Cisco is a proud associate of the Black Hat NOC (Community Operations Heart), because the Official Safety Cloud Supplier, celebrating our tenth yr defending Black Hat, the longest of any associate.
We work with different official suppliers to carry the {hardware}, software program and engineers to construct and safe the Black Hat USA community: Arista, Corelight, Lumen, and Palo Alto Networks.
The core goal of the NOC is to make sure steady community stability. Moreover, the companions ship seamless safety, complete visibility and automation by embedding a SOC (Safety Operations Heart) inside the NOC, in-built Las Vegas in 5 days.
Screens positioned outdoors the NOC showcased associate dashboards, permitting attendees to observe the community site visitors’s quantity and safety standing in actual time.
Cisco grew to become a associate of the Black Hat NOC in 2016, initially providing automated malware evaluation by means of Risk Grid. Over time, Cisco’s position expanded to assist the evolving calls for of the Black Hat convention by integrating further parts of the Cisco Safety Cloud into the community and safety operations.
Black Hat rigorously selects its community and safety business companions; entry into the NOC is strictly by invitation solely, emphasizing associate range and a dedication to full collaboration. Our NOC group, composed of numerous applied sciences and organizations, is devoted to ongoing innovation and seamless integration to ship a complete SOC cybersecurity structure resolution.
At every convention, we see plain textual content information on the community, as you’ll learn in our Black Hat USA blogs beneath. Because the malware evaluation supplier, we additionally deployed Splunk Assault Analyzer because the engine of engines, with information from Corelight and built-in it with Splunk Enterprise Safety.
The NOC management enabled Cisco and different companions to introduce further software program and {hardware} options, enhancing our inner effectivity and increasing our visibility capabilities; nonetheless, Cisco will not be the official supplier for Prolonged Detection & Response, Safety Occasion and Incident Administration, Firewall, Community Detection & Response or Collaboration.
- Breach Safety Suite
- Cisco XDR: Risk Searching / Risk Intelligence Enrichment / Govt dashboards / Automation with Webex. The Cisco XDR Command Heart dashboard tiles made it simple to see the standing of every of the linked Cisco Safety applied sciences (take a look at the XDR Risk Hunter’s Nook weblog by Adi Sankar)
- Cisco XDR Analytics (Previously Safe Cloud Analytics/Stealthwatch Cloud): Community site visitors visibility and risk detection (learn the Case Research blogs by Bilal Qamar beneath for examples)
- Splunk Cloud Platform and Splunk Enterprise Safety: Integrations and dashboards
- Cisco Webex: Incident notification and group collaboration
As well as, we deployed proof of worth tenants for safety:
We admire alphaMountain.ai and Pulsedive donating full licenses to Cisco, to be used within the Black Hat USA 2025 NOC.
Enriching Cisco XDR Incidents With Endace
Black Hat is an incubator for innovation.
- Ivan Berlinson constructed an integration with Cisco XDR and Palo Alto Networks firewalls two years in the past for Black Hat USA 2023. From the inspiration, we’re serving to the engineering groups construct a manufacturing integration with Cisco XDR and the firewalls through Strata Logging Service.
- Ryan Maclennan did a Hack-a-Thon with Corelight for direct integration with Cisco XDR, coming quickly to your XDR tenant.
- Steady Packet Seize associate Endace additionally joined the Cisco group within the NOC/SOC, together with Cellular Gadget Supervisor associate Jamf, and we made integration developments with each companions, as you’ll learn beneath.
Whereas Cisco XDR has its personal highly effective community detection engine, it operates primarily by consuming NetFlow and doesn’t retailer full packets. To reinforce the investigation expertise for Black Hat SOC analysts, Matt Vander Horst labored with Baz Shaw of Endace for speedy growth of an automatic workflow in Cisco XDR automation that enriched incidents in XDR with hyperlinks to numerous assets in Endace instantly upon incident technology. As proven beneath in an XDR incident, a worklog word was mechanically added to the incident with a hyperlink to analyze in EndaceVision or obtain a CSV or PCAP of full-packet site visitors associated to the incident.
Wanting on the Endace facet, we will see a choice of information that had been generated for the varied incidents that had been being created in Cisco XDR. These information are preserved in Endace’s Vault and will be downloaded by analysts to see full element captures of site visitors associated to their safety incidents.
Black Hat is a time of speedy innovation and Matt is working to help the Endace group to publish the workflows within the XDR Automate Alternate.
Cellular Gadget Administration
We need to share particular due to Paul Fidler for years of assist of Black Hat occasions with cellular gadget administration (MDM) utilizing Meraki Methods Supervisor, together with Connor Laughlin. Since Black Hat USA 2021, Meraki SM was the official MDM. Paul and Connor grew to become valued members of the Black Hat registration group, growing modern options and automations for managing and safety hundreds of iOS units during the last six years.
Beginning at Black Hat Europe 2025, we advisable our companions at Jamf assume the mantel of MDM supplier to Black Hat. Paul labored with Adam Derrick of Jamf Professional to share finest practices, automation, insights and consumer necessities. Collectively, they managed and secured over 1,000 iOS units for Black Hat USA.
Their mixed effort made Registration, Coaching and Briefing Test-in and sponsor lead administration a joint success for Black Hat.
Jamf Professional additionally has an integration with Cisco XDR Belongings, so we’ll proceed to have visibility into the posture of the units at Black Hat.
Study Extra About Cisco at Black Hat USA
Dig deeper into the innovation, risk searching and integrations with our Black Hat USA blogs:
We’re already planning for extra innovation at Black Hat Europe, held in London the second week of December 2025.
Acknowledgements
Thanks to the Cisco NOC/SOC group:
- Safety Cloud Innovation: Ryan Maclennan
- Integrations: Ivan Berlinson
- Breach Safety: Steve Nowell, Aditya Sankar, Matt Vander Horst and Bilal Qamar
- Person Safety: David Keller and Adam Kilgore, with Justin Murphy
- Meraki Methods Supervisor: Paul Fidler
- ThousandEyes: Mauro Caballero and Daniel Gaona Campos
- Splunk: Tony Iacobelli
Additionally, to our NOC companions Palo Alto Networks (particularly James Holland and Jason Reverri), Corelight (particularly Mark Overholser and Eldon Koyle), Arista Networks (particularly Jonathan Smith), Lumen, Endace (particularly Michael Morris and Cary Wright), Jamf (particularly Adam Derrick) and your entire Black Hat / Informa Tech workers (particularly Grifter ‘Neil Wyler’, Bart Stump, Steve Fink, James Pope, Michael Spicer, Jess Jung and Steve Oldenbourg).
About Black Hat
Black Hat is the cybersecurity business’s most established and in-depth safety occasion sequence. Based in 1997, these annual, multi-day occasions present attendees with the most recent in cybersecurity analysis, growth, and tendencies. Pushed by the wants of the group, Black Hat occasions showcase content material immediately from the group by means of Briefings displays, Trainings programs, Summits, and extra. Because the occasion sequence the place all profession ranges and tutorial disciplines convene to collaborate, community, and talk about the cybersecurity subjects that matter most to them, attendees can discover Black Hat occasions in the USA, Canada, Europe, Center East and Africa, and Asia. For extra info, please go to the Black Hat web site.
We’d love to listen to what you assume! Ask a query and keep linked with Cisco Safety on social media.
Cisco Safety Social Media
Share:
