惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Threat Research - Cisco Blogs
C
CERT Recently Published Vulnerability Notes
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
L
Lohrmann on Cybersecurity
D
Darknet – Hacking Tools, Hacker News & Cyber Security
K
Kaspersky official blog
C
Cybersecurity and Infrastructure Security Agency CISA
C
Cisco Blogs
V
Vulnerabilities – Threatpost
L
LINUX DO - 热门话题
G
GRAHAM CLULEY
The GitHub Blog
The GitHub Blog
NISL@THU
NISL@THU
AWS News Blog
AWS News Blog
博客园 - 【当耐特】
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
阮一峰的网络日志
阮一峰的网络日志
Cyberwarzone
Cyberwarzone
V
V2EX
Know Your Adversary
Know Your Adversary
P
Palo Alto Networks Blog
月光博客
月光博客
MongoDB | Blog
MongoDB | Blog
Scott Helme
Scott Helme
A
Arctic Wolf
美团技术团队
S
Schneier on Security
P
Proofpoint News Feed
G
Google Developers Blog
The Hacker News
The Hacker News
S
Securelist
Microsoft Security Blog
Microsoft Security Blog
Project Zero
Project Zero
T
The Exploit Database - CXSecurity.com
量子位
T
Threatpost
Spread Privacy
Spread Privacy
Help Net Security
Help Net Security
B
Blog
WordPress大学
WordPress大学
B
Blog RSS Feed
J
Java Code Geeks
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Blog — PlanetScale
Blog — PlanetScale
Simon Willison's Weblog
Simon Willison's Weblog
Y
Y Combinator Blog
Cloudbric
Cloudbric

Security @ Cisco Blogs

We third-party tested our firewall built for AI-scale. The test tools hit their limit first. SharpHound Recon Attack - How AI enhanced the threat hunt Machine Speed, Human Judgement: How AI Changed the SOC in 2026 Elevating Expertise in the SOC Educate at Event Speed: Cisco Live Security Operations Center What Working the Cisco Live SOC Taught Me About AI, Detection, and Response Cable to Cloud - A Product Engineer's Journey Through the Cisco Live AMER 2026 SOC The Experience Dividend: How Better Digital Experience Protects Revenue, Trust, and Growth AIM: Building an Agentic Tier-2 SOC Analyst at Cisco Live AMER 2026 Building the Agentic SOC at Cisco Live Americas 2026 Ten Years in the SOC at RSAC: What We Learned in 2026 Uplevelling Black Hat Threat Hunters Making Workflow Runs Explain Themselves: AI-Powered Run Summaries in Cisco XDR Automate Independent Testing Confirms Secure Email Threat Defense’s Email Security Strength Defenseclaw for On-Prem AI SOC Workflow at Black Hat Asia Cisco Secure Access with MCP Infrastructure at Black Hat Asia 2026 The Essence of Black Hat – Collaboration with Partners Black Hat Asia 2026: A Decade in Singapore Black Hat Asia 2026: Threat Hunters’ Corner Unveiling the Power of Integration: XDR, Splunk, Corelight, Arista and Palo Alto Networks in Action at Black Hat Asia Security in the Post-Mythos Era Cisco SASE with Meraki: Get in the Fast Lane to SASE Extending Zero Trust Across the Agentic AI Workflow Strengthening the Foundation: A Predictable, Customer focused Response to AI-Accelerated Vulnerability Discovery Quantum Resilience Needs a Common Language. Here’s Where to Start. Security at Cisco Live: Going Shields Up for the Agentic Era Identity Elevated: A New Unified Identity Experience in Cisco Cloud Control Security Needs a New Operating Model Cisco Secure Access and Microsoft Purview Integration for Simplified Data Protection Cisco Secure Access and Island Browser Enable Zero Trust Everywhere Finding what lives between the alerts: Announcing Cisco Talos Threat Hunting From Log Flood to Threat Signal: Cisco and Splunk Bring Context to Modern Defense Cisco Secure Access and Microsoft Edge for Business Integration Why Network Segmentation Projects Fail: Four Patterns Cisco’s Risk-Based Vulnerability Disclosure in the Age of AI Enhancing Cisco Secure Email Gateway: Safer Clicks and Cleaner Files AI-generated reporting: Lessons learned from Cisco Talos Incident Response Inside the SOC: AI-powered DNS defense against ransomware Security Insights: A Threat-First View for the Platform That Enforces Access From Strategy to Architecture: How Cisco is Building a Quantum-Safe Future AI-Ready, Simpler, and More Secure WAN: Cisco SD-WAN Innovations Designing for What’s Next: Securing AI-Scale Infrastructure Without Compromise Preparing for Post-Quantum Cryptography: The Secure Firewall Roadmap Mobile World Congress 2026: AI-powered Network Security Powering MWC Barcelona – Building a Unified SOC and NOC with Splunk in Record Time Inside the Mobile World Congress 2026 SOC: Detecting Shadow Traffic with Firepower 6100 Data Optimization in Security: A Splunk Architect’s Perspective Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders Zero Trust for Agentic AI: Safeguarding your Digital Workforce The Agent Trust gap: What Our Research Reveals About Agentic AI Security Meet Your Incident Responders
AI-powered Network Security at the Mobile World Congress 2026 SNOC
2026-04-09 · via Security @ Cisco Blogs

