Welcome to the Black Hat NOC

15,000 InfoSec professionals, four days of technical training, two-day main conference, and the most attacked wireless network on the planet … You guessed right, this is what makes up the Black Hat USA,  the world’s leading information security event. This year it is our privilege to assist the Black Hat NOC team with monitoring their network and keep you up to date on their daily findings.

What to expect from the Black Hat USA 2017?

In 2017, the Black Hat conference offers four days of training, teaching all aspects of hardware, software, and network hacking, as well as protection against hacking. The two days of briefings that highlight astonishing discoveries in the security realm. As white, black, and grey hats from around the world are itching to show off their skills and knowledge, the Black Hat network will host anything from basic brute force attacks to the most sophisticated zero day attacks in volumes not seen anywhere else in the world. Clearly, it will not be safe to run those classrooms on the host hotel’s network, so the conference organizers set up their own network. Once again, the Black Hat NOC will be housed in The Fish Bowl guarded by its mascots Lyle, the stuffed ape, and Helga, the inflatable sheep. After the team welcomed both the old and new members and finished setting up the network earlier today, everybody looks forward to the new challenges that the first day of training will pose.

All NetFlow Knights to Arms!

There is no doubt that useful context results in shorter investigation times, leading to a faster Mean Time To Know (MTTK). The NOC team needs to be able to drill in on the end system and gain immediate access to the metadata that complements many NetFlow and IPFIX exports. This is where Scrutinizer stands out among other incidence response systems. The answers to many questions, such as the ones below are a few clicks away:

  • How was the incident triggered? What policy or behavior was violated?
  • Who caused a security breach? Is the username provided?
  • When did the event take place?
  • Which part of the business was potentially impacted?
  • Where did the event(s) occur?

Gigamon’s latest IPFIX export allows the Scrutinizer Network Incident Response System to report on:

  • URL, SIP, and CDP Information
  • HTTP Response Codes
  • TCP: Acknowledgement Number, Sequence Number, Urgent Pointer, and more
  • Fragment: Flags, ID, and Offset
  • Flow End Reason and IP Time to Live
  • Layer 2: VLAN, Average Packet Size, and MAC Address

Gigamon appliances that we will be monitoring can export enormous amounts of flows and the metadata details they contain are rich with application performance metric.  Scrutinizer’s distributed architecture can collect several million flows per second and the flexible NetFlow design allows the system to store and report on the unique elements (for example, URLs) that are in their export.

gigamon_hosts_url

Gigamon’s latest IPFIX export allows the Scrutinizer Network Incident Response System to report on:

  • URL, SIP, and CDP Information
  • HTTP Response Codes
  • TCP: Acknowledgement Number, Sequence Number, Urgent Pointer, and more
  • Fragment: Flags, ID, and Offset
  • Flow End Reason and IP Time to Live
  • Layer 2: VLAN, Average Packet Size, and MAC Address

What is Next?

When sitting at the NOC for one of the world’s largest hacker and security conferences, in most cases no news is good but boring news. Will we see zero day exploits as the Black Hats’ training begin tomorrow? The answer is yes of course. Stay tuned as we will keep you up to date on the groundbreaking research and malicious behavior uncovered by the NOC team.

anna author pic 2019

Anna McElhany

Anna is a Quality Assurance Analyst at Plixer. She is dedicated to creating customer-facing documentation and identifying any potential problems that users might encounter. Anna holds a degree in Computer Technology, the AWS Certified SysOps Administrator - Associate, CCNA R&S, CCNA Security, and CompTIA Network + and Security + certifications, as well as NSTISSI Security INFOSEC Professional recognition. In her free time, Anna enjoys spending time with friends and family, flying drones, and hiking.

Related

Leave a Reply