Our industry has no choice but to embrace and leverage AI to fight constant threats if we are to stand any hope of defending our environments effectively. Credit: PUGUN SJ This year's Black Hat USA conference saw more than 907M threat events detected in real time, according to data collected by Palo Alto Networks. This is a staggering number that shows just how attractive the event is to threat actors – and artificial intelligence (AI) was a key driver in protecting against these attempts. With new attacks being reported daily, the stakes have never been higher to protect one of the industry's top events. In collaboration with several other vendors, Palo Alto Networks supported this year's network operations center (NOC), defending against inbound threats. AI has been an industry buzzword as of late, with the community primarily focusing on discussing how threat actors are leveraging it. Of course, the use of this technology has been accelerated with generative AI tools like ChatGPT. However, this AI transformation wave is not just being used by the bad actors – it's tapped by the good guys too. With the power of AI, this year's NOC was able to automate the triaging of threats so they could focus on what really mattered: supporting the event. For example, AI offered roughly an 80-20 split for the NOC team where around 80% of the initial investigations were ideally handled through automation, so the remaining 20% were getting the human attention they needed. Here are three ways that we saw this year's NOC leverage automation to defend the event: Set up for success Before arriving in Las Vegas, our NOC team was armed with AI-powered tools including Palo Alto Networks' Cloud Delivered Security Services (CDSS), Cortex XSOAR, Cortex XSIAM, and more. CDSS provided some relief for NOC analysts by analyzing mountains of data to determine if there is a hidden threat. Prior to using AI, a threat hunter would have to manually comb through this data, which could take hours. CDSS greatly expedites this process as it takes a human being longer to blink than it does for the AI to make its verdict. Equipped with tools that were already harnessing AI, we were set up for success. Building defense in real-time Not only did the NOC team make use of existing AI-powered products, but they also created new code in real-time as they responded to threats. We were joined by the Cortex XSIAM team on-site who sat down during the show and spoke to me about my threat hunting process. Then, the engineer taught the logic flow to XSIAM, which allowed it to come to the same conclusions as I would have, but at lightning speed. This ultimately gave me and the other NOC analysts the ability to focus on greater, more complex threats while trusting that the AI was handling some of the simpler tasks. Collaboration is king Collaboration is paramount in our industry, and several vendors come together every year to power the Black Hat NOC. This year I was joined by Cisco, NetWitness, Corelight, Arista, and Lumen, to protect the event. Throughout the conference, the Palo Alto Networks team shared data from our CDSS subscriptions with these vendors. Then, they used this data within their own tools to further expand on the threat research processes. For example, we collaborated with NetWitness to construct several new dashboards together, in their platform, to make the other threat hunters’ jobs easier and allowed us to create visualizations within that tool. This was incredibly helpful during the event because it allowed us to put our heads together and leverage the tools and information at all of our disposal to create a safer, successful Black Hat. Threat actors have been using AI to be more effective for some time now. Our industry has no choice but to embrace and leverage AI to fight back too if we are to stand any hope of defending our environments effectively. When envisioning the future of cybersecurity, there isn't a path to success without the power of AI and automation heavily involved. However, it will be the interconnectedness of humans working alongside AI that ultimately will be the most effective way for us to identify and solve problems at pace. To learn more, visit us here. Related content brandpost Sponsored by Palo Alto Networks Addressing vulnerabilities in OT environments requires a Zero Trust approach Here’s a rundown of why manufacturers are so exposed and how Zero Trust can help solve many security issues. By Navneet Singh, vice president of marketing, network security, Palo Alto Networks Dec 05, 2023 6 mins Security brandpost Sponsored by Palo Alto Networks Code-to-cloud: Achieving complete cloud security Securing applications can only be achieved with a platform approach where developers and security teams share the same single source of truth. By Ankur Shah, SVP and GM of Prisma Cloud at Palo Alto Networks Nov 14, 2023 5 mins Security brandpost Sponsored by Palo Alto Networks Now is the time to insist on total visibility, enabling your organization to utilize AI strategically and comprehensively in the future AI allows organizations to embrace digital transformation and customize platformization to visualize total infrastructure and manage security threats in real-time—meeting the potential challenges of 2024. By Anand Oswal, SVP of Product, Network Security at Palo Alto Networks Nov 09, 2023 4 mins Digital Transformation brandpost Sponsored by Palo Alto Networks Defending Against Advanced Threats, Part 2 Advanced threats are often highly persistent and can rapidly pivot when encountering roadblocks. Keen insights uncover threat actors’ ability to perform deep reconnaissance to understand their targeted environments thoroughly. Learn more today. By Stephanie Regan with David Moulton Oct 25, 2023 2 mins Cybercrime Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe