CINXE.COM

Black Hat Asia 2024 NOC: Cisco Security Cloud - Cisco Blogs

<!doctype html> <html lang="en-US" class="no-touch js "> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <!--<link rel="profile" href="https://gmpg.org/xfn/11"> --> <meta name="blogsPostDate" content="2024-05-15 05:00:20"/><meta name="blogsPostTags" content="black-hat,breach-protection-suite,cisco-security-cloud,cisco-user-protection-suite,cisco-xdr,cloud-protection-suite,cybersecurity-noc,mdm,security-operations-center,talos-meraki,telemetry-broker,thousandeyes,umbrella"/><meta name="blogsPostCat" content="Security"/><meta name="article:category" content="Security"/><meta name=priorityNarrativeList" content="None"/> <meta name="wordCount" content="4556" /> <meta name="readTime" content="1093" /> <!-- loading cdc-template web component scripts --> <script type='text/javascript' src="//www.cisco.com/etc/designs/cdc/clientlibs/responsive/js/web-component-foundation.min.js"></script> <script> /** * Invokes appropriate private methods based on input parameters based on needs of web component architecture * @param {Array} wcAssets array of strings that correlate to the names of web components or array of objects containing asset name and corresponding locale/path * @param {String} localePath specifies where web component should be retrieved from (expected format: en/us or en_au for all other locales); false if wcAssets, is array of objects * @param {Boolean} isWem [Optional] specifies if assets are being loaded on a WEM environment * @param {Boolean} needTargetter [Optional] specifies need for targetter bundle to be loaded (generally needed on external sites) * @param {Boolean} isRelative [Optional] specifies if asset path(s) should be relative * @param {String} env [Optional] specifies enviornment to append to relative path (should not be used with isRelative) * @param {Boolean} hasEnvOverride [Optional] specifies if environment needs to be overridden (should be used with env) */ cdc.wcAncillaryAssetAllocator.init(['cdc-template-blogs'], 'en/us', false, true, false, 'prod'); if (window.cdc === undefined) { window.cdc = {}; } if (cdc.cdcMasthead === undefined) { cdc.cdcMasthead = {}; } if (cdc.cdcMasthead.additional === undefined) { cdc.cdcMasthead.additional = {}; } cdc.cdcMasthead.additional.env = 'prod'; </script> <script type="text/javascript"> if ( typeof cdc === "undefined")cdc = {}; if ( typeof cdc.util === "undefined")cdc.util = {}; cdc.util.ensureNamespace = function (namespaceStr) { if (!namespaceStr) { return; var parts = namespaceStr.split("."); var o = window; var i; var aPart; for (i = 0; i < parts.length; i++) aPart = parts[i]; if (typeof (o[aPart]) != "object"){ o[aPart] = {}; } o = o[aPart]; } }; cdc.dm = {}; cdc.dm.util = {}; cdc.dm.util.ensureNamespace = cdc.util.ensureNamespace; </script> <meta name="author" content="Jessica Bair" /><meta name="blogsPostAuthor" content="Jessica Bair" /><meta name='robots' content='index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1' /> <script type="text/javascript" src="//www.cisco.com/c/dam/cdc/t/ctm-core.js"></script> <!-- This site is optimized with the Yoast SEO Premium plugin v19.3 (Yoast SEO v19.11) - https://yoast.com/wordpress/plugins/seo/ --> <title>Black Hat Asia 2024 NOC: Cisco Security Cloud - Cisco Blogs</title> <meta name="description" content="Protecting Black Hat Asia NOC with Cisco Security Cloud" /> <link rel="canonical" href="https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud" /> <meta property="og:locale" content="en_US" /> <meta property="og:type" content="article" /> <meta property="og:title" content="Black Hat Asia 2024 NOC: Cisco Security Cloud" /> <meta property="og:description" content="Protecting Black Hat Asia NOC with Cisco Security Cloud" /> <meta property="og:url" content="https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud" /> <meta property="og:site_name" content="Cisco Blogs" /> <meta property="article:published_time" content="2024-05-15T12:00:20+00:00" /> <meta property="article:modified_time" content="2024-08-06T16:26:47+00:00" /> <meta property="og:image" content="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.42.03 AM-1024x693.png" /> <meta property="og:image:width" content="1024" /> <meta property="og:image:height" content="693" /> <meta property="og:image:type" content="image/png" /> <meta name="author" content="Jessica Bair" /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:creator" content="@jessicambair" /> <meta name="twitter:label1" content="Written by" /> <meta name="twitter:data1" content="Jessica Bair" /> <meta name="twitter:label2" content="Est. reading time" /> <meta name="twitter:data2" content="30 minutes" /> <script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"Article","@id":"https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud#article","isPartOf":{"@id":"https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud"},"author":{"name":"Jessica Bair","@id":"https://blogs.cisco.com/#/schema/person/2be03d01f7e82bcd0785c6b4f7456b53"},"headline":"Black Hat Asia 2024 NOC: Cisco Security Cloud","datePublished":"2024-05-15T12:00:20+00:00","dateModified":"2024-08-06T16:26:47+00:00","mainEntityOfPage":{"@id":"https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud"},"wordCount":4594,"publisher":{"@id":"https://blogs.cisco.com/#organization"},"image":{"@id":"https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud#primaryimage"},"thumbnailUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.42.03 AM.png","keywords":["Black Hat","Breach Protection Suite","Cisco Security Cloud","Cisco User Protection Suite","Cisco XDR","Cloud Protection Suite","cybersecurity NOC","Mobile Device Manager (MDM)","Security Operations Center (SOC)","Talos Meraki","Telemetry Broker","ThousandEyes","Umbrella"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud","url":"https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud","name":"Black Hat Asia 2024 NOC: Cisco Security Cloud - Cisco Blogs","isPartOf":{"@id":"https://blogs.cisco.com/#website"},"primaryImageOfPage":{"@id":"https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud#primaryimage"},"image":{"@id":"https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud#primaryimage"},"thumbnailUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.42.03 AM.png","datePublished":"2024-05-15T12:00:20+00:00","dateModified":"2024-08-06T16:26:47+00:00","description":"Protecting Black Hat Asia NOC with Cisco Security Cloud","breadcrumb":{"@id":"https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud#primaryimage","url":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.42.03 AM.png","contentUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.42.03 AM.png","width":1578,"height":1068},{"@type":"BreadcrumbList","@id":"https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Cisco Blogs","item":"https://blogs.cisco.com/"},{"@type":"ListItem","position":2,"name":"Security","item":"https://blogs.cisco.com/security"},{"@type":"ListItem","position":3,"name":"Black Hat Asia 2024 NOC: Cisco Security Cloud"}]},{"@type":"WebSite","@id":"https://blogs.cisco.com/#website","url":"https://blogs.cisco.com/","name":"Cisco Blogs","description":"","publisher":{"@id":"https://blogs.cisco.com/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://blogs.cisco.com/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https://blogs.cisco.com/#organization","name":"Cisco Systems","url":"https://blogs.cisco.com/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://blogs.cisco.com/#/schema/logo/image/","url":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2020/10/Cisco_Logo_no_TM_Sky_Blue-RGB.png","contentUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2020/10/Cisco_Logo_no_TM_Sky_Blue-RGB.png","width":912,"height":482,"caption":"Cisco Systems"},"image":{"@id":"https://blogs.cisco.com/#/schema/logo/image/"}},{"@type":"Person","@id":"https://blogs.cisco.com/#/schema/person/2be03d01f7e82bcd0785c6b4f7456b53","name":"Jessica Bair","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://blogs.cisco.com/#/schema/person/image/","url":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/07/1542121278-bpfull.jpg","contentUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/07/1542121278-bpfull.jpg","caption":"Jessica Bair"},"description":"Jessica Bair Oppenheimer is the director of the Cisco Security Strategic Alliances, where she and her team focuses on building open ecosystems for the community (https://cs.co/CSTA). She also leads the Cisco team in the Security Operations Centers for the RSA Conferences and the Network Operations Center for the Black Hat global conferences. Prior to the acquisition by Cisco, Jessica was Senior Director of Business Development at ThreatGRID malware analysis. She also held VP and director positions at Guidance Software / EnCase computer forensics, in the growth from a start-up to a public corporation. Jessica started her career in Cybersecurity as a special agent/computer forensic examiner in the US Army Criminal Investigation Command. She earned a M.B.A. from Pepperdine University.","sameAs":["http://www.linkedin.com/in/jessbair","https://twitter.com/jessicambair"],"url":"https://blogs.cisco.com/author/jessicabair"}]}</script> <!-- / Yoast SEO Premium plugin. --> <link rel='dns-prefetch' href='//www.cisco.com' /> <link rel='dns-prefetch' href='//s.w.org' /> <link rel="alternate" type="application/rss+xml" title="Cisco Blogs &raquo; Feed" href="https://blogs.cisco.com/feed" /> <link rel="alternate" type="application/rss+xml" title="Cisco Blogs &raquo; Comments Feed" href="https://blogs.cisco.com/comments/feed" /> <script type="text/javascript"> window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/13.1.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/13.1.0\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/blogs.cisco.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.9.2"}}; /*! This file is auto-generated */ !function(e,a,t){var n,r,o,i=a.createElement("canvas"),p=i.getContext&&i.getContext("2d");function s(e,t){var a=String.fromCharCode;p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,e),0,0);e=i.toDataURL();return p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,t),0,0),e===i.toDataURL()}function c(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(o=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},r=0;r<o.length;r++)t.supports[o[r]]=function(e){if(!p||!p.fillText)return!1;switch(p.textBaseline="top",p.font="600 32px Arial",e){case"flag":return s([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])?!1:!s([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!s([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]);case"emoji":return!s([10084,65039,8205,55357,56613],[10084,65039,8203,55357,56613])}return!1}(o[r]),t.supports.everything=t.supports.everything&&t.supports[o[r]],"flag"!==o[r]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[o[r]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(n=t.source||{}).concatemoji?c(n.concatemoji):n.wpemoji&&n.twemoji&&(c(n.twemoji),c(n.wpemoji)))}(window,document,window._wpemojiSettings); </script> <style type="text/css"> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link rel='stylesheet' id='wp-block-library-css' href='https://blogs.cisco.com/wp-includes/css/dist/block-library/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-components-css' href='https://blogs.cisco.com/wp-includes/css/dist/components/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-block-editor-css' href='https://blogs.cisco.com/wp-includes/css/dist/block-editor/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-nux-css' href='https://blogs.cisco.com/wp-includes/css/dist/nux/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-reusable-blocks-css' href='https://blogs.cisco.com/wp-includes/css/dist/reusable-blocks/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-editor-css' href='https://blogs.cisco.com/wp-includes/css/dist/editor/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='mux_video_block_style-css' href='https://blogs.cisco.com/wp-content/plugins/ilab-media-tools/public/blocks/mediacloud-mux.blocks.style.css' type='text/css' media='all' /> <style id='global-styles-inline-css' type='text/css'> body{--wp--preset--color--black: #000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--color--cisco-midnight-blue: #0d274d;--wp--preset--color--cisco-ocean-blue: #1e4471;--wp--preset--color--cisco-sky-blue: #00bceb;--wp--preset--color--cisco-green: #6abf4b;--wp--preset--color--cisco-orange: #fbab18;--wp--preset--color--cisco-red: #e2231a;--wp--preset--color--dark-gray: #495057;--wp--preset--color--medium-gray: #9e9ea2;--wp--preset--color--light-gray: #ced4da;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--duotone--dark-grayscale: url('#wp-duotone-dark-grayscale');--wp--preset--duotone--grayscale: url('#wp-duotone-grayscale');--wp--preset--duotone--purple-yellow: url('#wp-duotone-purple-yellow');--wp--preset--duotone--blue-red: url('#wp-duotone-blue-red');--wp--preset--duotone--midnight: url('#wp-duotone-midnight');--wp--preset--duotone--magenta-yellow: url('#wp-duotone-magenta-yellow');--wp--preset--duotone--purple-green: url('#wp-duotone-purple-green');--wp--preset--duotone--blue-orange: url('#wp-duotone-blue-orange');--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;} </style> <link rel='stylesheet' id='category-css-css' href='https://blogs.cisco.com/wp-content/plugins/cisco-category-page-enhancement/css/category-css.