The Black Hat Asia Network Operations Center (NOC) Report

Network sees ~1,500 unique wireless clients and 10TB of traffic, with sustained 500-750Mbps usage and occasional 1Gbps peaks

Security tools and integrations include Palo Alto, Cisco Umbrella, NetWitness, Corelight, Arista, and ThousandEyes - focusing on automation and data correlation between platforms

~80% of traffic is encrypted in Asia region, down from historical 90%+ levels, with concerning amounts of sensitive data still being transmitted in clear text

Team uses machine learning and automation to identify outliers and anomalous behavior rather than relying on pure alert-based detection

Infrastructure leverages venue’s network (Marina Bay Sands) with 1Gbps internet from MyRepublic, distributed through Arista switches and Palo Alto firewalls

NOC team performs active threat hunting rather than passive monitoring, investigating suspicious activities in real-time

Common issues include misconfigured VPNs leaking traffic, clear text credentials, and training rooms testing new tools against each other

Automated workflows help reduce investigation time from 30-40 minutes to minutes by correlating data across security tools

Network stability has greatly improved over 23 years, from frequent outages to reliable infrastructure supporting increased scale

Team streams NOC operations live on Twitch and maintains year-round communication through Slack channels