[ad_1]
Cisco and Endace have launched the Findings Report from the Security Operations Center (SOC) at RSAC™ 2025 Conference.
The companions used information from the Moscone Center Wireless Network to offer SOC companies. Since 2017, the aim of the SOC has been to observe the community exercise throughout the occasion and supply SOC excursions and classes throughout the convention. From the excursions and classes — and this Findings Report revealed by sponsors Cisco and Endace — you may find out about what occurs on an open, unsecure wi-fi community. The community infrastructure at RSAC is managed by the Moscone Center. You can watch the replay of the 2025 session.
The SOC Team at RSAC 2025 deployed the EndaceProbe packet seize platform, built-in with the suite of Cisco instruments. Also, SOC engineers used Cisco Security Cloud within the SOC, comprised of Cisco Breach Protection Suite and User Protection Suite, with the inspiration of Secure Firewall.
The Cloud Protection Suite was deployed to safe the SOC cloud infrastructure, together with Cisco Identity Intelligence and AI Defense.
Incidents have been investigated with risk intelligence, supplied by Cisco Talos, and licenses donated by alphaMountain & Pulsedive, together with group sources.
Endace, at all times on packet seize, was provisioned to report all Network site visitors, enabling full investigation of any anomalous conduct. Endace can also be producing Metadata (together with Zeek logs) and NetFlow information into Cisco Secure Network Analytics (SNA) and Splunk Platform. File content material was reconstructed on the fly by Endace, filtered, and streamed to Splunk Attack Analyzer and Cisco Secure Malware Analytics for sandboxing and evaluation.
Workflow integrations to Endace from inside Splunk Enterprise Security, Cisco XDR, SNA, and Secure Firewall, streamlined the work of the SOC staff when investigating potential incidents. Endace packet information was used to grasp exercise earlier than, throughout and after any alerts, establish lateral motion, potential C2 (command and management), seek for IOCs (Indicators of Compromise), and examine any critical threats that raised the staff members’ suspicions. No decryption was carried out on any community information or connections.
The Findings Report contains sections about:
- The Network
- Technology used within the SOC at RSAC Conference
- The Statistics
- Security Incident and Event Management
- XDR Integration and Threat Hunting
- Secure Access
- Intrusion Detection with Cisco Secure Firewall
- Tales of Insecurity
- Protecting the SOC Infrastructure
- Conclusion
Download the Findings Report from the Security Operations Center (SOC) at RSAC 2025 Conference. You also can view the 2024 report. We stay up for seeing you in late March 2026!
Acknowledgements: Our appreciation to those that made the SOC at RSAC doable. Please see the Report for the engineering roles, thanks.
We’d love to listen to what you suppose! Ask a query and keep related with Cisco Security on social media.
Cisco Security Social Media
Share: