Utilizing AI to defend the Black Hat NOC

This year’s Black Hat USA conference saw more than 907M threat events detected in real time, according to data collected by Palo Alto Networks. This is a staggering number that shows just how attractive the event is to threat actors – and artificial intelligence (AI) was a key driver in protecting against these attempts. With new attacks being reported daily, the stakes have never been higher to protect one of the industry’s top events. In collaboration with several other vendors, Palo Alto Networks supported this year’s network operations center (NOC), defending against inbound threats.

AI has been an industry buzzword as of late, with the community primarily focusing on discussing how threat actors are leveraging it. Of course, the use of this technology has been accelerated with generative AI tools like ChatGPT. However, this AI transformation wave is not just being used by the bad actors – it’s tapped by the good guys too. With the power of AI, this year’s NOC was able to automate the triaging of threats so they could focus on what really mattered: supporting the event. For example, AI offered roughly an 80-20 split for the NOC team where around 80% of the initial investigations were ideally handled through automation, so the remaining 20% were getting the human attention they needed.

Here are three ways that we saw this year’s NOC leverage automation to defend the event:

Set up for success

Before arriving in Las Vegas, our NOC team was armed with AI-powered tools including Palo Alto Networks’ Cloud Delivered Security Services (CDSS), Cortex XSOAR, Cortex XSIAM, and more. CDSS provided some relief for NOC analysts by analyzing mountains of data to determine if there is a hidden threat. Prior to using AI, a threat hunter would have to manually comb through this data, which could take hours. CDSS greatly expedites this process as it takes a human being longer to blink than it does for the AI to make its verdict. Equipped with tools that were already harnessing AI, we were set up for success.

Building defense in real-time

Not only did the NOC team make use of existing AI-powered products, but they also created new code in real-time as they responded to threats. We were joined by the Cortex XSIAM team on-site who sat down during the show and spoke to me about my threat hunting process. Then, the engineer taught the logic flow to XSIAM, which allowed it to come to the same conclusions as I would have, but at lightning speed. This ultimately gave me and the other NOC analysts the ability to focus on greater, more complex threats while trusting that the AI was handling some of the simpler tasks.

Collaboration is king

Collaboration is paramount in our industry, and several vendors come together every year to power the Black Hat NOC. This year I was joined by Cisco, NetWitness, Corelight, Arista, and Lumen, to protect the event. Throughout the conference, the Palo Alto Networks team shared data from our CDSS subscriptions with these vendors. Then, they used this data within their own tools to further expand on the threat research processes.

For example, we collaborated with NetWitness to construct several new dashboards together, in their platform, to make the other threat hunters’ jobs easier and allowed us to create visualizations within that tool. This was incredibly helpful during the event because it allowed us to put our heads together and leverage the tools and information at all of our disposal to create a safer, successful Black Hat.

Threat actors have been using AI to be more effective for some time now. Our industry has no choice but to embrace and leverage AI to fight back too if we are to stand any hope of defending our environments effectively. When envisioning the future of cybersecurity, there isn’t a path to success without the power of AI and automation heavily involved. However, it will be the interconnectedness of humans working alongside AI that ultimately will be the most effective way for us to identify and solve problems at pace.

To learn more, visit us here.