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='multiauthor_custom_front_style-css' href='https://blogs.cisco.com/wp-content/plugins/cisco-multiple-authors/css/multiauthor.css?ver=1.1' type='text/css' media='all' /> <link rel='stylesheet' id='parent-style-css' href='https://blogs.cisco.com/wp-content/themes/ciscowordpress/style.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='child-style-css' href='https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/style.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='ciscowordpress-style-css' href='https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/style.css?ver=5.9.2' type='text/css' media='all' /> <style id='ciscowordpress-style-inline-css' type='text/css'> @media only screen and (min-width: 930px){ ul#featured_categories li{ width: calc(100%/ ); }} </style> <link rel='stylesheet' id='cui-standard-css' href='https://www.cisco.com/web/fw/cisco-ui/1.3.5/dist/css/cui-standard.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='style_login_widget-css' href='https://blogs.cisco.com/wp-content/plugins/miniorange-oauth-oidc-single-sign-on/resources/css/style_login_widget.css?ver=5.9.2' type='text/css' media='all' /> <script type='text/javascript' src='https://blogs.cisco.com/wp-content/plugins/cisco-multiple-authors/js/custom-multiauthor.js?ver=5.9.2' id='multiauthor_custom_js-js'></script> <script type='text/javascript' src='https://blogs.cisco.com/wp-content/themes/ciscowordpress/js/card-dropdown.js?ver=5.9.2' id='ciscowordpress-card-tag-dropdown-js'></script> <link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://blogs.cisco.com/xmlrpc.php?rsd" /> <link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://blogs.cisco.com/wp-includes/wlwmanifest.xml" /> <meta name="generator" content="WordPress 5.9.2" /> <link rel='shortlink' href='https://blogs.cisco.com/?p=456886' /> <link rel="alternate" type="application/json+oembed" href="https://blogs.cisco.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fblogs.cisco.com%2Fsecurity%2Fblack-hat-asia-2024-noc-cisco-security-cloud" /> <link rel="alternate" type="text/xml+oembed" href="https://blogs.cisco.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fblogs.cisco.com%2Fsecurity%2Fblack-hat-asia-2024-noc-cisco-security-cloud&#038;format=xml" /> <link rel="icon" href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/cropped-Cisco-logo-thumb-sky-blue-32x32.jpg" sizes="32x32" /> <link rel="icon" href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/cropped-Cisco-logo-thumb-sky-blue-192x192.jpg" sizes="192x192" /> <link rel="apple-touch-icon" href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/cropped-Cisco-logo-thumb-sky-blue-180x180.jpg" /> <meta name="msapplication-TileImage" content="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/cropped-Cisco-logo-thumb-sky-blue-270x270.jpg" /> </head> <body class="post-template-default single single-post postid-456886 single-format-standard no-sidebar"> <div id="page" class="site"> <cdc-template-micro lang="en" search-set-context="blogs"> <a class="skip-link screen-reader-text" href="#content">Skip to content</a> <header id="masthead" class="site-header"> </header><!-- #masthead --> <div id="content" class="site-content"> <div id="primary" class="content-area"> <main id="main" class="site-main"> <p id="breadcrumbs"><span><span><a href="https://blogs.cisco.com/">Cisco Blogs</a> / <span><a href="https://blogs.cisco.com/security">Security</a> / <span class="breadcrumb_last" aria-current="page">Black Hat Asia 2024 NOC: Cisco Security Cloud</span></span></span></span></p> <div class="blog-post-header"> </div> <article id="post-456886" class="post-456886 post type-post status-publish format-standard has-post-thumbnail hentry category-security tag-black-hat tag-breach-protection-suite tag-cisco-security-cloud tag-cisco-user-protection-suite tag-cisco-xdr tag-cloud-protection-suite tag-cybersecurity-noc tag-mdm tag-security-operations-center tag-talos-meraki tag-telemetry-broker tag-thousandeyes tag-umbrella"> <div class="main-content"> <header class="entry-header"> <div class="entry-meta"> May 15, 2024 <a id="post-comments" href="https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud#respond">Leave a Comment</a> <hr> </div><!-- .entry-meta --> </header><!-- .entry-header --> <div class="blog-post-header"> <div class="thumbnail-avatar"> <div class="post-thumbnail" style="background-image:url(https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.42.03 AM-600x200.png);"> <img src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/07/1542121278-bpfull.jpg" width="102" height="102" alt="Avatar" class="avatar avatar-102 wp-user-avatar wp-user-avatar-102 photo avatar-default"> </div> </div> <div class="blog-cat-post-author-container"> <a href=https://blogs.cisco.com/security><h5>Security</h5></a> <h1 class="entry-title">Black Hat Asia 2024 NOC: Cisco Security Cloud</h1><p class="wordcount"><span class="black">18 min read</span></p> <p> <a href="https://blogs.cisco.com/author/jessicabair" title="Posts by Jessica Bair" rel="author">Jessica Bair</a> </p> </div> </div> <!-- .blog-post-header --> <div class="entry-content"> <p>Cisco is honored to be a partner of the <a href="https://www.blackhat.com/asia-24/noc.html">Black Hat NOC (Network Operations Center),</a> and this was our seventh year supporting Black Hat Asia. Cisco is the Official Mobile Device Management, Malware Analysis and DNS (Domain Name Service) Provider.</p> <p>We work with other official providers to bring the hardware, software and engineers to build and secure the network, for our joint customer: Black Hat.</p> <ul> <li><strong>Arista</strong>: Network Equipment</li> <li><strong>Corelight</strong>: Network Analytics and Detection</li> <li><strong>MyRepublic</strong>: Broadband</li> <li><strong>NetWitness</strong>: Threat Detection &amp; Response, Identity</li> <li><strong>Palo Alto Networks</strong>: Network Security Platform</li> </ul> <p><img class="aligncenter wp-image-456887" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cdftvgybhvfcd.jpg" alt="" width="640" height="361" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cdftvgybhvfcd.jpg 936w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cdftvgybhvfcd-300x169.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cdftvgybhvfcd-768x433.jpg 768w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>The primary mission in the NOC is network resilience. The partners also provide integrated security, visibility and automation, a SOC (Security Operations Center) inside the NOC.</p> <p><img loading="lazy" class="aligncenter wp-image-456888" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxrcftvgybuhytcrxe.jpg" alt="" width="640" height="361" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxrcftvgybuhytcrxe.jpg 936w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxrcftvgybuhytcrxe-300x169.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxrcftvgybuhytcrxe-768x433.jpg 768w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>On screens outside the NOC were displayed partner dashboards for the attendees to view the volume and security of the network traffic.</p> <p><img loading="lazy" class="aligncenter wp-image-456889 size-large" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cdfvgbhvftcdrxcftvgy-1024x579.jpg" alt="" width="640" height="362" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cdfvgbhvftcdrxcftvgy-1024x579.jpg 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cdfvgbhvftcdrxcftvgy-300x170.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cdfvgbhvftcdrxcftvgy-768x434.jpg 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cdfvgbhvftcdrxcftvgy.jpg 1430w" sizes="(max-width: 640px) 100vw, 640px" /></p> <h2><strong>It All Started with Malware</strong></h2> <p>Cisco joined the Black Hat NOC in 2016, when asked to provide automated malware analysis with Thread Grid. The Cisco contributions to the network and security operations evolved, with the needs of the customer, to include more components of the <a href="https://www.cisco.com/site/us/en/products/security/security-cloud/index.html">Cisco Security Cloud</a>.</p> <ul> <li><a href="https://www.cisco.com/site/us/en/products/security/breach-protection/index.html">Breach Protection Suite</a> <ul> <li><a href="https://www.cisco.com/c/en/us/products/security/threat-grid/index.html">Cisco Secure Malware Analytics</a> (Formerly Threat Grid): sandboxing and integrated threat intelligence</li> </ul> </li> <li><a href="https://www.cisco.com/site/us/en/products/security/user-protection/index.html">User Protection Suite</a> <ul> <li><a href="https://umbrella.cisco.com/">Cisco Umbrella</a>: DNS visibility for the conference network and protection for iOS devices</li> <li><a href="https://www.cisco.com/c/en/us/products/security/security-connector/index.html">Cisco Security Connector</a>: iOS device security and visibility, managed with <a href="https://meraki.cisco.com/products/systems-manager/">Meraki Systems Manager</a></li> </ul> </li> <li><a href="https://www.cisco.com/site/us/en/products/security/cloud-protection/index.html">Cloud Protection Suite</a> <ul> <li><a href="https://www.cisco.com/c/en/us/products/cloud-systems-management/internet-cloud-intelligence/index.html">ThousandEyes</a>: Network observability / availability</li> </ul> </li> </ul> <p>The NOC leaders allowed Cisco (and the other NOC partners) to bring in additional software to make our internal work more efficient and have greater visibility; however, Cisco is not the official provider for Extended Detection &amp; Response, Network Detection &amp; Response or Collaboration.</p> <ul> <li>Breach Protection Suite <ul> <li><a href="https://www.cisco.com/site/us/en/products/security/xdr/index.html">Cisco XDR</a>: Threat Hunting / Threat Intelligence Enrichment / Executive dashboards / Automation with Webex</li> <li><a href="https://www.cisco.com/c/en/us/products/security/stealthwatch-cloud/index.html">Cisco XDR Analytics</a> (Formerly Secure Cloud Analytics / Stealthwatch Cloud): network traffic visibility and threat detection</li> </ul> </li> <li><a href="https://www.webex.com/">Cisco Webex</a>: Incident notification and team collaboration</li> </ul> <p>The Cisco XDR Command Center dashboard tiles made it easy to see the status of each of the connected Cisco Security technologies, and the status of ThousandEyes agents.</p> <p><img loading="lazy" class="aligncenter wp-image-456944 size-large" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.28.04 AM-1024x519.png" alt="" width="640" height="324" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.28.04 AM-1024x519.png 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.28.04 AM-300x152.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.28.04 AM-768x389.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.28.04 AM.png 1366w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>When the partners deploy to each conference, we set up a world class network and security operations center in three days. Our goal remains network up time and creating better integrated visibility and automation. Black Hat has the pick of the security industry tools and no company can sponsor/buy their way into the NOC. It is invitation only, with the intention of diversity in partners, and an expectation of full collaboration.</p> <p>As a NOC team comprised of many technologies and companies, we are continuously innovating and integrating, to provide an overall SOC cybersecurity architecture solution. We look forward to continuing the work with partner Palo Alto Networks, for further automation at Black Hat USA 2024.</p> <p><img loading="lazy" class="aligncenter size-large wp-image-456891" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/sxedrcftvgybhvftcdrxse-1024x573.png" alt="" width="640" height="358" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/sxedrcftvgybhvftcdrxse-1024x573.png 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/sxedrcftvgybhvftcdrxse-300x168.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/sxedrcftvgybhvftcdrxse-768x430.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/sxedrcftvgybhvftcdrxse.png 1475w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>Below are the Cisco XDR integrations for Black Hat Asia, empowering analysts to investigate Indicators of Compromise (IOC) very quickly, with one search.</p> <p>We appreciate <a href="https://www.alphamountain.ai/">alphaMountain.ai</a>, <a href="https://pulsedive.com/">Pulsedive</a> and <a href="https://www.recordedfuture.com/">Recorded Future</a> donating full licenses to Cisco, for use in the Black Hat Asia 2024 NOC.</p> <table style="margin-left: 40px;" border="0" cellspacing="0" cellpadding="10"> <tbody style="padding-left: 40px;"> <tr style="background-color: #0d274d; color: white; padding-left: 40px;"> <td style="padding-left: 40px;"></td> <td style="padding-left: 40px;"><strong>Cisco Networking and Security</strong></td> <td style="padding-left: 40px;"><strong>Third Party</strong></td> </tr> <tr style="background-color: #e7e7e7; padding-left: 40px;"> <td style="padding-left: 40px;">1</td> <td style="padding-left: 40px;"><a href="https://meraki.cisco.com/products/systems-manager/">Meraki System Manager</a></td> <td style="padding-left: 40px;"><a href="https://www.alphamountain.ai/">alphaMountain.ai</a></td> </tr> <tr style="background-color: #e7e7e7; padding-left: 40px;"> <td style="padding-left: 40px;">2</td> <td style="padding-left: 40px;"><a href="https://www.cisco.com/c/en/us/products/security/security-connector/index.html">Secure Endpoint for iOS</a></td> <td style="padding-left: 40px;"><a href="https://www.apivoid.com/">APIVoid</a></td> </tr> <tr style="background-color: #e7e7e7; padding-left: 40px;"> <td style="padding-left: 40px;">3</td> <td style="padding-left: 40px;"><a href="https://www.cisco.com/c/en/us/products/security/threat-grid/index.html">Secure Malware Analytics</a></td> <td style="padding-left: 40px;"><a href="https://otx.alienvault.com/">AlienVault OTX</a></td> </tr> <tr style="background-color: #e7e7e7; padding-left: 40px;"> <td style="padding-left: 40px;">4</td> <td style="padding-left: 40px;"><a href="https://www.cisco.com/c/en/us/products/cloud-systems-management/internet-cloud-intelligence/index.html">ThousandEyes</a></td> <td style="padding-left: 40px;"><a href="http://cybercrime-tracker.net/about.php">CyberCrime Tracker</a></td> </tr> <tr style="background-color: #e7e7e7; padding-left: 40px;"> <td style="padding-left: 40px;">5</td> <td style="padding-left: 40px;"><a href="https://umbrella.cisco.com/">Umbrella DNS</a></td> <td style="padding-left: 40px;"><a href="https://safebrowsing.google.com/">Google Safe Browsing</a></td> </tr> <tr style="background-color: #e7e7e7; padding-left: 40px;"> <td style="padding-left: 40px;">6</td> <td style="padding-left: 40px;"><a href="https://www.webex.com/">Webex</a></td> <td style="padding-left: 40px;"><a href="https://www.netwitness.com/">NetWitness</a> / <a href="https://github.com/CiscoSecurity/tr-05-serverless-rsa-netwitness">Custom relay</a></td> </tr> <tr style="background-color: #e7e7e7; padding-left: 40px;"> <td style="padding-left: 40px;">7</td> <td style="padding-left: 40px;"><a href="https://www.cisco.com/c/en/us/products/security/stealthwatch-cloud/index.html">XDR Analytics</a></td> <td style="padding-left: 40px;"><a href="https://pulsedive.com/">Pulsedive</a></td> </tr> <tr style="background-color: #e7e7e7; padding-left: 40px;"> <td style="padding-left: 40px;">8</td> <td style="padding-left: 40px;"><a href="https://www.cisco.com/c/en/us/products/security/telemetry-broker/index.html">Cisco Telemetry Broker</a></td> <td style="padding-left: 40px;"><a href="https://go.recordedfuture.com/cisco-xdr" target="_blank" rel="noopener">Recorded Future</a></td> </tr> <tr style="background-color: #e7e7e7; padding-left: 40px;"> <td style="padding-left: 40px;">9</td> <td style="padding-left: 40px;"></td> <td style="padding-left: 40px;"><a href="https://www.shodan.io/">Shodan</a></td> </tr> <tr style="background-color: #e7e7e7; padding-left: 40px;"> <td style="padding-left: 40px;">10</td> <td style="padding-left: 40px;"></td> <td style="padding-left: 40px;"><a href="https://console.threatscore.cyberprotect.cloud/">Threatscore | Cyberprotect</a></td> </tr> <tr style="background-color: #e7e7e7; padding-left: 40px;"> <td style="padding-left: 40px;">11</td> <td style="padding-left: 40px;"></td> <td style="padding-left: 40px;"><a href="https://www.virustotal.com/gui/">VirusTotal</a></td> </tr> <tr style="background-color: #e7e7e7; padding-left: 40px;"> <td style="padding-left: 40px;">12</td> <td style="padding-left: 40px;"></td> <td style="padding-left: 40px;"><a href="https://slack.com/">Slack</a></td> </tr> <tr style="background-color: #e7e7e7; padding-left: 40px;"> <td style="padding-left: 40px;">13</td> <td style="padding-left: 40px;"></td> <td style="padding-left: 40px;"><a href="https://urlscan.io/">urlscan</a></td> </tr> </tbody> </table> <p>An example of this is an investigation of a potentially malicious activity on the 2<sup>nd</sup> day of Training. An IP address was identified by NetWitness for possible geolocation leakage.</p> <p>Investigation of the IP correlated the syslog sightings from the partner technologies in the NetWitness logs, with threat intelligence from Pulsedive, Recorded Future, alphaMountain and others.</p> <p><img loading="lazy" class="aligncenter size-large wp-image-456892" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfvgbhvgftvgbhjn-1024x525.png" alt="" width="640" height="328" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfvgbhvgftvgbhjn-1024x525.png 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfvgbhvgftvgbhjn-300x154.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfvgbhvgftvgbhjn-768x394.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfvgbhvgftvgbhjn.png 1248w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>Reviewing the DNS logs and the details of the packet capture in both Corelight and NetWitness, it was confirmed no geolocation data was leaked and it was part of a Training course. The activity would have been blocked in a production environment.</p> <p><img loading="lazy" class="aligncenter size-large wp-image-456893" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/sxdrcftvgybhugyvftcdrxse-1024x499.png" alt="" width="640" height="312" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/sxdrcftvgybhugyvftcdrxse-1024x499.png 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/sxdrcftvgybhugyvftcdrxse-300x146.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/sxdrcftvgybhugyvftcdrxse-768x374.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/sxdrcftvgybhugyvftcdrxse.png 1248w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>A core integrated workflow in the Black Hat NOC is NetWitness and Corelight sending suspicious files to Secure Malware Analytics. Over 4,900 samples were submitted.</p> <p><img loading="lazy" class="aligncenter size-large wp-image-456894" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdcrftvgybvftcdrxs-1024x521.png" alt="" width="640" height="326" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdcrftvgybvftcdrxs-1024x521.png 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdcrftvgybvftcdrxs-300x153.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdcrftvgybvftcdrxs-768x390.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdcrftvgybvftcdrxs.png 1430w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>The NOC analysts also used Malware Analytics to investigate suspicious domains, without the risk of infection. Rather than going to the website on a corporate or Black Hat assets, we were able to interact with the website in the glovebox, including downloading and installing the website payload.</p> <p><img loading="lazy" class="aligncenter size-large wp-image-456895" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/gfvhbjgvfyctrcyvu-1024x521.png" alt="" width="640" height="326" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/gfvhbjgvfyctrcyvu-1024x521.png 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/gfvhbjgvfyctrcyvu-300x153.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/gfvhbjgvfyctrcyvu-768x390.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/gfvhbjgvfyctrcyvu.png 1430w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>Detonating files or browsing websites in Secure Malware Analytics protects the analysts from accidental infection.</p> <p><img loading="lazy" class="aligncenter size-large wp-image-456896" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfvgbuhgvfcdx-1024x521.png" alt="" width="640" height="326" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfvgbuhgvfcdx-1024x521.png 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfvgbuhgvfcdx-300x153.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfvgbuhgvfcdx-768x390.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfvgbuhgvfcdx.png 1430w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>We saw a series of similar (but different hash values) exploit kits downloaded on the first day in the Business Hall. The downloads were on the conference Wi-Fi and not in a Training course, so the event had to be investigated to confirm there was not an attack on the attendees. Working with the Corelight team, the NOC responders parsed the traffic and confirmed it was a <em>Capture the Flag</em> event, which continued into the last day of the conference.</p> <p><img loading="lazy" class="aligncenter size-large wp-image-456897" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/drctfvgyvfcdrx-1024x518.png" alt="" width="640" height="324" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/drctfvgyvfcdrx-1024x518.png 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/drctfvgyvfcdrx-300x152.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/drctfvgyvfcdrx-768x388.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/drctfvgyvfcdrx.png 1515w" sizes="(max-width: 640px) 100vw, 640px" /></p> <h2><span style="color: #6abf4b;"><strong>Threat Hunters’ Story</strong></span></h2> <p><strong>—by Aditya Raghavan and Shaun Coulter</strong></p> <p>In the Black Hat Asia 2024 NOC, Shaun staffed the morning shifts, and Aditya the afternoon shifts, as threat hunters focused on the Cisco XDR and Secure Malware Analytics consoles. Mornings were usually pretty chill. However, and for some heretofore unknown (coffee related?) reason, the activity ramped up in the afternoon on most days, leading Aditya to a place of “involved joy”, and Shaun to a place of tormented jealousy :D. With dogged determination both hunters spent their time reviewing alerts, activities, and conducted IOC scans using XDR Investigate. They reviewed submitted samples and network logs for signs of intrusion or suspicious activity.</p> <p>Using Secure Malware analytics, they dissected malware samples, analyzed phishing campaigns, and scrutinized network traffic patterns for anomalies. Numerous alerts flagged as spikes in traffic from unexpected sources, strange destinations and odd variants of malicious code popped up multiple times, initiating thorough investigations. In most cases, they traced the anomaly to an authorized Black Hat Training or Briefing source and closed such cases as “Black Hat Positive”; meaning you would not allow this on your production network, but for Black Hat, it is business as usual. Since Black Hat is a conference designed for learning about offensive security, these malware samples are expected, and marked as such.</p> <p>Thankfully or unthankfully, as the system tuning was completed, most alerts raised were as above and expected or actually &#8216;near misses&#8217; &#8211; items that warrant investigation but did not extend to impactful behaviours, as we were able to stop them in time.</p> <p>On the first day of Briefings, as Shaun is dutifully poring through the console of Secure Malware Analytics, in walks Aditya to relieve the shift. Greetings aside, Shaun quickly pivots over excitedly <em>“Brother, I want to show you a couple of interesting things.”</em> Aditya’s interest is piqued, and Shaun opens a new dashboard showing one of the recently released features of Cisco XDR – MITRE ATT&amp;CK ® Coverage Map.</p> <p><img loading="lazy" class="aligncenter size-large wp-image-456898" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/vgfcghgvhjbkjhhvgc-1024x575.png" alt="" width="640" height="359" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/vgfcghgvhjbkjhhvgc-1024x575.png 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/vgfcghgvhjbkjhhvgc-300x168.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/vgfcghgvhjbkjhhvgc-768x431.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/vgfcghgvhjbkjhhvgc.png 1430w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>This new capability quickly displays all the tactics and techniques in the MITRE ATT&amp;CK® matrix for which Cisco XDR has detections/coverage. In addition to the XDR Native, detections from Secure Endpoint and Secure Malware Analytics are also used to derive the coverage map making it a holistic view. This view allows the user to visualize the detections of XDR natively, as well as the integrated solutions and identify the scope of coverage and importantly, map out the gaps for future consideration. Thanks to the Cisco Talos team, all solutions within the Cisco Breach Protection Suite are mapped today and this would be rolled out to include other suites and solutions, including 3<sup>rd</sup> party integrations, soon.</p> <p>As our threat hunters geek out on the behind-the-scenes stuff on XDR, Jessica politely calls out <em>“Adi. Shaun. Guys, there is some new activity on Umbrella. Can you look into it?”</em> Nudged back to reality, our threat hunters get to work – finding needles in the stack of needles at Black Hat as it was rightly put by Grifter! Talking about that, the new activity appears to be a query for a domain classified as a Command &amp; Control (C&amp;C) domain. Let’s dig into it.</p> <p><img loading="lazy" class="aligncenter wp-image-456945 size-medium_large" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.29.21 AM-768x565.png" alt="" width="640" height="471" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.29.21 AM-768x565.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.29.21 AM-300x221.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.29.21 AM.png 910w" sizes="(max-width: 640px) 100vw, 640px" /><img loading="lazy" class="aligncenter wp-image-456946 size-full" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.30.34 AM.png" alt="" width="640" height="396" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.30.34 AM.png 640w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.30.34 AM-300x186.png 300w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>A quick look into Umbrella Activity Search shows the latest traffic activity matching the C&amp;C category that was allowed. Expanding the details pane, we can see the domain being queried and the identity of the endpoint issuing the query which appears to be from the ‘Hacking Enterprises 2024 Red Team’. That is a legitimate Training class at Black Hat Asia 2024. We pivot over to Umbrella Investigate and see the reason for this domain being categorized as C&amp;C and its indicators.</p> <p><img loading="lazy" class="aligncenter size-large wp-image-456901" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dfctvygiftyrdterzetxrytfu-1024x438.png" alt="" width="640" height="274" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dfctvygiftyrdterzetxrytfu-1024x438.png 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dfctvygiftyrdterzetxrytfu-300x128.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dfctvygiftyrdterzetxrytfu-768x328.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dfctvygiftyrdterzetxrytfu.png 1430w" sizes="(max-width: 640px) 100vw, 640px" /> <img loading="lazy" class="aligncenter size-large wp-image-456902" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfgctuygiuftdrdytfuy-1024x334.png" alt="" width="640" height="209" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfgctuygiuftdrdytfuy-1024x334.png 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfgctuygiuftdrdytfuy-300x98.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfgctuygiuftdrdytfuy-768x251.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfgctuygiuftdrdytfuy.png 1430w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>Let’s head over to XDR and query this observable against all the integrated solutions for more intel. We quickly get a visual connected graph and tabulated events on all the relevant intel. The integration with NetWitness Logs provides us with events related to that domain, as well as populating the graph with those relationships, along with the Umbrella event which was the source for this hunt.</p> <p>Looking at the evidence, this turned out to be another needle! Nothing untoward here, we classified this as a ‘Black Hat Positive’ and moved on. As the afternoon shift winds down, the team is discussing potential destinations for dinner and there is always dessert to look forward to at the end. Aditya and Ryan were pining for rich ice cream and Home Best Dessert turns out to be the right solution for the ask. In the NOC, the right solution is almost always teamwork with all our partners.</p> <p><img loading="lazy" class="aligncenter wp-image-456949 size-large" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxgfcgvghcfxzetxrytfuyr-1024x960.png" alt="" width="640" height="600" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxgfcgvghcfxzetxrytfuyr-1024x960.png 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxgfcgvghcfxzetxrytfuyr-300x281.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxgfcgvghcfxzetxrytfuyr-768x720.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxgfcgvghcfxzetxrytfuyr.png 1045w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p><img loading="lazy" class="aligncenter size-large wp-image-456904" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dfxgcfgvyuhyutfyrdt.png" alt="" width="640" height="843" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dfxgcfgvyuhyutfyrdt.png 742w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dfxgcfgvyuhyutfyrdt-228x300.png 228w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>One such instance was when a Corelight hunter picked up a spike of traffic to unusual destinations. These appear to be DNS queries to a bunch of C&amp;C domains. We quickly delve into Umbrella showing us all the domains being queried in a short window and most of them being Malware and/or C&amp;C categorized. This appears to be a system either being compromised or someone intentionally doing a test / recon for those domains.</p> <p><a href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfcfghgvjhbgcfgx.png" target="_blank" rel="noopener"><img loading="lazy" class="aligncenter wp-image-456905 size-medium_large" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfcfghgvjhbgcfgx-768x358.png" alt="" width="640" height="298" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfcfghgvjhbgcfgx-768x358.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfcfghgvjhbgcfgx-300x140.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfcfghgvjhbgcfgx.png 936w" sizes="(max-width: 640px) 100vw, 640px" /></a></p> <p>Let’s investigate some of these domains in XDR. We can see a lot of red icons on this visualization! In fact, every queried domain is classified as Malicious and known to host other malicious content. This doesn’t look expected for sure and that puts the intentional test / recon theory to rest quickly. Ben Reardon, the hunter from Corelight, puts it succinctly <em>“This box is pwned six ways to Sunday!”</em> What else can we find about this system then?</p> <p><img loading="lazy" class="aligncenter size-full wp-image-456906" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfcghvjkh.png" alt="" width="316" height="244" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfcghvjkh.png 316w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfcghvjkh-300x232.png 300w" sizes="(max-width: 316px) 100vw, 316px" /></p> <p>Looking at the DHCP logs for the IP address, the Corelight hunter was able to pinpoint the device MAC address and hostname, which resembled a name. A short Google search later, we have a potential device owner and the fact that he was delivering a session at Black Hat in one of the rooms next door! A short conversation with the person after his session ensued, where the NOC leads advised the NOC’s findings on his compromised system. He was grateful for the finding and reached out for additional context. This one turned out to be a ‘True Positive.’</p> <p>The following day, the team has zeroed in on Turkish food for the evening. Ryan halts Shaun as he departs at the end of his shift and demands his hotel name and room number. <em>“I’m gonna come knock at your door and wake you up tonight, man. I mean it. No day is too long. I used to do my shifts on three hours of sleep. Now, let’s go!”</em> Ryan is deadpan serious. That is what we thought while investigating our next potential malware finding.</p> <p><img loading="lazy" class="aligncenter wp-image-456943 size-large" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.26.54 AM-1024x760.png" alt="" width="640" height="475" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.26.54 AM-1024x760.png 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.26.54 AM-300x223.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.26.54 AM-768x570.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.26.54 AM.png 1188w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>&nbsp;</p> <p><img loading="lazy" class="aligncenter size-full wp-image-456907" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfghgvjhvgcf.png" alt="" width="770" height="488" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfghgvjhvgcf.png 770w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfghgvjhvgcf-300x190.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfghgvjhvgcf-768x487.png 768w" sizes="(max-width: 770px) 100vw, 770px" /></p> <p>Another event on the Umbrella console comes to our attention and this time it is a query for a domain categorized as Malware. The source endpoint is quickly identified from the Identity and Umbrella investigate tells us this domain is part of the Malware block list. In a normal production network, this would ideally be blocked.</p> <p><img loading="lazy" class="aligncenter size-full wp-image-456909" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dfxgfchgvhbvctyxrtz.png" alt="" width="602" height="204" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dfxgfchgvhbvctyxrtz.png 602w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dfxgfchgvhbvctyxrtz-300x102.png 300w" sizes="(max-width: 602px) 100vw, 602px" /></p> <p>Black Hat isn’t your normal production network, and it attracts all kinds of security folk. And that is exactly what it turned out to be this time. The National University of Singapore has a group organizing regular capture the flag (CTF) events and is running a similar get-together at Black Hat. Go NUS Greyhats!</p> <p>Activities involving malware what would be blocked on a corporate network must be allowed, within the confines of <a href="https://www.blackhat.com/code-of-conduct.html">Black Hat Code of Conduct</a>.</p> <h2><span style="color: #6abf4b;"><strong>Network Observability with ThousandEyes</strong></span></h2> <p><strong>—by Adam Kilgore and Patrick Yong</strong></p> <p>Deploying ThousandEyes at Black Hat is a rigorous process involving a lot of hardware (some shown below), configuration, testing, troubleshooting, and running around the conference center.