The Black Hat USA Community Operations Middle (NOC) is a novel setting, serving as a real-time proving floor for cybersecurity applied sciences examined by among the world’s most proficient cyber professionals. For years, Palo Alto Networks has been a proud companion, offering safety infrastructure that retains the convention working easily and securely for each attendee. Our main objectives, aligning with the Black Hat NOC mission, are to guard the convention’s infrastructure from all threats and assaults, in addition to preserve a dependable and high-performance community, making certain that the main target stays on studying and collaboration, not on disruptions or outages. Our methods have to differentiate between the large variety of threats that have been a part of coaching courses, demos, and briefings—that are allowed—and the small proportion of actual makes an attempt to assault the occasion’s infrastructure.
On the coronary heart of our operations this yr was our AI-driven SOC platform, Cortex XSIAM, which served because the official SecOps platform for the NOC. Cortex XSIAM combines unified information with industry-leading AI and automation, enabling the NOC crew to shift from reactive to proactive safety whereas dramatically decreasing incident response instances.
A take a look at the community’s defenses
The community visitors at Black Hat is a continuing stream of exercise, and our Subsequent-Era Firewalls (NGFWs) and Cloud-Delivered Safety Providers (CDSS) have been the primary line of protection. The sheer scale of the community was mirrored within the information: 1.7 million visitors logs have been generated as our methods labored to establish and categorize exercise.
The risk panorama was simply as lively:
Past these particular threats, our IoT Safety service supplied essential visibility into the various vary of gadgets on the community, observing over 10,000 gadgets. This complete view was important for understanding the complete scope of the community and potential assault vectors.
How Cortex XSIAM remodeled the NOC’s operations
This yr, Cortex XSIAM was entrance and heart on the Black Hat NOC. It supplied a single, unified view of your complete safety panorama, ingesting information from 14 completely different sources, together with these supplied by NOC companions like Arista, Cisco, Corelight, and Lumen. With its AI-driven analytics and prioritization, the platform was in a position to minimize by way of the safety noise by mechanically detecting, grouping, and scoring for threat.
This unified strategy had a direct and measurable influence on the NOC crew’s effectivity and response instances. Cortex XSIAM’s automation playbooks have been a game-changer, releasing up the crew to concentrate on essentially the most complicated and demanding threats by automating repetitive duties like information enrichment, risk triage, and response actions. Total, the influence of Cortex XSIAM contains:
- 4.5 billion occasions and over 5 terabytes of information ingested into Cortex XSIAM
- 881 hours have been saved by Cortex XSIAM’s automation playbooks
- 3.9 minutes was the common Imply Time to Detect (MTTD)
These figures are a testomony to the ability of a contemporary, AI-driven strategy to cybersecurity. In an setting as dynamic and difficult as Black Hat, each second counts. Our partnership with Black Hat isn’t just about securing a convention; it’s a real-world demonstration of how built-in, AI-driven safety platforms can present the velocity and scale wanted to defend in opposition to essentially the most refined threats.
To be taught extra about Palo Alto Networks’ AI-powered merchandise, go to right here.
