{"id":1479,"date":"2026-04-09T12:18:15","date_gmt":"2026-04-09T12:18:15","guid":{"rendered":"https:\/\/www.europesays.com\/ai\/1479\/"},"modified":"2026-04-09T12:18:15","modified_gmt":"2026-04-09T12:18:15","slug":"ai-powered-network-security-at-the-mobile-world-congress-2026-snoc","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/ai\/1479\/","title":{"rendered":"AI-powered Network Security at the Mobile World Congress 2026 SNOC"},"content":{"rendered":"

Barcelona is a city of wonder, defined by the architectural genius of Antoni Gaud\u00ed. For the 100,000+\u00a0attendees\u00a0of\u00a0the\u00a0Mobile World Congress 2026, these landmarks were must-see destinations. But where there is high interest, there is high opportunity for cybercriminals.<\/p>\n

This was\u00a0part of\u00a0the backdrop for our mission in early March. As the most influential mobility and networking event on the planet, MWC 2026 was a whirlwind of innovation. At the center\u00a0of this high-stakes environment, our team was on the ground, operating the Security and Network Operations Center\u00a0(S\/NOC) to ensure that the massive infrastructure powering the event remained bulletproof, and the attendees using\u00a0its\u00a0network were secure.<\/p>\n

\"Security<\/p>\n

Our SOC was based on\u00a0cutting-edge\u00a0technologies\u00a0provided by Cisco, consisting\u00a0of the recently released AI ready ultra-high-end\u00a0Secure Firewall 6160<\/a>,\u00a0our\u00a0leading\u00a0Security Service Edge solution\u00a0Cisco\u00a0Secure Access <\/a>,\u00a0our\u00a0AI security solution\u00a0Cisco\u00a0AI Defense<\/a>,\u00a0our premium SIEM solution\u00a0Splunk\u00a0Enterprise Security<\/a>, and\u00a0our cloud-native detection and response solution\u00a0Cisco\u00a0XDR<\/a>.<\/p>\n

Secure Access<\/p>\n

Due to the nature of the event, we were only using the DNS capabilities of Secure Access, also available in the Secure Access DNS Defense solution, with security applied at the DNS level. The DNS queries of\u00a0the connected devices were\u00a0forwarded\u00a0to the Secure Access public resolvers where we block threats before a connection is\u00a0established. All the security event logs were pushed directly to XDR, while Splunk ES was pulling all the\u00a0anonymised\u00a0logs, and AI Defense was collecting App Discovery logs for Generative AI applications to\u00a0provide\u00a0additional insights of the AI models used on the network of the event.<\/p>\n

Splunk Platform<\/p>\n

\"Splunk<\/p>\n

In the image above,\u00a0you can see a custom\u00a0dashboard we created on Splunk ES\u00a0consuming\u00a0all the logs\u00a0it was\u00a0receiving from the\u00a0Firepower Threat Defense\u00a06160\u00a0firewall, and the DNS requests sent to the Secure Access public resolvers. In this specific screenshot, we are showing the data for the last\u00a0seven\u00a0days from the afternoon of the last day of the event, the 5th\u00a0of March (instead of the last 24 hours appearing at the titles of the graphs, which was what we were normally\u00a0observing).<\/p>\n

Please note that the network of the venue\u00a0remains\u00a0protected at the DNS level by Cisco Secure Access outside the event. As a result, there are DNS logs outside the dates of the MWC, as the network was actively used during the setup.<\/p>\n

XDR<\/p>\n

In the\u00a0customised\u00a0XDR dashboard\u00a0below, you can see some high-level information extracted from the DNS traffic of the network.\u00a0This includes the total number of DNS requests for the last 30 days, and the blocks for Malware, Command and Control, and Phishing for the same period.<\/p>\n

\"XDR<\/p>\n

There\u00a0are\u00a0again\u00a0events\u00a0outside the\u00a0dates\u00a0of the MWC.\u00a0It is worth noting that a phishing campaign appears\u00a0to\u00a0have\u00a0taken\u00a0place at the venue during\u00a0a previous\u00a0event in mid-February.<\/p>\n

On the right-hand side, you can see incidents that were automatically created on XDR after correlating the DNS logs from Secure Access and the\u00a0firewall\u00a0logs from the FTD 6160, and MITRE ATT&CK Incidents.<\/p>\n

AI Defense<\/p>\n

While Generative AI is a powerful tool, it imposes significant risks that\u00a0organisations\u00a0need to be aware of and manage\u00a0accordingly.\u00a0In\u00a0the\u00a0image below,\u00a0you can see an App Discovery\u00a0report\u00a0from AI Defense showing the\u00a0AI applications\u00a0discovered on the network\u00a0of the venue. The Composite Risk Score\u00a0occurs by combining Business Risk, Usage Risk, and Vendor Compliance to calculate a\u00a0standardised\u00a0measure of the risk they may imply.<\/p>\n

\"AI<\/p>\n

Access to these AI models can be\u00a0managed\u00a0with Secure Access\u00a0to\u00a0secure AI apart from just\u00a0leveraging\u00a0AI for security.\u00a0In a non-anonymised\u00a0environment where the traffic is routed through\u00a0the Security Service Edge (SSE)\u2019s cloud-hosted Secure Web Gateway, the applications can be scanned to enforce AI guardrails through the Secure Access DLP\u00a0(data loss prevention)\u00a0policy\u00a0and\u00a0control what data is sent to the AI applications, while tenant controls can also be\u00a0applied.<\/p>\n

When the guard is down<\/p>\n

While attendees were busy planning their sightseeing\u00a0outside the event, attackers were busy crafting traps. We\u00a0observed\u00a0a surge in sophisticated phishing campaigns targeting the very people attending the conference. Fraudsters stood up convincing, fake websites\u00a0perfectly mimicking official ticket portals for the city\u2019s top attractions,\u00a0designed to harvest credit card details and drain accounts before the victims even reached the front doors of the\u00a0breath-taking\u00a0Bas\u00edlica\u00a0de la Sagrada Fam\u00edlia\u00a0in this example.<\/p>\n

It was a stark reminder: even the most seasoned tech experts\u00a0who spend their careers building defenses and hunting threats\u00a0may\u00a0leave a digital door unlatched when they step away from\u00a0work. The same AI-powered vigilance we apply to global enterprise networks is just as critical in our personal digital lives. At MWC 2026, we\u00a0were not\u00a0just\u00a0monitoring\u00a0the network; we were\u00a0witnessing\u00a0a masterclass in how quickly a moment of leisure can turn into\u00a0fraud.<\/p>\n

During the event, Secure Access blocked access to one of those phishing domains.<\/p>\n

\"XDR<\/p>\n

While Secure Access was enforcing only at the\u00a0domain\u00a0level,\u00a0with\u00a0XDR Investigate\u00a0we could\u00a0correlate logs from both Secure Access and the FTD 6160 firewall to provide further information, like the exact URLs users attempted to access, appearing as Attributes on the\u00a0right-hand bottom of\u00a0the image\u00a0above.<\/p>\n

\"SSE<\/p>\n

Secure Access Investigate, as appearing\u00a0above,\u00a0provides\u00a0real-time\u00a0actionable\u00a0threat intelligence by\u00a0analysing\u00a0global data from the Secure Access network using AI to detect, score, and predict emerging threats. It allows security teams to proactively uncover malicious infrastructure (domains, IPs, ASNs) and accelerate incident investigation through API-driven, high-context data enrichment.<\/p>\n

\"XDR<\/p>\n

XDR can then correlate events further to\u00a0provide\u00a0more Incidents\u00a0which are not as obvious as the\u00a0above phishing event. Its AI-powered incident analysis (appearing\u00a0above) provides AI-generated Classification, Impact, and a Summary including the Reasoning, Evidence and Detections\u00a0for\u00a0every incident. The\u00a0additional\u00a0AI-generated Analysis and Recommendations are\u00a0invaluable for the integrations with Secure Access and Splunk ES to automate responses for every incident, while they\u00a0facilitate\u00a0escalations to senior security analysts when further manual action is\u00a0required.\u00a0In this specific case, XDR classified this incident as a potential false positive with medium confidence. Based on that, the SOC team can prioritise other incidents of higher priority.<\/p>\n

Concluding<\/p>\n

The AI-powered Security and Network Operations Center (S\/NOC) at Mobile World Congress 2026\u00a0demonstrated\u00a0Cisco\u2019s commitment to\u00a0leveraging\u00a0cutting-edge\u00a0technologies to secure and\u00a0optimise\u00a0large-scale, high-profile events. By integrating advanced solutions such as the AI-ready Secure Firewall 6160,\u00a0Cisco\u00a0Secure Access,\u00a0Cisco\u00a0AI Defense, Splunk Enterprise Security, and Cisco XDR\u00a0operating all together as a single platform,\u00a0the S\/NOC provided comprehensive, multi-layered security that proactively blocked threats, including phishing campaigns, and delivered actionable insights through AI-driven analytics and correlation.<\/p>\n

This deployment highlighted the power of combining AI, automation, and unified security telemetry to enhance threat detection, investigation, and response in real time, while also enabling granular control over AI application usage. The event underscored the importance of a holistic, AI-enabled security architecture that not only protects critical infrastructure but also educates and innovates to stay ahead of evolving threats in complex environments with diverse user populations.<\/p>\n

Check out the\u00a0lessons learned<\/a>\u00a0from the Event SOCs we deploy around the world, with the white paper and latest blogs.<\/p>\n

We\u2019d love to hear what you think! Ask a question and stay connected with Cisco Security on social media.<\/p>\n

Cisco Security Social Media<\/p>\n

LinkedIn<\/a>
Facebook<\/a>
Instagram<\/a><\/p>\n

\t