</p> <p><img loading="lazy" class="aligncenter size-large wp-image-456910" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/fgcgvjhbjcxyrtz-1024x579.jpg" alt="" width="640" height="362" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/fgcgvjhbjcxyrtz-1024x579.jpg 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/fgcgvjhbjcxyrtz-300x170.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/fgcgvjhbjcxyrtz-768x434.jpg 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/fgcgvjhbjcxyrtz.jpg 1430w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>In addition to our typical deployment tasks, we implemented multiple improvements to the service. These improvements included an overhaul of the dashboards to show granular data for each conference room, alongside aggregate data for the entire conference; and better labeling and organization of deployed agents.</p> <p>The ThousandEyes dashboard was projected on the large screen in the NOC, for alerting on any network issues, prior to reports from users.</p> <p><a href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfgfcgvytyrtes.png" target="_blank" rel="noopener"><img loading="lazy" class="aligncenter wp-image-456911" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfgfcgvytyrtes.png" alt="" width="640" height="392" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfgfcgvytyrtes.png 936w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfgfcgvytyrtes-300x184.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfgfcgvytyrtes-768x471.png 768w" sizes="(max-width: 640px) 100vw, 640px" /></a></p> <p>On the troubleshooting side, we improved our log analysis and collection techniques and set up centralized monitoring of wireless data. These efforts contributed to improvements in visibility and agent uptime throughout the conference.</p> <p>During the initial two days of Training sessions at Black Hat, ThousandEyes agents showed only minor deviations from baseline as the Training sessions came online. As the Training sessions continued, performance was stable, with only rare alerts for minor degraded throughput or moderate latency spikes. On Thursday, all the two-day Training sessions were closed, and the conference shifted towards Briefings, alongside two four-day Training sessions that ran for the conference&#8217;s length. With start of Briefings and opening the Business Hall, headcounts drastically increased. ThousandEyes saw degraded performance on the network, primarily in the large conference rooms hosting the Briefings. The below image shows a test result from the Hibiscus 3610 ballroom:</p> <p><a href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxcfvuyibyuctxyrtez.png" target="_blank" rel="noopener"><img loading="lazy" class="aligncenter wp-image-456912" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxcfvuyibyuctxyrtez.png" alt="" width="800" height="186" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxcfvuyibyuctxyrtez.png 936w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxcfvuyibyuctxyrtez-300x70.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxcfvuyibyuctxyrtez-768x179.png 768w" sizes="(max-width: 800px) 100vw, 800px" /></a></p> <p>The network path above shows heavy latency on the first link to the default gateway, compounded by another high latency link outside the conference network. A breakdown of connectivity for the above path is shown below:</p> <p><a href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdcfvyvuctyrxte.png" target="_blank" rel="noopener"><img loading="lazy" class="aligncenter wp-image-456913" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdcfvyvuctyrxte.png" alt="" width="800" height="70" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdcfvyvuctyrxte.png 936w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdcfvyvuctyrxte-300x26.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdcfvyvuctyrxte-768x67.png 768w" sizes="(max-width: 800px) 100vw, 800px" /></a></p> <p>The throughput number above is key to this investigation. The Access Points (APs) for the Hibiscus 3610 ballroom had an average throughput of around 174 Mbps. Reviewing AP logs, we found that 92 users were connected to the same AP from which the test was run. Dividing the 174 Mbps by 92 gives an average throughput in line with the 1.7 Mbps shown above, so the poor connectivity was driven by oversaturation of user connections in this area.</p> <p>The Hibiscus 3610 room and other agents in a nearby hallway consistently had the worst connection among the conference rooms, as shown by our agent polling results.</p> <p><img loading="lazy" class="aligncenter size-full wp-image-456914" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdcfvbvutcyrxt.png" alt="" width="608" height="452" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdcfvbvutcyrxt.png 608w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdcfvbvutcyrxt-300x223.png 300w" sizes="(max-width: 608px) 100vw, 608px" /></p> <p>While there were limitations in the amount of bandwidth available for the conference in general, the data above suggests more of the available AP and bandwidth resources should be allocated to the Hibiscus 3610 ballroom and adjacent hallways for future conference topologies, which was shared with our Network Equipment partner.</p> <h2><span style="color: #6abf4b;"><strong>Meraki Systems Manager</strong></span></h2> <p><strong>—by Paul Fidler and Connor Loughlin</strong></p> <p>Our eighth deployment of Meraki Systems Manager as the official Mobile Devices Management platform went very smoothly, and we introduced a new caching operation to update iOS devices on the local network, for speed and efficiency. Going into the event, we planned for the following types of devices and purposes:</p> <ul> <li>iPhone Lead Scanning Devices</li> <li>iPads for Registration</li> <li>iPads for Session Scanning</li> </ul> <p>We registered the devices in advance of the conference. Upon arrival, we turned each device on.</p> <p><img loading="lazy" class="aligncenter size-large wp-image-456915" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfyvgubiiuyvutcyrxt-1024x579.jpg" alt="" width="640" height="362" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfyvgubiiuyvutcyrxt-1024x579.jpg 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfyvgubiiuyvutcyrxt-300x170.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfyvgubiiuyvutcyrxt-768x434.jpg 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfyvgubiiuyvutcyrxt.jpg 1430w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>Then we ensured Location Services enabled, always on.</p> <p>Instead of using a mass deployment technology, like Apple’s Automated Device Enrollment, the iOS devices are “prepared” using Apple Configurator. This includes uploading a Wi-Fi profile to the devices as part of that process. In Las Vegas, this Wi-Fi profile <strong><em>wasn’</em></strong><em>t</em> set to auto join the Wi-Fi, resulting in the need to manually change this on 1,000 devices. Furthermore, 200 devices weren’t reset or prepared, so we had those to reimage as well.</p> <p>Black Hat Asia was different. We took the lessons from <a href="https://blogs.cisco.com/security/black-hat-usa-2023-noc-network-assurance">Black Hat USA 2023</a> and coordinated with the contractor to prepare the devices. Now, if you’ve ever used Apple Configurator, there’s several steps needed to prepare a device. However, these can be combined into a Blueprint.</p> <p>For Black Hat Asia this included:</p> <ul> <li>Wi-Fi profile</li> <li>Enrollment, including supervision</li> <li>Whether to allow USB pairing</li> <li>Setup Assistant pane skipping</li> </ul> <p>In Meraki Systems Manager, we controlled the applications by the assigned use, designated by <em>Tags</em>. When we came in on the first morning of the Briefings, three iPhones needed to be changed from lead scanning in the Business Hall, to Session Scanning for the Keynote, so the attendees could fill the hall faster. Reconfiguring was as simple as updating the <em>Tags</em> on each device. Moments later, they were ready for the new mission&#8230;which was important as the Keynote room filled and had to go to an overflow room.</p> <p><img loading="lazy" class="aligncenter wp-image-456941 size-large" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.24.45 AM-1024x364.png" alt="" width="640" height="228" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.24.45 AM-1024x364.png 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.24.45 AM-300x107.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.24.45 AM-768x273.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.24.45 AM.png 1194w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>We also were able to confirm the physical location of each device if wiping was required due to loss or theft.</p> <p>When it was time for the attendees to register, they just displayed their QR code from their personal phone, as received in email from Black Hat. Their badge was instantly printed, with all personal details secured.</p> <p><img loading="lazy" class="aligncenter size-large wp-image-456917" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xfcyvuybivutcyrxt-1024x579.jpg" alt="" width="640" height="362" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xfcyvuybivutcyrxt-1024x579.jpg 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xfcyvuybivutcyrxt-300x170.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xfcyvuybivutcyrxt-768x434.jpg 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xfcyvuybivutcyrxt.jpg 1430w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>This goes without saying, but the iOS devices (Registration, Lead Capture and Session Scanning) do have access to personal information. To ensure the security of the data, devices are wiped at the end of the conference, which can be completed remotely through Meraki Systems Manager.<strong> </strong></p> <h3><strong>Content Caching</strong></h3> <p>One of the biggest problems affecting the iOS devices in Black Hat USA 2023 was the immediate need to both update the iOS device’s OS due to a patch to fix a zero-day vulnerability and to update the Black Hat iOS app on the devices. There were hundreds of devices, so this was a challenge for each to download and install. So, I took the initiative into looking into Apple’s Content Caching service built into macOS.</p> <p>Now, just to be clear, this wasn’t caching EVERYTHING&#8230; Just Apple App store updates and OS updates.</p> <p><img loading="lazy" class="aligncenter size-full wp-image-456918" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xrctvyrexfvgbhn.png" alt="" width="720" height="300" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xrctvyrexfvgbhn.png 720w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xrctvyrexfvgbhn-300x125.png 300w" sizes="(max-width: 720px) 100vw, 720px" /></p> <p>This is turned on withing System Setting and starts working immediately.</p> <p>I’m not going to get into the weeds of setting this up, because there’s so much to plan for. But, I’d suggest that you start <a href="https://support.apple.com/en-gb/guide/deployment/depe9b5c1aab/1/web/1.0">here.</a> The setting I did change was:</p> <p><img loading="lazy" class="aligncenter size-full wp-image-456919" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xsdcftvgyvftcdrx.png" alt="" width="720" height="276" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xsdcftvgyvftcdrx.png 720w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xsdcftvgyvftcdrx-300x115.png 300w" sizes="(max-width: 720px) 100vw, 720px" /></p> <h3><strong>Location and Jailbreak detection</strong></h3> <p>One thing that we haven’t spoken about in some time is Jailbreak detection and Location. There are many elements that we get back from a device, but two of them, Location and Jailbreak must be retrieved from a device using a supplemental application: In this case, the Meraki Systems Manager agent.</p> <p>HOWEVER, these can only be retrieved from the device if the application is running in the background. If the device has been rebooted, or the application terminated, then we don’t get anything.</p> <p>One of the other painful, but understandable, aspects of MDM is that you can’t launch an application remote on a mobile device&#8230;. But you can!</p> <p><img loading="lazy" class="aligncenter wp-image-456920 size-medium_large" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xrdcftvgybvftcdrx-768x415.png" alt="" width="640" height="346" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xrdcftvgybvftcdrx-768x415.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xrdcftvgybvftcdrx-300x162.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xrdcftvgybvftcdrx.png 936w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>On both Android and iOS, there’s a capability called <strong>Kiosk</strong> or <strong>Single App</strong> mode: Use cases for this are normally unattended devices, like in restaurants, or scanning devices like delivery drivers, etc. And when sending the command to the device to go into kiosk mode will launch the application. You can also send a command to remove kiosk mode from the device too. The great thing about this last point is that the application remains in focus and open!</p> <p>So, the other capability that using <strong>Meraki Systems Manager</strong> gives us is the ability to <em>schedule</em> settings. Therefore, we can turn on kiosk mode in the middle of the night and remove it an hour later.</p> <p>To ensure that this doesn’t impact the registration staff, we can go one step further: after we’ve launched Meraki Systems Manager, an hour later we can relaunch the registration application, <em>Swapcard Go.</em></p> <figure id="attachment_456922" aria-describedby="caption-attachment-456922" style="width: 640px" class="wp-caption aligncenter"><a href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.02.38 AM.png" target="_blank" rel="noopener"><img loading="lazy" class="wp-image-456922 size-large" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.02.38 AM-1024x520.png" alt="" width="640" height="325" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.02.38 AM-1024x520.png 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.02.38 AM-300x152.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.02.38 AM-768x390.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.02.38 AM.png 1222w" sizes="(max-width: 640px) 100vw, 640px" /></a><figcaption id="caption-attachment-456922" class="wp-caption-text"><strong>SM Kiosk Mode</strong></figcaption></figure> <p>&nbsp;</p> <figure id="attachment_456924" aria-describedby="caption-attachment-456924" style="width: 640px" class="wp-caption aligncenter"><a href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.04.54 AM.png" target="_blank" rel="noopener"><img loading="lazy" class="wp-image-456924 size-large" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.04.54 AM-1024x531.png" alt="" width="640" height="332" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.04.54 AM-1024x531.png 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.04.54 AM-300x155.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.04.54 AM-768x398.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.04.54 AM.png 1216w" sizes="(max-width: 640px) 100vw, 640px" /></a><figcaption id="caption-attachment-456924" class="wp-caption-text"><strong>SM Schedule</strong></figcaption></figure> <h3><strong>Systematic ThousandEyes Agent Deployment</strong></h3> <p>ThousandEyes has been a hit at Black Hat. At an event where understanding immediately where issues lie in the network and beyond to ensure a great conference is paramount, the visibility ThousandEyes gives is incredible. Given that, and the complexity of the network here, and given that we have a Mac Mini deployed for caching software updates, as we are using Meraki Systems Manager<strong> (SM) </strong>for other purposes, I thought I’d take the opportunity to deploy the <strong>ThousandEyes</strong> Agent using SM.</p> <p>The other reason is that, whilst we have a considerable amount of cloud and enterprise agents, we had no endpoint agents deployed. However, things are never that easy with software deployment, primarily because you need to provision / configure software once deployed. On mobile devices, this is straightforward, either using settings payloads, or by using <strong>Managed Appe Config</strong> to configure an app.</p> <p>On desktop, using MDM, we can normally use things like <strong>Managed Plists</strong> to do the same thing, but the TE agent does NOT support this. Once installed, we must call the agent with a string.</p> <p>So, to achieve all this, we can package the agent and command into a package using a command line utility on the Mac called <strong>PKGBUILD</strong> (more details <a href="https://www.unix.com/man-page/osx/1/pkgbuild/">here</a>).</p> <p>I also used a guide I’d written for the Meraki Community:  <a href="https://community.meraki.com/t5/Mobile-Device-Management/HOWTO-Package-files-scripts-and-apps-together-for-macOS/m-p/187857">HOWTO: Package files, scripts and apps together for macOS</a>.</p> <p><a href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfcgvhbguvyctdxr.png" target="_blank" rel="noopener"><img loading="lazy" class="aligncenter wp-image-456926" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfcgvhbguvyctdxr.png" alt="" width="640" height="315" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfcgvhbguvyctdxr.png 936w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfcgvhbguvyctdxr-300x147.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxfcgvhbguvyctdxr-768x377.png 768w" sizes="(max-width: 640px) 100vw, 640px" /></a></p> <p>&nbsp;</p> <p><a href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dctfvygbuyftc.png" target="_blank" rel="noopener"><img loading="lazy" class="aligncenter wp-image-456927 size-medium_large" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dctfvygbuyftc-768x632.png" alt="" width="640" height="527" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dctfvygbuyftc-768x632.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dctfvygbuyftc-300x247.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dctfvygbuyftc.png 936w" sizes="(max-width: 640px) 100vw, 640px" /></a></p> <h3><strong>Facts of note</strong></h3> <p><strong>The Postflight:</strong></p> <p style="padding-left: 40px;">#!/bin/bash</p> <p style="padding-left: 40px;"># this name will change with each version of the agent</p> <p style="padding-left: 40px;">installer -pkg /tmp/Endpoint\ Agent-x64-1.193.1.pkg -target /</p> <p style="padding-left: 40px;">/Applications/ThousandEyes\ Endpoint\ Agent.app/Contents/MacOS/te-agent &#8211;register &#8220;YOURUNIQUESTRING&#8221;</p> <p style="padding-left: 40px;">exit 0</p> <p style="padding-left: 40px;">The command to build the package using <strong>PKGBUILD</strong></p> <p style="padding-left: 40px;"><img loading="lazy" class="size-large wp-image-456928 alignnone" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.12.30 AM-1024x64.png" alt="" width="640" height="40" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.12.30 AM-1024x64.png 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.12.30 AM-300x19.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.12.30 AM-768x48.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/Screenshot-2024-05-14-at-5.12.30 AM.png 1120w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>&nbsp;</p> <p>Find more details on the <a href="https://docs.thousandeyes.com/product-documentation/global-vantage-points/endpoint-agents/installing/install-the-endpoint-agent">ThousandEyes Documentation</a> site or watch the video, <a href="https://www.youtube.com/watch?v=XC1kgfk_hrg">How to automate the deployment of ThousandEyes agent for macOS and Meraki Systems Manager</a></p> <h3><strong>Repurposing of Devices for the next show</strong></h3> <p>We were asked if there was anything we could do to leave the devices as they were for the next show. After careful consideration, we decided that we <em>could</em> leave the devices in a state that was amenable to everyone. The major requirement was leaving the <em>Swapcard Go</em> app on the device. But, as the app is provisioned for each show, it’s quite the process to remove configuration and then re-add it&#8230;.</p> <p>So, the other thing to note is the options that we have when installing (and removing) an application on a managed iOS device:</p> <p><a href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdrctfvygctxrrctvybutv76cr5ex.png" target="_blank" rel="noopener"><img loading="lazy" class="aligncenter wp-image-456929 size-medium_large" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdrctfvygctxrrctvybutv76cr5ex-768x263.png" alt="" width="640" height="219" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdrctfvygctxrrctvybutv76cr5ex-768x263.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdrctfvygctxrrctvybutv76cr5ex-300x103.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdrctfvygctxrrctvybutv76cr5ex.png 936w" sizes="(max-width: 640px) 100vw, 640px" /></a></p> <p><strong>Remove with MDM </strong>is the interesting one, as it allows us to, rather than <strong>WIPING</strong> the device at the end of the show, to remove management, including any apps and settings, and their corresponding data.</p> <p>The<em> problem</em> with this is that this was never a requirement at the start of the show. So, we now need a process in a particular order to facilitate this&#8230;. As this is for only a handful of devices:</p> <ol> <li>Deprovision the app from devices by unscoping the application in <strong>Meraki Systems Manager</strong></li> <li>Wait to see this command has completed across all devices</li> <li>Reprovision the app using MDM again, but with this being a new app install, it will allow the OS to keep the app in situ after an unenrollment</li> <li>Wait until completed</li> <li>Unenroll the device</li> </ol> <p><strong> </strong></p> <h2><span style="color: #6abf4b;"><strong>Domain Name Service Statistics</strong></span></h2> <p><em><strong>—by Christian Clasen</strong></em></p> <p>Since 2018, we have been tracking DNS stats at the Black Hat Asia conferences.</p> <p><img loading="lazy" class="aligncenter size-large wp-image-456930" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfyvgubibyvutcrx6ctuyvi-1024x579.jpg" alt="" width="640" height="362" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfyvgubibyvutcrx6ctuyvi-1024x579.jpg 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfyvgubibyvutcrx6ctuyvi-300x170.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfyvgubibyvutcrx6ctuyvi-768x434.jpg 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cfyvgubibyvutcrx6ctuyvi.jpg 1430w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>The historical DNS requests are in the chart below.</p> <p><a href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxrctfvygfctxrd.png" target="_blank" rel="noopener"><img loading="lazy" class="aligncenter wp-image-456931 size-medium_large" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxrctfvygfctxrd-768x405.png" alt="" width="640" height="338" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxrctfvygfctxrd-768x405.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxrctfvygfctxrd-300x158.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dxrctfvygfctxrd.png 936w" sizes="(max-width: 640px) 100vw, 640px" /></a></p> <p>With over 18.2M DNS requests made, we had the most to date at an Asia show. We made visibility advancements at the previous year’s Asia conference. Prior to Asia 2023, we were allowing attendees to use their chosen DNS resolvers over our assigned internal Umbrella Virtual Appliances. In coordination with Palo Alto Networks (the conference Firewall provider), we began intercepting and redirecting DNS queries for other resolvers, to force resolution through the Umbrella gear. While this is only effective for plain-text DNS queries and not encrypted protocols like DNS over HTTPS, it never-the-less dramatically increased visibility as evidenced by the numbers in the accompanying charts.</p> <p><a href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cdftvygbuyvtcexr.png" target="_blank" rel="noopener"><img loading="lazy" class="aligncenter wp-image-456932 size-medium_large" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cdftvygbuyvtcexr-768x384.png" alt="" width="640" height="320" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cdftvygbuyvtcexr-768x384.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cdftvygbuyvtcexr-300x150.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cdftvygbuyvtcexr.png 936w" sizes="(max-width: 640px) 100vw, 640px" /></a></p> <p>The Activity volume view from Umbrella gives a top-level level glance of activities by category, which we can drill into for deeper threat hunting. On trend with the previous Black Hat Asia events, the top Security categories were Malware and Newly Seen Domains.</p> <p>In a real-world environment, of the 18.2M requests that Umbrella saw, over 2,000 of them would have been blocked by our default security policies. However, since this is a place for learning, we typically let everything fly.</p> <p>We also track the Apps using DNS, using App Discovery.</p> <ul> <li>2024: 4,327 apps</li> <li>2023: 1,162 apps</li> <li>2022: 2,286 apps</li> </ul> <p><a href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dcfvygbuhgvyfctdxr.png" target="_blank" rel="noopener"><img loading="lazy" class="aligncenter wp-image-456933 size-medium_large" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dcfvygbuhgvyfctdxr-768x249.png" alt="" width="640" height="208" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dcfvygbuhgvyfctdxr-768x249.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dcfvygbuhgvyfctdxr-300x97.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dcfvygbuhgvyfctdxr.png 936w" sizes="(max-width: 640px) 100vw, 640px" /></a></p> <p>&nbsp;</p> <p>App Discovery in Umbrella gives us a quick snapshot of the cloud apps in use at the show. Not surprisingly, Generative AI (Artificial Intelligence) has exploded over the previous year as a top application.</p> <p>Umbrella also identifies risky cloud applications. Should the need arise, we can block any application via DNS, such as Generative AI apps, Wi-Fi Analyzers, or anything else that has suspicious undertones.</p> <div id='gallery-1' class='gallery galleryid-456886 gallery-columns-3 gallery-size-thumbnail'><figure class='gallery-item'> <div class='gallery-icon portrait'> <a href='https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud/attachment/dctgygtfrdeswasedrtfy'><img width="150" height="150" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dctgygtfrdeswasedrtfy-150x150.png" class="attachment-thumbnail size-thumbnail" alt="" loading="lazy" aria-describedby="gallery-1-456934" /></a> </div> <figcaption class='wp-caption-text gallery-caption' id='gallery-1-456934'> App Discovery in Umbrella </figcaption></figure><figure class='gallery-item'> <div class='gallery-icon landscape'> <a href='https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud/attachment/drctfvygbuvyfctdxr'><img width="150" height="150" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/drctfvygbuvyfctdxr-150x150.png" class="attachment-thumbnail size-thumbnail" alt="" loading="lazy" aria-describedby="gallery-1-456936" /></a> </div> <figcaption class='wp-caption-text gallery-caption' id='gallery-1-456936'> Apps by Category and Risk </figcaption></figure><figure class='gallery-item'> <div class='gallery-icon landscape'> <a href='https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud/attachment/dctfvygbuyvfctdxrdtcfyvgfctx'><img width="150" height="150" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/dctfvygbuyvfctdxrdtcfyvgfctx-150x150.png" class="attachment-thumbnail size-thumbnail" alt="" loading="lazy" aria-describedby="gallery-1-456935" /></a> </div> <figcaption class='wp-caption-text gallery-caption' id='gallery-1-456935'> DNS Requests by App Risk </figcaption></figure> </div> <p>&nbsp;</p> <p>Again, this is not something we would normally do on our General Wi-Fi network, but there are exceptions. For example, every so often, an attendee will learn a cool hack in one of the Black Hat courses or in the Arsenal lounge AND try to use said hack at the conference itself. That is obviously a ‘no-no’ and, in many cases, very illegal. If things go too far, we will take the appropriate action.</p> <p>During the conference NOC Report, the NOC leaders also report of the Top Categories seen at Black Hat.</p> <p><img loading="lazy" class="aligncenter size-large wp-image-456937" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/ctytvuybvtyrtextrcytvuybi-1024x639.png" alt="" width="640" height="399" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/ctytvuybvtyrtextrcytvuybi-1024x639.png 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/ctytvuybvtyrtextrcytvuybi-300x187.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/ctytvuybvtyrtextrcytvuybi-768x479.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/ctytvuybvtyrtextrcytvuybi.png 1064w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>Overall, we are immensely proud of the collaborative efforts made here at Black Hat Asia, by both the Cisco team and all the partners in the NOC.</p> <p><img loading="lazy" class="aligncenter size-large wp-image-456938" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xerctvytvrcterxwz-1024x905.jpg" alt="" width="640" height="566" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xerctvytvrcterxwz-1024x905.jpg 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xerctvytvrcterxwz-300x265.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xerctvytvrcterxwz-768x679.jpg 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xerctvytvrcterxwz.jpg 1109w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p><a href="https://www.blackhat.com/us-24/noc.html">Black Hat USA</a> will be in August 2024, in Las Vegas. Christian Clasen will lead the Cisco team in the NOC, so follow his <a href="https://blogs.cisco.com/author/christianclasen">blog</a> to see if what happens in Vegas, stays in Vegas.</p> <h3><strong>Acknowledgments</strong></h3> <p>Thank you to the Cisco NOC team:</p> <ul> <li><strong>Cisco Security</strong>: Christian Clasen, Shaun Coulter, Aditya Raghavan, Adam Kilgore, Patrick Yong and Ryan Maclennan</li> <li><strong>Meraki Systems Manager:</strong> Paul Fidler and Connor Loughlin</li> <li><strong>Additional Support and Expertise</strong>: Adi Sankar, Robert Harris, Jordan Chapian, Junsong Zhao, Vadim Ivlev and Ajit Thyagarajan</li> </ul> <p><img loading="lazy" class="aligncenter size-large wp-image-456939" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdrctfvygbvftcdrxsz-1024x586.png" alt="" width="640" height="366" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdrctfvygbvftcdrxsz-1024x586.png 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdrctfvygbvftcdrxsz-300x172.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdrctfvygbvftcdrxsz-768x439.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/xdrctfvygbvftcdrxsz.png 1430w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p>Also, to our NOC partners <strong>NetWitness </strong>(especially Iain Davidson and Alessandro Zatti), <strong>Palo Alto Networks</strong> (especially James Holland and Jason Reverri), <strong>Corelight (</strong>especially Mark Overholser and Eldon Koyle), <strong>Arista Networks </strong>(especially Jonathan Smith), <strong>MyRepublic </strong>and the entire <strong>Black Hat / Informa Tech </strong>staff (especially Grifter ‘Neil Wyler’, Bart Stump, Steve Fink, James Pope, Michael Spicer, Jess Jung and Steve Oldenbourg).</p> <p><img loading="lazy" class="aligncenter size-large wp-image-456940" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cftvygbuvyfctdxrdtcfyvg-1024x685.jpg" alt="" width="640" height="428" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cftvygbuvyfctdxrdtcfyvg-1024x685.jpg 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cftvygbuvyfctdxrdtcfyvg-300x201.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cftvygbuvyfctdxrdtcfyvg-768x513.jpg 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/05/cftvygbuvyfctdxrdtcfyvg.jpg 1430w" sizes="(max-width: 640px) 100vw, 640px" /></p> <h3><strong>About Black Hat</strong></h3> <p>Black Hat is the cybersecurity industry’s most established and in-depth security event series. Founded in 1997, these annual, multi-day events provide attendees with the latest in cybersecurity research, development, and trends. Driven by the needs of the community, Black Hat events showcase content directly from the community through Briefings presentations, Trainings courses, Summits, and more. As the event series where all career levels and academic disciplines convene to collaborate, network, and discuss the cybersecurity topics that matter most to them, attendees can find Black Hat events in the United States, Canada, Europe, Middle East and Africa, and Asia. For more information, please visit <a href="http://www.blackhat.com">www.blackhat.com</a>. <a href="https://www.businesswire.com/news/home/20240430857994/en/Black-Hat-Asia-2024-Showcases-Latest-Cybersecurity-Findings-at-Singapore-Event">See</a> the press release for Black Hat Asia 2024.</p> <p>&nbsp;</p> <hr /> <p style="text-align: center;"><em>We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!</em></p> <p style="text-align: center;"><strong>Cisco Security Social Channels</strong></p> <p style="text-align: center;"><strong><a href="https://www.instagram.com/CiscoSecure/" target="_blank" rel="noopener noreferrer">Instagram</a></strong><br /> <strong><a href="https://www.facebook.com/ciscosecure/" target="_blank" rel="noopener noreferrer">Facebook</a></strong><br /> <strong><a href="https://twitter.com/CiscoSecure" target="_blank" rel="noopener noreferrer">Twitter</a></strong><br /> <strong><a href="https://www.linkedin.com/showcase/cisco-secure" target="_blank" rel="noopener noreferrer">LinkedIn</a></strong></p> <div id="share_bar_desktop"> <span class = "share_title">Share</span> <div class="twitter"> <div class = "box"> <a class = "share" href="https://twitter.com/intent/tweet?url=https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud&text=Black Hat Asia 2024 NOC: Cisco Security Cloud&via=ciscosecure" target='_blank' data-config-metrics-group='social_shares' data-config-metrics-title='twitter_shares' data-config-metrics-item='twitter_share'> <img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_X_white.svg" alt="share on twitter"></a> </div> </div> <div class="facebook"> <div class = "box"> <a class = "share" href = "http://www.facebook.com/sharer/sharer.php?u=https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud&title=Black Hat Asia 2024 NOC: Cisco Security Cloud" data-config-metrics-group='social_shares' data-config-metrics-title='facebook_shares' data-config-metrics-item='facebook_share' onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_fb_white.svg" alt="share on facebook"></a> </div> </div> <div class="linkedin"> <div class = "box"> <a class = "share" href = "https://www.linkedin.com/cws/share?url=https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud" data-title=" " data-config-metrics-group='social_shares' data-config-metrics-title='linkedin_shares' data-config-metrics-item='linkedin_share' onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_li_white.svg" alt="share on linkedin"></a> </div> </div> <div class = "mail"> <div class = "box"> <a class="share" href="mailto:?subject=Cisco Blog: Black Hat Asia 2024 NOC: Cisco Security Cloud&body=I saw this post on Cisco Blogs and thought you might like to read it.%0A%0ABlack Hat Asia 2024 NOC: Cisco Security Cloud%0A%0Ahttps://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud%0A%0A****Disclaimer****%0A%0ACisco is not responsible for the content of this email, and its contents do not necessarily reflect Cisco’s views or opinions. Cisco has not verified the email address or name of the sender." data-config-metrics-group='social_shares' data-config-metrics-title='email_shares' data-config-metrics-item='email_share'> <img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_email_white.svg"> </a> </div> </div> <div class = "clear"></div> </div> <br> <div class = "share_text">Share:</div> <div id="share_bar_mobile"> <div class="twitter"> <div class = "box"> <a class = "share" href="https://twitter.com/intent/tweet?url=https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud&text=Black Hat Asia 2024 NOC: Cisco Security Cloud&via=ciscosecure" target='_blank' data-config-metrics-group='social_shares' data-config-metrics-title='twitter_shares' data-config-metrics-item='twitter_share'> <img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_X_white.svg" alt="share on twitter"></a> </div> </div> <div class="facebook"> <div class = "box"> <a class = "share" href = "http://www.facebook.com/sharer/sharer.php?u=https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud&title=Black Hat Asia 2024 NOC: Cisco Security Cloud" data-config-metrics-group='social_shares' data-config-metrics-title='facebook_shares' data-config-metrics-item='facebook_share' onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_fb_white.svg" alt="share on facebook"></a> </div> </div> <div class="linkedin"> <div class = "box"> <a class = "share" href = "https://www.linkedin.com/cws/share?url=https://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud" data-title=" " data-config-metrics-group='social_shares' data-config-metrics-title='linkedin_shares' data-config-metrics-item='linkedin_share' onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_li_white.svg" alt="share on linkedin"></a> </div> </div> <div class = "mail"> <div class = "box"> <a class="share" href="mailto:?subject=Cisco Blog: Black Hat Asia 2024 NOC: Cisco Security Cloud&body=I saw this post on Cisco Blogs and thought you might like to read it.%0A%0ABlack Hat Asia 2024 NOC: Cisco Security Cloud%0A%0Ahttps://blogs.cisco.com/security/black-hat-asia-2024-noc-cisco-security-cloud%0A%0A****Disclaimer****%0A%0ACisco is not responsible for the content of this email, and its contents do not necessarily reflect Cisco’s views or opinions. Cisco has not verified the email address or name of the sender." data-config-metrics-group='social_shares' data-config-metrics-title='email_shares' data-config-metrics-item='email_share'> <img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_email_white.svg"> </a> </div> </div> <div class = "clear"></div> </div> <br> </div><!-- .entry-content --> <div class="author-section"> <div><h2>Authors</h2></div> <div class="auth-row"> <div class="blog-row author-bio"> <div class="item-thirds-1 author-bio-box" > <div class="author-image" > <a href="https://blogs.cisco.com/author/jessicabair"><img src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/07/1542121278-bpfull.jpg" width="150" height="150" alt="Avatar" class="avatar avatar-150wp-user-avatar wp-user-avatar-150 alignnone photo avatar-default"> </a> </div> <div class="author-info"> <h3><a href="https://blogs.cisco.com/author/jessicabair"> Jessica Bair</a> </h3> <h4 class="title">Director, Cisco Secure Strategic Alliances </h4> <h4>Advanced Threat Solutions</h4> <a href="https://twitter.com/jessicambair" rel="nofollow" target="_blank"><img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_X_navy.svg" alt="share on facebook"></a><a href="http://www.linkedin.com/in/jessbair" rel="nofollow" target="_blank"><img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_li_navy.svg" alt="share on facebook"></a> </div> </div><!--end author image and name--> </div><!-- .author-bio --> </div> </div> <footer class="entry-footer"> </footer><!-- .entry-footer --> </article> <div id="tags-container">Tags: <a href="https://blogs.cisco.com/tag/black-hat" rel="tag">Black Hat</a> <a href="https://blogs.cisco.com/tag/breach-protection-suite" rel="tag">Breach Protection Suite</a> <a href="https://blogs.cisco.com/tag/cisco-security-cloud" rel="tag">Cisco Security Cloud</a> <a href="https://blogs.cisco.com/tag/cisco-user-protection-suite" rel="tag">Cisco User Protection Suite</a> <a href="https://blogs.cisco.com/tag/cisco-xdr" rel="tag">Cisco XDR</a> <a href="https://blogs.cisco.com/tag/cloud-protection-suite" rel="tag">Cloud Protection Suite</a> <a href="https://blogs.cisco.com/tag/cybersecurity-noc" rel="tag">cybersecurity NOC</a> <a href="https://blogs.cisco.com/tag/mdm" rel="tag">Mobile Device Manager (MDM)</a> <a href="https://blogs.cisco.com/tag/security-operations-center" rel="tag">Security Operations Center (SOC)</a> <a href="https://blogs.cisco.com/tag/talos-meraki" rel="tag">Talos Meraki</a> <a href="https://blogs.cisco.com/tag/telemetry-broker" rel="tag">Telemetry Broker</a> <a href="https://blogs.cisco.com/tag/thousandeyes" rel="tag">ThousandEyes</a> <a href="https://blogs.cisco.com/tag/umbrella" rel="tag">Umbrella</a> <hr id="comment-break-line"> </div> </main><!-- #main --> </div><!-- #primary --> <div class="blog-row cui cta"> <div class="item-halves-1"> <div class="cta-container"> <div class="cta-image"> <img src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2023/07/IL20230719143932-Cybersecurity-Expert-graphic-marquee-3-scaled-150x150.jpg"> </div> <!-- end CTA image --> <div class="cta-description"> <h2>Cisco Cybersecurity Viewpoints</h2> <p>Where security insights and innovation meet. Read the e-book, see the video, dive into the infographic and more...</p> <div class="btn--parent"> <button class="btn--primary1" onclick="window.location.href = 'https://www.cisco.com/c/m/en_us/products/security/cybersecurity-viewpoints.html?CCID=cc000160&OID=otrsc031293&DTID=oblgcdc000651';"> <!--<span class="buttontext"></span>--> Get expert perspectives now </button> </div> <!-- end CTA button --> </div> <!-- end CTA description--> <!-- DS916 --> <!-- DS916 --> </div> <!-- end CTA container --> </div> <!--end item half--> <div class="item-halves-2"> <div class="cta-container"> <div class="cta-image"> <img src="https://alln-extcloud-storage.cisco.com/Cisco_Blogs:blogs/1/2020/01/IL20200117171458-Screen-Shot-2020-01-17-at-12.13.39-PM-150x150.png"> </div> <!-- end CTA image --> <div class="cta-description"> <h2>Why Cisco Security?</h2> <p>Explore our Products &amp; Services</p> <div class="btn--parent"> <button class="btn--primary1" onclick="window.location.href = 'https://www.cisco.com/c/en/us/products/security/index.html';"> <!--<span class="buttontext"></span>--> Learn More </button> </div> <!-- end CTA button --> </div> <!-- end CTA description--> <!-- DS916 --> <!-- DS916 --> </div> <!-- end CTA container --> </div> <!--end item half--> </div><!--end of CTA row --> </div><!-- #content --> <!-- Open Social Footer --> <div id="social-footer" class="blog-row"> <ul class="social-footer-item item-full"> <h5> CONNECT WITH US </h5> <ul id="social-icons-list"> <li> <a href="https://www.linkedin.com/company/cisco/" target="_blank" rel=”noopener noreferrer” tabindex="0" alt="Go to Cisco's LinkedIn"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><path d="m24.80382,24.53603l-3.70694,0l0,-5.62559c0,-1.34209 -0.02431,-3.06801 -1.92709,-3.06801c-1.92986,0 -2.22361,1.46262 -2.22361,2.97171l0,5.72189l-3.70347,0l0,-11.56902l3.55417,0l0,1.58181l0.05069,0c0.49445,-0.90976 1.70486,-1.86868 3.50903,-1.86868c3.75347,0 4.44722,2.39528 4.44722,5.51111l0,6.34478zm-15.74236,-13.1495c-1.19097,0 -2.15139,-0.934 -2.15139,-2.08552c0,-1.15084 0.96042,-2.08485 2.15139,-2.08485c1.18611,0 2.14931,0.93401 2.14931,2.08485c0,1.15152 -0.9632,2.08552 -2.14931,2.08552l0,0zm1.85486,13.1495l0,-11.56902l-3.71111,0l0,11.56902l3.71111,0zm15.73403,-20.65724l-21.30556,0c-1.01736,0 -1.84444,0.78249 -1.84444,1.74815l0,20.74545c0,0.96499 0.82708,1.74882 1.84444,1.74882l21.30556,0c1.02014,0 1.84931,-0.78383 1.84931,-1.74882l0,-20.74545c0,-0.96566 -0.82917,-1.74815 -1.84931,-1.74815l0,0z" fill="#fff" fill-rule="evenodd"></path></svg></a></li> <li> <a href="https://twitter.com/ciscosecure" target="_blank" rel=”noopener noreferrer” tabindex="0" alt="Go to Cisco's Twitter"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <path d="M25.2019 2H30.1087L19.3887 13.8605L32 30H22.1254L14.3913 20.2115L5.54174 30H0.631901L12.0981 17.3138L0 2H10.1252L17.1162 10.9471L25.2019 2ZM23.4797 27.1569H26.1987L8.64785 4.69374H5.73013L23.4797 27.1569Z" fill="#fff"/> </svg></a></li> <li> <a href="https://www.facebook.com/cisco/" target="_blank" rel=”noopener noreferrer” tabindex="0" alt="Go to Cisco's Facebook"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><path d="m26.62006,4l-22.2403,0c-0.7622,0 -1.37976,0.59894 -1.37976,1.33804l0,21.56635c0,0.73891 0.61756,1.33803 1.37976,1.33803l11.97343,0l0,-9.38796l-3.25793,0l0,-3.65868l3.25793,0l0,-2.69815c0,-3.13113 1.97213,-4.83613 4.85266,-4.83613c1.37975,0 2.56571,0.09955 2.91135,0.14415l0,3.2722l-1.99788,0.00091c-1.56654,0 -1.86993,0.72183 -1.86993,1.7812l0,2.33582l3.7362,0l-0.48652,3.65868l-3.24968,0l0,9.38796l6.37067,0c0.76191,0 1.37975,-0.59912 1.37975,-1.33803l0,-21.56635c0,-0.7391 -0.61784,-1.33804 -1.37975,-1.33804" fill="#fff"></path></svg></a></li> <li> <a href="https://www.instagram.com/cisco/?hl=en" target="_blank" rel=”noopener noreferrer” tabindex="0" alt= "Go to Cisco's Instagram"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g fill="#fff"><path d="m22.23823,2.07724l-12.4768,0c-4.23706,0 -7.68419,3.44729 -7.68419,7.68435l0,12.4768c0,4.23723 3.44713,7.68436 7.68419,7.68436l12.4768,0c4.23739,0 7.68452,-3.4473 7.68452,-7.68436l0,-12.4768c0.00016,-4.23706 -3.44713,-7.68435 -7.68452,-7.68435zm5.21409,20.16115c0,2.87494 -2.33899,5.21377 -5.21393,5.21377l-12.47696,0c-2.87478,0.00016 -5.2136,-2.33883 -5.2136,-5.21377l0,-12.4768c0,-2.87477 2.33882,-5.21376 5.2136,-5.21376l12.4768,0c2.87494,0 5.21393,2.33899 5.21393,5.21376l0,12.4768l0.00016,0z"></path><path d="m15.99999,8.82524c-3.9564,0 -7.17508,3.21868 -7.17508,7.17508c0,3.95624 3.21868,7.17476 7.17508,7.17476c3.9564,0 7.17509,-3.21852 7.17509,-7.17476c0,-3.9564 -3.21869,-7.17508 -7.17509,-7.17508zm0,11.87908c-2.59395,0 -4.70449,-2.11021 -4.70449,-4.70416c0,-2.59412 2.11038,-4.7045 4.70449,-4.7045c2.59412,0 4.7045,2.11038 4.7045,4.7045c0,2.59395 -2.11054,4.70416 -4.7045,4.70416z"></path><path d="m23.47599,6.73035c-0.476,0 -0.9436,0.1927 -1.27976,0.53035c-0.33781,0.336 -0.532,0.80376 -0.532,1.28141c0,0.47617 0.19435,0.94377 0.532,1.28141c0.336,0.336 0.80376,0.53036 1.27976,0.53036c0.47765,0 0.94377,-0.19436 1.28141,-0.53036c0.33765,-0.33764 0.53036,-0.80541 0.53036,-1.28141c0,-0.47765 -0.19271,-0.94541 -0.53036,-1.28141c-0.336,-0.33765 -0.80376,-0.53035 -1.28141,-0.53035z"></path></g></svg></a></li> <li> <a href="https://www.youtube.com/user/Cisco/welcome" target="_blank" rel=”noopener noreferrer” tabindex="0" alt="Go to Cisco's Youtube"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><path d="m12.73901,19.93335l-0.00144,-8.54172l8.47104,4.28574l-8.4696,4.25598zm18.59878,-10.02146c0,0 -0.30631,-2.09493 -1.24635,-3.01746c-1.19214,-1.21081 -2.52842,-1.21682 -3.14122,-1.28769c-4.38704,-0.30753 -10.96784,-0.30753 -10.96784,-0.30753l-0.01363,0c0,0 -6.58064,0 -10.96784,0.30753c-0.61283,0.07087 -1.94862,0.07688 -3.14119,1.28769c-0.93998,0.92253 -1.24586,3.01746 -1.24586,3.01746c0,0 -0.31352,2.46013 -0.31352,4.92024l0,2.30635c0,2.46008 0.31352,4.92018 0.31352,4.92018c0,0 0.30588,2.09496 1.24586,3.01749c1.19257,1.21085 2.7591,1.17254 3.45682,1.29945c2.50808,0.23321 10.65906,0.30539 10.65906,0.30539c0,0 6.58758,-0.00962 10.97462,-0.31712c0.6128,-0.07089 1.94908,-0.07687 3.14122,-1.28772c0.94004,-0.92253 1.24635,-3.01749 1.24635,-3.01749c0,0 0.31306,-2.4601 0.31306,-4.92018l0,-2.30635c0,-2.46011 -0.31306,-4.92024 -0.31306,-4.92024l0,0z" fill="#fff"></path></svg></a></li> </ul> </ul> </div> <!-- Close Social Footer --> </cdc-template-micro> <!-- close cdc-template--> </div><!-- #page --> <script type="text/javascript" src="//www.cisco.com/c/dam/cdc/t/ctm.js"></script> <script> function convert_to_url(obj) { return Object .keys(obj) .map(k => `${encodeURIComponent(k)}=${encodeURIComponent(obj[k])}`) .join('&'); } function pass_to_backend() { if(window.location.hash) { var hash = window.location.hash; var elements = {}; hash.split("#")[1].split("&").forEach(element => { var vars = element.split("="); elements[vars[0]] = vars[1]; }); if(("access_token" in elements) || ("id_token" in elements) || ("token" in elements)) { if(window.location.href.indexOf("?") !== -1) { window.location = (window.location.href.split("?")[0] + window.location.hash).split('#')[0] + "?" + convert_to_url(elements); } else { window.location = window.location.href.split('#')[0] + "?" + convert_to_url(elements); } } } } pass_to_backend(); </script> <script type='text/javascript' src='https://blogs.cisco.com/wp-content/themes/ciscowordpress/js/navigation.js?ver=20151215' id='ciscowordpress-navigation-js'></script> <script type='text/javascript' src='https://blogs.cisco.com/wp-content/themes/ciscowordpress/js/skip-link-focus-fix.js?ver=20151215' id='ciscowordpress-skip-link-focus-fix-js'></script> </body> </html> <!-- Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/ Served from: blogs.cisco.com @ 2024-11-23 13:29:59 by W3 Total Cache -->

Pages: 1 2 3 4 5 6 7 8 9 10