Barcelona is a city of wonder, defined by the architectural genius of Antoni Gaudí. For the 100,000+ attendees of the Mobile World Congress 2026, these landmarks were must-see destinations. But where there is high interest, there is high opportunity for cybercriminals.

This was part of the backdrop for our mission in early March. As the most influential mobility and networking event on the planet, MWC 2026 was a whirlwind of innovation. At the center of this high-stakes environment, our team was on the ground, operating the Security and Network Operations Center (S/NOC) to ensure that the massive infrastructure powering the event remained bulletproof, and the attendees using its network were secure.

Security and Network Operations Center

Our SOC was based on cutting-edge technologies provided by Cisco, consisting of the recently released AI ready ultra-high-end Secure Firewall 6160, our leading Security Service Edge solution Cisco Secure Access , our AI security solution Cisco AI Defense, our premium SIEM solution Splunk Enterprise Security, and our cloud-native detection and response solution Cisco XDR.

Secure Access

Due to the nature of the event, we were only using the DNS capabilities of Secure Access, also available in the Secure Access DNS Defense solution, with security applied at the DNS level. The DNS queries of the connected devices were forwarded to the Secure Access public resolvers where we block threats before a connection is established. All the security event logs were pushed directly to XDR, while Splunk ES was pulling all the anonymised logs, and AI Defense was collecting App Discovery logs for Generative AI applications to provide additional insights of the AI models used on the network of the event.

Splunk Platform

Splunk Dashboard

In the image above, you can see a custom dashboard we created on Splunk ES consuming all the logs it was receiving from the Firepower Threat Defense 6160 firewall, and the DNS requests sent to the Secure Access public resolvers. In this specific screenshot, we are showing the data for the last seven days from the afternoon of the last day of the event, the 5th of March (instead of the last 24 hours appearing at the titles of the graphs, which was what we were normally observing).

Please note that the network of the venue remains protected at the DNS level by Cisco Secure Access outside the event. As a result, there are DNS logs outside the dates of the MWC, as the network was actively used during the setup.

XDR

In the customised XDR dashboard below, you can see some high-level information extracted from the DNS traffic of the network. This includes the total number of DNS requests for the last 30 days, and the blocks for Malware, Command and Control, and Phishing for the same period.

XDR Dashboard

There are again events outside the dates of the MWC. It is worth noting that a phishing campaign appears to have taken place at the venue during a previous event in mid-February.

On the right-hand side, you can see incidents that were automatically created on XDR after correlating the DNS logs from Secure Access and the firewall logs from the FTD 6160, and MITRE ATT&CK Incidents.

