{"id":12706,"date":"2025-08-20T02:17:40","date_gmt":"2025-08-19T17:17:40","guid":{"rendered":"https:\/\/aireviewirush.com\/?p=12706"},"modified":"2025-08-20T02:17:40","modified_gmt":"2025-08-19T17:17:40","slug":"findings-report-from-the-soc-at-rsac-2025-convention","status":"publish","type":"post","link":"https:\/\/aireviewirush.com\/?p=12706","title":{"rendered":"Findings Report From the SOC at RSAC\u2122 2025 Convention"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p>Cisco and Endace have launched the Findings Report from the Safety Operations Middle (SOC) at RSAC\u2122 2025 Convention.<\/p>\n<p>The companions used information from the Moscone Middle Wi-fi Community to supply SOC providers. Since 2017, the aim of the SOC has been to observe the community exercise in the course of the occasion and supply SOC excursions and classes in the course of the convention. From the excursions and classes \u2014 and this Findings Report printed by sponsors Cisco and Endace \u2014 you may find out about what occurs on an open, unsecure wi-fi community. The community infrastructure at RSAC is managed by the Moscone Middle. You&#8217;ll be able to watch the <a href=\"https:\/\/www.rsaconference.com\/USA\/agenda\/session\/PROTECTED%20The%206th%20Annual%20Report%20from%20the%20SOC%20at%20RSAC\" target=\"_blank\" rel=\"noreferrer noopener\">replay of the 2025 session.<\/a><\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"555\" height=\"312\" data-lazy-type=\"image\" src=\"https:\/\/storage.googleapis.com\/blogs-images-new\/ciscoblogs\/1\/2025\/08\/rsac_2025_soc_tour.webp\" alt=\"\" class=\"lazy lazy-hidden wp-image-476500\"><noscript><img loading=\"lazy\" decoding=\"async\" width=\"555\" height=\"312\" src=\"https:\/\/storage.googleapis.com\/blogs-images-new\/ciscoblogs\/1\/2025\/08\/rsac_2025_soc_tour.webp\" alt=\"\" class=\"wp-image-476500\"><\/noscript><\/figure>\n<\/div>\n<p>The SOC Workforce at RSAC 2025 deployed the <a href=\"https:\/\/www.endace.com\/endaceprobe\" target=\"_blank\" rel=\"noreferrer noopener\">EndaceProbe<\/a> packet seize platform, built-in with the suite of Cisco instruments. Additionally, SOC engineers used <a href=\"https:\/\/www.cisco.com\/site\/us\/en\/products\/security\/security-cloud\/index.html\" target=\"_blank\" rel=\"noreferrer noopener\">Cisco Safety Cloud<\/a> within the SOC, comprised of <a href=\"https:\/\/www.cisco.com\/site\/us\/en\/products\/security\/breach-protection\/index.html#tabs-ca9b217826-item-9e6cde6a19-tab\" target=\"_blank\" rel=\"noreferrer noopener\">Cisco Breach Safety Suite<\/a> and <a href=\"https:\/\/www.cisco.com\/site\/us\/en\/products\/security\/user-protection\/index.html\" target=\"_blank\" rel=\"noreferrer noopener\">Consumer Safety Suite,<\/a> with the inspiration of <a href=\"https:\/\/www.cisco.com\/site\/us\/en\/products\/security\/firewalls\/index.html\" target=\"_blank\" rel=\"noreferrer noopener\">Safe Firewall<\/a>.<\/p>\n<p>The <a href=\"https:\/\/www.cisco.com\/site\/us\/en\/products\/security\/cloud-protection\/index.html\" target=\"_blank\" rel=\"noreferrer noopener\">Cloud Safety Suite<\/a> was deployed to safe the SOC cloud infrastructure, together with <a href=\"https:\/\/www.cisco.com\/site\/us\/en\/solutions\/security\/identity-intelligence\/index.html\" target=\"_blank\" rel=\"noreferrer noopener\">Cisco Id Intelligence<\/a> and <a href=\"https:\/\/www.cisco.com\/site\/us\/en\/products\/security\/ai-defense\/index.html\" target=\"_blank\" rel=\"noreferrer noopener\">AI Protection<\/a>.<\/p>\n<p>Incidents have been investigated with risk intelligence, offered by <a href=\"https:\/\/talosintelligence.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Cisco Talos<\/a>, and licenses donated by\u202f <a href=\"https:\/\/www.alphamountain.ai\/\" target=\"_blank\" rel=\"noreferrer noopener\">alphaMountain<\/a> &amp; <a href=\"https:\/\/pulsedive.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Pulsedive,<\/a> together with group sources.<\/p>\n<p><a href=\"http:\/\/www.endace.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Endace,<\/a> all the time on packet seize, was provisioned to document all Community visitors, enabling full investigation of any anomalous conduct. Endace can be producing Metadata (together with Zeek logs) and NetFlow information into Cisco Safe Community Analytics (SNA) and Splunk Platform. File content material was reconstructed on the fly by Endace, filtered, and streamed to Splunk Assault Analyzer and Cisco Safe Malware Analytics for sandboxing and evaluation.