IronNet was honoured to join the best of breed team of solution providers at the 2022 Black Hat Asia Network Operations Center (NOC). As one of the biggest cybersecurity events in the world, the Black Hat conference attracts top cybersecurity talent as attendees and presenters. The Black Hat conference NOC team is tasked with ensuring the safety and security of the presenters, trainers, and attendees who want to utilize the Black Hat network. They do this by defending the event’s network against any potential cyber criminals or outside attackers. Our team had the opportunity to work with Palo Alto, Cisco, and RSA to support the NOC. Here are some of the takeaways our team had after monitoring the event’s network.
With the eased COVID-19 restrictions, this year’s conference saw the return of many more attendees. In-person training sessions for extremely advanced hacking techniques were held, making it IronNet’s first time working on Black Hat’s network which involved traffic from both the training sessions and the live attendees.
Black Hat’s enterprise-class network involved a complex setup, which took two days to set up. While network functionality and availability were key factors, Black Hat attracts the most advanced information security professionals from across the world, so there was a very high emphasis on ensuring the security of the network. This could only be done with the world-class technology of multiple vendors, coupled with the highly skilled team of 20 NOC members. During the Black Hat Asia conference, certain network configurations were made that limited IronNet's capabilities to pinpoint the exact source of attacks. However, the team had visibility into the network and identified attacks. Our team worked closely with our peers to get more accurate information about the attacks.
Lesson learned from this — no network is perfect. Even when you are building it from scratch, there are still technical challenges to overcome to ensure that you have the telemetry and visibility into the data that you need to be able to identify and respond to threats. Overall, Black Hat did an amazing job of building a secure network quickly.
Once the IronNet team deployed our sensors and software, the team was actively monitoring and hunting for potential threats on the network. One of our members identified a new and emerging threat from a WordPress site that was initially classified as benign. Because of the way IronNet’s IronDome works, the team quickly identified the same attack being leveraged in 2 other customers’ environments. The team quickly shared insights with those customers in the Dome and responded to the threat.
It is safe to say that our team had a hectic but insightful three days on the NOC team at this year’s Black Hat Asia. The event is something our hunters always look forward to participating in and that attests to the exciting nature of the conference. In fact, IronNet’s Threat Hunters were so passionate about the event that despite being assigned shifts, they chose to work all day to continue the hunt.
IronNet is looking forward to an exciting and rewarding time as part of the NOC at the next Black Hat conferences in the US, UK and Asia.