SESSIONS Download Agenda
We will be opening a second wave of Ultimate Test Drives and Hands-On Workshops in May … be on the look out for the email! Register now so you don’t miss the opportunity!
Breakout sessions are subject to change!
Please click on the track names below to view our Ignite 2017 breakout sessions.
The demonstration will not stop after breaking the perimeter, but will go through all the phases of a successful data breach, including lateral movement, breaking into the Data Center, exfiltrating valuable information and long term persistence.
Meanwhile, a new and different cyberattack landscape continues to evolve that could compromise both networks and the subscribers and devices that are connected. A new approach to security is needed.
We will discuss the major industry trends including the game-changing evolution of IoT, and the overall evolving threat landscape and main challenges that are impacting both network providers and their subscribers.
Network and subscriber protection are no longer separate problems in this advanced new digital age, and service providers can apply a dynamic prevention-oriented platform approach to their security architectures with complete visibility and automation that focuses on both the networks and their subscribers to address new and evolving security challenges.
• AutoFocus for contextual threat intelligence service, enabling the extraction, correlation, and analytics of threat intelligence with high relevance and context
• WildFire to identify and automatically prevent zero-day exploits and malware
• Threat Prevention to block known malware, exploits, as well as command-and-control activity
• URL filtering for the prevention of newly discovered malicious and phishing URLs
• Traps for advanced endpoint protection
• Aperture™ SaaS security service to protect cloud-based applications
• Extensibility of threat intelligence across our partner ecosystem with open APIs
This research and presentation will appeal to almost any organization, whether recently beginning a security program plan or already operating a robust security operation but looking for a bleeding-edge approach. While some investment is required for true next-generation capability, many of the concepts and steps described in this presentation are operational and tactical activities that lie beneath all world-class security operations centers. Without the correct processes, people and philosophy toward a holistic security operations footprint, next steps in growth may not be realistic. This presentation aims to give clear guidance on assessing your posture and understanding the next steps for your organization’s security operations growth planning.
The Palo Alto Networks Next Generation Security Platform Technology Partner ecosystem includes integrations with over 100 technology partners across technology segments such as Authentication, Cloud, Infrastructure, Enterprise Security, Mobility, Security Analytics, Threat Intelligence, Virtualization, and many more. In this session we will provide a deep dive into how our next generation security platform seamlessly integrates with key technologies your organization leverages so that you can focus stop cyber security breaches and focus on your business priorities.
This session will cover the following;
- Mathematically define an example of “True Prevention”, define it as “one incident a day that requires human interaction worldwide”. Then taking data from Autofocus estimate the total amount of attacks per day worldwide
- Address the argument that True Prevention must equal 100%, use a comparison use case to mass transport systems
- Create an equation that shows the impact of kill chain interceptions on the number of attacks that breach the defenses and need human interaction using the information gathered
See how AutoFocus automates threat analytics and prevent efforts for attacks targeting your organization or industry. This session will cover new AutoFocus innovations, including:
- The new hosted MineMeld application for AutoFocus, which enables the aggregation validation of any third-party threat intelligence source, including automated prevention for Palo Alto Networks devices.
- How AutoFocus can help you scale detection and prevention efforts without additional, specialized security staff.
- How to automate security analysis and response workflows with AutoFocus.
We’ll take a look at specific detection techniques as part of larger prevention strategies and outline:
- What detection is and is not
- How the art of detection continues to evolve
- How detection feeds the prevention part of the Cybersecurity strategy
This session will describe some of the security challenges that arise through adoption of DevOps. It will look at all parts of the DevOps lifecycle, how the issues differ from those presented in legacy environments, and examine what opportunities there are to address these challenges and turn them into advantages - whilst balancing the demands of both the business IT operations.
The less-well monitored "dark corner" of the Internet consists of infringing names created at the hostname (or "fully qualified domain name") level, typically on service providers offering free hosting or free blog space. By shifting the infringing mark from the base domain to the hostname, infringers can still efficiently attract potential visitors via search engines, but they can avoid getting flagged during daily zone file scans.
By way of example, consider http://pradadfghandbags.blogspot.com/. That site would not typically be noticed by a brand manager scanning a zone file. That host *CAN* be found using passive DNS approaches, or by using tools specifically tailored to watch live DNS traffic streams for relevant marks. We will discuss the challenges of monitoring the Internet's domain names on a per-host level, and illustrate solutions that are relevant to any brand owner or brand management consultancy.
