The week I spent in the BlackHat NOC was great exposure to both new and evolving technology and new people. As a team member of the RSA team in the BlackHat NOC I tried to approach my time there by learning as much as I could about not only the data on the network, but how our products function in the hands of professionals. Being exposed to a cross company team in a live setting was awesome. Not only did it give us a chance to expose others to the RSA NetWitness Platform, but we got to learn about other technologies and understand how they fit in within the analytic ecosystem.
By digging in and getting my hands dirty I've had a chance to work with partners like Threat Grid, who provides a Dynamic Analysis technology that integrates with our Malware Analysis platform to enable a context-rich experience by identifying key behavioral indicators. ProTip: if you're a RSA NetWitness Packets customer you can register for 5 free submissions per day and get access to the Threat Grid platform. I also had a chance to work with some of the helpful folks over at Ruckus and got to see how we were able to ingest various logs from their infrastructure into the RSA NetWitness Platform. In addition we were exposed to Fortinet and got to see how their logs looked along side the network traffic they were providing.
Getting this type of exposure in real-world scenarios is valuable in driving product evolution. It gave us an opportunity to get feedback from professionals on how they're solving problems, and how they'd solve the same problems with our technologies. The ability to contribute back to the security community should not be overlooked. It's satisfying to be able to say that, as a vendor, we were able to have an impact at a large community event. Most importantly, we are able to take all of the information and experience gained at Black Hat 2016 and use is as the driving force to make things better for defenders.