Cisco Live 2018 — How to handle threats in a very large event

During Cisco Live i met the guys in front and behind the ThreatWall.

Today is the day 1. Cisco Live is open to the public and there are around 10k wireless endpoints (and increasing!)

How many security threats the CiscoLive NOC is dealing with? 
How they can have a rapid view of what’s happening on a network built for one-week conference, hundreds of access-points and terminals?

I found the answer looking at the ThreatWall, located closer to the WoS.

The ThreatWall

This panel shows how Cisco Security Solutions provide continuous real-time monitoring of, and pervasive views into, all network traffic with a specific focus on anomalies and threats running in the CiscoLive network.

Leveraging Netflow on switches they’re able to see all the pattern of traffic running “pervasively” on the whole network (not only on the internet perimeter or on specific network segments) identifying all the types of endpoints connected

As an added value, the integration with Cisco Firepower NGFW permits to enrich the visibility with threats idenfied with Cisco NGIPS and Cisco AMP technologies.