See how WildFire automates protection by reprogramming your network to maximize your security posture in an automated fashion without sacrificing security for business constraints. This session will provide updates on WildFire, including:
- Sample analysis enhancements
- Expanding the WildFire infrastructure
- Configurations to meet customer requirements (could cover wildfire appliance in this as a hybrid conversation)
In this session, you will hear from a security architect in the Utilities sector and learn:
- How to apply a phased, attack lifecycle model to systematically break the incident detection challenge down into more manageable parts
- Specific techniques for leveraging WildFire, MineMeld, Threat Prevention, core NGFW capabilities and Splunk integration to enhance threat intelligence and incident detection capabilities
- Real world examples for how the techniques were used to detect and prevent cyber incidents in a production environment
Automated Behavioral Analytics allows you to prevent advanced attacks, insider abuse, and malware by setting a baseline and detecting behavioral anomalies indicative of these sophisticated attacks. Palo Alto Networks is extending the Next-Generation Security Platform with innovative technology obtained through the acquisition of LightCyber to defeat post-intrusion attacks.
Attend this session to learn how:
• Automated Behavioral Analytics enhances the Palo Alto Networks Next Generation Security Platform
• The combination of network and endpoint analysis provides a powerful way to detect, confirm, and stop internal reconnaissance and lateral movement
• A large healthcare company uses behavioral analytics to protect their internal network and demonstrate security assurance
This session will outline innovations by Palo Alto Networks to prevent the theft of user credentials and make them useless to adversaries once stolen.
Palo Alto Networks introduced earlier this year a pilot of a new approach to manage endpoint security, offering Traps the best advanced endpoint security solution in the market as a managed service.
Instead of "detect, apologize and fix approach", use Traps advanced prevention capabilities, and offer better managed service.
Come and learn more about this exciting new offering.
VakifBank is one of the largest banks in Turkey with nearly 1,000 branches, 4,000 ATMs, and more than 15,000 employees.
Learn how we did this with great success and get our experiences on what to do and what not to do. We will also share our view on the effectiveness of Traps including cases, trends and incidents from our Security Operations Center.
About HealthPartners: HealthPartners is an integrated health care organization providing health care services and health plan financing and administration. It's the largest consumer governed nonprofit health care organization in the nation - serving more than 1.5 million medical and dental health plan members nationwide. HealthPartners employs over 22,500 healthcare professionals, all working together to deliver the HealthPartners mission.
The following topics to be covered:
1. Background - Traps overview - Highlights
2. How to plan for Traps deployment
3. Best practices for Traps management and maintenance (focus on larger deployments)
4. Case study/Case studies
5. Summary, Q&A
The Security team will address how and why they selected Palo Alto’s Traps solution to enhance their endpoint security posture. The discussion will wrap with key elements a prospective buyer should consider during their evaluation and implementation of Traps.
Contestants will be challenged to solve deployment and automation challenges that may arise within AWS, using any of the AWS or 3rd party tools currently available.
As the world's leading and most diverse derivatives marketplace, CME Group is where the world comes to manage risk. CME Group exchanges offer the widest range of global benchmark products across all major asset classes, including futures and options based on interest rates, equity indexes, foreign exchange, energy, agricultural commodities, metals, weather and real estate.
To help manage this, Gigamon partnered with Palo Alto Networks and REAN Cloud to build a simple, fast, automated solution to provision a secure AWS environment for each developer. Using AWS services, VM-Series automation features, Gigamon can now deploy one or more approved VPCs for an engineer that is protected by a VM-Series with the push of a button. The secure developer VPC is connected back to the Gigamon network via an IPsec VPN, ensuring security and compliance. In this session, REAN Cloud and Gigamon will present lessons learned, best practices, and optimal architectures for successful deployment automation of the VM-Series on AWS.
You will walk away with specific, actionable architectural patterns resulting in a usable model for deploying Palo Alto Networks devices on AWS to protect healthcare workloads for stronger security, higher availability, and limitless scalability.
