The GovWare Safety Operations Centre is a collaborative initiative with Cisco for GovWare Convention and Exhibition 2025 — GovWare 2025 Safety Operations Centre
Following the profitable Safety Operations Centre (SOC) deployments at RSAC 2025, Black Hat Asiaand Cisco Reside San Diego 2025the Cisco ASEAN govt crew accredited the inaugural SOC for GovWare. This initiative required shut collaboration with GovWare, Picture Engine, and the Marina Bay Sands (MBS) Community Operations Middle (NOC) to determine a safe convention community for attendees, with safety supplied by the SOC.
The SOC was based on three major missions:
- To Shield — Make sure the safety of the GovWare 2025 community by defending in opposition to all types of threats and assaults, originating from each inner and exterior sources.
- To Educate — Improve attendee understanding and consciousness by means of partaking SOC excursions and insightful weblog content material.
- To Innovate — Constantly advance safety capabilities by growing and implementing new integrations, refining processes, optimizing workflows, and deploying automations, working with AI.
Attendees had been invited to affix the complimentary, safe GovWare 2025 community, suggested to comply with greatest safety practices and requested to simply accept the Phrases & Circumstances and Code of Conduct of GovWare Convention & Exhibition 2025 in addition to the Information Safety and Privateness Discover.
Information Safety and Privateness is a paramount concern to the SOC crew. On the conclusion of the convention, the information was destroyed and a certificates of destruction filed with GovWare administration.
The SOC crew diligently labored to establish, find, and assist remediate threats at any time when an attendee’s machine or account was discovered to be compromised or insecure.
The GovWare SOC was efficiently deployed in simply two days, a testomony to in depth prior planning and specialised experience. This speedy setup was facilitated by:
- The deployment of the “SOC in a Field,” a customized {hardware} resolution honed by means of years of expertise on the RSAC Convention, enabling speedy connectivity with the MBS, Splunk Enterprise Safety, and the Cisco Safety Cloud.
- Drawing upon confirmed experience, workflows, and procedures from the RSAC 2025 and Cisco Reside San Diego SOCs, with many veteran engineers offering each on-site deployment and devoted distant assist.
- Integrating superior improvements and safety practices developed by means of 10 years of safeguarding the Black Hat community, acknowledged because the world’s most hostile.
- The partnership with Endace, a extremely expert full-packet seize supplier, whose foundational expertise on the RSAC Convention and Cisco Reside San Diego in 2025 was essential and prolonged to their dedication for GovWare.
The SOC Structure
The SOC crew built-in with the NOC to attach the ‘SOC within the Field’ and Cisco Safe Entry digital home equipment for DNS. They created a Switched Port Analyzer (SPAN) feed of community visitors from the inline Cisco Safe Firewall/Firepower safety and despatched to the EndaceProbe packet seize platform to report all community visitors, facilitating the evaluation of anomalous habits. The EndaceProbe additionally generated and ingested metadata, together with Zeek logs, into the Splunk Enterprise Safety Platform. Endace reconstructed and filtered file content material, streaming it to Splunk Assault Analyzer (and onward to Safe Malware Analytics) for sandboxing and evaluation.
The next screenshot demonstrates the ingestion of firewall syslog logs and SPAN knowledge from the change, then sending it to Movement Collector for logs to be saved in Cisco Safe Community analytics. A duplicate of the logs can be being despatched to Cisco XDR cloud for analytics and detections.
The SOC crew used Duo Central for Single Signal-On entry to the instruments, each on-premises and within the cloud.
The implementation of cloud-based options, particularly XDR and Splunk Cloud, proved instrumental in optimizing effectivity and lowering labor throughout the restricted setup window. Pre-configured knowledge and settings, notably Splunk dashboards ensuing the improvements of Ivan Berlinsonhad been seamlessly built-in from earlier engagements.
Incidents had been investigated by Tier 1 / Tier 2 analysts in Cisco XDR, with risk intelligence supplied by Cisco Talosand licenses donated by alphaMountain, Pulsediveand StealthMole together with neighborhood sources.
When escalations to Tier 3 incident responders had been required, the enriched Incident was despatched from Cisco XDR to Splunk Enterprise Safety.
AI Protection was deployed to safe the SOC cloud infrastructure, together with Cisco Id Intelligence.
The Statistics
Statistics are at all times a well-liked a part of the SOC Excursions. Under are the stats from this yr’s occasion.
| Attendees (GovWare) | 14,000+ |
| Whole Packets Captured (Endace) | 1.5 Billion |
| Whole Logs Captured (Splunk) | 59.2 Million Occasions |
| Whole Periods (Endace) | 34.9 Million |
| Whole Distinctive Units (by MAC tackle, DHCP) | 1,600+ |
| Whole Packets Written to Disk (Endace) | 1.4 Terabytes |
| Whole Logs Written to Cloud (Splunk) | 59.2 Million Occasions |
| Peak Bandwidth Utilization (Endace) | 200 Mbps |
| DNS Requests (Cisco Safe Entry) | 4.2 Million (162 Blocked) |
| Whole Clear Textual content Usernames/Passwords (Endace) | 35 |
| Distinctive Units/Accounts With Clear Textual content Usernames/Passwords (Endace) | 5 |
| Recordsdata Despatched for Malware Evaluation (Endace) | 34,705 file objects reconstructed by Endace
2,581 despatched to Splunk Assault Analyzer 1,382 despatched to Safe Malware Analytics |
SOC Findings and Classes Discovered
Try the blogs by the engineers who labored contained in the SOC at GovWare:
Acknowledgements
Our due to the engineers who made the primary SOC at GovWare a hit, by defending the community and educating attendees (and also you).
Marina Bay Sands Community Operations Middle Liaison
GovWare/Picture Engine Liaison
- Goh Choon Hua, Ivan Lim and Zoe Chin
Cisco Singapore
- Peter Lye, Peter Lye, Koo, David.
Cisco Safety and Splunk SOC Group
- Innovation, AI Protection, Cloud Safety Suite: Ryan MacLennan
- Splunk Incident Response: Allison Gallo and Sumit Juyal
- Splunk Enterprise Safety Integrations: Kenneth Bouchard
- Talos IR Menace Hunter: Yuri Kramarz
- XDR Integrations: Ivan Berlinson
- Breach Safety Suite, Agentic AI: Aditya Sankar, Ahmadreza Edalat and Robin Wei
- Consumer Safety Suite: Claire Fulk
- Firewall and Safety Cloud Management: Adam Kilgore and Carol Trincia Dsouza
- Splunk Distant Assist: Josh Wilson
Endace SOC Group
- Co-SOC Chief: Steve Fink
- VP of Product: Cary Wright
- Integrations: Barry ‘Baz’ Shaw
- Engineering: Sundarram Paravata
About GovWare
GovWare Convention and Exhibition is the area’s premier cyber data and connectivity platform, providing multi-channel touchpoints to drive neighborhood intel sharing, coaching, and strategic collaborations.
A trusted nexus for over three many years, GovWare unites policymakers, tech innovators, and end-users throughout Asia and past, driving pertinent dialogues on the most recent tendencies and important data circulation. It empowers development and innovation by means of collective insights and partnerships.
Its success lies within the belief and assist from the cybersecurity and broader cyber neighborhood that it has had the privilege to serve over time, in addition to organisational companions who share the identical values and mission to counterpoint the cyber ecosystem.
We’d love to listen to what you suppose! Ask a query and keep linked with Cisco Safety on social media.
Cisco Safety Social Media
