Leveraging AI-powered defense to secure the NOC at Black Hat USA

The Black Hat USA Network Operations Center (NOC) is a unique environment, serving as a real-time proving ground for cybersecurity technologies tested by some of the world’s most talented cyber professionals. For years, Palo Alto Networks has been a proud partner, providing security infrastructure that keeps the conference running smoothly and securely for every attendee. Our primary goals, aligning with the Black Hat NOC mission, are to protect the conference’s infrastructure from all threats and attacks, as well as maintain a reliable and high-performance network, ensuring that the focus remains on learning and collaboration, not on disruptions or outages. Our systems have to distinguish between the huge number of threats that were part of training classes, demos, and briefings—which are allowed—and the small percentage of real attempts to attack the event’s infrastructure.

At the heart of our operations this year was our AI-driven SOC platform, Cortex XSIAM, which served as the official SecOps platform for the NOC. Cortex XSIAM combines unified data with industry-leading AI and automation, enabling the NOC team to shift from reactive to proactive security while dramatically reducing incident response times.

A look at the network’s defenses

The network traffic at Black Hat is a constant stream of activity, and our Next-Generation Firewalls (NGFWs) and Cloud-Delivered Security Services (CDSS) were the first line of defense. The sheer scale of the network was reflected in the data: 1.7 million traffic logs were generated as our systems worked to identify and categorize activity.

The threat landscape was just as active:

Beyond these specific threats, our IoT Security service provided critical visibility into the diverse range of devices on the network, observing over 10,000 devices. This comprehensive view was essential for understanding the full scope of the network and potential attack vectors.

How Cortex XSIAM transformed the NOC’s operations

This year, Cortex XSIAM was front and center at the Black Hat NOC. It provided a single, unified view of the entire security landscape, ingesting data from 14 different sources, including those provided by NOC partners like Arista, Cisco, Corelight, and Lumen. With its AI-driven analytics and prioritization, the platform was able to cut through the security noise by automatically detecting, grouping, and scoring for risk.

This unified approach had a direct and measurable impact on the NOC team’s efficiency and response times. Cortex XSIAM’s automation playbooks were a game-changer, freeing up the team to focus on the most complex and critical threats by automating repetitive tasks like data enrichment, threat triage, and response actions. Overall, the impact of Cortex XSIAM includes:

4.5 billion events and over 5 terabytes of data ingested into Cortex XSIAM

881 hours were saved by Cortex XSIAM’s automation playbooks

3.9 minutes was the average Mean Time to Detect (MTTD)

These figures are a testament to the power of a modern, AI-driven approach to cybersecurity. In an environment as dynamic and challenging as Black Hat, every second counts. Our partnership with Black Hat is not just about securing a conference; it’s a real-world demonstration of how integrated, AI-driven security platforms can provide the speed and scale needed to defend against the most sophisticated threats.

To learn more about Palo Alto Networks’ AI-powered products, visit here.