The GovWare Safety Operations Centre is a collaborative initiative with Cisco for GovWare Convention and Exhibition 2025 — GovWare 2025 Safety Operations Centre
Following the profitable Safety Operations Centre (SOC) deployments at RSAC 2025, Black Hat Asia, and Cisco Reside San Diego 2025, the Cisco ASEAN government staff accepted the inaugural SOC for GovWare. This initiative required shut collaboration with GovWare, Picture Engine, and the Marina Bay Sands (MBS) Community Operations Heart (NOC) to ascertain a safe convention community for attendees, with safety offered by the SOC.
The SOC was based on three major missions:
- To Shield — Make sure the safety of the GovWare 2025 community by defending in opposition to all types of threats and assaults, originating from each inner and exterior sources.
- To Educate — Improve attendee understanding and consciousness by partaking SOC excursions and insightful weblog content material.
- To Innovate — Constantly advance safety capabilities by growing and implementing new integrations, refining processes, optimizing workflows, and deploying automations, working with AI.
Attendees have been invited to affix the complimentary, safe GovWare 2025 community, suggested to observe greatest safety practices and requested to just accept the Phrases & Situations and Code of Conduct of GovWare Convention & Exhibition 2025 in addition to the Information Safety and Privateness Discover.
Information Safety and Privateness is a paramount concern to the SOC staff. On the conclusion of the convention, the information was destroyed and a certificates of destruction filed with GovWare administration.
The SOC staff diligently labored to establish, find, and assist remediate threats every time an attendee’s machine or account was discovered to be compromised or insecure.
The GovWare SOC was efficiently deployed in simply two days, a testomony to in depth prior planning and specialised experience. This fast setup was facilitated by:
- The deployment of the “SOC in a Field,” a customized {hardware} resolution honed by years of expertise on the RSAC Convention, enabling fast connectivity with the MBS, Splunk Enterprise Safety, and the Cisco Safety Cloud.
- Drawing upon confirmed experience, workflows, and procedures from the RSAC 2025 and Cisco Reside San Diego SOCs, with many veteran engineers offering each on-site deployment and devoted distant help.
- Integrating superior improvements and safety practices developed by 10 years of safeguarding the Black Hat community, acknowledged because the world’s most hostile.
- The partnership with Endace, a extremely expert full-packet seize supplier, whose foundational expertise on the RSAC Convention and Cisco Reside San Diego in 2025 was essential and prolonged to their dedication for GovWare.
The SOC Structure
The SOC staff built-in with the NOC to attach the ‘SOC within the Field’ and Cisco Safe Entry digital home equipment for DNS. They created a Switched Port Analyzer (SPAN) feed of community visitors from the inline Cisco Safe Firewall/Firepower safety and despatched to the EndaceProbe packet seize platform to document all community visitors, facilitating the evaluation of anomalous conduct. The EndaceProbe additionally generated and ingested metadata, together with Zeek logs, into the Splunk Enterprise Safety Platform. Endace reconstructed and filtered file content material, streaming it to Splunk Assault Analyzer (and onward to Safe Malware Analytics) for sandboxing and evaluation.
The next screenshot demonstrates the ingestion of firewall syslog logs and SPAN knowledge from the change, then sending it to Circulation Collector for logs to be saved in Cisco Safe Community analytics. A duplicate of the logs can be being despatched to Cisco XDR cloud for analytics and detections.
The SOC staff used Duo Central for Single Signal-On entry to the instruments, each on-premises and within the cloud.
The implementation of cloud-based options, particularly XDR and Splunk Cloud, proved instrumental in optimizing effectivity and lowering labor throughout the restricted setup window. Pre-configured knowledge and settings, notably Splunk dashboards ensuing the improvements of Ivan Berlinson, have been seamlessly built-in from earlier engagements.
Incidents have been investigated by Tier 1 / Tier 2 analysts in Cisco XDR, with menace intelligence offered by Cisco Talos, and licenses donated by alphaMountain, Pulsedive, and StealthMole together with neighborhood sources.
When escalations to Tier 3 incident responders have been required, the enriched Incident was despatched from Cisco XDR to Splunk Enterprise Safety.
AI Protection was deployed to safe the SOC cloud infrastructure, together with Cisco Id Intelligence.
The Statistics
Statistics are at all times a preferred a part of the SOC Excursions. Beneath are the stats from this 12 months’s occasion.
| Attendees (GovWare) | 14,000+ |
| Complete Packets Captured (Endace) | 1.5 Billion |
| Complete Logs Captured (Splunk) | 59.2 Million Occasions |
| Complete Periods (Endace) | 34.9 Million |
| Complete Distinctive Units (by MAC handle, DHCP) | 1,600+ |
| Complete Packets Written to Disk (Endace) | 1.4 Terabytes |
| Complete Logs Written to Cloud (Splunk) | 59.2 Million Occasions |
| Peak Bandwidth Utilization (Endace) | 200 Mbps |
| DNS Requests (Cisco Safe Entry) | 4.2 Million (162 Blocked) |
| Complete Clear Textual content Usernames/Passwords (Endace) | 35 |
| Distinctive Units/Accounts With Clear Textual content Usernames/Passwords (Endace) | 5 |
| Information Despatched for Malware Evaluation (Endace) | 34,705 file objects reconstructed by Endace
2,581 despatched to Splunk Assault Analyzer 1,382 despatched to Safe Malware Analytics |
SOC Findings and Classes Discovered
Try the blogs by the engineers who labored contained in the SOC at GovWare:
Acknowledgements
Our because of the engineers who made the primary SOC at GovWare successful, by defending the community and educating attendees (and also you).
Marina Bay Sands Community Operations Heart Liaison
GovWare/Picture Engine Liaison
- Goh Choon Hua, Ivan Lim and Zoe Chin
Cisco Singapore
- Sharon Koo, Peter Lye, Juan Huat Koo, David Ong and Ian Lim
Cisco Safety and Splunk SOC Group
- Innovation, AI Protection, Cloud Safety Suite: Ryan MacLennan
- Splunk Incident Response: Allison Gallo and Sumit Juyal
- Splunk Enterprise Safety Integrations: Kenneth Bouchard
- Talos IR Menace Hunter: Yuri Kramarz
- XDR Integrations: Ivan Berlinson
- Breach Safety Suite, Agentic AI: Aditya Sankar, Ahmadreza Edalat and Robin Wei
- Person Safety Suite: Claire Fulk
- Firewall and Safety Cloud Management: Adam Kilgore and Carol Trincia Dsouza
- Splunk Distant Help: Josh Wilson
Endace SOC Group
- Co-SOC Chief: Steve Fink
- VP of Product: Cary Wright
- Integrations: Barry ‘Baz’ Shaw
- Engineering: Sundarram Paravata
About GovWare
GovWare Convention and Exhibition is the area’s premier cyber data and connectivity platform, providing multi-channel touchpoints to drive neighborhood intel sharing, coaching, and strategic collaborations.
A trusted nexus for over three many years, GovWare unites policymakers, tech innovators, and end-users throughout Asia and past, driving pertinent dialogues on the newest developments and demanding data move. It empowers progress and innovation by collective insights and partnerships.
Its success lies within the belief and help from the cybersecurity and broader cyber neighborhood that it has had the privilege to serve through the years, in addition to organisational companions who share the identical values and mission to complement the cyber ecosystem.
We’d love to listen to what you assume! Ask a query and keep linked with Cisco Safety on social media.
Cisco Safety Social Media
