According to data collected by Palo Alto Networks, more than 907 million threat events were detected in real time at this year’s Black Hat USA conference. This is a staggering number that shows just how attractive this event was to threat actors, making artificial intelligence (AI) a key driver in defending against these attempts. With new attacks being reported daily, the risk to protect one of the industry’s top events has never been higher. Palo Alto Networks collaborated with several other vendors to support and protect network operations centers (NOCs) from inbound threats this year.
AI has recently become a buzzword in the industry, and the community is primarily focused on discussing how threat actors are leveraging AI. Of course, the use of this technology is being accelerated by generative AI tools like ChatGPT. However, this wave of AI transformation is not only being exploited by the bad guys, but also by the good guys. Harnessing the power of AI, his NOC this year was able to automate threat triage, allowing him to focus on what really matters: supporting events. For example, AI gave his NOC team a roughly 80/20 ratio, with about 80% of the initial investigation ideally handled by automation, and the remaining 20% able to get the necessary human attention. .
Here are three ways this year’s NOC leveraged automation to protect its events.
set yourself up for success
Before arriving in Las Vegas, our NOC team was equipped with AI-powered tools, including tools from Palo Alto Networks. Cloud-delivered security services (CDSS), Cortex XSOAR, Cortex XSIAM, more. CDSS has given NOC analysts some peace of mind by analyzing mountains of data to determine whether there are hidden threats. Before using AI, threat hunters must manually sift through this data, which can take several hours. Since it takes an AI longer to make a decision than it takes a human to blink an eye, CDSS significantly speeds up this process. Already equipped with AI-powered tools, they were set up for success.
Build defenses in real time
The NOC team not only leveraged existing AI-powered products, but also created new code in real-time as they responded to threats. His Cortex XSIAM team onsite also joined me and sat down with me during the show to talk about my threat hunting process. Then an engineer taught his XSIAM the logic flow and XSIAM was able to come to the same conclusion as me, but super fast. This finally allowed me and other NOC analysts to focus on larger, more complex threats while trusting that the AI was handling some of the simpler tasks.
collaboration is king
Collaboration is paramount in our industry, and multiple vendors come together each year to power the Black Hat NOC. This year, Cisco, NetWitness, Corelight, Arista, and Lumen joined us to secure the event. Throughout the conference, the Palo Alto Networks team shared data from their CDSS subscriptions with these vendors. We then used this data within our own tools to further enhance our threat research process.
For example, we worked with NetWitness to build several new dashboards within their platform to make the work of other threat hunters easier and enable them to create visualizations within their tools. This was extremely helpful during the event as it allowed us to put our heads together and utilize all the tools and information at our disposal to create a more secure and successful Black Hat.
Threat actors have traditionally used AI to become more effective. If our industry is to have any hope of effectively protecting the environment, we have no choice but to embrace and leverage AI to fight back. When envisioning the future of cybersecurity, there is no path to success without a significant involvement of the power of AI and automation. But ultimately, it is the interconnectedness of humans working alongside AI that will be the most effective way for us to quickly identify and resolve problems.
Learn more about here.