The Black Hat Europe NOC Report

The Black Hat NOC team discusses the evolution of their network and the tools they use to stabilize and secure it, as well as the low amount of threats detected during the conference.

• The Black Hat NOC team has been working for 20 years to stabilize and secure the network, which has evolved from a flat network to a more complex one.
• The team uses various tools, including Palo Alto firewalls, NetWitness logs, Cisco Threat Grid, and Gigamon taps, to monitor and analyze network traffic and detect threats.
• Despite the reputation of the Black Hat network as one of the most hostile and dangerous in the world, the team detected a low amount of threats during the conference.
• The team also discusses the challenges of managing the network during in-person and virtual events, as well as the importance of simplicity and ease of troubleshooting in network architecture.

The Black Hat NOC team initially rolled out their own network using open source scripts, but as the conference grew, they needed to bring in enterprise-type gear to scale the network. They partnered with various companies, including Palo Alto Networks, Cisco, and Gigamon, to provide firewalls, threat intelligence, and traffic analysis tools. The team also detected a significant amount of clear text financials flying around the network, generated by only 10 unique accounts, which highlights the importance of network security in a conference setting.

After a short intermission, the Black Hat NOC team is back with what's sure to be a year like no other. With the world going virtual, and Black Hat being no exception, come find out how we've spent the last two years changing, adapting, and preparing for an event that's both in person, and broadcast to the world. We'll share what we're using to stabilize and secure one of the most notorious networks in the world, what worked, what didn't, and all the shenanigans in between. The stakes are high, the outcomes are unknown, and we're going to learn a lesson one way or another.