Cisco Live 2018 -  How to handle threats in a very large event / by Enrico Sorge

During Cisco Live Europe, I met the guys in front and behind the ThreatWall.

Today is the day 1. Cisco Live is open to the public and there are around 10k wireless endpoints (and increasing!)


How many security threats the CiscoLive NOC is dealing with? 
How they can have a rapid view of what’s happening on a network built for one-week conference, hundreds of access-points and terminals?

I found the answer looking at the Cisco Threat Wall, located closer to the World of Solutions (WoS).

This panel shows how Cisco Security Solutions provide continuous real-time monitoring and pervasive views into, all network traffic with a specific focus on anomalies and threats running in the Cisco Live network.

Leveraging Netflow on switches they’re able to see all the pattern of traffic running “pervasively” on the whole network (not only on the internet perimeter or on specific network segments) identifying all the types of endpoints connected


As an added value, the integration with Cisco Firepower NGFW permits to enrich the visibility with threats identified with Cisco NGIPS and Cisco AMP technologies.