AI Defense

While Generative AI is a powerful tool, it imposes significant risks that organisations need to be aware of and manage accordingly. In the image below, you can see an App Discovery report from AI Defense showing the AI applications discovered on the network of the venue. The Composite Risk Score occurs by combining Business Risk, Usage Risk, and Vendor Compliance to calculate a standardised measure of the risk they may imply.

AI App Discovery

Access to these AI models can be managed with Secure Access to secure AI apart from just leveraging AI for security. In a non-anonymised environment where the traffic is routed through the Security Service Edge (SSE)’s cloud-hosted Secure Web Gateway, the applications can be scanned to enforce AI guardrails through the Secure Access DLP (data loss prevention) policy and control what data is sent to the AI applications, while tenant controls can also be applied.

When the guard is down

While attendees were busy planning their sightseeing outside the event, attackers were busy crafting traps. We observed a surge in sophisticated phishing campaigns targeting the very people attending the conference. Fraudsters stood up convincing, fake websites perfectly mimicking official ticket portals for the city’s top attractions, designed to harvest credit card details and drain accounts before the victims even reached the front doors of the breath-taking Basílica de la Sagrada Família in this example.

It was a stark reminder: even the most seasoned tech experts who spend their careers building defenses and hunting threats may leave a digital door unlatched when they step away from work. The same AI-powered vigilance we apply to global enterprise networks is just as critical in our personal digital lives. At MWC 2026, we were not just monitoring the network; we were witnessing a masterclass in how quickly a moment of leisure can turn into fraud.

During the event, Secure Access blocked access to one of those phishing domains.

XDR Investigation

While Secure Access was enforcing only at the domain level, with XDR Investigate we could correlate logs from both Secure Access and the FTD 6160 firewall to provide further information, like the exact URLs users attempted to access, appearing as Attributes on the right-hand bottom of the image above.

SSE Investigate

Secure Access Investigate, as appearing above, provides real-time actionable threat intelligence by analysing global data from the Secure Access network using AI to detect, score, and predict emerging threats. It allows security teams to proactively uncover malicious infrastructure (domains, IPs, ASNs) and accelerate incident investigation through API-driven, high-context data enrichment.

XDR Incident Overview

XDR can then correlate events further to provide more Incidents which are not as obvious as the above phishing event. Its AI-powered incident analysis (appearing above) provides AI-generated Classification, Impact, and a Summary including the Reasoning, Evidence and Detections for every incident. The additional AI-generated Analysis and Recommendations are invaluable for the integrations with Secure Access and Splunk ES to automate responses for every incident, while they facilitate escalations to senior security analysts when further manual action is required. In this specific case, XDR classified this incident as a potential false positive with medium confidence. Based on that, the SOC team can prioritise other incidents of higher priority.

Concluding

The AI-powered Security and Network Operations Center (S/NOC) at Mobile World Congress 2026 demonstrated Cisco’s commitment to leveraging cutting-edge technologies to secure and optimise large-scale, high-profile events. By integrating advanced solutions such as the AI-ready Secure Firewall 6160, Cisco Secure Access, Cisco AI Defense, Splunk Enterprise Security, and Cisco XDR operating all together as a single platform, the S/NOC provided comprehensive, multi-layered security that proactively blocked threats, including phishing campaigns, and delivered actionable insights through AI-driven analytics and correlation.

This deployment highlighted the power of combining AI, automation, and unified security telemetry to enhance threat detection, investigation, and response in real time, while also enabling granular control over AI application usage. The event underscored the importance of a holistic, AI-enabled security architecture that not only protects critical infrastructure but also educates and innovates to stay ahead of evolving threats in complex environments with diverse user populations.

Check out the lessons learned from the Event SOCs we deploy around the world, with the white paper and latest blogs.


We’d love to hear what you think! Ask a question and stay connected with Cisco Security on social media.

Cisco Security Social Media

LinkedIn
Facebook
Instagram