About Verge Health: Founded in 2001, Verge Health is the risk management platform of choice for more than 900 health systems and hospitals nationwide. As an organization, we are dedicated to our clients as evidenced by a 95% retention rate and great feedback from clients who have literally helped create the product road-map and vision for leveraging technology to create meaningful improvements in regard to protecting patients and protecting margins.
About Cloudticity: Cloudticity helps healthcare companies design, build, migrate, and manage HIPAA-compliant systems on AWS.
- Using the XML API as a management tool
- Leveraging Dynamic Address Groups and AWS Tags to protect inter-subnet traffic
- Using Bootstrapping in conjunction with Panorama
- Tips and tricks to achieve resiliency as well as scalability with ELB integration
- Higher network performance
- New VM-Series models and AWS instance size selection
- Native CloudWatch integration
It is with these fundamental objectives in mind that Microsoft has built Azure with a focus on being world’s most trusted platform. Microsoft’s approach has been to build network innovations to drive cloud disruption AND partner with strategic ISV’s to deliver critical capabilities for their customers. As part of this approach Palo Alto Networks has become a premier Security provider for Microsoft Azure with close development, field and support alignment. In this session, George Moore, CSO for Microsoft Azure will present how Microsoft Azure & Palo Alto Networks are jointly delivering world class security to meet the needs of our customers.
For the 2nd half of the discussion George will interview a joint customer to discuss their Microsoft Azure and Palo Alto Networks deployment. Please join us to hear first-hand how customers are solving for cloud security and enabling innovation at the speed of business!
This strategy enables Intel business units to use the public cloud to accelerate innovation and time to market while cutting costs. Successful public cloud usage involves more than just technology. We have adopted new tools, made substantial enhancements to relevant processes, and invested in people’s skill sets. We have found that we must regularly invest in developing our IT skills to securely enable Intel’s growing number of public cloud use cases. Our long-term public cloud security strategy and architecture enables us to apply a compliance process to the entire cloud security configuration. Other benefits include:
- Reduced cost through reuse of security tools and services
- More agile response to business needs
- Alignment between on-premises and public cloud IaaS security
Key learnings pave the way for future work:
- Distributed accountability for IaaS security
- Effective discovery, vulnerability management, and compliance processes for IaaS use cases
- Strong identity lifecycle management process and data protection
- Choice of cloud-oriented solutions
- Cross-domain team building, combined with various skillsets
We continually assess and enhance security and privacy capabilities, processes, and people’s skills to protect our customers’ and Intel’s data.
We will illustrate how we’ve broken down the VM-Series firewall configuration into multiple layers:
• Core: Setup of VM-Series software updates, applying license keys, zones, virtual routers and more.
• Azure: The configuration of network interface cards to VM-Series interfaces, overview user defined routes and more.
• Policies: Defining security policies and NAT setup.
• Application: Creating a custom App-ID
The tools that we will review include Palo Alto Networks VM-Series firewall, Microsoft© Azure, Terraform©, pan-python library, Python and Git. This session will provide the information for all users to begin treating the “Secure Infrastructure as Code”.
- New VM-Series models, performance and Azure VM size selection
- Azure Application Gateway and Load Balancer integration
- Support for multiple public IPs
The enabling component of cloud architectures, as they evolve from traditional data center and service provider designs, is a foundation of software-defined infrastructure that allows policy-based software to automate complex IT tasks, usually accelerating key IT processes from weeks to minutes. While cloud-based automation tools for servers are relatively mature, network and security automation has made rapid strides in just the last few years, largely driven by developments in software defined networking (SDN), and even more recently, software defined security.
What’s required is a complete IT automation platform for cloud services, for both networking and security, that extends to deeper analytics and remediation capabilities for the entire service lifecycle. A software defined security component must augment traditional SDN network automation platforms and capabilities, while integrating with best of breed security devices, services and analytics tools for 360-degree visibility, and to facilitate an immediate response to suspected or actual threats.
Real world use cases involving customer deployments with various cloud automation solutions and Palo Alto Networks NGFW will show how the automated approach that SDN provided for networking can be brought to bear for security policies, enforcement and remediation to enable secure, on-demand cloud services at the speed of business.
The individual technology items exist and are well understood but, how do you position an integrated solution as an essential element in the wider SDDC and how do you go about delivering a solution that meets your customer’s needs?
This paper provides a practical example of a deployment using Palo Alto Networks and VMware NSX. It walks you through the processes from positioning the solution with your customers executive, defining the requirements, managing the entire process and developing and delivering a successful outcome.
