Cisco is a proud companion of the Black Hat NOC (Community Operations Middle), because the Official Safety Cloud Supplier, celebrating our tenth yr defending Black Hat, the longest of any companion.
We work with different official suppliers to carry the {hardware}, software program and engineers to construct and safe the Black Hat USA community: Arista, Corelight, Lumen, and Palo Alto Networks.
The core goal of the NOC is to make sure steady community stability. Moreover, the companions ship seamless safety, complete visibility and automation by embedding a SOC (Safety Operations Middle) throughout the NOC, inbuilt Las Vegas in 5 days.
Screens positioned outdoors the NOC showcased companion dashboards, permitting attendees to observe the community site visitors’s quantity and safety standing in actual time.
Cisco grew to become a companion of the Black Hat NOC in 2016, initially providing automated malware evaluation by Menace Grid. Over time, Cisco’s position expanded to assist the evolving calls for of the Black Hat convention by integrating extra parts of the Cisco Safety Cloud into the community and safety operations.
Black Hat rigorously selects its community and safety trade companions; entry into the NOC is strictly by invitation solely, emphasizing companion range and a dedication to full collaboration. Our NOC group, composed of numerous applied sciences and organizations, is devoted to ongoing innovation and seamless integration to ship a complete SOC cybersecurity structure resolution.
At every convention, we see plain textual content knowledge on the community, as you’ll learn in our Black Hat USA blogs under. Because the malware evaluation supplier, we additionally deployed Splunk Assault Analyzer because the engine of engines, with recordsdata from Corelight and built-in it with Splunk Enterprise Safety.
The NOC management enabled Cisco and different companions to introduce extra software program and {hardware} options, enhancing our inside effectivity and increasing our visibility capabilities; nevertheless, Cisco is just not the official supplier for Prolonged Detection & Response, Safety Occasion and Incident Administration, Firewall, Community Detection & Response or Collaboration.
- Breach Safety Suite
- Cisco XDR: Menace Searching / Menace Intelligence Enrichment / Govt dashboards / Automation with Webex. The Cisco XDR Command Middle dashboard tiles made it simple to see the standing of every of the linked Cisco Safety applied sciences (try the XDR Menace Hunter’s Nook weblog by Adi Sankar)
- Cisco XDR Analytics (Previously Safe Cloud Analytics/Stealthwatch Cloud): Community site visitors visibility and menace detection (learn the Case Research blogs by Bilal Qamar under for examples)
- Splunk Cloud Platform and Splunk Enterprise Safety: Integrations and dashboards
- Cisco Webex: Incident notification and group collaboration
As well as, we deployed proof of worth tenants for safety:
We recognize alphaMountain.ai and Pulsedive donating full licenses to Cisco, to be used within the Black Hat USA 2025 NOC.
Enriching Cisco XDR Incidents With Endace
Black Hat is an incubator for innovation.
- Ivan Berlinson constructed an integration with Cisco XDR and Palo Alto Networks firewalls two years in the past for Black Hat USA 2023. From the inspiration, we’re serving to the engineering groups construct a manufacturing integration with Cisco XDR and the firewalls by way of Strata Logging Service.
- Ryan Maclennan did a Hack-a-Thon with Corelight for direct integration with Cisco XDR, coming quickly to your XDR tenant.
- Steady Packet Seize companion Endace additionally joined the Cisco group within the NOC/SOC, together with Cell Gadget Supervisor companion Jamf, and we made integration developments with each companions, as you’ll learn under.
Whereas Cisco XDR has its personal highly effective community detection engine, it operates primarily by consuming NetFlow and doesn’t retailer full packets. To reinforce the investigation expertise for Black Hat SOC analysts, Matt Vander Horst labored with Baz Shaw of Endace for speedy growth of an automatic workflow in Cisco XDR automation that enriched incidents in XDR with hyperlinks to varied assets in Endace instantly upon incident era. As proven under in an XDR incident, a worklog word was mechanically added to the incident with a hyperlink to analyze in EndaceVision or obtain a CSV or PCAP of full-packet site visitors associated to the incident.
Trying on the Endace facet, we are able to see a collection of recordsdata that have been generated for the varied incidents that have been being created in Cisco XDR. These recordsdata are preserved in Endace’s Vault and may be downloaded by analysts to see full element captures of site visitors associated to their safety incidents.
Black Hat is a time of speedy innovation and Matt is working to help the Endace group to publish the workflows within the XDR Automate Trade.
Cell Gadget Administration
We need to share particular because of Paul Fidler for years of assist of Black Hat occasions with cell machine administration (MDM) utilizing Meraki Techniques Supervisor, together with Connor Laughlin. Since Black Hat USA 2021, Meraki SM was the official MDM. Paul and Connor grew to become valued members of the Black Hat registration group, creating progressive options and automations for managing and safety 1000’s of iOS units during the last six years.
Beginning at Black Hat Europe 2025, we really helpful our companions at Jamf assume the mantel of MDM supplier to Black Hat. Paul labored with Adam Derrick of Jamf Professional to share greatest practices, automation, insights and consumer necessities. Collectively, they managed and secured over 1,000 iOS units for Black Hat USA.
Their mixed effort made Registration, Coaching and Briefing Examine-in and sponsor lead administration a joint success for Black Hat.
Jamf Professional additionally has an integration with Cisco XDR Belongings, so we’ll proceed to have visibility into the posture of the units at Black Hat.
Be taught Extra About Cisco at Black Hat USA
Dig deeper into the innovation, menace looking and integrations with our Black Hat USA blogs:
We’re already planning for extra innovation at Black Hat Europe, held in London the second week of December 2025.
Acknowledgements
Thanks to the Cisco NOC/SOC group:
- Safety Cloud Innovation: Ryan Maclennan
- Integrations: Ivan Berlinson
- Breach Safety: Steve Nowell, Aditya Sankar, Matt Vander Horst and Bilal Qamar
- Person Safety: David Keller and Adam Kilgore, with Justin Murphy
- Meraki Techniques Supervisor: Paul Fidler
- ThousandEyes: Mauro Caballero and Daniel Gaona Campos
- Splunk: Tony Iacobelli
Additionally, to our NOC companions Palo Alto Networks (particularly James Holland and Jason Reverri), Corelight (particularly Mark Overholser and Eldon Koyle), Arista Networks (particularly Jonathan Smith), Lumen, Endace (particularly Michael Morris and Cary Wright), Jamf (particularly Adam Derrick) and all the Black Hat / Informa Tech workers (particularly Grifter ‘Neil Wyler’, Bart Stump, Steve Fink, James Pope, Michael Spicer, Jess Jung and Steve Oldenbourg).
About Black Hat
Black Hat is the cybersecurity trade’s most established and in-depth safety occasion sequence. Based in 1997, these annual, multi-day occasions present attendees with the newest in cybersecurity analysis, growth, and traits. Pushed by the wants of the neighborhood, Black Hat occasions showcase content material straight from the neighborhood by Briefings shows, Trainings programs, Summits, and extra. Because the occasion sequence the place all profession ranges and educational disciplines convene to collaborate, community, and talk about the cybersecurity matters that matter most to them, attendees can discover Black Hat occasions in the US, Canada, Europe, Center East and Africa, and Asia. For extra data, please go to the Black Hat web site.
We’d love to listen to what you assume! Ask a query and keep linked with Cisco Safety on social media.
Cisco Safety Social Media
Share: