Within the exclusive realm of the Black Hat event, The Black Hat furnishes a highly secure and available community amidst one of the most challenging environments on Earth.
This year, the NOC companions were carefully selected by Black Hat, featuring a diverse range of industry leaders, including Arista, Cisco, Corelight, Lumen, NetWitness, and Palo Alto Networks, all coming together from Las Vegas. As a leading technology company, Cisco is the official provider of Area Title Services, Malware Evaluation, and Mobile Device Management solutions. Here’s the rewritten text:
As the Meraki team pens its latest blog post, it delves into the thrilling experiences of defending and managing the notorious Black Hat cellular devices.
Comprising built-in safeguards, increased transparency, and automation, the Companions’ NOC features a dedicated Safety Operations Centre, led by Grifter ‘Niel Wyler’ and Bart Stump as co-leaders of this vital component.
Effective integration is crucial for achieving success within the SOC of a Network Operations Centre (NOC). At each convention, our team hosts a hackathon, where innovators come together to design, develop, test, refine, and ultimately bring innovative integration solutions to life. To succeed as a NOC associate, one must be enthusiastic about collaborating with others, sharing Automated Programming Interface (API) keys and documentation in a timely manner, and be prepared to work together with competitors to ensure a successful event that benefits all attendees.
XDR integrations
Cisco collaborated with the Black Hat Network Operations Center (NOC) in 2016 to provide automated malware assessment capabilities utilizing Risk Grid. Cisco’s community and safety operations initiatives progressed in alignment with customer demands, incorporating additional elements to enhance.
NOC leaders granted Cisco and its counterpart NOC partners permission to develop additional software, enabling more efficient internal workflows and enhanced visibility. Nonetheless, Cisco isn’t the official supplier for Prolonged Detection & Response (XDR), Community Detection & Response or Collaboration.
- Community site visitors’ visibility and risk detection, risk looking, and risk intelligence enrichment; government dashboards for enhanced situational awareness; and automation to streamline processes and minimize human error.
- What can go wrong when incident notifications and crew collaboration aren’t seamless?
The Cisco XDR Command Heart dashboard tiles offer a straightforward view into the status of each connected Cisco Security technology, the overall threat landscape, and network availability as monitored by ThousandEyes agents.
Here is the rewritten text:
Cisco’s XDR integrations at Black Hat USA enable security analysts to rapidly investigate Indicators of Compromise (IOCs), condensing typically laborious research into a single, seamless search process. We are pleased to announce that we are donating full licenses to the Black Hat USA 2024 Network Operations Center (NOC). What impact do Black Hat events have on cybersecurity?
This year, we’ve introduced several new integrations, including one with a utility developed by a member of our Security Operations Center (SOC) team.
Skilled security professionals, especially Security Operations Center (SOC) analysts and responders, leverage a range of “quick reference” tools to rapidly answer multiple questions about artifacts during an investigation. Here is the revised text in a different style:
“Shodan stands out as a remarkable example of its kind – with the ability to reveal which companies are hosting specific IP addresses, alongside the software applications they utilize to do so.” Why wait? Paste the IP into Shodan now and receive a prompt response. With XDR’s seamless Shodan integration, discover targeted insights without tedious repetition: simply select an IP address, then access Shodan’s powerful search functionality via the intuitive dropdown menu. Despite their ubiquity, however, many people remain unfamiliar with these diverse instruments.
Ben adapted one of the many available integration server templates to meet our specific requirements. He subsequently deployed the solution on a cloud provider of his choosing, integrated it with our Extended Detection and Response (XDR) setup, and arranged for seamless pivot additions to be made to XDR in real-time. A seamless edit of a textual content file on the server enables us to jump from any observation to any new, relevant reference website that anyone has suggested.
Cisco’s Extended Detection and Response (XDR) platform is built upon the principles of an open integration framework, providing access to pre-printed knowledge formats, API specifications, and sample code that can be modified or utilized as exemplars or educational resources. The dedication to extensibility enables seamless modifications without necessitating action from the XDR development or product teams, allowing customers to customize XDR to suit their unique needs and preferences.
For instance, an IP tried <AndroxGh0st> Scanning Site visitors towards the Registration Server, blocked by the Palo Alto Networks firewall.
The investigation into the IP address revealed a malicious activity to have been detected and substantiated.
The geo-location information pertains to Russia (RU) along with its associated affiliated domains. The Network Operations Centre (NOC) management authorized the blocking of the IP address.
XDR: Asset visibility
As the Black Hat community continues to evolve, alternative delivery methods emerge for vendors to supply their wares into the marketplace. Prior to the introduction of a Meraki wireless infrastructure, our team was hindered in accessing the full scope of insights due to the constraints imposed by frequent cycling. Notwithstanding the functionality built into XDR Asset Insights, which enables the addition of a customized CSV file containing assets, we were able to seamlessly operationalize known network topology into investigation and response operations effectively.
One of the most notable hurdles in navigating the Black Hat environment lies in its stark departure from the conventional buyer’s manufacturing ecosystem. Our primary concern is the safety of just a few hundred devices, whereas thousands of unmanaged, often hostile, devices in the native community require our attention to prevent them from harming each other and the physical world. This unique integration significantly reinforces the value proposition of an Extended Detection and Response (XDR) solution when combined with its corresponding Endpoint Detection and Response (EDR). Without adequate endpoint visibility, the issue becomes significantly more complex. The primary benefit of an open eXtended Detection and Response (XDR) approach, which diverges from the evolutionary path of existing Endpoint Detection and Response (EDR) solutions, lies in its potential to be one among several EDRs – a scenario that’s certainly preferable to having no XDR at all.
Malware Analytics
Cisco Malware Analytics, formerly known as Risk Grid, has historically served as a powerful backend tool for evaluating files and detecting malware. We provided assistance to our partners at CoreLight and Netwitness by analyzing data extracted from both unencrypted text (attendee information) and encrypted segments (sensitive infrastructure details).
Traditionally, textual content communications have served as a reliable indicator of potential knowledge leaks among safety professionals, with this year’s results rating only marginally better. Notably, the most egregious content included personally identifiable information (PII) such as names, employers, positions, email addresses and other sensitive data from Black Hat receipts and company email attachments.
While Umbrella did detect some wandering infections attempting to establish a connection, it is reassuring to note that no malware was transmitted through our clear channels.
Cisco’s XDR solution boasts a built-in automation capability known as XDR automation. When discussing advanced threat detection and incident response, experts may be familiar with Safety Orchestration Automation Response (SOAR) solutions like Cisco XDR, which provides a comprehensive suite of automation capabilities. The innovative feature empowers users to seamlessly drag-and-drop preconfigured code blocks into a tailored sequence, enabling the effortless creation of custom workflows that execute precise API calls to deliver swift, one-click responses. Additionally, it allows for the establishment of guidelines to trigger workflows based on scheduled events or predetermined criteria.
For three years, we’ve leveraged XDR Automate at Black Hat to elevate the Cisco offerings to our joint customer, Black Hat, successfully executing a diverse array of use cases. Despite this, it often demands considerable effort to explore APIs and develop a tailored process.
The latest XDR Automation change utilizes the Change web page to search for, view, deploy, and uninstall pre-configured workflows that have been released or certified by Cisco engineers and content providers. Neighborhood workflows that have undergone rigorous testing have earned a premier quality certification, with ongoing support provided on a best-efforts basis. The Exchanges facilitates seamless collaboration among workflow creators, thereby expediting the process of extracting value from XDR automation for consumers.
Kudos to Ivan Berlinson for crafting a workflow that seamlessly integrates with the Palo Alto Networks API to extract risk logs and automates the creation of incidents in Cisco XDR. Because Ivan had taken the initiative to publish the workflow to the change, it proved incredibly easy to import the workflow and have it up and running quickly. Establishing a workflow from the alternative is essentially like navigating through a streamlined setup process. The workflow is designed to accomplish [insert descriptive text here], necessitating specific target values and variable settings. For any assistance or clarification, please reach out to [designated contact person]. The proposed workflow appears to unfold prior to setup within changes.
To facilitate seamless communication, a digital machine needs to be deployed on-premises or remotely using ESXi, ensuring reliable connectivity with Palo Alto’s Panorama equipment. We extend our gratitude to Matt Vander Horst for his invaluable assistance in configuring the necessary vCenter infrastructure to facilitate the deployment of automation-enabled remote equipment. The change prompt consumers to provide values for necessary variables and select a relevant on-premises objective.
The workflow is then put into action and scheduled to run every quarter hour through the implementation of an automation rule.
This workflow makes use of the PAN-OS XML API to question for risk logs at this path <?kind=log&log-type=risk&nlogs=50>. The job search process begins. Once the search task is complete, the workflow automatically captures the results and initiates processing of the risk logs. Cisco Risk Intelligence Models are generated for each individual risk log and aggregated by internal host IP address. Subsequently, a CTIM indicator is generated, outlining the risks and their corresponding sightings in a structured log format. Upon receiving a sighting report, an incident bundle is meticulously crafted, incorporating relevant data from the sighting, relationship, and indicator entities, before being successfully posted to the XDR API. The workflow incorporates built-in logic to detect and prevent duplicate incidents from occurring, simultaneously providing essential performance metrics.
Incidents generated by this automation workflow are displayed in a comprehensive manner within Cisco Extended Detection and Response (XDR). This provided our team of analysts within the Security Operations Center with a fantastic foundation for conducting an investigation.
The Palo Alto Community’s risk logs reveal a potential listing traversal attack attempting to access information and directories stored outside of the online root folder. PAN Firewall alerts on listing traversal and accessing </and many others/passwd> from supply IP 192.168.130.86 on basic attendee Wi-Fi to vacation spot IP <104[.]198.XXX.2XX>, which resolves to < yXXXXis[.]social gathering>. The area in question has been flagged as suspicious by multiple risk intelligence sources, earning a moderate danger rating of 72 from Cisco Umbrella’s threat assessments. The host then proceeded to obtain information from <file://var/run/secrets and techniques/> host with primary authentication within the HTTP POST header. The correlation of this exercise was subsequently linked to analogous classroom exercises, yet the presence of the host MAC tackle remained absent from all lecture halls.
While IP address IP reveals an unknown destination with elevated XDR risk intelligence, a closer examination of the resolved domain suggests suspicious activity, further compounded by its hosting within the Russian Federation, as visible in the Umbrella console. Listed here are further particulars supplied by the Corelight crew in our lively Risk Looking Slack chanel: HTTP POST exercise to the vacation spot in query reveals a primary authentication token that decodes to <admin:p034BHUSA43op> which does appear like it’s getting used for Black Hat coaching because it says BHUSA within the password. Despite this, the supply host’s MAC address was nowhere to be found in any classrooms, only appearing on the final Wi-Fi network.
We did discover the host making comparable queries like <uri = /token$/ uri=/kubernetes/>, which have been seen within the Superior Infrastructure Hacking class, however it’s not sufficient to attribute this exercise to a category. The annoying Wi-Fi habits that shouldn’t make their way onto the final network? While our approach didn’t involve blocking the vacation spot’s IP address or mandating a captive portal for host IP, it was crucial to monitor potential assaults and abuses without interfering with malicious traffic.
When a file is deemed malicious by Cisco’s Safe Malware Analytics, Ivan Berlison also provides another workflow to generate an XDR incident. Corelight, a company that also offers NetWitness, extracts valuable insights from the open-source community and submits them to the Safe Malware Analytics system for thorough analysis. When an XDR incident involves a file with a risk rating exceeding 90, the scenario unfolds as follows:
We thoroughly enjoyed our experience of innovation and investigation at Black Hat USA 2024. The XDR automation alternative proved to be a significant game-changer in seamlessly integrating additional automation features with remarkably little bespoke effort required. How leveraging Cisco Extended Detection and Response (XDR) at Black Hat has exponentially accelerated our open cybersecurity ecosystem? We’ll meet again next year, then see you at Black Hat!
Splunk Assault Analyzer (SAA)
Introducing the Splunk Assault Analyzer (SAA), our latest deployment enhancement. Cisco recently acquired Splunk. Following the recent acquisition, our team collaborated with Splunk experts to successfully deploy their SAA solution at the Black Hat event. SAA is a platform for evaluating files and URLs, analogous to Safe Malware Analytics. Sophisticated Antivirus Algorithms (SAA) employ a refined set of benchmarks to identify the most suitable engine for assessment – encompassing network analyzers, static file evaluators, email analyzers, signature engines, and sandbox environments. At Black Hat, we opted for a singular focus on static evaluation, leveraging the product’s capabilities to assess our needs effectively.
What is particularly noteworthy regarding SAA’s evaluation capabilities is its advanced ability to simulate realistic user interactions, including the capacity to thoughtfully determine how a human would engage with various webpage elements. The AI-powered system will monitor links, gather intel, and scrutinize additional indicators derived from community connections, identify suspicious information, swiftly analyze unknown malicious files, detect phishing domains, and more. The AI system will simulate a logical sequence of actions akin to a human’s thought process to uncover the path towards compromise. The unexpected discovery in our environment sparked curiosity as it precisely matched the digital trail from a file, featuring active hyperlinks that led to distinct websites, with each step accompanied by a screenshot for seamless observation.
We possess a PDF document that has been formally presented to the Society of American Archivists (SAA). The tool identified hyperlinks within the file and scrutinized them to determine whether they could potentially lead to any malicious activity. Although we’ve redacted numerous URLs, analysis of the accompanying PDF report and clicking on hyperlinks reveals the path they followed.
Following the SAA’s analysis, we can now examine the relevant file in question along with the corresponding screenshots captured during the process. Here is the rewritten text:
The analysis revealed that this file served as the primary source of information for a coaching session, with each hyperlink referencing articles, self-hosted and official coaching resources, or other relevant informational sources accessible to students.
With the support of our partner Corelight, we were able to implement this integration. During our initial conversation on day one, their enthusiasm was palpable as they expressed eagerness to collaborate on developing a brand-new integration with SAA. Within a matter of hours, we successfully integrated with their systems. Here was a testament to the power of teamwork, as we collaborated to elevate the NOC experience at Black Hat annually.
Umbrella DNS
Given the existing knowledge of Black Hat NOC/SOC reviews, you understand that… In previous conferences, we allocated internal forwarders to customers through DHCP, but failed to actively encourage their adoption. Primarily, attendees were free to utilize their chosen DNS resolvers without our interference. We implemented a modification that compelled users accessing DNS sites to automatically reroute to our internal DNS forwarding infrastructure. The statistics reveal a significant surge in queries processed by Cisco Umbrella, with an impressive increase from 54.4 million to 79.3 million following the introduction of this variation.
The significant increase in question difficulty was hardly unexpected. What was particularly striking, however, was the unexpected decrease in question dependence between 2023 and 2024. While the precise cause of this decline remains unclear, several hypotheses exist that can be tested in future analysis.
The adoption rate of encryption in DNS protocols remains a pressing concern. Recently, the company has focused on addressing the concerns surrounding the privacy, integrity, and authenticity of data transmitted through the plaintext Domain Name System (DNS) protocol. To clarify some lingering concerns, “end-to-end” encryption has emerged as a priority for operating system and browser developers. DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) are just two of the most popular methods for encrypting DNS traffic between users’ devices and recursive resolvers.
Detecting all encrypted DNS traffic will be particularly challenging and counting the queries virtually impossible. As TCP is designated as the preferred transport mechanism for both DoH and DoT, it allows shoppers to efficiently pipe multiple queries over a single long-lived TCP and TLS connection, thereby optimizing network performance. While typically revealed are the plain-text “bootstrap” DNS queries that facilitate a user’s discovery of the encrypted DNS server. Through creating a report within Umbrella for the class “DoH and DoT”, we gain valuable insights into the preferences of those companies, ultimately allowing us to strike a favorable agreement.
The entry for <dns.google> is almost definitely indicative of Android cellular gadgets who use this DoT resolver by default. Given the notoriously brief lifespans of these devices, the number of dependent queries will likely increase unless query frequencies remain consistently high?
On this report, we additionally see “canary” domains corresponding to <canary.masks.icloud.com> and <use-application-dns.internet>. The latter area is used by Firefox to detect when it should fallback to unencrypted DNS resolution in case of network issues. Particulars on how Umbrella interacts with these are detailed within the document.
Utilizing the comprehensive packet capture capabilities of our partners and the advanced threat hunting capabilities of Cisco XDR, we will observe the statistics of various protocols on convention networks to gather diverse data. It is likely that this topic will receive further attention and elaboration in the next convention report.
Here’s the improved text:
A primary reason for closely monitoring DNS is to stay ahead of emerging trends and understand how the cybersecurity community, as seen at events like Black Hat, leverages this critical infrastructure at an increasingly sophisticated level. Can novel insights emerge when mandating DNS resolution through a sophisticated, centralized platform? DNS queries persist for locations hosting diverse malicious activities, including malware, crypto mining, phishing, as well as categorize legitimate content types such as social media, finance, and unlawful actions. Additionally, these domains will be organized into distinct categories for specific purposes. Within the App Discovery report in Umbrella, these domains are categorized by software, enabling insight into the vast array of potential uses for thousands of applications. Applications may include various desktop and cellular software.
As expected, we’re witnessing a steady escalation in app usage across the board at Black Hat.
- ~3,600
- ~2,600
- ~6,300
- ~7,500
- ~9,300
Last year, a particular Utility Class gained significant traction and attention: Generative Artificial Intelligence. As expected, more participants and their tools leveraging Generative AI have emerged. As reported at RSAC 2024, our monitoring efforts have evolved significantly, with the frequency of generative AI tools being utilized now revealed to be astonishingly high – a staggering 80 distinct instances having been observed.
To date, just several months into Black Hat 2024, the surge in demand has been remarkable, with the total quantity skyrocketing to an astonishing 194.
While initially distinct, the lines between conferences and other instruments have blurred, revealing a growing trend towards their integration and recognition.
Community Assurance
The ThousandEyes deployment successfully went live roughly a year ago. At the conference, we worked tirelessly to develop the configurations, designs, and protocols that formed the foundation of our event’s security strategy. The deployment process was further refined and optimized during Black Hat London and Black Hat Asia events. At the 2024 Black Hat USA conference, we significantly enhanced our cybersecurity posture while continuously refining and improving our processes.
New {hardware}
We successfully introduced 20 Orange Pi devices at Black Hat 2024, building upon our initial deployment of 8 Raspberry Pi gadgets in 2023. Despite our dire need for vigilant monitoring, we still have a significant advantage with 28 pairs of eyes compared to just 8. We successfully deployed our new fleet of Orange Pi devices to monitor wireless connectivity, leveraging their capabilities to enhance our visibility into Wi-Fi networks. Meanwhile, our existing Raspberry Pi assets continue to serve as valuable tools for real-time monitoring of registration processes, network operations centers, and core infrastructure elements.
Orange Pi configuration
Before the convention, Mike Spicer invested a significant amount of time in developing new configuration and deployment procedures for the Orange Pi devices. With the script and local community’s assistance, we’ve successfully configured each Orange Pi device with a custom SSID and password. Once configuration is complete and goal entry factors are deployed, each Pi device is escorted to its designated training room where it automatically connects to the access point (AP) upon boot-up and commences running its scheduled monitoring tests.
Despite advancements in scripting and automation, the configuration process still yielded a tangled mess of wires (as depicted). Upon deploying the Pi gadgets, attendees experienced significantly more walking than typically encountered at a typical conference.
Expanded wi-fi protection
With the additional brokers on board, we’ve been able to establish more Black Hat training facilities, further expanding our capacity for strategic development and growth. Prior to the launch of the coaching rooms, the increased visibility enabled us to identify additional problems earlier, including a misconfigured Pre-Shared Key (PSK), an SSID that was not broadcasting, and another SSID that broadcasted but lacked internet connectivity? To ensure seamless collaboration during our upcoming convention, we’re considering assigning an agent to each coaching room to provide real-time visibility and validation, which will give us a strong foundation for the event. While we’ve already had positive results from the brokers’ input, we believe this additional step will further boost our confidence going into the coaching days.
As the convention’s emphasis transitioned from training sessions to informative briefings, we relocated our security focus from high-priority instructional times to expansive briefing spaces and high-traffic zones such as entranceways and the Enterprise Corridor. While we faced the need to make informed decisions about what to prioritize and what to omit, we were still able to deploy agents across each floor for comprehensive coverage.
Troubleshooting
Following three conferences, our teams’ expertise in troubleshooting Raspberry Pi devices had been refined through established processes and documentation; yet, the introduction of Orange Pi devices presented novel complexities. After experiencing a significant issue rate of around 25% among our newly deployed Orange Pi devices within the initial 24-hour period, we deemed this a substantial and costly problem to address. The log evaluation disclosed that the Wi-Fi network interface card (NIC) became consistently disconnected, while the USB connection entered a perpetual disconnection loop, which was attributed to the fact that the Wi-Fi NIC is connected via USB on the Orange Pi devices. ThousandEyes agent core information is hindered by persistent problems stemming from the wi-fi Network Interface Card (NIC) and Universal Serial Bus (USB) malfunctions.
Notwithstanding this, the isolated instances were fewer rather than ubiquitous, and by the end of the conference, we achieved seamless wireless coverage that remained operational throughout the entire event. To address the unexpectedly distant Wi-Fi connectivity problems, we created step-by-step diagnostic protocols and comprehensive guidelines for resolving these remote connectivity issues.
Automated ticketing
A novel ticketing system has been introduced at this conference, capable of generating tickets in Slack triggered by insights from ThousandEyes data or user-reported issues. Below is a ticket generated primarily from TE alerts for a designated convention room during the initial morning of briefings.
With ThousandEyes’ dashboards, we were able to provide rapid visibility into performance metrics, illuminating which convention rooms had suffered from the most egregious latency issues, while also offering a side-by-side comparison of latency across various reporting rooms.
The automated reviews accompanying each dashboard entry provided rich, granular data, including visitor pathway and latency metrics for each step along the way.
With the introduction of a cutting-edge ticketing system, crew members can now seamlessly aggregate screenshots, streamlining their communication and ensuring secure file storage.
What follows is a brief overview of the workflow issues experienced with our internal DNS checks? The data provided to suppliers as hyperlinks must be thoroughly checked for accuracy and completeness to ensure seamless integration into the system.
We filtered our view using a dashboard to focus on the two brokers, streamlining the perspective for easier analysis.
The confirmation of excessive latency was observed by two brokers.
We thoroughly scrutinized each verification result for the individual in question.
Within this view, we’ve selected several exams operating on each Broker’s platform.
A latency spike was observed by multiple brokers, prompting concern regarding potential issues with system performance.
To identify the root cause of the persistent latency issue, we dug deep into the intricacies of Path Visualization.
We have observed an unacceptable delay in hyperlinks between the Agent and its gateway. This presents a challenge to both the shopper and the access point (AP), as well as the connection between the AP and the server room, which is routed through a router.
We investigated the root cause of the delay by paying a visit to South Seas Development. Further examinations were conducted to verify that the claimed expertise of the connection aligned with the results reported by the Agent. Upon reviewing room and topology diagrams, we identified a discrepancy: the AP safeguarding South Seas D was situated in an adjacent room, simultaneously broadcasting two distinct SSIDs – one for its own room and another for South Seas D. The combination of the AP’s placement, its servicing of two rooms, and the number of attendees in South Seas D contributed to the latency experienced by the agent. The discoveries have been communicated to the Wi-Fi team.
What’s driving interest in cellular machine administration at this year’s Black Hat? The role of Meraki Methods Supervisor
The Black Hat cybersecurity conference in Las Vegas is renowned for showcasing the latest advancements in technology and delivering a consistently exceptional experience for attendees. Effective management of cellular device infrastructure through efficient mobile device management (MDM) is a vital component of overall success. Since attending Black Hat USA 2021, our team has successfully utilized Cisco Systems’ expertise to manage a diverse array of tasks crucial to the event’s seamless execution.
This in-depth analysis examines the deployment of the Meraki SM, highlighting the key challenges encountered along the way.
Cellular gadgets play a crucial role in the world of cybersecurity, particularly during events like Black Hat. These devices are vital for attendees to stay connected and informed about the latest threats, vulnerabilities, and solutions.
Cellular gadgets have played a pivotal role in numerous key domains, revolutionizing the way we communicate, access information, and navigate our daily lives.
- Used at registration kiosks to simplify and expedite the attendee check-in process, self-service stations enable attendees to quickly scan a QR code for instant badge printing.
- During Black Hat events, attendees were checked in efficiently using a scanning process that ensured seamless entry into each session.
- Numerous cutting-edge devices have been deployed on the current exhibit booths to rapidly gather sales floor customer interaction data.
What are the requirements to successfully deploy a Meraki Methods Supervisor?
To deploy the Meraki Methods Supervisor effectively, consider the following:
1. Ensure that the necessary software and hardware requirements are met.
2. Choose a suitable location for the supervisor that allows optimal wireless coverage.
3. Configure the supervisor according to your network settings and requirements.
4. Test the supervisor’s functionality to ensure seamless integration with other devices.
How can I troubleshoot common issues during deployment?
To troubleshoot common issues, consider the following:
1. Check the supervisor’s status page for any error messages or warnings.
2. Verify that the necessary ports are open on your router and firewall.
3. Ensure that the supervisor is configured correctly and matches your network settings.
4. Contact Meraki support if you’re unable to resolve the issue.
What are some best practices for managing a Meraki Methods Supervisor?
To manage the supervisor effectively, consider the following:
1. Regularly monitor the supervisor’s status page for any issues or warnings.
2. Update the supervisor’s firmware as needed to ensure optimal performance.
3. Configure the supervisor to send email notifications when certain thresholds are exceeded.
4. Use Meraki’s built-in analytics and reporting features to optimize your network’s performance.
What are some potential benefits of using a Meraki Methods Supervisor?
Some potential benefits include:
* Improved network visibility and control
* Enhanced security and threat detection
* Simplified network management and troubleshooting
* Increased scalability and reliability
To ensure a seamless and efficient deployment process, our approach involved several critical stages.
- Prior to dispatching cargo to the event site, all equipment has been pre-positioned using Automated Deployment Equipment (ADE). This enabled devices to be set up with a recognized Wi-Fi network identifier (SSID), facilitating faster deployment on the website.
- Three units will be shipped in distinct groupings, each mirroring one of several roles. Intended to enable rapid deployment following arrival.
- A customised dashboard script is now prepared to effectively harness the power of the Meraki Dashboard API, seamlessly linking enrolled devices to their designated roles.
- As soon as activated, devices are designed to autonomously acquire all necessary settings or applications relevant to their role, rendering them instantly deployable with minimal setup required.
- ThousandEyes brokers have been deployed throughout various venues to log SM health at different occurrence points.
- Before returning any devices after the event, they must be thoroughly wiped of all data at the manufacturing facility.
Challenges and workarounds
Throughout life, unexpected obstacles emerged, necessitating swift contemplation and adaptability.
- A last-minute modification to the appliance record for session-scanning devices became necessary. Despite initial intentions to prepare all configurations in advance, a surprise change was seamlessly handled through the Methods Supervisor with just a few clicks.
- As beta Site Management (SM) shoppers, ThousandEyes brokers initially struggled to accurately gather connectivity data. While this habit had been expected, its emergence nonetheless created challenges in tracking progress efficiently. NOC members from Cisco’s ThousandEyes and Meraki divisions joined forces to co-develop a proof-of-concept solution. Through rigorous testing and multiple iterations, we successfully configured ThousandEyes brokers to mimic legitimate site visitors by simulating machine check-ins, effectively replicating the behavior of actual Small Market (SM) customers.
Implementing Meraki Methodology as the supervisor at Black Hat proved to be a complex yet satisfying challenge. Despite facing challenges, our team showcased remarkable agility and innovative thinking, ensuring the event’s operations unfolded smoothly. The experts underscored the importance of adaptability and swift issue mitigation in overseeing complex events of scale.
Through our strategic adoption of cutting-edge Mobile Device Management (MDM) solutions like Meraki’s Methods Supervisor, we successfully delivered a hassle-free experience for both attendees and exhibitors, highlighting the transformative power of technology in event management.
We are thrilled with the successful collaboration between the Cisco team and our Network Operations Center (NOC) partners. Can the exhibition take place from December 9th to 12th, 2024 at the London Excel Centre?
Acknowledgements
A special thank you to the dedicated professionals of the Cisco Network Operations Center (NOC) team.
- Christian Clasen, Matt Vander Horst, Aditya Sankar, Ben Greenbaum, Ryan Maclennan, Adam Kilgore, Shimei Cridlig, Shannon Wellington, and Justin Murphy, with distant assistance from Jessica (Bair) Oppenheimer
- Dalton Ross, assisted by Paul Fidler and Connor Laughlin. Search for their report on
Additionally, to our NOC companions:
- NetWitness (particularly Alessandro Zatti)
- Palo Alto Networks, spearheaded by Jason Reverdy and James Holland.
- Corelight (particularly Dustin Lee)
- Arista (particularly Jonathan Smith)
-
Lumen and its entire Informa Tech workforce, including notorious individuals such as Neil Wyler, aka Grifter, alongside Bart Stump, Steve Fink, James Pope, Mike Spicer, Sandy Wenzel, Heather Williams, Jess Stafford, and Steve Oldenbourg.
About Black Hat
The Black Hat cybersecurity conference is the industry’s most renowned and comprehensive security event series. In 1997, these recurring events offer participants a comprehensive look at the latest advancements, strategies, and trends in cybersecurity research, development, and best practices over several days each year. As a response to the community’s demands, Black Hat hosts an array of events, featuring content directly sourced from the neighborhood through informative Briefings sessions, practical Training programs, and high-level Summits, among others. As a premier platform for knowledge sharing and collaboration, Black Hat brings together professionals from all fields and disciplines to tackle the most pressing cybersecurity issues, with events held in the United States, Canada, Europe, Middle East and Africa, and Asia.
Share:
