Please click on the track names below to view our Ignite 2017 breakout sessions to help you plan for Ignite 2018.

Learn about the next-generation security platform and its components.
A Platform Approach to Preventing Sophisticated Attacks
This session will demonstrate an end to end sophisticated attack and how the different elements of the Palo Alto Networks Security Platform, working together, are able to prevent the attack at every stage.

The demonstration will not stop after breaking the perimeter, but will go through all the phases of a successful data breach, including lateral movement, breaking into the Data Center, exfiltrating valuable information and long term persistence.

Guillermo Serrano, Consulting Engineer - Advanced Threat Prevention, Palo alto Networks
Advancing the Games: Cybersecurity Strategy in the Rio 2016 Summer Olympic Games
The Rio 2016 Summer Olympics was the highest visibility event in the world last year with over 5 billion spectators, also making it a big target for hacktivists and criminals. From security strategy definition, strict timeframe to the complex human factor, come to see how Rio 2016 managed to overcome these challenges, mitigate attacks and deliver the Olympics with great success.
Pedro Prudencio, Morphus
Applying a Next-Generation Platform Approach to Evolving Service Provider Network Ecosystems
As consumption of mobile applications, new digital services, and the Internet of Things (IoT) continues to expand, service providers are responding to demand by rapidly undergoing a fundamental transformation to all-IP networks with 4G-LTE, flexible virtualized networks (NFV/SDN), Mobile Edge Computing and, in the near future, 5G multi-access converged networks.

Meanwhile, a new and different cyberattack landscape continues to evolve that could compromise both networks and the subscribers and devices that are connected. A new approach to security is needed.

We will discuss the major industry trends including the game-changing evolution of IoT, and the overall evolving threat landscape and main challenges that are impacting both network providers and their subscribers.

Network and subscriber protection are no longer separate problems in this advanced new digital age, and service providers can apply a dynamic prevention-oriented platform approach to their security architectures with complete visibility and automation that focuses on both the networks and their subscribers to address new and evolving security challenges.

Leonid Burakovsky, Senior Director PM, Palo Alto Networks
Cracking the Code: Conquering OPEX in Security Operations
The barrier to entry for a bad guy is low and continues to get lower. Yet the barrier to entry for a good SOC continues to get higher. SOCs often deal with adversary workloads by hiring more people and expanding a never ending process catalogue, based on a detect and respond framework. This session covers a new way of thinking when managing a SOC, leveraging the latest in machine learning and automation to break a SOC away from OPEX dependent workloads. Join Charles as he shares Palo Alto Networks’ Next-Gen approach to Security Operations and see how you can leverage this methodology to bring your OPEX under control while providing vastly superior cyber security protection, from the smallest environments to the largest enterprises. One SOC model for all.
Cyber, EDR, Cloud, BYOD, Machine Learning ...Why an Automated Platform Beats Your Subconscious Buzzword Thinking
We show how you can improve security posture and reduce operational cost with automated and platform approaches to your infrastructure architecture. Breaches are happening, and its headline news. In the age of big data, machine learning, security analytics and threat intelligence, why don't we have secure infrastructure? You see the buzzwords every day, but will focusing on them result in better security posture and fewer incidents? In this talk, we consider the reality of today’s threats, looking past the sensationalist media coverage. There are many ways in which attackers and their toolsets have evolved, with the automation and velocity of the offensive team now being the key pain point. We discover if well-selected technology can really thwart modern attacks, if selecting technology is a straightforward process, of course. If you take best of breed security technology everywhere in your infrastructure, and have ticked off all your cybersecurity buzzwords, you now have secure infrastructure, right...?
James Holland, Systems Engineer, Palo Alto Networks
How Native Threat Intelligence Drives Automated Detection and Prevention Across the Platform
Sophisticated attacks are now being generated at machine scale, challenging legacy defense-in-depth approach to security that typically leverage multiple standalone products, putting high burden on limited resource staff to chase down and mitigate security events manually. This session will provide a technical deep dive into the Palo Alto Networks Threat Intelligence Cloud (TIC), a core pillar of the Next-Generation Security Platform, which orchestrates the automated detection and prevention of attacks across the network, endpoint and cloud. We will cover how the TIC leverages millions of distributed sensors, including WildFire, to cut off emerging attacks before they can become successful. Learn how your organization can leverage the powerful capabilities to drive prevention outcomes across the platform, including:

• AutoFocus for contextual threat intelligence service, enabling the extraction, correlation, and analytics of threat intelligence with high relevance and context
• WildFire to identify and automatically prevent zero-day exploits and malware
• Threat Prevention to block known malware, exploits, as well as command-and-control activity
• URL filtering for the prevention of newly discovered malicious and phishing URLs
• Traps for advanced endpoint protection
• Aperture™ SaaS security service to protect cloud-based applications
• Extensibility of threat intelligence across our partner ecosystem with open APIs

Alfred Lee, VP, Product Management, Palo Alto Networks
Innovations in Next-Generation Firewall Architectures
One of the core principles of the platform is putting the firewalls in the right places to protect applications and workloads. Learn about advances in architectural designs to help your strategic planning for security coverage.
Elie Bitton, Sr. Director Product Management, Palo Alto Networks
Next Generation Security for the Education Sector
Education and research have always required an open, yet secure, network. Historically, if there is only one choice - it is open. In this session, you will learn the journey of how an open university network developed into the open and secure network, and review the challenges and solutions as this environment is disrupted both from within and by cloud technologies. You will understand the challenges to the physical, cloud environments and the tools to manage this dynamic landscape.
Greg Sawyer, Security Consultant
Next-Generation SOC: From Concept to Reality
This research presentation examines maturity curves for IT security operations in any industry and introduces the concept of a next-generation SOC. The session presents information about planning, deployment and lessons-learned during security expansion and enrichment at an actual hospital network. It covers a period of growth and investment spanning four years (2013-2017) taken in steps to achieve a next-generation SOC capability as the spear point of the hospital's cyber threat response mechanism. This research touches on initial requirements for a ‘zero-state’ (no security at all) operational footprint up through full next-generation capabilities. This includes enrichment, multi-modality integration strengths and enablers, key skills and talent needs, ‘next-generation’ concepts of incident response and security stack visibility, and finally, physical facility planning.

This research and presentation will appeal to almost any organization, whether recently beginning a security program plan or already operating a robust security operation but looking for a bleeding-edge approach. While some investment is required for true next-generation capability, many of the concepts and steps described in this presentation are operational and tactical activities that lie beneath all world-class security operations centers. Without the correct processes, people and philosophy toward a holistic security operations footprint, next steps in growth may not be realistic. This presentation aims to give clear guidance on assessing your posture and understanding the next steps for your organization’s security operations growth planning.

Russ Staiger, Senior Cyber Threat Intelligence Analyst - CTAC, Abbott Laboratories - St. Jude Medical
Next-Generation Security Platform as a Remote Access VPN Gateway
Learn how NG security platform replaces your traditional VPN concentrators for remote access. Enable secure access to your applications for employees using corporate devices or personal devices, and support contractors and 3rd party users. This presentation will be a deep dive of GlobalProtect features like strong two-factor authentication, advanced security policies using host state, browser based secure access with clientless VPN. This session will feature real-world deployment insights from the Palo Alto Networks information security team.
Joby Menon, Product Line Manager, Palo Alto Networks
Palo Alto Networks Extensible Technology Platform for Technology Integrations
In today’s world a platform is more than point solutions working in siloes. A true platform is extensible, it is automated, and it is built from the ground up to address the security needs of organizations as they operate in increasingly mobile, and modern environments. Palo Alto Networks Next Generation Security Platform is extensible with an extensive ecosystem of technology partners who can leverage our rich APIS to deliver automated, preventive protection against cyber threats at all stages in the attack lifecycle.

The Palo Alto Networks Next Generation Security Platform Technology Partner ecosystem includes integrations with over 100 technology partners across technology segments such as Authentication, Cloud, Infrastructure, Enterprise Security, Mobility, Security Analytics, Threat Intelligence, Virtualization, and many more. In this session we will provide a deep dive into how our next generation security platform seamlessly integrates with key technologies your organization leverages so that you can focus stop cyber security breaches and focus on your business priorities.

Alan Ptak, Director, Technical Business Development, Palo Alto Networks
Selecting, Evaluating and Deploying a Next Generation Security Platform Across 23 California State University Campuses
This presentation will share the California State University experience of evaluating, selecting, and deploying the next generation security platform across 23 campuses that serve ~500K students and ~50K faculty and staff. It will show how, at the conclusion of all testing and evaluation, Palo Alto Networks offered the most comprehensive technology, easiest administration, and lowest TCO, meeting all of CSU’s key objectives with a single platform, simplifying the total solution with just one vendor.
Michel Davidoff, Director CyberInfrastructure, California State University, Chancellor's Office
Steve Mann, Associate Director, Network Services, Cal State University, Monterey Bay
The Math Behind True Prevention
The threat landscape continues to evolve and expand its reach, constantly challenging organizations to improve and refine their own security practice just to keep up. Many enterprises have made a conscious choice to focus on detection and response, believing that the adversary is already in, shifting resources and technology to breech detection. Without the right approach, prevention can seem unattainable. In this session, you will see how Palo Alto Networks approaches prevention and why it is so critical to not only keep up, but get one step ahead.

This session will cover the following;

  • Mathematically define an example of “True Prevention”, define it as “one incident a day that requires human interaction worldwide”. Then taking data from Autofocus estimate the total amount of attacks per day worldwide
  • Address the argument that True Prevention must equal 100%, use a comparison use case to mass transport systems
  • Create an equation that shows the impact of kill chain interceptions on the number of attacks that breach the defenses and need human interaction using the information gathered
Chris Sidwell-Smith, Channel SE, Palo Alto Networks
Tips and tricks to prevent advanced threats.
Architecting Detection to Outpace Emerging Cyber Threats
How do you build a lasting security architecture when malware variants and attack vectors change so frequently? Studying Tools, Tactics and Procedures (TTPs) is often suggested, as human habits change less frequently. Yet the financial returns on hacking campaigns and the adoption curve of black hat technologies are an even better predictor of cyberweapon trends. We’re going to examine how malware is developed, and how long it takes to reach your network, from version iterations to sale on cybercrime markets, and finally to appearing in the news. When considering IOCs, sandboxing, continuous monitoring or artificial intelligence, which will best defend us in the future? We’ll analyze the costs for your adversaries to sidestep each of these, and how this should affect the types of technologies you invest in.
Paul Shomo, Sr. Technical Manager, Guidance Software
Become a Threat Hunter: AutoFocus Innovations
More data doesn’t always equal better prevention. It can feel like there is an arms race underway, with security operations and response professionals in the sights of an escalating amount of alerts and threat data, which can sometimes do more harm than good. What is needed is an outcome-driven approach to threat intelligence, with a focus on prevention and operationalizing action, versus simply adding more data.

See how AutoFocus automates threat analytics and prevent efforts for attacks targeting your organization or industry. This session will cover new AutoFocus innovations, including:

  • The new hosted MineMeld application for AutoFocus, which enables the aggregation validation of any third-party threat intelligence source, including automated prevention for Palo Alto Networks devices.
  • How AutoFocus can help you scale detection and prevention efforts without additional, specialized security staff.
  • How to automate security analysis and response workflows with AutoFocus.
Bilal Malik, Product Line Manager, Palo Alto Networks
Better Detection for Better Prevention
Detection is the extraction of specific information from a larger stream of data without specific cooperation from or synchronization with the source of that data. The art of detection, also known as following clues, is the work of a detective in attempting to reconstruct a sequence of events by identifying the relevant information in a situation.

We’ll take a look at specific detection techniques as part of larger prevention strategies and outline:

  • What detection is and is not
  • How the art of detection continues to evolve
  • How detection feeds the prevention part of the Cybersecurity strategy

Olivier Menil, Business Development Manager Security, Proximus
Deconstructing DNS: How Bad Guys Abuse DNS To Avoid Detection
To hide or reduce their digital trail, cybercriminals constantly buy and discard cheap domain names to use as part of their attack infrastructure. To stay ahead, brand management companies monitor daily zone files for potentially infringing base domain names. Yet the bad guys adapt and have learned to abuse DNS in new ways to avoid detection.

In this presentation, Internet pioneer and Farsight Security CEO and Cofounder Dr. Paul Vixie will examine the less-well monitored "dark corner" of the Internet where infringing names live created at the hostname (or "fully qualified domain name") level. By shifting the infringing mark from the base domain to the hostname, the bad guys can still efficiently attract potential visitors via search engines, but they can avoid getting flagged during daily zone file scans. From there, bad actors can use these infringing domains to lure unsuspecting users to fake websites to sell counterfeit goods, commit phishing attacks to secure entry into networks and more.

Dr. Vixie will discuss how passive DNS sheds light on these shady DNS cyberattack techniques. He will also discuss the challenges of monitoring the Internet's domain names on a per-host level, and illustrate solutions that are relevant to any brand owner or brand management consultancy.

Paul Vixie, CEO, Cofounder, Farsight Security, Inc.
DevOps or Security? Moving to "AND"
The promise of quick, easy development and simplified operation has convinced many business units to embrace DevOps. At the same time, IT operations view the advent of a set of new technologies and processes with fear, particularly where security it concerned. Security, we have all come to realize, is more than just keeping attackers out of monolithic applications or being able to respond when they get in.

This session will describe some of the security challenges that arise through adoption of DevOps. It will look at all parts of the DevOps lifecycle, how the issues differ from those presented in legacy environments, and examine what opportunities there are to address these challenges and turn them into advantages - whilst balancing the demands of both the business IT operations.

Mike Bursell, Chief Security Architect, Red Hat
Preventing Attacks at Machine Speed with WildFire
It is becoming more and more of a requirement for Cyber security teams to understand and align with the business’s mission to achieve theirs. This creates a balancing act between what could be done and can be done to protect networks from attacks targets at the modern enterprise. In order to address this constraint, security vendors are expected to provide products with options that do not sacrifice the agility and innovation required to protect a customer’s most valuable assets and intellectual property. (might be worth saying users as well. I know that we want to talk about assets and property but you need to protect the users as a key starting point.

See how WildFire automates protection by reprogramming your network to maximize your security posture in an automated fashion without sacrificing security for business constraints. This session will provide updates on WildFire, including:

  • Sample analysis enhancements
  • Expanding the WildFire infrastructure
  • Configurations to meet customer requirements (could cover wildfire appliance in this as a hybrid conversation)
Garrett Hamilton, Product Manager, Palo Alto Networks
Securing Mobile Workforce with GlobalProtect
While an organization may have strong security mechanisms protecting the applications and data while the user/endpoint is behind a firewall, the user is exposed to a greater amount of risk the moment the user/endpoint is directly connected to the internet. Should a sophisticated APT attack be launched on this exposed endpoint via phishing, social engineering, exploits, Trojan SaaS applications or other means, the APT is successful in infiltrating the organization, stealing data, credentials and implanting malware for subsequent stages of attack in-coordination with the attacker’s C&C servers. When a compromised endpoint returns to the corporate network, there is also an elevated risk of the compromise spreading from the initial host to other endpoints by lateral movement. This presentation discusses how GlobalProtect should be deployed to achieve 24x7 advanced protection for your organization’s mobile workforce and prevent APT attacks from being successful.
Jimmy Mejia, Sr. Security Engineer, LyondellBasell
Sarveshwar Rao, Sr. Product Manager, Palo Alto Networks
Securing the Internet of Things and Protecting Against Infected Things
There are an increasing number of botnets now targeting and infecting miscellaneous IoT devices, such as IP cameras and Linux servers, and launching attacks across the internet that are impacting service availability for enterprises and network providers. In this session, we will explore the impacts associated with this new threat landscape, the security posture that is needed to best prevent IoT device infections, and advanced approaches that can be deployed to proactively find infected things and then be able to quickly quarantine them before they are able to launch an attack. We will then open up discussion with a panel of network provider experts to gain some real world perspectives and insight.
Scott Stevens, SVP - Global Service Provider, Palo Alto Networks
Shedding the Light on Threats to Critical Infrastructure with Advanced Incident Detection
Prevention alone is no longer enough to secure critical infrastructure. Advanced incident detection capabilities in both the IT and OT (Operational Technology) environments are essential in identifying and neutralizing a compromise before it causes a serious business impact.

In this session, you will hear from a security architect in the Utilities sector and learn:

- How to apply a phased, attack lifecycle model to systematically break the incident detection challenge down into more manageable parts
- Specific techniques for leveraging WildFire, MineMeld, Threat Prevention, core NGFW capabilities and Splunk integration to enhance threat intelligence and incident detection capabilities
- Real world examples for how the techniques were used to detect and prevent cyber incidents in a production environment

Alex Nehmy, Enterprise Information Security Manager, SA Power Networks
Stop Attackers Inside Your Network With Automated Behavioral Analytics
There is a small number of highly resourced and motivated adversaries that can find ways to infiltrate networks, bypassing even the most advanced security approaches. Once network access has been obtained, they execute a step-by-step malicious playbook of reconnaissance and lateral movement to locate and steal sensitive data. Can you find these malicious actors and prevent their activities before damage is done?

Automated Behavioral Analytics allows you to prevent advanced attacks, insider abuse, and malware by setting a baseline and detecting behavioral anomalies indicative of these sophisticated attacks. Palo Alto Networks is extending the Next-Generation Security Platform with innovative technology obtained through the acquisition of LightCyber to defeat post-intrusion attacks.

Attend this session to learn how:

• Automated Behavioral Analytics enhances the Palo Alto Networks Next Generation Security Platform
• The combination of network and endpoint analysis provides a powerful way to detect, confirm, and stop internal reconnaissance and lateral movement
• A large healthcare company uses behavioral analytics to protect their internal network and demonstrate security assurance

Giora Engel, VP, Product Management, Palo Alto Networks
Michael Mumcuoglu, VP, Engineering, Palo Alto Networks
The Importance of Predictive Technology, Holistic Threat Intelligence and Automated Action
Machine learning. Orchestration. Big data. These are some of the buzzwords anyone working in cyber security hears on a daily basis – but what’s the reality behind these words and how do you use them to better secure your organization? This session will dive into how SecureWorks turns these buzzwords into real world techniques and best practices to detect, prevent, respond to and predict future threats.
Ben Feinstein, Senior Director, Operations & Research Support Counter Threat Unit, SecureWorks
WildFire and Threat Prevention Updates
Learn about how the all-new WildFire detection engine catches the sophisticated, highly evasive malware hitting our customers. A brand new automated command-and-control signature technology in PAN-OS 8.0 is discussed, as well as many new features in WildFire, threat prevention, URL filtering, and data filtering.
Taylor Ettema, Director, Product Management, Palo Alto Networks
You Have a Problem and You Know It: Preventing Credential Theft and Abuse
Protecting User Identities and preventing phishing attacks are key tactical priorities of today’s security professional. The majority of all breaches involve password theft at some stage of the attack. Nearly two-thirds of the breaches analyzed by Verizon in the 2016 Data Breach Incident Report (DBIR) used stolen credentials. This is because the vast majority of organizations continue to use password-based credentials as the primary means of securing user access, and it is easier for an attacker to steal passwords than it is to find and hack a vulnerable system. As a result, password stealing techniques are used by a broad spectrum of attackers to breach organizations, compromise their networks, and steal critical data from internal data centers and the cloud.

This session will outline innovations by Palo Alto Networks to prevent the theft of user credentials and make them useless to adversaries once stolen.

Ashwath Murthy, Product Manager, Palo Alto Networks
Martin Walter, Product Line Manager, Palo Alto Networks
Learn how to protect corporate endpoints (workstations, servers) with our advanced endpoint protection product.
A New Way to Manage Endpoint Security – Introduction to Traps Managed Service Offering
Endpoint managed service market is the fastest growing segment on the managed security service market alongside cloud security managed services.

Palo Alto Networks introduced earlier this year a pilot of a new approach to manage endpoint security, offering Traps the best advanced endpoint security solution in the market as a managed service.

Instead of "detect, apologize and fix approach", use Traps advanced prevention capabilities, and offer better managed service.

Come and learn more about this exciting new offering.

Ariel Cohen, Global Lead Endpoint, ICS, IoT, Business Development, Palo Alto Networks
Advanced Endpoint Protection with Traps at VakifBank
Join this session to hear about VakifBank’s journey to truly protecting their 15,000 endpoint devices. Concerns over zero day attacks, especially against the financial sector, drove their search for solutions beyond signature-based security products. VakifBank will share their requirements, proof of concept test plans, and selection criteria. Additionally, they will discuss the rollout project, results, and benefits seen with their deployment of Traps.

VakifBank is one of the largest banks in Turkey with nearly 1,000 branches, 4,000 ATMs, and more than 15,000 employees.

Evrim Eroglu, Manager of Security Infrastructure Operations, VAKIFBANK
Demystifying Machine Learning ("Artificial Intelligence") Use in Endpoint Security Products
In recent times, every endpoint security product has supposedly developed artificial intelligence, employs advanced machine learning methods, and magically blocks malware. This presentation demystifies machine learning (or supposed "artificial intelligence"), how is it used by various endpoint security products, and pitfalls of different approaches.
Liat Hayun, Product Line Manager, Palo Alto Networks
Deploying Traps in Europe – A Successful Case Study
This presentation will go through our experience implementing and operating Traps. VELUX did a 6500 endpoint roll-out of TRAPS, the largest in Europe at the time.

Learn how we did this with great success and get our experiences on what to do and what not to do. We will also share our view on the effectiveness of Traps including cases, trends and incidents from our Security Operations Center.

Henrik Lei, CISO, VELUX
Thomas Anker Nielsen, Security Architect, VELUX
How We Deployed Traps to Protect a Large Healthcare Environment
How do you protect 30,000 endpoints against the unknown threats in an environment that is constantly under assault by continuously evolving malware? In this session, you will learn how HealthPartners tested the effectiveness of Traps against cryptographic malware during its POC and how we deployed Traps in a mission-critical production environment. You will understand the challenges we faced during the implementation process and how we overcame them, as well as what’s still to come with Traps in our environment.

About HealthPartners: HealthPartners is an integrated health care organization providing health care services and health plan financing and administration. It's the largest consumer governed nonprofit health care organization in the nation - serving more than 1.5 million medical and dental health plan members nationwide. HealthPartners employs over 22,500 healthcare professionals, all working together to deliver the HealthPartners mission.

Joel Pfeifer, Senior Security Analyst, HealthPartners
Network Based Threat Prevention with GlobalProtect for Mobile Workforce
As APTs get more and more sophisticated, organizations require a bullet-proof strategy in place to prevent breaches and defend against targeted attacks. APTs often target an individual or an endpoint in order to gain a foot-hold into the organization. Security is only as good as the weakest link. This presentation will outline what preventions need to happen on the network and what preventions need to happen on the end-point to have the best defense against breaches.
Joby Menon, Product Line Manager, Palo Alto Networks
Next-Generation Endpoint Security – Confused?
It seems like everyone is looking for the next endpoint security solution, but the array of techniques on the market is bewildering. What is the next big thing? In this session we’ll look at the fundamental techniques coming to market, drawing on 35 years of experience in the market. This session will provide you with insight on how to build your next endpoint security stack.
Greg Day, VP & Chief Security Officer, EMEA, Palo Alto Networks
Our Experience Securing Production Environments without Legacy Antivirus
In this session, we share our experience securing our entire production environment, from servers to endpoints and across thousands of systems, without antivirus. Discover lessons learned in overcoming challenges while deploying and managing Traps with minimal disruptions to production. Understand how the multi-method approach of Traps automates the prevention of unknown threats with minimal staff.
Luke Teeters, Information Security Analyst, Materion Corporation
Replace AV Effectively – Best Practices for Deploying and Administrating Traps
This session will cover best practices for deploying Traps on endpoints.

The following topics to be covered:

1. Background - Traps overview - Highlights

2. How to plan for Traps deployment

3. Best practices for Traps management and maintenance (focus on larger deployments)

4. Case study/Case studies

5. Summary, Q&A

Alon Levin, Consulting Engineer, Palo Alto Networks
Replacing Legacy AV with Traps in Manufacturing to Protect Virtual and Non-Virtual Systems
In this session, you will learn how a global manufacturer replaced two separate legacy AV solutions with Traps to protect both its Corporate IT and Manufacturing systems and to support its migration to a virtual environment (VMs and VDI). You will understand how the organization evaluated various solutions through a proof of concept and why it chose Traps. You will also learn about the core stages of such a migration, discover potential pitfalls, and understand how the organization leveraged the responsive support team at Palo Alto Networks to overcome the challenges.
Ryan Hale, Network Engineer, SMC Corporation of America
Mark Squires, Systems Administrator II, SMC Corporation of America
Technical Learnings from Deploying Traps in a Complex Environment
Hear from the Security Team at Churchill Downs Incorporated (CDI), the parent company of the Kentucky Derby, about how Traps helps achieve their network and endpoint security goals.

The Security team will address how and why they selected Palo Alto’s Traps solution to enhance their endpoint security posture. The discussion will wrap with key elements a prospective buyer should consider during their evaluation and implementation of Traps.

Matt Cohee, IT Security Engineer, Churchill Downs Incorporated
Tom Jenkins, VP, Business Security, Churchill Downs Incorporated
The Attacker Mindset – Insights into Interesting Advanced Attacks, Exploit Kits and Malware Campaigns
Over the year we at the Endpoint team in Palo Alto Networks see a lot of different attacks on our customers. We've taken the time to highlight a few of the most interesting and advanced attacks we've seen this past year. In this presentation we plan to discuss these advanced attacks, exploit kits and malware campaigns and share with you some of our insights on how the attackers operate.
Traps – New Features and Functionality
Come learn about the latest in Traps advanced endpoint protection with a focus on new features in the latest release. This session covers highlights and the latest endpoint security enhancements. Learn how these features protect your endpoints from the latest threats including WanaCrypt0r and how Traps advanced endpoint protection deepens integration with the Palo Alto Networks security platform to prevent successful cyberattacks in your network.
Ran Tamir, Sr. Director, Product Management, Palo Alto Networks
Provides in-depth education from customers and product experts on how to secure your AWS deployment.
Amazon Web Services security, Palo Alto Networks, and You
As more and more enterprises adopt Amazon Web Services (AWS), they want to know how what tools and best practices exist in the cloud and how their existing security controls can be applied. AWS offers a wide range of security features and services that enable customers to operate in the security model that most fits their use case. In this session we will help you understand the key AWS security features that are relevant to Palo Alto users as part of their AWS strategy. We will dive into AWS networking components, features that enable you to be able to secure your overall AWS account, and detail common Hybrid and all-in AWS archictures customers are using with Palo Alto Networks. Finally, we will spend some time talking about compliance and how customers are able to achieve the necessary compliance profiles while running on AWS.
Nick Matthews, Solutions Architect, Amazon Web Services
Scott Ward, Solutions Architect, Amazon Web Services
Accenture and Freeport McMoRan
As more companies begin to extend their private networks into the public cloud, the question of security becomes more prevalent. The evolved frameworks of cloud infrastructure and ease of entry into the cloud providers, results in deployment speed increases which can potentially create security vulnerabilities. Accenture, in partnership with Palo Alto Networks, worked to close these vulnerabilities with innovative systems and processes for Freeport McMoRan, making their journey to the cloud more secure, reliable, and efficient. In this session, Accenture will discuss how they secured the Freeport McMoRan cloud and how specifically Palo Alto Networks, AWS, and Accenture can help your company achieve a successful extension into the cloud.
Robert Boyce, Managing Director, Accenture
David Daily, Senior Manager, Accenture
Vaughn Hazen, Director IT Security, CISO, Freeport McMoRan
Ask the AWS Expert
You've poked around in AWS, or maybe your already there and are now puzzled as to which of the many options AWS offers you should take. Hosted by AWS experts from AWS and Palo Alto Networks, this session will allow you to ask how do I architect my environment on AWS? Expect heavy whiteboarding and brainstorming. (AUDIENCE LIMITED TO 100)
David Leitzel, Consulting Engineer, Cloud and Data Center, Palo Alto Networks
Warby Warburton, Sr. Product Manager, Public Cloud, Palo Alto Networks
Automating AWS Deployments with Ansible
As organizations are moving to the cloud, ease of deploying and managing security is crucial for organizations. Join us in a session to address the most common applications of automation and orchestration of the Palo Alto Networks VM-Series NGFW in AWS deployments. With Palo Alto Networks as part of the Ansible core modules, organizations are able to leverage a collection of Ansible modules to automate configurations and operational tasks on Palo Alto Networks NGFW in AWS. Organizations can leverage this integration to seamlessly deploy firewalls in the cloud with Ansible automating the configuration. Additionally, organizations can leverage the integration to rapidly adapt to change. Attend this session to learn more about how to automate your NGFW in AWS deployments.
Ivan Bojer, Solutions Architect, Palo Alto Networks
CME Group: Building a Dynamic Secure Hybrid Cloud on AWS
Hear about real world experiences, and learn lessons on how to build a secure hybrid cloud using Palo Alto Networks and AWS technology. The session will go beyond just examples of auto-scaling or VPC deployments, and outline how Palo Alto Networks firewalls actually secures AWS environments. You will learn how to use Palo Alto Networks features including App-ID, Threat Prevention, Dynamic Address Groups, User-ID, and APIs as well as native AWS capabilities such as Security Groups, ACLs, and Routing.

As the world's leading and most diverse derivatives marketplace, CME Group is where the world comes to manage risk. CME Group exchanges offer the widest range of global benchmark products across all major asset classes, including futures and options based on interest rates, equity indexes, foreign exchange, energy, agricultural commodities, metals, weather and real estate.

David Guretz, Systems Engineer, Palo Alto Networks
Anthony Miloslavsky, Tech Specialist - Network Architecture/Engineering, CME Group
Firewall Services VPC Architecture
Protecting a small number of VPCs with a next-generation firewall is relatively easy, but what happens when you have hundreds of VPCs and regularly add more as business groups or new apps come on-line? How can you maintain a prevention architecture without slowing the business? One concept is to build a services VPC that protects your existing and new VPCs. This deep dive session will discuss how to integrate next-generation firewalls in a services VPC with the Palo Alto Networks VM-Series in AWS. Topics will include architectural design considerations, routing recommendations, and dynamic fail-over.
Warby Warburton, Sr. Product Manager, Public Cloud, Palo Alto Networks
Gigamon: Automating Secure Application Development Deployments on AWS
Gigamon, the leader in network visibility solutions, was looking to extend their development engineering environment onto AWS as they extended their product offering to include the public cloud. They wanted to simplify IT infrastructure provisioning and give their engineers their own secure environment to develop the solution. Providing development and test engineering teams with access to cloud resources introduced new security challenges in managing what traffic goes into and out of AWS.

To help manage this, Gigamon partnered with Palo Alto Networks and REAN Cloud to build a simple, fast, automated solution to provision a secure AWS environment for each developer. Using AWS services, VM-Series automation features, Gigamon can now deploy one or more approved VPCs for an engineer that is protected by a VM-Series with the push of a button. The secure developer VPC is connected back to the Gigamon network via an IPsec VPN, ensuring security and compliance. In this session, REAN Cloud and Gigamon will present lessons learned, best practices, and optimal architectures for successful deployment automation of the VM-Series on AWS.

Phil Griston, Sr. Director, Alliances and Business Development, Gigamon
Dexter Markley, Cloud Architect, REAN Cloud
GlobalProtect in the Cloud
GlobalProtect hybrid architectures help organizations build out service coverage for off-premise users. In this session, learn about approaches towards hybrid deployments using a combination of hardware and cloud-based firewalls. Gain insights from the Palo Alto Networks Info Security team, who will share their approaches towards planning firewall rollouts in hybrid environments.
Jake Brunetto, Principal Security Architect, Palo Alto Networks
How Verge Health Deployed a 24x7 Healthcare System on AWS
Securing healthcare applications and data on AWS requires extra diligence, focus and a strong(er) architecture, due to the sensitive nature of protected health information, and regulatory requirements like HIPAA, PCI and others. In this session, the Verge Health executive team will discuss the business drivers of migrating a 24x7 critical healthcare system onto AWS. Their Director of Information and Security will then team with managed services provider Cloudticity to outline how Verge Health built a 24x7 system that spanned multi-Availability Zones using Lambda, Auto Scaling and PAN-OS/VM-Series automation features.

You will walk away with specific, actionable architectural patterns resulting in a usable model for deploying Palo Alto Networks devices on AWS to protect healthcare workloads for stronger security, higher availability, and limitless scalability.

About Verge Health: Founded in 2001, Verge Health is the risk management platform of choice for more than 900 health systems and hospitals nationwide. As an organization, we are dedicated to our clients as evidenced by a 95% retention rate and great feedback from clients who have literally helped create the product road-map and vision for leveraging technology to create meaningful improvements in regard to protecting patients and protecting margins.

About Cloudticity: Cloudticity helps healthcare companies design, build, migrate, and manage HIPAA-compliant systems on AWS.

Vivek Desai, Director, Information Security, Verge Health
Gerry Miller, CEO, Cloudticity
Putting VM-Series Automation Tools to Use
As a security platform, the VM-Series is a powerful tool for protecting your applications and data. To help ensure that security keeps pace with the speed of the cloud, the ability to automate deployments and policy updates becomes increasingly critical. In this session, members of our Cloud Architect team will delve into the details around how features like Bootstrapping, Dynamic Address Groups, and the XML API can be used in conjunction with native AWS or Azure services to automate different aspects of your VM-Series deployment. Session topics include:
  1. Using the XML API as a management tool
  2. Leveraging Dynamic Address Groups and AWS Tags to protect inter-subnet traffic
  3. Using Bootstrapping in conjunction with Panorama
  4. Tips and tricks to achieve resiliency as well as scalability with ELB integration 
David Leitzel, Consulting Engineer, Cloud and Data Center, Palo Alto Networks
What's New for the VM-Series on AWS
In this session, product experts will highlight some of the latest and greatest new VM-Series (PAN-OS 8.0) features on AWS and how you can use them to protect your public cloud deployment. The session will feature demo’s and discuss our experience in fine tuning performance on AWS.
  • Higher network performance
  • New VM-Series models and AWS instance size selection
  • Native CloudWatch integration
Jigar Shah, Sr. Product Manager, Public Cloud, Palo Alto Networks
Provides in-depth education from customers and product experts on how to secure your Azure deployment.
Addressing Failover and High Availability on Microsoft Azure
One of the largest challenges with moving your critical infrastructure to the cloud is security. How are we going to secure our applications and data on the network and on Microsoft Azure while maintaining high availability. This session will discuss how you can address VM-Series high availability scenarios on Azure for traffic flowing inbound, outbound and laterally. 
Benjamin Nicholson, Senior Professional Services Engineer, Palo Alto Networks
Architecting GlobalProtect on Azure
GlobalProtect maintains visibility and security in network traffic as both users and application workloads shift to locations outside of the organization. In this session, learn about how to use Azure to deploy GlobalProtect gateways in a hybrid architecture. The GlobalProtect reference architecture model will be explained, along with a technical demonstration of setting up cloud-based firewalls for GlobalProtect on Azure.
Siva Rajasekaran, Technical Marketing Engineer, Palo Alto Networks
Azure Architecture Whiteboarding and Brainstorming
Maybe you’re just beginning to move workloads to Azure, or you’re already there and now looking for ways to scale architecturally, yet securely and you’re puzzled as to which of the many Azure options you should take. Hosted by experts from Azure and Palo Alto Networks, this session will outline four different architectures from basic to advanced and answer how-to questions around each. Expect heavy whiteboarding, brainstorming and minimal use of PowerPoint. (AUDIENCE LIMITED TO 100)
Jigar Shah, Sr. Product Manager, Public Cloud, Palo Alto Networks
Dan Ward, Consulting Engineer, Cloud and Data Center, Palo Alto Networks
Delivering the Trusted Cloud with Microsoft Azure and Palo Alto Networks
Public cloud solutions have become an enabler of innovation within both business and technology alike. As organizations embrace public cloud many of the standard components of strategic projects have changed: schedules, budgets, resources, etc. But despite the disruptive nature of public cloud the fundamentals have remained the same: solutions have to work at the speed of business and be delivered securely.

It is with these fundamental objectives in mind that Microsoft has built Azure with a focus on being world’s most trusted platform. Microsoft’s approach has been to build network innovations to drive cloud disruption AND partner with strategic ISV’s to deliver critical capabilities for their customers. As part of this approach Palo Alto Networks has become a premier Security provider for Microsoft Azure with close development, field and support alignment. In this session, George Moore, CSO for Microsoft Azure will present how Microsoft Azure & Palo Alto Networks are jointly delivering world class security to meet the needs of our customers.

For the 2nd half of the discussion George will interview a joint customer to discuss their Microsoft Azure and Palo Alto Networks deployment. Please join us to hear first-hand how customers are solving for cloud security and enabling innovation at the speed of business!

How Intel Developed a Public Cloud Security Strategy
IT departments everywhere face what appears to be conflicting business needs: the need to take advantage of the agility and technology provided by the public cloud and the need to keep proprietary information secure. In this security vendor-agnostic session, Intel IT will discuss the development of their public cloud security strategy, encompassing both infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS).

This strategy enables Intel business units to use the public cloud to accelerate innovation and time to market while cutting costs. Successful public cloud usage involves more than just technology. We have adopted new tools, made substantial enhancements to relevant processes, and invested in people’s skill sets. We have found that we must regularly invest in developing our IT skills to securely enable Intel’s growing number of public cloud use cases. Our long-term public cloud security strategy and architecture enables us to apply a compliance process to the entire cloud security configuration. Other benefits include:

  • Reduced cost through reuse of security tools and services
  • More agile response to business needs
  • Alignment between on-premises and public cloud IaaS security

Key learnings pave the way for future work:

  • Distributed accountability for IaaS security
  • Effective discovery, vulnerability management, and compliance processes for IaaS use cases
  • Strong identity lifecycle management process and data protection
  • Choice of cloud-oriented solutions
  • Cross-domain team building, combined with various skillsets

We continually assess and enhance security and privacy capabilities, processes, and people’s skills to protect our customers’ and Intel’s data.

Shachaf Levi, IT Cloud Security Architect, Intel
Moving to Azure: 3rd Time’s the Charm
The move to the public cloud is the single biggest computing paradigm to unfold since the early 2000’s, when the Internet boom first exploded. Just as those nascent days of the Internet posed new business, productivity and agility opportunities, so too did it expose the pitfalls of moving too soon.

This session will cover how a large Canadian energy company, after several false starts, arrived at a business case-based process for determining what applications and data can move to Azure. Session topics include building a strategic investment plan, selling the project to the C-level team and ensuing the team understands that it is not always as simple as Microsoft claims.

Frank Mueller, Manager, Cyber Security, Cenovus Energy
Secure Infrastructure as Code
This session provides a technical overview and demonstration of how United Healthcare Group simplified the deployment and configuration of Palo Alto Networks VM-Series virtual firewalls and other solutions within the Azure© public cloud. The overview will cover the steps taken to deploy the VM-Series from start to finish. An overview will also be provided of how the infrastructure was modeled in code. The demonstration will include provisioning and configuring the VM-Series firewall using automated tools.
We will illustrate how we’ve broken down the VM-Series firewall configuration into multiple layers:

• Core: Setup of VM-Series software updates, applying license keys, zones, virtual routers and more.
• Azure: The configuration of network interface cards to VM-Series interfaces, overview user defined routes and more.
• Policies: Defining security policies and NAT setup.
• Application: Creating a custom App-ID

The tools that we will review include Palo Alto Networks VM-Series firewall, Microsoft© Azure, Terraform©, pan-python library, Python and Git. This session will provide the information for all users to begin treating the “Secure Infrastructure as Code”.

Phil Lerner, Distinguished Engineer, Optum Technology
Charles Sykora, Software Engineer Consultant, Optum Technology
Securing Workloads on Microsoft Azure
In this session, attendees will learn how the combination of VM-Series on Azure, VNet Peering and Azure Load Balancer can be used to segment and protect different Resource Groups for application development, testing and production. Topics include project objectives and associated pros and cons of the architecture chosen.
Mark Drake, Security Architect, PwC
Joshua Hanst, Professional Services Engineer, Palo Alto Networks
Using Azure Metadata Services to Maximize Uptime
Instance metadata service provides information regarding your running virtual machine instances. This information can be used to manage and configure your instances on Azure. Azure's Instance metadata service is a RESTful endpoint available to all IaaS VMs created via new Azure Resource Manager. During this session, we’ll be going in details of what information we can query and how to interpret the information. In addition we’ll be discussing whether we can use this service to ensure that the VM is running on Azure.
Sean Dastouri, Senior Cloud Architect, Microsoft
Using PAN-OS to Its Potential to Protect Azure Deployments
Ever wonder just how powerful the security features in PAN-OS are, yet not have time to investigate? Or perhaps you’ve wished a repetitive task could be automated? Attend this session and learn tips and tricks on how to use PAN-OS security features combined with Azure template automation to improve your security posture and streamline workflows. Attendees should expect to see demos with heavy emphasis on automation.
Dan Ward, Consulting Engineer, Cloud and Data Center, Palo Alto Networks
What's New for the VM-Series on Azure
In this session, product experts will highlight recent VM-Series (PAN-OS 8.0) features on Azure and how you can use them to protect your public cloud deployment. The session will feature demo’s and discuss our experience in:
  • New VM-Series models, performance and Azure VM size selection
  • Azure Application Gateway and Load Balancer integration
  • Support for multiple public IPs
Jigar Shah, Sr. Product Manager, Public Cloud, Palo Alto Networks
Focuses on how the next-gen platform can secure your physical data center and private cloud.
Analytics and Automated Response for Cloud-Based Security
The benefit of Cloud architectures is automated, on-demand delivery of applications and services, flexibly deployed across large, cost-effective resource pools, whether on-premises or from service providers. The automation and delivery of on-demand services is driving previously unimagined business agility and a new generation of business applications and revenue opportunities.

The enabling component of cloud architectures, as they evolve from traditional data center and service provider designs, is a foundation of software-defined infrastructure that allows policy-based software to automate complex IT tasks, usually accelerating key IT processes from weeks to minutes. While cloud-based automation tools for servers are relatively mature, network and security automation has made rapid strides in just the last few years, largely driven by developments in software defined networking (SDN), and even more recently, software defined security.

What’s required is a complete IT automation platform for cloud services, for both networking and security, that extends to deeper analytics and remediation capabilities for the entire service lifecycle. A software defined security component must augment traditional SDN network automation platforms and capabilities, while integrating with best of breed security devices, services and analytics tools for 360-degree visibility, and to facilitate an immediate response to suspected or actual threats.

Real world use cases involving customer deployments with various cloud automation solutions and Palo Alto Networks NGFW will show how the automated approach that SDN provided for networking can be brought to bear for security policies, enforcement and remediation to enable secure, on-demand cloud services at the speed of business.

Hari Krishnan, Sr. Director Product Line Management, Nuage Networks
Data Center Optimization Improves Security at a Multinational Financial Institution
In this session, hear how a worldwide asset management firm consolidated and simplified their data centers during a transformation to hybrid cloud while increasing their security posture with Palo Alto Networks products. This effort ultimately led to cost reductions, and improved the time to market for new business requirements. On the security front, legacy point solutions were replaced with next-generation firewalls for increased visibility and threat prevention across any rack in the data center.
Jamie Brummell, SE, Palo Alto Networks
Deep Dive: PAN-OS 8.0 Advancements in Security for the Private Cloud
In this session, product experts will provide a deep dive into the latest and greatest features introduced on VM-Series for securing your private cloud deployments. Topics covered will include performance enhancements for VM-Series, SDN integration and OpenStack related security features introduced in PAN-OS 8.0.
Sudeep Padiyar, Sr. Product Manager, Palo Alto Networks
Devops – Network Security Automation – Best Practices
DevOps practices are becoming the norm within data center and cloud environments. Network security teams need to embrace this paradigm and look towards security automation as way to keep pace with the changes. In this session, we will share the best practices learned from security automation projects across the globe including;

  • How to get network security service integrated into whitebox, data center in a box with OpenStack deployments
  • How to get a security service up and running with an orchestrator
  • Lessons learned at ETSI Plug Fest interoperability tests for NFV security service
  • We’ll also look at an automation tool that can simplify bootstrapping network security services.
Michael Clark, Sr. Systems Engineer, Palo Alto Networks
Effective Network Segmentation with GlobalProtect
One of the core strategies for enterprises to secure their data centers and private cloud from both outside and inside threats is to segment the servers and resource from their users and end points. This presentation will outline how to deploy GlobalProtect for User-ID to achieve effective internal network segmentation. Learn how to deploy Multi-Factor Authentication with GlobalProtect to stop breaches due to credential theft and deploy step-up security for access to crown jewels. Learn how to deploy GlobalProtect Internal Gateway with Host Information Profile that identifies and authenticates the user, monitors the state of the end point and provide fine grained access control to critical applications and sensitive data. Get planning and architectural insights from the Palo Alto Networks Information Security team at this session.
Stan Lee, Director, Security Architecture, Palo Alto Networks
Sarveshwar Rao, Sr. Product Manager, Palo Alto Networks
Integration of Palo Alto Networks and VMware NSX as Part of a Wider Datacenter Solution
Palo Alto Networks and VMware have joined forces to deliver a uniform security approach across the hybrid cloud data center. Together, they are transforming network security for the software defined data center.

The individual technology items exist and are well understood but, how do you position an integrated solution as an essential element in the wider SDDC and how do you go about delivering a solution that meets your customer’s needs?

This paper provides a practical example of a deployment using Palo Alto Networks and VMware NSX. It walks you through the processes from positioning the solution with your customers executive, defining the requirements, managing the entire process and developing and delivering a successful outcome.

Denis Stevens, Managing Director, Qirx Pty Ltd
Micro-Segmentation Cybersecurity Benchmark
Micro-segmentation is foundational to securing the software-defined data center and maintaining the security posture of dynamic workloads. This session focuses on how different NSX micro-segmentation design patterns enhance your data center security posture, and will present the results of a NSX micro-segmentation audit performed by Coalfire Systems, Inc.
Wade Holmes, Sr. Technical Product Manager, VMware
Migrating Data Center Security from Legacy to Cloud Architectures
As data centers migrate from legacy architectures to Cloud and SDN, how do you embed security into the architecture? Doing so in greenfield data centers is straight-forward, but how do you approach it for a brownfield data center? What do you need to do to change your security architecture design so that it doesn’t add complexity to the migration efforts? In this session, we will discuss in detail, security best practices being followed by organizations across the world as they migrate their brownfield data center deployments.
Christer Swartz, Consulting Engineer, Palo Alto Networks
Operationalizing Micro-Segmentation with NSX and Advanced Service Insertion
This session will cover how VMware NSX can be deployed and operationalized along with advanced security services such as Palo Alto's VM-Series NGFW. 
The focus of the session will be on operationalizing the NSX Distributed Firewall and Advanced Service Insertion, best practices for creating a Distributed Firewall and Partner redirection policy in an existing brownfield datacenter as well as in a greenfield environment. NSX 6.3 is packed with new functionality that make operationalizing micro-segmentation feasible even for the most complex applications and environments. In this session you will learn how to use these features, and Palo Alto's VM-Series NGfFW to implement a zero-trust model in your datacenter and beyond.
Stijn Vanveerdeghem, Sr. Technical Product Manager, VMware
SDWAN, NFV, Virtualization and Security – A Panel Discussion
While Enterprise IT has changed dramatically over the past 15 years, how you operate your branch and manage your WAN has not. New technologies like SDWAN, NFV and Virtualization are beginning to change that. Which brings up a question. With these new technologies, how do you include security? Are there new approaches, new designs to consider? This will be a vendor agnostic panel discussion which will include customers deploying these solutions today and industry thought leaders. Key take-aways:
  • New solutions provide greater security, are more agile and can be operated at lower costs
  • How to prepare yourself for these new technologies
  • How do you test these solutions and deploy solutions like SDWAN and NFV
David Craig, IT Network Director, Bentley Systems
Stan Lee, Director, Security Architecture, Palo Alto Networks
John Spiegel, Global IS Communications Manager, Columbia Sportswear Company
Securing the Host for Sensitive Applications: Running Your VMs and Containers Safely
VMs and Containers include much sensitive data: from firewall rules to financial records, from customer data to encryption keys. We know that when we design and operate applications which contain or manage sensitive data that we need to worry about how we process that data, encrypt it, hash it, transport it, store it. What we may not think about is the host on which that those VMs and Containers are running.

This session will examine many of the questions you need to ask about the host you are running your virtualized applications on, and what steps and techniques you can adopt to ensure that the software and hardware on the host in your private or public cloud is working FOR your sensitive data, and not AGAINST it.

Mike Bursell, Chief Security Architect, Red Hat
Security Policy Automation as a Service, a Deep Dive
What does it take to bring AWS like experience within your private software defined data center? Let’s not stop there. How about a fully automated prevention focused security posture on top of DevOps friendly infrastructure? At ON2IT, we help our customers with a strategy to answer the above questions and make them a reality. We built an end-to-end DevOps friendly secure software defined data center powered by VMware NSX and protected by Palo Alto Networks firewalls. In this technical deep dive we will talk about our approach in leveraging VMware vRealize for firewall policy orchestration and ruleset management.
Learn about new threats to your SaaS applications and best practices on building a comprehensive SaaS security strategy.
A Day in the Life of a SaaS Security Administrator
The position of a SaaS Security architect for numerous large customers provides the unique opportunity to guide IT teams to secure the usage and data within enterprise SaaS applications. This session will draw from these real-world experiences and walks through a typical day-in-the-life of a SaaS Security administrator to highlight the common risks and threats and advise on the best approach to remediate these issues.
Aperture and Data Privacy
As sensitive data migrates toward the cloud, specifically to Corporate SaaS applications, organizations are faced with the challenged of ensuring governance and local privacy compliance.

In this session, we will discuss how Palo Alto Networks can help to ensure data privacy:

• Ensure compliance by providing data access visibility and inappropriate exposure remediation
• Validate SaaS usage for specific types of data -- PII data isn't supposed to be stored in Office 365? Aperture can validate whether it is there or not
• Administrative and architectural privacy: Aperture tenancy and administrative data controls

Jon Farkas, Worldwide Consulting Engineer, SaaS Security, Palo Alto Networks
Best Practices for Safely Enabling SaaS Applications
Almost every line of business within enterprise organizations has adopted SaaS apps to be more productive and successful. Meanwhile, IT organizations are embracing SaaS apps by approving them for company-wide use, in part to regain control of these applications and the data residing within them. This transition often prompts questions from security teams: Who has access to the data? Is sensitive data at risk? Are my users exposed to malware in my SaaS application?

Join this session where you will learn:

•Best practices to build a strategy for securing your SaaS environment
•Real-world examples of risks seen in enterprise SaaS environments
•Steps to protect against the new threats and prevent data exposure
•How to comply with data residency regulations

Best Practices for Secure Content Management and Collaboration in Box
Companies across the globe are moving to the cloud, but for industries that deal with large amounts of sensitive information, it's crucial that data is protected to the highest level of security and control. It is important for companies to choose cloud solutions that provide powerful ways to secure and manage sensitive information. It is equally important for companies to be aware of the security best practices and solutions available to secure their sensitive information in the cloud. In this session, you will learn best practices and solutions in the following areas to secure your content in Box:

• Access control and visibility
• Governance and compliance
• Infrastructure security
• Encryption
• Information Rights Management
• Integration with Palo Alto Networks

Raja Balakrishnan, Senior Product Manager, Box
Protecting Sanctioned SaaS Apps: Data Behind the Curtains
Customers now store millions of petabytes of data within enterprise SaaS applications. Learn about trends in SaaS applications, how data is shared, upcoming threats and hear how to plan your SaaS security strategy to prepare for the rapidly changing landscape.
Megha Tamvada, Product Manager, Palo Alto Networks
Rethink Security for SaaS – Power of the Platform
History has shown that when a significant security risk arises, a point solution is applied to address it. Playfully termed a Whack-a-Mole approach, this methodology of solving Cloud Access Security Broker (CASB) use-cases with an overlay proxy architecture is limited in many different ways. Defenses made up of multiple point products that do not integrate protections leave gaps that expose organizations to attack. This session will examine the various stages of real-world attacks targeting your SaaS applications and you will learn how to prevent these attacks at every single point in the security kill chain with a natively integrated Next Generation Security Platform.
Secure Access to the Cloud for Remote Users
Business applications are moving to the cloud and your remote users still need access to these applications. Traditional Remote Access VPN architecture may not be optimal for the cloud, but the need for consistent security has not changed while your users access the SaaS and business applications hosted in the public cloud. This presentation will outline an easy-to-deploy approach to maintain visibility, control and consistent security for Public Cloud/SaaS applications.
Elie Bitton, Sr. Director Product Management, Palo Alto Networks
Securely Enabling SaaS Adoption – A Customer Panel
As enterprises migrate applications and data to the cloud, security models have evolved to extend their coverage outside of the traditional perimeter. This session features existing Palo Alto Networks customers who have successfully made the transition to the cloud. Security experts who manage cloud and data security decisions are invited to attend this session where topics will include:

- Securing your migration to the cloud
- How to put tools in place to achieve your data governance and compliance goals
- The latest SaaS Security trends including a discussion on the Cloud Access Security Broker (CASB) market
- Lessons learnt from customers who have migrated sensitive data to the cloud

Somebody Downloaded All My Files!
This talk explores threats that plague SaaS applications. Most SaaS applications are very collaborative in nature and have an inbuilt trust model. This talk will discuss ways in which this trust model can be exploited.

We will also focus on some of the inadvertent mistakes that lead to a weak security posture.

Nishant Doshi, Sr. Director, Engineering, Palo Alto Networks
The Future of Enterprise Security for SaaS Applications and Services
The Fundamental Issue

Fortifying and mitigating risk to IT assets has been a fundamental concern for security operations teams across all verticals. To protect enterprise information, security vendors have developed an array of technologies, such as firewalls, BDS/BPS, IDS/IPS, Advanced Endpoint, UEBA and SIEM solutions. Over the last decade, organizations have created Security Operations Centers to help manage this massive array of technology along with security processes. The evolution of these platforms has been centered on keeping up with the evolution of the broader threat landscape – but do these technologies and SOC strategies really protect enterprise SaaS applications and services


Rethinking the Enterprise SaaS Security Strategy

As traditional enterprise applications are being migrated to the cloud, existing SOCs have lost both visibility and control. To address this new void, the Enterprise needs to consider technologies that can provide augmentation within their existing security technologies within the SOC. Such technologies need to be able to detect threats to cloud applications and services used by the organization. So what technologies are able, which are effective and how does the strategy change?

Brian Soldato, Sr. Director of Product Management, NSS Labs, Inc
What's New in SaaS Security
The Cloud Access Security Broker (CASB) market has been rapidly evolving over the last three years. This includes new startups, new machine learning algorithms as well as a string of acquisitions made by large security vendors. This session will cover the latest trends in SaaS applications and how newer threat vectors have led to new approaches to secure enterprise data. We will also cover the latest innovations at Palo Alto Networks and how they improve SaaS security for our customers.
Why a Simple Architecture for SaaS Security Is a Winner
Securing SaaS Apps for your global enterprise can lead to very complex deployments which include multiple proxies, agents, forwarders, log collectors at multiple locations. You will likely not get a holistic view of all data exfiltration and malware propagation. A simple consistent policy across you existing NGFW and a simple out-of-band solution will simplify the configuration, control and provide holistic visibility and remediation.
Vairavan Subramanian, Product Manager, Palo Alto Networks
Learn how Palo Alto Networks works with technology partners and Managed Service Providers.
How Organizations Can Gain Infrastructure Efficiency by Automating Their Network Operations
Being able to establish automated Disaster Recovery for any security infrastructure is critical in minimizing infrastructure down-time. Automation helps shorten recovery time for every organization, but security is quickly becoming a critical key component of the automated backup and recovery process. In this interactive session with BackBox's CEO, Rafi Zvi, you will find out more about:

- How to fully verify and automate a single device restore securely.

- The approach to rebuild an entire DR site from a central location

- How the Palo Alto Network integration with BackBox can immediately benefit end-users

Rafi Zvi, CEO, BackBox
Growing From Perimeter Security to Pervasive Security
Move your security visibility and control behind the firewall with a consistent, pervasive security policy with VMware NSX. This session will show you how you can leverage your Palo Alto investment to create an east-west traffic firewall policy and architecture. When to use firewall VMs vs DFW vs physical firewall devices will be discussed. Finally, the session will conclude with a walk through of a pervasive security policy and its implementation.
Maria Teigeiro, Staff Systems Engineer, VMware
Address Security Incidents from Beginning to End
Address Security Incidents from Beginning to End

Have you ever wanted to take the intelligence from Palo Alto Networks Wildfire, determine if it’s impacted any of your endpoints and then immediately remediate the affected endpoints? You’re not alone. Combining the power of Palo Alto Networks, ServiceNow and Tanium, IT security professionals can see the beginning of malicious activity with their Palo Alto Networks NGFW, send an alert to Wildfire, create an indicator of compromise (IOC) within Tanium, find IOCs on all impacted endpoints and immediately create a security incident in ServiceNow Security Operations to quickly manage the remediation. In this session, we’ll demonstrate how customers are currently addressing security incidents from beginning to end with this trifecta. Here how Whirlpool’s Greg Fisbeck is using this integration today to stop and contain threats.

Phil DiCorpo, Product Manager, ServiceNow – The Enterprise Cloud Company
Gregory Fisbeck, Senior Manager, Security Operations, Whirlpool Corporation
Matt MacKinnon, Senior Director of Product Management, Tanium
Applied Security Orchestration: Learn How Lennar implements Splunk and Palo Alto Networks integration
Learn how Lennar Corporation, a Fortune 200 home builder, has leveraged the Splunk and Palo Alto Networks integration. Session will cover utilizing Splunk data to populate your User-ID agent using custom inputs, utilizing Splunk Enterprise Security’s Threat Intelligence to publish feeds into the firewalls for greater efficiency, and other use cases. Learn specifics from a customer to apply this integration in your organization to strengthen your security posture.
James Brodsky, Sales Engineering Manager, Splunk
Kevin Gonzalez, Security Operations Center Manager, Lennar Corporation
Compliance Best Practices for DevOps
In certain highly regulated industries, such as healthcare and finance, CISOs can often view the rapid pace of change and relative independence associated with DevOps as a compliance risk. At the same time, DevOps teams view compliance as a hindrance to agility and innovation. However, when done properly, DevOps can actually ensure and strengthen compliance by incorporating automated policy enforcement into the development process. Building in orchestration and automation tools into the DevOps process saves a lot of headaches, human errors and misconfigurations. If DevOps organizations had the ability to test an application’s security policy compliance, similar to any other piece of code in development, through an automated workflow, software could be modified at the first signs of security risks and vulnerabilities.

In this session, CISOs will learn the many benefits behind automating the DevOps process for security compliance, including:

  1. How to bring order to a “wild wild west” landscape where anyone has access to production systems and data
  2. Closing the lid on security skills gap by enabling DevOps teams to audit new solutions and applications
  3. Eliminating wasted time and the potential for human error from manual tasks
  4. Reducing amount of data breaches and security risks
  5. Enabling continuous compliance for companies facing PCI DSS, HIPAA, and additional regulations
Reuven Harrison, CTO, Tufin
Enhanced Security for IP-Based Communications Systems
IP-based communications offer significant cost and operational benefits to an enterprise, but also introduce new vulnerabilities and new attack vectors that can expose organizations to exfiltration of sensitive data and degradation of service caused by security incidents. In this session, we will explore how Service Providers and enterprises can connect capabilities between the Palo Alto Networks Next-Generation Platform and the Sonus Session Border Controllers (SBCs) to establish a unique preventative security posture for Unified Communications Systems and prevent advanced threats that are increasingly targeting IP-based communications and services.
Kevin Riley, CTO, SVP Engineering, Sonus Networks
Peter Wells, Vice President of Business Development, Sonus Networks
Financial CISO on Why Proofpoint and WildFire Integration Are a Critical Part of His Offensive Email and Network Security Strategy
Securing sensitive, protected data has never been more challenging. Email remains the leading attack vector due to evolving techniques such as Ransomware, Imposter and Business Email Compromise (BEC), Credential Phishing and more combined with sophisticated social engineering. Defensive security teams struggle to prevent attackers from breaching their companies, who once through, move across the network with stealth and impunity. The combination of Palo Alto Networks WildFire and Proofpoint Targeted Attack Protection (TAP) deliver a perfect balance of protection from what is entering the perimeter and how it travels across the network. Historically, multi-vendor integration has been challenging, and when available, poorly designed or highly complex. Now more than ever, it is time for leading, best-of-breed security systems to deliver a simple, customer enabled solution that prevents attacks, and provides actionable intelligence that is meaningful to your organization. Join us for an interactive talk track, on how two best-of-breed security systems have been united, resulting in comprehensive protection without the usual complexity.
Nate Chessin, Director, Sales Engineering, Proofpoint
Know Your IoT Security Risk – How Hackable Is Your Smart Enterprise?
By 2018 two-thirds of enterprises will experience IoT security breaches. The number of connected devices will reach more than 20 Billion by 2020. 65% of enterprises have actively deployed IoT technologies as of June 2016. 6.4 Billion connected devices are in use today globally.

ForeScout will share key findings from the IoT Enterprise Risk Report, based on research by Samy Kamkar, one of the world’s leading ethical hackers. Also on the agenda are best practices to:

  • See (and classify) IoT devices the instant they connect to the network
  • Control network access based on device type, posture and behavior
  • Orchestrate and integrate islands of security, leveraging existing investments for better protection
F. Ward Holloway III, Director Strategic Alliances, Security, ForeScout Technologies, Inc.
Lessons Learned From the Trenches – All Clouds Are Not Created Equal
In a recent engagement with a client, a classic case of “who’s on first?” transpired between the client, Optiv and Palo Alto Networks and a third-party developer with each party having their own interpretation of a “cloud environment.” Through this experience, we discovered the challenges in finding the sweet spot of intersection between desired capabilities, third-party capabilities and native cloud capabilities to achieve the desired cloud strategy for the enterprise. In this session, participants will learn:

  • How different perceptions of “cloud” can lead to an entanglement between traditional and cloud security.
  • Why that was a huge problem.
  • What it took for us to solve the challenge.
  • How our partnership with Palo Alto Networks was key to our success.
John Turner, Senior Director, Cloud Security, Optiv
Palo Alto and Splunk: A Use-Case Approach
This session discusses the use of Palo Alto Networks and Splunk to improve Illumina’s security posture. It will cover best practices for logging, several case studies, and some operational tactics we’ve employed to integrate Palo Alto and Splunk into our environment. The session introduces use cases surrounding reducing malware infection rates, correlating vulnerability data with attacks, using wildfire to detect new malware in our environment, and using minemeld to help with both whitelisting valid traffic and blacklisting malicious traffic. The session also touches on automation methodologies that are driven through the Splunk integration (using GRR Google Rapid Response and emails) and future work in this space. In addition, the use of Splunk Enterprise Security highlights some tuning items that may help with ES deployment.
Ryan Niemes, Sr. Staff Information Security Analyst, Illumina, Inc
Phantom: Supercharge Security Operations - Detecting, Containing, & Remediating Attacks at Palo Alto Networks with Security Automation & Orchestration
Security Automation & Orchestration (SA&O) is becoming a necessity for SOC teams detecting, containing, and remediating attacks. Manual response consumes significant time and resources, and the longer an attack remains active in an enterprise, the more complicated IR processes become and the higher the damages. This session defines the baseline capabilities SOC teams should expect from an SA&O platform with firsthand accounts from an actual deployment at Palo Alto Networks. We will also demonstrate the Phantom Security Automation & Orchestration platform with a focus on use cases including Palo Alto Networks, and discuss the state of SOCs after deployment of an SA&O platform in the context of a SOC Maturity Model.
Oliver Friedrichs, Founder and CEO, Phantom
Real World Perspectives on Implementing and Operationalizing Software Defined Security and Micro-Segmentation in Data Center and Cloud
Its 2017. Software continues to eat the world. Data centers are undergoing rapid transformation and becoming software-defined (SDDC). Workloads are moving to public clouds creating a hybrid environment for IT to manage. Amidst this sea of change, Security continues to be the #1 priority and driver. Micro-segmentation has emerged as a clear winner among all security models to protecting next generation and cloud ready applications. A key obstacle to successful micro-segmentation is lack of visibility and operational readiness. In this session, we will have real world customers talk about how they overcame this obstacle and went about successfully implementing a SDDC. You will learn how they used VMware vRealize Network Insight (vRNI) platform to get pervasive visibility, high automation and efficient operations for their SDDC, built upon VMware NSX platform and Palo Alto Networks Firewalls.
Shiv Agarwal, Sr. Director, vRealize Network Insight, VMware
Steven Heist, I/T Technical Manager, USAA
John Spiegel, Global IS Communications Manager, Columbia Sportswear Company
Security at the Speed of Business: Lessons from Practitioners on Overcoming Complexity and Delivering Security On Time
In a recent survey, 60% of Palo Alto Networks users listed policy complexity as the most problematic firewall challenge. Security is complex. Network complexity is rising with hybrid cloud. Business demands to enable access to new and existing applications are increasing. DevOps is increasing the pressure further. How do you keep up with the business demands without sacrificing security?

 In this session, FireMon co-founder and chief product strategist, Jody Brazil, will cover:

  • The top challenges your peers are facing
  • What the most successful organizations are doing to meet these challenges
  • Practical lessons from practitioners on how to deliver security on time
  • Lessons you can put into practice immediately to improve security operations

 Attendees will all receive a copy of FireMon’s 2017 State of the Firewall Report.

Jody Brazil, Co-Founder and Chief Product Strategist, Firemon
Tips and tricks for advanced practitioners to get the most out of all aspects of the next-generation security platform.
"Build a Solid Foundation for Your House" – Learnings from a Real-Life Implementation of Best Practices in a Healthcare Organization
Many organizations are in search of the ever-elusive "silver bullet" network security tool, but do not fully utilize existing technology to its full potential.

Attend this session to learn how a healthcare organization in Oklahoma used advanced features of the Palo Alto Networks security platform such as SSL decryption, WildFire, User-ID, and App-ID in addition to simple configuration optimizations to improve the overall posture of their network security in measurable ways. Additionally, integrations with VMware NSX, ProofPoint Cloud, and RSA NetWitness will be discussed.

You will find out how an architectural approach to network security can drastically improve your security defenses.

Chris Yates, Senior Security Architect, Critical Start
Are you Utilizing the Full Power of User-ID to Defeat Cyberattacks?
How do you use the full power of User-ID to prevent cyberattacks while ensuring that the right users have access to the right applications at all times? Attend this session to find out, and learn our recommended User-ID best practices. You will also hear from a large derivatives marketplace organization about their User-ID implementation experience and resulting benefits.
Andrew Silliker, Consulting Engineer, Palo Alto Networks
Employ Panorama to Boost Your Cyberattack Defenses: Instant Visibility, Workflow Automation and More
PAN-OS 8.0 delivers a rich set of capabilities including ingestion of Traps logs, a completely re-architected query engine, automated HTTP/S based integration with third-party tools, filtering of logs, and so on. How do you use these features together to get the best results and make your job easier? In this session, you will learn network security management best practices with special emphasis on how to use Panorama 8.0 features in a cohesive fashion and how to integrate them into your day-to-day security workflows.
Jamie Fitz-Gerald, Sr. Product Manager, Palo Alto Networks
Ensure Detection and Prevention Throughout the Attack Life Cycle: Implement Best Practices at Your Internet Gateway
Attend this session to learn how you can engineer a prevention-oriented security architecture focusing on the four key pillars: (1) Gaining visibility, (2) Reducing attack surface, (3) Preventing known threats, and (4) Detecting and preventing new threats. You will understand the value of using capabilities like App-ID, User-ID, Decryption, WildFire, and Threat Prevention in your policies. You will also hear cool tips on best practice implementation, with a special emphasis on new features.
Navneet Singh, Product Marketing Director, Palo Alto Networks
GlobalProtect Deployment Best Practices
Technical deep dive on recommended best practices for deploying GlobalProtect. This presentation will focus on GlobalProtect reference architectures for various use cases including deploying multiple gateways around the globe to secure its global mobile workforce.

Hear first-hand about how San Francisco USD and others implemented GlobalProtect to protect devices and users when off-campus. We’ll cover how these districts deployed GlobalProtect and will offer tips to make your GlobalProtect deployment easier.

Siva Rajasekaran, Technical Marketing Engineer, Palo Alto Networks
Leveraging Enterprise Security in a SCADA Redesign
It has become increasingly common to see information technology security teams being tasked with overhauling or redesigning the security controls of an industrial control or critical infrastructure environment. These networks are very different from the enterprise environments which these teams are used to supporting. How does the criticality of Industrial Control / SCADA systems change our approach to deploying enterprise security controls, and what are the strengths of IT security that need to be carried into the ICS/SCADA realm?

In this session, you will hear from security experts from the City of Oklahoma City as they describe the city's recent experience overhauling critical infrastructure and how enterprise security tools and concepts were brought into the mix. Attendees will learn:

- How to leverage existing equipment to drive down cost while remaining segmented and protected

- Using the firewall as a tool to build bridges with Infrastructure and Operational Technology teams

- Using PANOS and partnering technologies to build a compliant and reportable environment accountable to stakeholders

- Deploying GlobalProtect to enable remote access in a highly controlled way

Ian Anderson, IT Security Manager, City of Oklahoma City
Daniel Love, IT Security Architect, City of Oklahoma City
Safe Networking: Raising the Security Posture of the Service Provider Network to Protect Customers and Drive Security Revenues
Security is at the forefront for all public network operators. In this session we look at how the Service Provider can easily identify security events on their network. How they can protect their customers from these events. How they can build context from these events and use this information to drive their security business.
Kevin Walsh, Director Service Provider Technologies, Palo Alto Networks
Secure Your Most Sensitive Assets, Stop Lateral Movement, and Identify Attackers: Apply Data Center Best Practices
Critical data center assets are at the heart of financial services, high tech and many other industries. Unfortunately, it’s still too easy for attackers to get into the data center through an insider, a partner, a web application, or a point-of-sale system. A new frame of mind for security is needed to protect data, applications, networks, and systems. You will learn how to proactively secure critical data center resources by shutting down lateral movement, architecting prevention through segmentation and decryption, and by boosting operational efficiency with context-aware policy.
Ashwath Murthy, Product Manager, Palo Alto Networks
Mandeep Singh Sandhu, Product Manager, Palo Alto Networks
Stop Operating in Darkness – Let Decryption Light the Way
More traffic is being encrypted with each passing day, and the rate of encryption adoption grew by 90+% year over year in 2016. Without a sound strategy for implementing SSL decryption, is your organization blind to the threats may be sneaking past the firewall? To use the power of the Palo Alto Networks security platform, come and learn about SSL Decryption best practices. Ensure complete visibility throughout the organization. Don't be blinded by encryption!
Philip Kwan, Product Manager, Palo Alto Networks
Paul Lingeman, Architect, Professional Services, Palo Alto Networks
The Age of IIoT: Challenges, Risks, and Cybersecurity Best Practices
In the age of IIoT, attention to cybersecurity is critical. This session, co-presented by Justin Flynn, Technical Architect Manager at Burwood Group and Lionel Jacobs, Sr. Security Architect, SCADA & Industrial Control Systems at Palo Alto Networks, provides manufacturing security teams with background, best practices, technical platform solutions that lead to effective cyber risk management and IIoT architecture planning. The session will also highlight results from Burwood Group’s client survey on how IT leaders from industrial enterprises are handling IIoT security.