The focus of the session will be on operationalizing the NSX Distributed Firewall and Advanced Service Insertion, best practices for creating a Distributed Firewall and Partner redirection policy in an existing brownfield datacenter as well as in a greenfield environment. NSX 6.3 is packed with new functionality that make operationalizing micro-segmentation feasible even for the most complex applications and environments. In this session you will learn how to use these features, and Palo Alto's VM-Series NGfFW to implement a zero-trust model in your datacenter and beyond.
- New solutions provide greater security, are more agile and can be operated at lower costs
- How to prepare yourself for these new technologies
- How do you test these solutions and deploy solutions like SDWAN and NFV
This session will examine many of the questions you need to ask about the host you are running your virtualized applications on, and what steps and techniques you can adopt to ensure that the software and hardware on the host in your private or public cloud is working FOR your sensitive data, and not AGAINST it.
In this session, we will discuss how Palo Alto Networks can help to ensure data privacy:
• Ensure compliance by providing data access visibility and inappropriate exposure remediation
• Validate SaaS usage for specific types of data -- PII data isn't supposed to be stored in Office 365? Aperture can validate whether it is there or not
• Administrative and architectural privacy: Aperture tenancy and administrative data controls
Join this session where you will learn:
•Best practices to build a strategy for securing your SaaS environment
•Real-world examples of risks seen in enterprise SaaS environments
•Steps to protect against the new threats and prevent data exposure
•How to comply with data residency regulations
• Access control and visibility
• Governance and compliance
• Infrastructure security
• Information Rights Management
• Integration with Palo Alto Networks
- Securing your migration to the cloud
- How to put tools in place to achieve your data governance and compliance goals
- The latest SaaS Security trends including a discussion on the Cloud Access Security Broker (CASB) market
- Lessons learnt from customers who have migrated sensitive data to the cloud
We will also focus on some of the inadvertent mistakes that lead to a weak security posture.
Fortifying and mitigating risk to IT assets has been a fundamental concern for security operations teams across all verticals. To protect enterprise information, security vendors have developed an array of technologies, such as firewalls, BDS/BPS, IDS/IPS, Advanced Endpoint, UEBA and SIEM solutions. Over the last decade, organizations have created Security Operations Centers to help manage this massive array of technology along with security processes. The evolution of these platforms has been centered on keeping up with the evolution of the broader threat landscape – but do these technologies and SOC strategies really protect enterprise SaaS applications and services
Rethinking the Enterprise SaaS Security Strategy
As traditional enterprise applications are being migrated to the cloud, existing SOCs have lost both visibility and control. To address this new void, the Enterprise needs to consider technologies that can provide augmentation within their existing security technologies within the SOC. Such technologies need to be able to detect threats to cloud applications and services used by the organization. So what technologies are able, which are effective and how does the strategy change?
Have you ever wanted to take the intelligence from Palo Alto Networks Wildfire, determine if it’s impacted any of your endpoints and then immediately remediate the affected endpoints? You’re not alone. Combining the power of Palo Alto Networks, ServiceNow and Tanium, IT security professionals can see the beginning of malicious activity with their Palo Alto Networks NGFW, send an alert to Wildfire, create an indicator of compromise (IOC) within Tanium, find IOCs on all impacted endpoints and immediately create a security incident in ServiceNow Security Operations to quickly manage the remediation. In this session, we’ll demonstrate how customers are currently addressing security incidents from beginning to end with this trifecta. Here how Whirlpool’s Greg Fisbeck is using this integration today to stop and contain threats.
In this session, CISOs will learn the many benefits behind automating the DevOps process for security compliance, including:
- How to bring order to a “wild wild west” landscape where anyone has access to production systems and data
- Closing the lid on security skills gap by enabling DevOps teams to audit new solutions and applications
- Eliminating wasted time and the potential for human error from manual tasks
- Reducing amount of data breaches and security risks
- Enabling continuous compliance for companies facing PCI DSS, HIPAA, and additional regulations
- How to fully verify and automate a single device restore securely.
