A Newbie’s Perspective: From Curiosity to Confidence, My SOC Story

A new analyst shares their Cisco Live SOC experience, covering quick onboarding, using Cisco XDR and Endace for incident investigation, and building confidence in threat response.

Have You Seen My Domain Controller?

Windows clients expose Active Directory DNS queries on public Wi-Fi, risking OSINT and credential leaks. Learn from Cisco Live SOC observations how to protect clients with VPNs .

Splunk in Action: From SPL to PCAP

Learn how Cisco Live SOC uses Splunk SPL and Endace PCAP to investigate exposed HTTP authentication and Kerberos activity, securing sensitive data on public Wi-Fi networks.

Cisco Live Melbourne 2025 SOC

Cisco Security and Splunk protected Cisco Live Melbourne 2025 in the Security Operations Centre. Learn about the latest innovations for the SOC of the Future.

Cisco Live Melbourne Case Study: Cisco Live TMC Experience and DDoS

Explore a Cisco TME's experience in the Cisco Live SOC, detailing efficient onboarding, incident escalation, and a real-world DDoS attack investigation and response.

GovWare 2025 Security Operations Centre

Cisco Security and Splunk secured the GovWare 2025 network in the Security Operations Centre. Learn about the latest innovations for the SOC of the Future.

From Detection to Deep Dive: Splunk Attack Analyzer and Endace for GovWare 2025 Security

At GovWare 2025, the team leveraged Splunk Attack Analyzer's API to connect to Endace.

Unmasking Attacks With Cisco XDR at the GovWare SOC

During GovWare, Cisco XDR detected 39 incidents. The SOC team conducted analysis and response actions, and reported critical incidents to the GovWare NOC.

Splunk SOAR in Action at the GovWare: Zero-Touch Clear Text Password Response

At GovWare 2025, the SOC team combined ES with Splunk SOAR to fully automate and track the incident response process.

GovWare Captive Portal: (Splash Page)

Cisco provided a splash page for GovWare 2025, a click-through captive portal. Learn how the team did it.

Seeing Inside the Vortex: Detecting Living off the Land Techniques

Networking infrastructure is an often-overlooked threat surface being targeted by sophisticated threat actors. Learn more about this topic.

Findings Report From the SOC at RSAC™ 2025 Conference

Cisco Security and Splunk protected RSAC™ 2025 Conference in the Security Operations Center. Learn about the latest innovations for the SOC of the Future.

Cisco Live San Diego Case Study: Malware Upatre! (Encrypted Visibility Engine Event)

Cisco Security and Splunk protected Cisco Live San Diego 2025 in the Security Operations Center. Learn about the latest innovations for the SOC of the Future.

Splunk in Action at the Cisco Live San Diego SOC

Cisco Security and Splunk protected Cisco Live San Diego 2025 in the Security Operations Center. Learn about the latest innovations for the SOC of the Future.

Using AI to Battle Phishing Campaigns

Cisco Security and Splunk protected Cisco Live San Diego 2025 in the Security Operations Center. Learn about the latest innovations for the SOC of the Future.

Building an XDR Integration With Splunk Attack Analyzer

Cisco XDR is an infinitely extensible platform for security integrations. Like the maturing SOCs of our customers, the event SOC team at Cisco Live San Diego 2025 built custom integrations to meet our needs. You can build your own integrations using the community resources announced at Cisco Live. It was an honor to work with […]

Cisco Live San Diego Case Study: Hunting Cleartext Passwords in HTTP POST Requests

Cisco Security and Splunk protected Cisco Live San Diego 2025 in the Security Operations Center. Learn about the latest innovations for the SOC of the Future. 

Black Hat Asia 2025 NOC: Innovation in SOC

Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future.

Black Hat Asia 2025: Innovation in the SOC

Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future.

Sign Up for a Tour at the SOC at RSAC™ 2025 Conference

Cisco and Endace provide Security Operations Center services at RSAC™ 2025 Conference. Sign up for a tour and see what happens in the SOC.

Mobile World Congress 2025: SOC in the Network Operations Center

Cisco is the sole supplier of network services to Mobile World Congress, expanding into security and observability, with Splunk.

Black Hat Europe 2024 NOC/SOC: Security Cloud

Cisco is the Official Security Cloud Provider for the Black Hat Network Operations Center (NOC). We work with the other official partners to bring the hardware, software and engineers to build and secure the network, for our joint customer: Black Hat.  Arista: Wired and Wireless Network Equipment  Corelight: Open Network Detection and Response  Palo Alto […]

How Cisco Uses the Isovalent Platform to Secure Cloud Workloads

Cisco has integrated the Isovalent platform into our infrastructure to ensure our cloud workloads are protected without compromising on performance.

Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass

Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections. Tracked as CVE-2024-29849 (CVSS score: 9.8), the vulnerability could allow an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as

It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure

While cloud adoption has been top of mind for many IT professionals for nearly a decade, it’s only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now. It may feel like a daunting task, but tools exist to help you move your virtual machines (VMs) to a public cloud provider – like Microsoft Azure

New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth

A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal. The cybersecurity firm has assessed it to be a variant of a known malware called RedLine Stealer owing to the fact that the command-and-control (C2) server IP address has been previously identified as associated with the malware. RedLine Stealer,&nbsp

Cisco and Nvidia: Redefining Workload Security

There has been an exponential increase in breaches within enterprises despite the carefully constructed and controlled perimeters that exist around applications and data. Once an attacker can access… Read more on Cisco Blogs

Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. "An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted