Trials and demos
How to buy

Cisco Event SOCs

Inside the event SOC: Securing the world's flagship conferences

Learn how Cisco and partners rapidly deploy a cloud-first security operations center (SOC) in days to secure high-noise, bring-your-own device (BYOD)-heavy environments, and then drive improvements back into products and content

Download report (PDF)

Why event SOCs matter

Protect

Reduce risk to core event services with fast detection and triage, plus targeted response that prioritizes availability.

Educate

Share insights with stakeholders, de-escalate false alarms quickly, and reinforce clear policy and response paths in a multi-tenant environment.

Innovate

Use events as a real-world proving ground to refine detections, workflows, integrations, and automations, then carry improvements into products and content.
Map showing global impact of Cisco Event SOCs

What's inside

The value of the architecture and operations guide

  • Event-SOC reference architecture built for real-world constraints like high background noise, limited endpoint visibility, and transient identities
  • SOC-in-a-box deployment blueprint (portable rack design plus standardized components/connectivity kit) to accelerate time-to-visibility across venues
  • Repeatable operational workflows for triage, escalation, and pivot-to-proof investigations (including PCAP pivots) so outcomes stay consistent across shifts
  • Staffing plus enablement model focused on fast onboarding, incident readiness, and AI-assisted decision support to reduce fatigue

Who should read this guide

Chief information security officers (CISOs) and security leaders

Quantify risk and value for high-visibility events and venues.

  • Use metrics and outcomes to communicate impact
  • Make informed investment, staffing, and budget decisions

SOC leaders and incident response (IR) leads

Run repeatable triage and investigation under high noise and limited endpoint control.

  • Apply the two-plane operating model and playbook patterns
  • Automate triage for event-scale alerts

Security and network operations center teams (SNOC)

Rapidly operationalize a network-centric security posture at event scale.

  • Coordinate SOC and NOC workflows and escalation paths
  • Manage infrastructure and security event visibility

Event and operations stakeholders

Protect critical services, such as registration, badging, apps, and Wi-Fi.

  • Understand what selective, risk-based response looks like in practice
  • Ensure business continuity throughout event duration

See the event SOC in action

Cisco staff at event SOC

Video

Inside the event SOC

Watch this behind-the-scenes tour and walk-through of the event SOC.
Talos Takes podcast logo

Podcast

Talos Takes: Inside the Black Hat NOC

This interview features lessons learned while securing one of the highest-noise event networks.

Listen to Talos Takes

At a glance: The scale that we protect

Metrics shown are based on Cisco Live Americas 2025.

45.3 billion packets captured

Wire data captured for investigation and validation during the event window.

36.6 TB storage / disk

A total of 36.6 TB packet captures (PCAPs) written to disk.

930 million network events

Network metadata at scale for hunting, correlation, and fast pivots when payloads are encrypted.

193 GB security logs streamed

Security telemetry streamed to cloud analytics for triage and correlation across tools.

22,701 unique devices

High-device churn and transient identities, handled with network-centric context and segmentation.

64.8 million DNS requests inspected

Domain Name System (DNS) security leveraged to spot suspicious resolution, beaconing, and newly seen domains.

309,514 files analyzed

Files detected from traffic and enriched for investigation when endpoints are unmanaged.

27,000 sandbox detonations

Suspicious files and URLs detonated to extract indicators, verdicts, and enrichment.

Take the next step

Guide to rapidly deployed SOCs that secure conferences globally

Get the full guide with reference architecture, operating model, and best practices for running a rapidly deployed SOC under real-world constraints.

Download report (PDF)

Professional resources for your SOC

Connect with sales, support, and partner services to get the very most out of your Splunk- and Cisco-powered SOC.

Get in touch with Splunk Get in touch with Cisco