Not a Knock NOC Joke - Securing Black Hat from Black Hat

Palo Alto Networks

By Jason Reverri, Sr. Technical Marketing Engineer, Palo Alto Networks and Black Hat NOC team member

The Network and Security Operations Center at the Black Hat USA Conference serves the critical role of ensuring that the conference's network is running smoothly and efficiently, as well as detecting and responding to any security threats.

Black Hat partners with a select group of cybersecurity organizations, serving different functions and providing solutions, that work together to establish and defend a stable and well-protected network. Palo Alto Networks is a key partner in Black Hat network and security operations. Palo Alto Networks has officially supported Black Hat 18 times over the last 6 years at conferences around the world. At this year’s Black Hat USA, we are providing 3 functions within the NOC/SOC:

  1. We provide network firewall services, including full layer 3 dynamic routing, proper network segmentation/isolation, and protection of the Black Hat owned infrastructure from any network based attacks.
  2. We collaborate with other vendors to provide threat hunting and threat context of traffic to help the NOC team determine appropriate courses of action.
  3. We exclusively provide the NOC with security orchestration, automation and response (SOAR), with a wide range of automation and integration with the different products used by the NOC.

A significant portion of the Palo Alto Networks platform is used to provide these services. Products used include Cortex XDR for visibility and reporting for threat hunters and NOC guests. Our PA-5280 NGFWs will be deployed in High Availability, protecting Black Hat owned systems and internal infrastructure. They also provide App-ID visibility and CDSS alert profiles for classroom and attendee networks. Our threat hunters will leverage dedicated NGFWs enabled with the CDSS suite, including:

  • Advanced Threat Prevention - detect network attacks, defend against vulnerabilities, detect malleable C2, and zero day SQLi and CMDi attacks
  • DNS Security - identify bad Domains and detect threats which leverage DNS as a vector
  • Advanced URL - identify malicious URLs and detect threats which leverage HTTP(s)
  • Advanced WildFire - identify malicious files
  • IoT Security - identify the target/ source device types used in incident response prioritization

All the NGFWs and services will be monitored using our Panorama Network Security Management M-300. Panorama also provides log access to threat hunters, including other vendor’s teams. The rock star integration and automation is provided by Palo Alto Networks Cortex XSOAR. XSOAR is key to the NOC automation workflows and integrations with the other products supporting the Black Hat team.

Direct attacks on Black Hat’s infrastructure happen. Some attendees quickly begin exploiting a vulnerability that has just been disclosed from the stage. This is an excellent reminder in today’s hyper-connected environments of what organizations face today: attackers don't need a lot of time to find ways to abuse a software bug.

The Palo Alto Networks threat hunting team is in the NOC, actively reporting credible threats to the Black Hat team, specifically attacks against the registration and internal infrastructure. Based on this threat intel, the Black Hat staff is able to leverage a Cortex XSOAR slack integration to instantly block bad actors through address tagging on the firewall. We work in close collaboration with the other NOC partners; Arista, Cisco, Corelight, Lumen, and Netwitness.

To see this NOC team in action, the Black Hat NOC will be streamed live via the conference Twitch channel or you can visit and tour the NOC onsite. With the help of partners like Palo Alto Networks, they are able to provide a strong network and security infrastructure that allows attendees to focus on learning and networking without worrying about their cybersecurity.

For more information about Palo Alto Networks cybersecurity solutions and its support of the Black Hat NOC, visit our Booth #1332.

Sustaining Partners