intrusion Detection
- Security Cloud
- Conclusion
You can also check out the blog Operationalizing our custom “SOC in a Box” at the RSA Conference 2024, to learn more about the SOC hardware and topology.
Download the Security Operations Center Findings Report from RSA Conference 2024. You can also view the 2023 report. We look forward to seeing you in late April 2025!
Acknowledgements: Our appreciation to those who made the SOC at RSAC possible. Please see the Report for the engineering roles, thank you.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Security Social Channels
Instagram
Facebook
Twitter
LinkedIn