This year’s Black Hat USA conference saw an astounding 907 million threat events detected in real-time, indicating the high level of interest it attracts from threat actors. Artificial intelligence (AI) played a crucial role in defending against these attempts. Palo Alto Networks, in collaboration with other vendors, supported the event’s network operations center (NOC) in countering inbound threats.
AI has become a buzzword in the industry, with discussions often focusing on how threat actors utilize it. However, AI is not solely employed by malicious actors; it also aids the defenders. The NOC at this year’s conference effectively automated the triaging of threats, allowing them to concentrate on supporting the event. Through AI, approximately 80% of initial investigations were handled through automation, freeing up human resources to focus on the remaining 20% that required human attention.
The NOC leveraged automation in three key ways to protect the event:
1. **Set up for success:** Before the conference, the NOC team equipped itself with AI-powered tools such as Palo Alto Networks’ Cloud Delivered Security Services (CDSS), Cortex XSOAR, Cortex XSIAM, and more. CDSS relieved NOC analysts from manually sifting through vast amounts of data to identify hidden threats. This AI-powered tool expedited the process significantly, providing faster results than human analysis. The NOC team was well-prepared due to the tools’ AI capabilities.
2. **Building defense in real-time:** Not only did the NOC team rely on existing AI-powered products, but they also developed new code on the spot as they responded to threats. The on-site Cortex XSIAM team worked closely with the NOC analysts, teaching their logic flow to XSIAM. This enabled XSIAM to arrive at the same conclusions as human analysts, but at a much faster pace. As a result, the analysts could focus on more complex threats, knowing that simpler tasks were being handled by AI.
3. **Collaboration is king:** Collaboration is essential in the industry, and multiple vendors join forces each year to power the Black Hat NOC. This year, vendors like Cisco, NetWitness, Corelight, Arista, and Lumen joined Palo Alto Networks to protect the event. Throughout the conference, Palo Alto Networks shared data from its CDSS subscriptions with these vendors, who incorporated the data into their own tools to enhance threat research. For instance, partnering with NetWitness allowed the construction of new dashboards and the creation of visualizations within their platform. This collaborative effort empowered the collective group to leverage available tools and information, ultimately ensuring a safer and successful Black Hat event.
Threat actors have long been using AI to enhance their effectiveness. To effectively defend our environments, the cybersecurity industry must also embrace and leverage AI. The future of cybersecurity relies heavily on the power of AI and automation. However, it is the interconnectedness of humans working alongside AI that will prove to be the most effective way to identify and solve problems promptly.
To learn more about Palo Alto Networks and their network security offerings, visit their website [here](https://www.paloaltonetworks.com/network-security).