惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
B
Blog RSS Feed
宝玉的分享
宝玉的分享
腾讯CDC
博客园_首页
T
Tailwind CSS Blog
月光博客
月光博客
博客园 - 司徒正美
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
M
MIT News - Artificial intelligence
A
About on SuperTechFans
云风的 BLOG
云风的 BLOG
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
有赞技术团队
有赞技术团队
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
大猫的无限游戏
大猫的无限游戏
MongoDB | Blog
MongoDB | Blog
博客园 - 聂微东
V
Visual Studio Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
SecWiki News
SecWiki News
美团技术团队
P
Privacy International News Feed
H
Help Net Security
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Microsoft Security Blog
Microsoft Security Blog
Know Your Adversary
Know Your Adversary
Y
Y Combinator Blog
D
DataBreaches.Net
Project Zero
Project Zero
T
The Blog of Author Tim Ferriss
Cyberwarzone
Cyberwarzone
C
Cybersecurity and Infrastructure Security Agency CISA
C
Cisco Blogs
S
Schneier on Security
G
GRAHAM CLULEY
博客园 - 三生石上(FineUI控件)
Cisco Talos Blog
Cisco Talos Blog
小众软件
小众软件
Forbes - Security
Forbes - Security
D
Docker
T
Tenable Blog
S
Secure Thoughts
雷峰网
雷峰网
S
Security @ Cisco Blogs
T
The Exploit Database - CXSecurity.com
The Cloudflare Blog
博客园 - 【当耐特】
Spread Privacy
Spread Privacy
阮一峰的网络日志
阮一峰的网络日志

Security @ Cisco Blogs

We third-party tested our firewall built for AI-scale. The test tools hit their limit first. SharpHound Recon Attack - How AI enhanced the threat hunt Machine Speed, Human Judgement: How AI Changed the SOC in 2026 Elevating Expertise in the SOC Educate at Event Speed: Cisco Live Security Operations Center What Working the Cisco Live SOC Taught Me About AI, Detection, and Response Cable to Cloud - A Product Engineer's Journey Through the Cisco Live AMER 2026 SOC The Experience Dividend: How Better Digital Experience Protects Revenue, Trust, and Growth AIM: Building an Agentic Tier-2 SOC Analyst at Cisco Live AMER 2026 Building the Agentic SOC at Cisco Live Americas 2026 Uplevelling Black Hat Threat Hunters Making Workflow Runs Explain Themselves: AI-Powered Run Summaries in Cisco XDR Automate Independent Testing Confirms Secure Email Threat Defense’s Email Security Strength Defenseclaw for On-Prem AI SOC Workflow at Black Hat Asia Cisco Secure Access with MCP Infrastructure at Black Hat Asia 2026 The Essence of Black Hat – Collaboration with Partners Black Hat Asia 2026: A Decade in Singapore Black Hat Asia 2026: Threat Hunters’ Corner Unveiling the Power of Integration: XDR, Splunk, Corelight, Arista and Palo Alto Networks in Action at Black Hat Asia Security in the Post-Mythos Era Cisco SASE with Meraki: Get in the Fast Lane to SASE Extending Zero Trust Across the Agentic AI Workflow Strengthening the Foundation: A Predictable, Customer focused Response to AI-Accelerated Vulnerability Discovery Quantum Resilience Needs a Common Language. Here’s Where to Start. Security at Cisco Live: Going Shields Up for the Agentic Era Identity Elevated: A New Unified Identity Experience in Cisco Cloud Control Security Needs a New Operating Model Cisco Secure Access and Microsoft Purview Integration for Simplified Data Protection Cisco Secure Access and Island Browser Enable Zero Trust Everywhere Finding what lives between the alerts: Announcing Cisco Talos Threat Hunting From Log Flood to Threat Signal: Cisco and Splunk Bring Context to Modern Defense Cisco Secure Access and Microsoft Edge for Business Integration Why Network Segmentation Projects Fail: Four Patterns Cisco’s Risk-Based Vulnerability Disclosure in the Age of AI Enhancing Cisco Secure Email Gateway: Safer Clicks and Cleaner Files AI-generated reporting: Lessons learned from Cisco Talos Incident Response Inside the SOC: AI-powered DNS defense against ransomware Security Insights: A Threat-First View for the Platform That Enforces Access From Strategy to Architecture: How Cisco is Building a Quantum-Safe Future AI-Ready, Simpler, and More Secure WAN: Cisco SD-WAN Innovations Designing for What’s Next: Securing AI-Scale Infrastructure Without Compromise Preparing for Post-Quantum Cryptography: The Secure Firewall Roadmap Mobile World Congress 2026: AI-powered Network Security Powering MWC Barcelona – Building a Unified SOC and NOC with Splunk in Record Time AI-powered Network Security at the Mobile World Congress 2026 SNOC Inside the Mobile World Congress 2026 SOC: Detecting Shadow Traffic with Firepower 6100 Data Optimization in Security: A Splunk Architect’s Perspective Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders Zero Trust for Agentic AI: Safeguarding your Digital Workforce The Agent Trust gap: What Our Research Reveals About Agentic AI Security Meet Your Incident Responders
Ten Years in the SOC at RSAC: What We Learned in 2026
Jessica (Bair) Oppenheimer · 2026-07-01 · via Security @ Cisco Blogs

Cisco Security and Splunk Security released the Findings Report from the Security Operations Center at RSAC 2026 Conference.

This year marked the 10th year of the SOC at RSAC. Since 2017, the mission has stayed consistent: protect the conference network, educate attendees about what happens on an open wireless network, and innovate with new integrations, workflows, and security operations practices.

The 2026 SOC was also an important step toward something bigger. We were not yet operating a fully agentic SOC at RSAC 2026, but the foundation was taking shape: integrated telemetry, automated escalation, full packet evidence, AI-protected workflows, and a closed-loop operating model between Cisco XDR and Splunk Enterprise Security. Those lessons helped inform the Agentic SOC work that followed at Cisco Live Americas 2026.

RSAC is a uniquely valuable environment for learning. The Moscone Center wireless network is open and unsecured, similar to the networks people use every day in hotels, airports, coffee shops, and major events. The SOC does not decrypt encrypted traffic. Instead, the team uses network telemetry, DNS visibility, packet capture, threat intelligence, and integrated security tools to identify risk, investigate suspicious activity, and help attendees better protect themselves.

For RSAC 2026, the team deployed the SOC in a Box architecture, connecting Endace full packet capture, Splunk Enterprise Security, Cisco XDR, Cisco Secure Firewall, Cisco Secure Access, Cisco AI Defense, ThousandEyes, Splunk Attack Analyzer, Cisco Secure Malware Analytics, Cisco Talos intelligence, and partner (alphaMountain, Pulsedive and StealthMole) and community threat intelligence sources.

The full report includes the details, but a few themes stood out.

First, integration changed how the SOC worked. Cisco XDR supported efficient triage and correlation, while Splunk Enterprise Security supported deeper investigation, hunting, enrichment, and reporting. Splunk SOAR helped connect the workflow so that context could move between systems instead of forcing analysts to manually re-enter evidence or switch consoles to understand what happened.

Second, automation reduced toil. Cleartext credentials continued to appear on the network, but the team advanced the response model from standalone scripting to an integrated Splunk SOAR workflow. Detections became formal findings in Splunk Enterprise Security, and the playbook could notify affected users, update the finding, and close the case. That saved more than nine hours of analyst time during the event and created a repeatable model for future conferences.

Third, encrypted traffic remained both a success and a challenge. Encryption helps protect attendee privacy, and the SOC does not decrypt attendee traffic. But defenders still need ways to identify threats. Cisco Secure Firewall’s Encrypted Visibility Engine helped the team find meaningful signals in encrypted sessions without decryption, including activity that supported a malware investigation and response.

Fourth, AI became part of the security story in two ways. The SOC used Cisco AI Defense to gain visibility into generative AI application usage and to help protect on-premises AI models running in the SOC in a Box. At the same time, the team observed that AI demonstrations and agentic applications can introduce risk when they are built or operated without basic secure communication controls.

Finally, the human mission of the SOC remained the same. The report includes examples of accidental data exposure, insecure email, unsecured web applications, misconfigured access paths, exposed storage, phishing infrastructure, scam domains, and malware investigations. In each case, the goal was not only to detect the issue, but to help RSAC and affected attendees understand and reduce the risk.

That is why the full Findings Report matters. It is not just a list of alerts. It is a field report from a live, high-pressure SOC operating in a real conference environment, where technology, process, automation, AI, and human judgment all have to work together.

Download the full RSAC 2026 SOC Findings Report to see the architecture, metrics, investigations, lessons learned, and recommendations from the 10th year of the SOC.

The core advice remains simple: encrypt, encrypt, never trust, and always verify.

Our thanks to the engineers, analysts and partners who made the SOC possible.