The Black Hat NOC team discusses the evolution of their network and the tools they use to stabilize and secure it, as well as the low amount of threats detected during the conference.
- The Black Hat NOC team has been working for 20 years to stabilize and secure the network, which has evolved from a flat network to a more complex one.
- The team uses various tools, including Palo Alto firewalls, NetWitness logs, Cisco Threat Grid, and Gigamon taps, to monitor and analyze network traffic and detect threats.
- Despite the reputation of the Black Hat network as one of the most hostile and dangerous in the world, the team detected a low amount of threats during the conference.
- The team also discusses the challenges of managing the network during in-person and virtual events, as well as the importance of simplicity and ease of troubleshooting in network architecture.
The Black Hat NOC team initially rolled out their own network using open source scripts, but as the conference grew, they needed to bring in enterprise-type gear to scale the network. They partnered with various companies, including Palo Alto Networks, Cisco, and Gigamon, to provide firewalls, threat intelligence, and traffic analysis tools. The team also detected a significant amount of clear text financials flying around the network, generated by only 10 unique accounts, which highlights the importance of network security in a conference setting.