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"935\" height=\"531\" data-lazy-type=\"image\" src=\"https:\/\/storage.googleapis.com\/blogs-images-new\/ciscoblogs\/1\/2025\/08\/rsac_2025_soc_architecture.webp\" alt=\"\" class=\"lazy lazy-hidden wp-image-476503\" style=\"width:657px;height:auto\"><noscript><img loading=\"lazy\" decoding=\"async\" width=\"935\" height=\"531\" src=\"https:\/\/storage.googleapis.com\/blogs-images-new\/ciscoblogs\/1\/2025\/08\/rsac_2025_soc_architecture.webp\" alt=\"\" class=\"wp-image-476503\" style=\"width:657px;height:auto\"><\/noscript><\/figure>\n<\/div>\n<p>Workflow integrations to Endace from inside <a href=\"https:\/\/www.splunk.com\/en_us\/products\/enterprise-security.html\" target=\"_blank\" rel=\"noreferrer noopener\">Splunk Enterprise Safety<\/a>, Cisco XDR, SNA, and Safe Firewall, streamlined the work of the SOC workforce when investigating potential incidents. Endace packet information was used to grasp exercise earlier than, throughout and after any alerts, determine lateral motion, potential C2 (command and management), seek for IOCs (Indicators of Compromise), and examine any severe threats that raised the workforce members\u2019 suspicions. No decryption was carried out on any community information or connections.<\/p>\n<p>The Findings Report consists of sections about:\u00a0<\/p>\n<ul class=\"wp-block-list\">\n<li>The Community<\/li>\n<li>Know-how used within the SOC at RSAC Convention\u00a0<\/li>\n<li>The Statistics<\/li>\n<li>Safety Incident and Occasion Administration<\/li>\n<li>XDR Integration and Risk Searching<\/li>\n<li>Safe Entry<\/li>\n<li>Intrusion Detection with Cisco Safe Firewall<\/li>\n<li>Tales of Insecurity<\/li>\n<li>Defending the SOC Infrastructure<\/li>\n<li>Conclusion<\/li>\n<\/ul>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"510\" height=\"245\" data-lazy-type=\"image\" src=\"https:\/\/storage.googleapis.com\/blogs-images-new\/ciscoblogs\/1\/2025\/08\/rsac_2025_soc_team.webp\" alt=\"\" class=\"lazy lazy-hidden wp-image-476504\" style=\"width:597px;height:auto\"><noscript><img loading=\"lazy\" decoding=\"async\" width=\"510\" height=\"245\" src=\"https:\/\/storage.googleapis.com\/blogs-images-new\/ciscoblogs\/1\/2025\/08\/rsac_2025_soc_team.webp\" alt=\"\" class=\"wp-image-476504\" style=\"width:597px;height:auto\"><\/noscript><\/figure>\n<\/div>\n<p>Obtain the <a href=\"https:\/\/www.cisco.com\/c\/en\/us\/products\/collateral\/security\/security-operations-center-findings-report-rsac.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Findings Report from the Safety Operations Middle (SOC) at RSAC 2025 Convention<\/a>. You may also view the <a href=\"https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/security\/security-operations-center-findings-report-rsac-2024.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">2024 report<\/a>. We stay up for seeing you in <a href=\"https:\/\/www.rsaconference.com\/about\/sponsorship-opportunities\" target=\"_blank\" rel=\"noreferrer noopener\">late March 2026<\/a>!<\/p>\n<p>Acknowledgements: Our appreciation to those that made the SOC at RSAC attainable. Please see the Report for the engineering roles, thanks.<\/p>\n<hr class=\"wp-block-separator has-text-color has-medium-gray-color has-alpha-channel-opacity has-medium-gray-background-color has-background\"\/>\n<p class=\"has-text-align-center\"><em>We\u2019d love to listen to what you assume! Ask a query and keep linked with Cisco Safety on social media.<\/em><\/p>\n<p class=\"has-text-align-center\"><strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-cisco-green-color\">Cisco Safety Social Media<\/mark><\/strong><\/p>\n<p class=\"has-text-align-center\"><a href=\"https:\/\/www.linkedin.com\/showcase\/cisco-secure\" target=\"_blank\" rel=\"noreferrer noopener\">LinkedIn<\/a><br \/><a href=\"https:\/\/www.facebook.com\/ciscosecure\/\" target=\"_blank\" rel=\"noreferrer noopener\">Fb<\/a><br \/><a href=\"https:\/\/www.instagram.com\/Ciscosecurity\/\" target=\"_blank\" rel=\"noreferrer noopener\">Instagram<\/a><br \/><a href=\"https:\/\/twitter.com\/CiscoSecure\" target=\"_blank\" rel=\"noreferrer noopener\">X<\/a><\/p>\n<p>Share:<\/p>\n<p>\n  \t<\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><script async defer src=\"https:\/\/platform.instagram.com\/en_US\/embeds.js\"><\/script><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cisco and Endace have launched the Findings Report from the Safety Operations Middle (SOC) at RSAC\u2122 2025 Convention. The companions used information from the Moscone Middle Wi-fi Community to supply SOC providers. Since 2017, the aim of the SOC has been to observe the community exercise in the course of the occasion and supply SOC [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":12708,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[],"class_list":["post-12706","post","type-post","status-publish","format-standard","has-post-thumbnail","category-cloud-computing"],"_links":{"self":[{"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/posts\/12706","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=12706"}],"version-history":[{"count":1,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/posts\/12706\/revisions"}],"predecessor-version":[{"id":12707,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/posts\/12706\/revisions\/12707"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/media\/12708"}],"wp:attachment":[{"href":"https:\/\/aireviewirush.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12706"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12706"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=12706"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}