Cisco Unifies SOC and NOC with Splunk for MWC Barcelona, Achieving Real‑Time Visibility in Hours
What Happened – Cisco’s security team leveraged Splunk Cloud to fuse Security Operations Center (SOC) and Network Operations Center (NOC) data for the 2024 Mobile World Congress in Barcelona. Within a single afternoon the team built a full‑featured NOC dashboard and enabled cross‑domain correlation of network and threat telemetry.
Why It Matters for TPRM –
- Demonstrates the speed and flexibility of a unified data platform for large‑scale events, reducing MTTR for third‑party vendors.
- Highlights the value of consolidating disparate Cisco telemetry streams (Secure Access, XDR, FTD, Meraki, Catalyst, Spaces) into a single analytics layer.
- Provides a repeatable blueprint for organizations that rely on multiple security and networking vendors to meet compliance and service‑level expectations.
Who Is Affected – Telecommunications & event‑venue operators, large‑scale conference organizers, MSPs/MSSPs delivering managed SOC/NOC services, and any enterprise using Cisco and Splunk in a hybrid environment.
Recommended Actions –
- Review contracts with SOC/NOC service providers to ensure they can ingest and correlate multi‑vendor telemetry.
- Validate that your organization’s Splunk (or comparable SIEM) deployment is configured for rapid dashboard creation and cross‑domain analytics.
- Incorporate unified SOC/NOC architecture requirements into third‑party risk assessments and continuous monitoring programs.
Technical Notes – The deployment used Splunk Cloud as a “single pane of glass,” ingesting data via native connectors from Cisco Secure Access, Cisco XDR, Cisco Firewall Threat Defense (including the Secure Firewall 6160), Cisco Meraki, Catalyst Center, and Cisco Spaces. No new vulnerabilities were disclosed; the focus was on operational efficiency and real‑time visibility. Source: Cisco Security Blog