Learning Objectives:

- Identify and address the risks and challenges of effective cybersecurity risk management

- Implement best practices and tactical steps for successful IIoT build-out including Next Generation Segmentation, application visibility, Zero Trust network segmentation, and more

- Learn best practices for developing a comprehensive security platform to prevent and protect against data loss and theft from compromised IIoT devices

Justin Flynn, Technical Architect Manager, Burwood Group
Lionel Jacobs, Sr. Security Architect, SCADA & Industrial Control Systems, Palo Alto Networks
Use Panorama for Configuration Management Lifecycle: Maximize Granular Control, Minimize Errors
Do you want to see all the Panorama capabilities for configuration management lifecycle in one session, along with recommended best practices for multi-admin teams? If yes, this is the session for you! We will cover an overview of the commit/revert/audit process, and show the details for the Commit Queuing, Commit Description, Audit enhancements in Panorama 7.1, and the new Admin-based Commit and Revert introduced in Panorama 8.0. We will also discuss integration with 3rdparty security policy orchestration tools. This session will be relevant for you whether you just bought the Palo Alto Networks Next-Generation Firewalls, or have been managing them for years and looking for advanced tips and techniques.
Moshe Itah, Director Product Management, Palo Alto Networks
Learn how Palo Alto Networks threat research provides invaluable prevention capabilities for our next-generation security platform customers.
Beyond Data and Indicators: Integrating Cyber Threat Intelligence  Across Enterprise IT
A cyber threat intelligence (CTI) function is essential to the modern enterprise. Understanding actors, attacks and indicators is essential to mounting a relevant defense against both sophisticated actors and those not-so sophisticated. But indicators and "threat data" alone isn't solving the long-term security issues - primarily because intelligence hasn't been fully integrated into the enterprise IT stack.

This talk discusses relevant ways enterprises have integrated their CTI functions into various parts of enterprise IT to prevent, detect, respond and recover more effectively. From tactical and operational decision making to strategic planning - cyber threat intelligence has a deep potential in the enterprise that is currently untapped. By sharing some of these leading practices and more advanced integrations attendees can gain the tribal knowledge today's progressive CISOs already have.

Rafal Los, Managing Director, Solutions Research & Development, Optiv
Decoding Threat Intelligence: Creating a Successful Threat Intel Program that Operationalizes Outcomes
Establishing effective threat intelligence initiatives that generate operational outcomes is a challenge faced by many organizations. Even the phrase “threat intelligence” can be daunting, with its definition seeming to change daily. When considering how to leverage the rich data sources at your disposal, one concern is paramount: how do you operationalize workflows to drive prevention in a way that fits naturally into current processes? While there is an abundance of threat intelligence data that is collected and shared, many analysis techniques solely revolve around automation rather than the partnership between human intervention and automated collection and analytics. In this session, you’ll learn how your organization can embrace a multi-pronged approach to threat intelligence and fully maximize the efficacy of your threat intelligence initiative. You’ll hear from our Unit 42 expert – a security veteran with a deep background in building world-class Security Operations practices that employ threat intelligence, including leading the NASA SOC – and walk away with a simple action plan to consider with your leadership team.
Bryan Lee, Threat Intelligence Analyst, Unit 42, Palo Alto Networks
Deep Dive: All-Source Threat Intelligence Analysis for Fast and Effective Remote Access Trojan (RAT) Controller Analysis
Using Threat Intelligence from multiple sources, including internet scan data, open source web intelligence, passive DNS records, and malware analysis, we demonstrate a fast and effective workflow for identifying and analyzing a suspected RAT Controller server. This "All-Source Analysis," drawing on a diverse set of information, serves as a case study for conducting actionable threat research and can be used as a model for improving an organization's hunting capabilities.
Glenn Wong, Director, Product Management and Technology Partnerships, Recorded Future
Deep Dive: Discovering and Preventing the Mamba Ransomware Across the Platform
Have you ever wanted a behind the scene view into the entire threat research process conducted by your peers? Join Renato Marinho, security researcher at Morphus Labs, as he takes you through the discovery and prevention of the first full disk encryption ransomware, Mamba. Renato will lead an educational session on the end-to-end process and challenges he faced, including the discovery, publication, collaboration with CERTs, the SANS institute, and other experts around the world during his discovery of Mamba. He will further detail out multiple experiments he conducted leveraging the Palo Alto Networks Next-Generation Security Platform, including WildFire and Traps, for prevention of this critical attack.
Renato Marinho, Researcher, Morphus Labs
Driving the Cyber Threat Alliance Forward: How Every Major Security Vendor Came Together for the Common Good
Palo Alto Networks, Cisco, CheckPoint, Fortinet, Intel Security and Symantec – didn’t think you’d see all these names at Ignite? We joined together as an industry to share threat intelligence and drive better preventions for our respective customers through the Cyber Threat Alliance (CTA). Join Rick Howard, Chief Security Officer for Palo Alto Networks, as he details out the innovative mission of the CTA, the architecture of a new intelligence sharing platform in use today, and real-world examples of how this bold vision is helping to defeat adversaries.
Rick Howard, Chief Security Officer, Palo Alto Networks
Hands-On with AutoFocus: Threat Hunting with Unit 42
AutoFocus™ contextual threat intelligence service makes threat hunting easy and accessible to every organization, even those strapped for security resources. Learn about threat analytics, hunting and forensic workflows for AutoFocus directly from Unit 42 in this compelling session that provides the framework drive prevention visibility, context and prevention on day-zero.
Simon Conant, Threat Intelligence Analyst, Palo Alto Networks
Jen Miller-Osborne, Threat Intelligence Analyst, Palo Alto Networks
Internet-of-Things (IoT) Threat Landscape: What to Look for Now and in the Future
Organizations are rapidly adopting new connected devices or “things” as part of their networks, driving compelling use-cases and interaction for their employees and customers. Many of these devices are constantly connected, with the ability to collect sensitive information at a scale never seen before. This new era requires visibility into how attackers can leverage this vast new attack surface. This session will introduce the methods attackers are using to infect the Internet-of-Things (IoT), including breaking research on novel threats, and what you can do to establish a next-generation security posture for your connected device deployments.
Josh Grunzweig, Threat Intelligence Analyst, Palo Alto Networks
Mobile Malware Evolution: Profiling Attacks Against iOS and Android Devices
Mobile devices represent an astounding attack surface available to adversaries, with organizations embracing the use of personally owned Apple iOS and Android devices in droves. As employees require access to sensitive data or corporate resources from their mobile devices, they can be leveraged to steal information or break into networks. To protect yourself, it is critical to understand the techniques used by attackers to infect them. Join the head of our mobile malware research team, Zhi Xu, as he covers breaking attack methods, malware families, novel discoveries driven his team, and how to prevent these critical attacks.
Zhi Xu, Manager, Mobile Malware, Palo Alto Networks
Responding to Malicious Scenarios: Lessons Learned from Cyber Range
Have you ever wondered how to keep your practical skills sharp against newly evolving malware and malicious scenarios? Cyber Test Systems runs Cyber Ranges using Palo Alto Networks appliances around the world, and across multiple industries, to help practitioners do just that. This session will cover the Cyber Range – the goals of the Range, the roles of the red, blue, yellow, green, and white teams to prepare practitioners to best handle real-world scenarios, some of the more insidious malware observed in the wild and then used in the Range, and how Palo Alto Networks platform handles these. We will also discuss some of the lessons learned from our observations of how practitioners tackle malware and other malicious scenarios in the Ranges, and some of the pitfalls to avoid in thinking about your own networks.
Gregory Fresnais, Co-Founder, Cyber Test Systems
Pamela Warren, Director, Government & Industry Initiatives, Palo Alto Networks
The Art of Cyber Attack, View from the Incident Response Trenches
Targeted attacks keep getting better by the day. In this talk, a front-line Incident Response leader from Stroz Friedberg will give a first-hand view of sophisticated attacks covering the techniques, tactics and procedures of the threat actors, along with tips on detection and response for targeted attacks that can be implemented within your organization, pulled from anonymized real-world IR engagements.
Jibran Ilyas, Vice President, Cyber Resilience, Stroz Friedberg
The Pragmatic Adversary: The Criminal Ecosystem and How to Stop Them with Playbooks
What if you could easily classify every adversary group and the methods used to break in, move laterally across the network and achieve their objectives? The numbers are quantifiable, as malicious actors repeat the same playbook over and over, or even share elements across disparate attacks, from multiple groups. Join the head of Unit 42, Ryan Olson, as he provides a framework for building adversary playbooks and classifying the entire cybercrime ecosystem into an actionable set of prevention controls.
Ryan Olson, Sr. Director, Threat Intelligence, Unit 42, Palo Alto Networks
Unit 42 Story Time, Shamoon 2: Return of the Disttrack Wiper
Ransomware has been splashed across the headlines for months now, but what if an attack destroyed your files, instead of holding them for payment? This session will cover how Unit 42 profiled Shamoon, a highly-targeted attack campaign, and the actor’s usage of the Disttrack destructive malware. You will learn intimate details about how we hunted down the adversary, reverse engineered their malicious tools, identified their step-by-step playbook, and helped drive preventions across the Palo Alto Networks platform, including best-practices to identify and stop similar attacks.
Robert Falcone, Threat Intelligence Analyst, Palo Alto Networks
These 50-minute certification preparation sessions cover the critical topics and issues that you might expect to be tested on in the PCNSE exam. Within these interactive sessions, you will review sample questions designed to focus your preparation on the relevant content.
“Get Certified” PCNSE Preparation Sessions
These 50-minute certification preparation sessions cover the critical topics and issues that you might expect to be tested on in the PCNSE exam. Within these interactive sessions, you will review sample questions designed to focus your preparation on the relevant content.

The approach used will be as follows:

1. Introductory lecture – setting the scene and talking about some of the basics of the exam

2. 90% of the time focusing on the type of questions you will get:

 a. Ask the question – participants use quiz-system to submit their answers

 b. Show the polling

 c. Discuss the answers and why certain answers are right, and others are not correct


Ready to prove your skills and upgrade your career? Take the Palo Alto Networks Certified Network Security Engineer (PCNSE) exam at Ignite 2017. Successful candidates demonstrate their comprehension of the unique aspects of the Next-Generation Security Platform. Join this elite group of PCNSE-certified and skilled professionals.

Below are the exams that will be offered at Ignite 2017:

  • PCNSE7
  • PSE: Platform – Professional
  • PSE: Endpoint – Professional
  • PSE: DataCenter – Professional


Interested in kicking the tires on the latest security innovations? Buckle your seatbelt and join us for a series of labs to test drive some of our latest product innovations. These labs will expose you to advanced capabilities within our next-generation firewall, new threat protection techniques, advanced endpoint protection, network security management and the latest concepts in securing a software-defined data center. You'll be guided through a series of hands-on exercises aimed at introducing you to an exciting array of products and features in the Palo Alto Networks Next-Generation Security Platform.


If you have some prior experience in the Palo Alto Networks Next-Generation Security Platform and want to learn more about specific topics, join us for a series of hands-on workshops allowing you to go deeper into specifics of our products. These hands-on workshops are created to give attendees an in-depth understanding of product and feature deployment and implementation. Some hands-on workshops require specific prior experience, please refer to the prerequisites for each workshop.