![]() ![]() Cisco Umbrella domain name service protection.Cisco SecureX extended detection and response platform, with orchestration and device insights integration with Meraki and Cisco Secure Endpoint.We also deployed the following cloud-based security software: The Intel NUC containing the virtual appliance also contained the bridge to the NetWitness on-premises SIEM, custom developed by Ian Redden. In addition to the Meraki networking gear, Cisco Secure also shipped an Umbrella DNS virtual appliance to Black Hat USA, for internal network visibility with redundancy. That balance of allowing cybersecurity training and demos to occur, but ready to block when needed. However, by default, we allow and monitor DNS requests to malware, command and control, phishing, crypto mining, and other dangerous domains, which would be blocked in a production environment. If there is a specific DNS attack that threatened the conference, we supported Black Hat in blocking it to protect the network. ![]() Our Meraki team was able to block people from the Black Hat network, when an investigation showed they did something in violation of the attendee Code of Conduct, upon review and approval by the Black Hat NOC leadership.Ĭisco Secure provided all the domain name service (DNS) requests on the Black Hat network through Umbrella, whenever attendees wanted to connect to a website. So, context is what really matters when investigating a potential attack and bringing so many technologies together in SecureX really accelerated investigation and response (when needed).Īll the Black Hat network traffic was supported by Meraki switches and wireless access points, using the latest Meraki gear donated by Cisco. It is a critical balance to ensure everyone has a safe experience, while still being able to learn from real world malware, vulnerabilities, and malicious websites. We must allow real malware on the network for training, demonstrations, and briefing sessions while protecting the attendees from attack within the network from their fellow attendees and prevent bad actors using the network to attack the Internet. We created new integrations and the NOC continued to serve as an incubator for innovation. I really appreciated the close collaboration with the Palo Alto Networks and NetWitness team members. Also, for the first time, we had two Talos Threat Hunters from the Talos Incident Response (TIR) team, providing unique perspectives and skills to the attacks on the network. We had an incredible staff of 20 Cisco engineers to build and secure the network. Watch the video: Building and Securing the Black Hat USA Networkīlack Hat USA is my favorite part of my professional life each year. 25+ Years of Black Hat (and some DNS stats), by Alejo CalaoaganĬisco is a Premium Partner of the Black Hat NOC, and is the Official Wired & Wireless Network Equipment, Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider of Black Hat.Talos Threat Hunting, by Jerzy ‘Yuri’ Kramarz and Michael Kelley.Creating Custom Meraki Dashboard Tiles for SecureX, by Matt Vander Horst.Mapping Meraki Location Data with Python, by Christian Clausen.Port Security, by Ryan MacLennan, Ian Redden and Paul Fiddler.The Cisco Stack’s Potential in Action, by Paul Fidler.Building the Hacker Summer Camp network, by Evan Basta.In part one of our Black Hat USA 2022 NOC blog, we discussed building the network with Meraki: ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |