Title of Resource

Black Hat 2017: Inside the NOC

Pwnie Express   Pwnie Express | 08.24.17 | IoT Security

With the thump of techno all around us and traces of network traffic on giant screens providing the only light, the Pwnie Express team spent the tail end of July  in the Black Hat Network Operations Center (NOC). Before continuing to read this post, put your headphones on and blast The Prodigy's Voodoo People with your lights off and you'll start to feel the vibe. But the feeling of tackling IoT security in such an intense and dynamic network environment is something that's a bit more difficult to capture.


Pwnie went to Black Hat with IoT security top of mind. We know firsthand that IoT technology is creating dynamic new possibilities for consumers, businesses and governments, and how these opportunities are both a blessing and a curse. Because IoT creates a vast attack surface that's easy for threat actors to penetrate, the more connections there are, the more vulnerabilities there are. And you can't secure IoT with traditional security measures. We call this gap in defense the IoT security gap.

So when we were invited to be part of the 2017 Black Hat NOC as the IoT security provider, we jumped at the opportunity.  Understanding the sheer amount of devices and connections that would be present at Black Hat this year, we knew it would be a fun, interesting experience. But nothing prepared us for what we had the chance to be a part of.

The Black Hat NOC Experience: We Came, We Saw

Our experience began when one of our sales engineers headed out to Vegas for setup. As we stood up our sensors, the rest of the Black Hat network was being stood up, as well. The Mandalay Bay technician, Doc, has been with the hotel for years. He knows every nook and cranny of the infrastructure. The Pwnie team deployed 13 sensors and mounted them on tripod rigs to avoid permanent mounting to the hotel's infrastructure. All with the purpose of providing continuous monitoring of the Black Hat airspace.

Once the sensors came online and we started doing the initial baselining, the number of wireless devices and the high density of the infrastructure outside of the conference surprised us. Identifying the hotel's infrastructure, and pinpointing and integrating new access points into our baseline, was critical to providing greater analytics and reporting capabilities. We were intrigued by the behavior of devices that disconnected from secure networks and moved to other, insecure networks; not the type of behavior you want to see.

We were also, of course, privvy to other strange device behaviors. We saw APs associated with drones and printers. We saw evil APs. We saw APs on non-US channels. It was clear from the interest from the rest of the NOC team that they were seeing a new level and layer of visibility into the devices involved in Black Hat.

Group Dynamics and the Value of the NOC

Within the NOC, we noticed immediate cohesion with the group and an atmosphere of mutual cooperation and teamwork. The people working in the NOC are some of the best network security professionals in the world, and we were honored to work with them.

And we learned an incredible amount. We use our product, Pulse, in our own offices, and we instrument large customer environments every day. But to be in the position to use our own solution at Black Hat was an experience like no other.  We are honored to be invited back next year to do it all again.

Interested to hear more about our time at the NOC? We'll be joining a webinar on Security Weekly on Wednesday, August 30 with others from the Black Hat NOC team to share more stories from the trenches. Learn more information and register here.

Register to Attend

Image credit: PCMag

Tags: IoT Security

Get the 2017 Internet of EVIL Things Report
Survey and device data from 800+ IT security companies and professionals.
Watch Pulse detect wired, wireless and Bluetooth devices
Why You Need to Take Another Look at Network Security in 2017

Related posts