- The approach to rebuild an entire DR site from a central location
- How the Palo Alto Network integration with BackBox can immediately benefit end-users
ForeScout will share key findings from the IoT Enterprise Risk Report, based on research by Samy Kamkar, one of the world’s leading ethical hackers. Also on the agenda are best practices to:
- See (and classify) IoT devices the instant they connect to the network
- Control network access based on device type, posture and behavior
- Orchestrate and integrate islands of security, leveraging existing investments for better protection
- How different perceptions of “cloud” can lead to an entanglement between traditional and cloud security.
- Why that was a huge problem.
- What it took for us to solve the challenge.
- How our partnership with Palo Alto Networks was key to our success.
Please join us as we work together to deliver an advanced visibility, reporting and monitoring solution for intelligent security analysis that addresses this challenge and delivers new tools to quickly identify and analyze this new class of threats. We will show you how this integration insures better threat response time, and how to automate the steps needed to block malicious sources and quarantine compromised devices.
- Advanced security and visibility in the cloud, on premise, or hybrid model
- Accelerated threat response and enhanced threat detection
- Security visualization, monitoring and analysis
- Demo to show you how to identify ransomware and correlate IOC data through the app and use adaptive response to take actions
Attend this session to learn how a healthcare organization in Oklahoma used advanced features of the Palo Alto Networks security platform such as SSL decryption, WildFire, User-ID, and App-ID in addition to simple configuration optimizations to improve the overall posture of their network security in measurable ways. Additionally, integrations with VMware NSX, ProofPoint Cloud, and RSA NetWitness will be discussed.
You will find out how an architectural approach to network security can drastically improve your security defenses.
Hear first-hand about how San Francisco USD and others implemented GlobalProtect to protect devices and users when off-campus. We’ll cover how these districts deployed GlobalProtect and will offer tips to make your GlobalProtect deployment easier.
In this session, you will hear from security experts from the City of Oklahoma City as they describe the city's recent experience overhauling critical infrastructure and how enterprise security tools and concepts were brought into the mix. Attendees will learn:
- How to leverage existing equipment to drive down cost while remaining segmented and protected
- Using the firewall as a tool to build bridges with Infrastructure and Operational Technology teams
- Using PANOS and partnering technologies to build a compliant and reportable environment accountable to stakeholders
- Deploying GlobalProtect to enable remote access in a highly controlled way
- Identify and address the risks and challenges of effective cybersecurity risk management
- Implement best practices and tactical steps for successful IIoT build-out including Next Generation Segmentation, application visibility, Zero Trust network segmentation, and more
- Learn best practices for developing a comprehensive security platform to prevent and protect against data loss and theft from compromised IIoT devices
This talk discusses relevant ways enterprises have integrated their CTI functions into various parts of enterprise IT to prevent, detect, respond and recover more effectively. From tactical and operational decision making to strategic planning - cyber threat intelligence has a deep potential in the enterprise that is currently untapped. By sharing some of these leading practices and more advanced integrations attendees can gain the tribal knowledge today's progressive CISOs already have.
The approach used will be as follows:
1. Introductory lecture – setting the scene and talking about some of the basics of the exam
2. 90% of the time focusing on the type of questions you will get:
a. Ask the question – participants use quiz-system to submit their answers
b. Show the polling
c. Discuss the answers and why certain answers are right, and others are not correct
Ready to prove your skills and upgrade your career? Take the Palo Alto Networks Certified Network Security Engineer (PCNSE) exam at Ignite 2017. Successful candidates demonstrate their comprehension of the unique aspects of the Next-Generation Security Platform. Join this elite group of PCNSE-certified and skilled professionals.
ULTIMATE TEST DRIVES
Interested in kicking the tires on the latest security innovations? Buckle your seatbelt and join us for a series of labs to test drive some of our latest product innovations. These labs will expose you to advanced capabilities within our next-generation firewall, new threat protection techniques, advanced endpoint protection, network security management and the latest concepts in securing a software-defined data center. You'll be guided through a series of hands-on exercises aimed at introducing you to an exciting array of products and features in the Palo Alto Networks Next-Generation Security Platform.
If you have some prior experience in the Palo Alto Networks Next-Generation Security Platform and want to learn more about specific topics, join us for a series of hands-on workshops allowing you to go deeper into specifics of our products. These hands-on workshops are created to give attendees an in-depth understanding of product and feature deployment and implementation. Some hands-on workshops require specific prior experience, please refer to the prerequisites for each workshop.