The 8th Annual Black Hat USA NOC Report

NOC Efforts

• Capture every packet on site during the show
• Use a source solution to look for types of traffic
• Use Gigamon for packet capture and Net Witness for threat hunting

Packet Capture

• Capture stats show large peaks on network
• Use logs, packets, and endpoint data for analysis

IoT Devices

• 7,000 unique devices on network
• 367 different IoT devices identified
• Many devices not securely configured

Visualization

• Paco Problem: too many devices trying to communicate on network
• Use threat grid to visualize network traffic and identify potential issues

Lessons Learned

• Importance of segmentation in network design
• Need for automation and tooling to support NOC efforts
• Threat hunting requires human expertise and attention

Partnerships

• Cisco provides hardware and expertise for NOC efforts
• Iron Net provides additional visibility and threat hunting capabilities

Trends and Analysis

• Increased usage of IoT devices on network
• Growing sophistication of malware and threats
• Importance of analyzing network traffic and identifying potential issues

NOC Challenges

• Managing large volume of data and traffic on network
• Balancing security needs with user demands
• Staying ahead of evolving threats and malware