Ignite '18 Cybersecurity Conference | Palo Alto Networks | USA

#ff0000 and #0000ff => #800080 - How Combining Primary Colors Can Improve Your InfoSec

The purpose of the Red and Blue Teams are well known entities in the Information Security industry today. Some companies even have dedicated teams to address both Red and Blue perspectives in order to effectively secure an organization's infrastructure. The team’s main purpose is to work together, in harmony, but they can often grow apart and become separate silos as the security exercises contend against each other. The concept of the Purple Team is to facilitate the continuous integration of Red and Blue teams to improve the skills and processes of both teams. This session will cover how we can foster Purple Team collaboration to push boundaries and mature the security of an organization. Attendees will leave this session with an understanding of the positive impact of thinking purple, the current situation in security of red and blue and general recommendations for these teams to effectively enhance the security of your organization.

Offered	Wednesday, 10:30 am – 11:20 am
Speakers	Sandra Wenzel, Sr. Systems Engineer, Palo Alto Networks
Keywords	Threat Detection and Prevention, Overview Session, Network Security

A Deep Dive into VM-Series Firewall Deployment Across Multiple NSX Environments

Organizations are deploying multiple NSX environments within/across data centers to address use cases such as workload mobility, disaster recovery and resource pooling within their virtual infrastructure. This design approach introduces new challenges while deploying consistent security and scaling security across all NSX locations.

In this session you will learn about simplifying your security deployments across multiple NSX environments with recent Panorama and VM-Series enhancements. We will walk through detailed demos that showcase the advantages of leveraging Panorama NSX plugin and VM-Series firewall to secure your multiple NSX environments.

Offered	Wednesday, 2:40 pm – 3:30 pm
Speakers	Jaimin Patel, Senior Product Manager, Palo Alto Networks
Keywords	Best Practices/Troubleshooting, Private Cloud/Datacenter, Technical Session, PAN-OS 8.1, Technology Integration

A Hacker, a CIO, and an Amazon Echo Walk Into A Bar - Why IoT Security Is No Joke

Hey Alexa?! What will Nadir be talking about? Hello. Nadir will be discussing how new “smart” devices that are inundating the Enterprise are fraught with issues. They are designed to automatically connect. You don’t even have to plug them in. They connect through many protocols like WiFi, Bluetooth, BLE, zigbee, and more. Unfortunately, you can’t put an agent on most of these devices. And let’s not forget that most of these devices have no simple way to update or receive patches. So the “smart” endpoint doesn’t look very smart right now.

Nadir will cover the risks inherent to IoT devices, and why the current security architecture is broken. He will share what the new security architecture should look like moving forward. He will discuss Armis’ discovery of BlueBorne, the most Bluetooth vulnerability called “Bluetooth’s Stagefright moment,” which exposed more than 5 billion devices to remote take over, and with more than 1 billion devices unpatchable. The session will shed light on the level of severity that this vulnerability poses, why IoT security is so important, and how integration into the Palo Alto Networks firewall brings coordinated security in the connected age.

Offered	Thursday, 10:30 am – 11:20 am
Keywords	Overview Session, Technology Integration

A Hit on One of Us, Is A Hit on All Of Us: Threat Intelligence Sharing – Your How To Guide

Many have discussed that threat intelligence sharing can be the industry movement that will cause the most pain to our cyber adversaries, by driving the costs of successful cyberattacks up exponentially.

To put an end to breaches, we need to make it easier to consume, use and share threat intelligence. If we have established trust with someone, why would you share? Once you know the benefit, then what?

This session will provide you with the answers to WHY and also HOW you can start this today. We are dealing with an automated adversary; therefore, we need to automate our responses to prevent a successful cyberattack.

Offered	Thursday, 11:30 am – 12:00 pm
Keywords	Threat Research/Unit 42, Overview Session

Accelerate Your Cloud Adoption, Securely

Adoption of the cloud can be slow for the risk-adverse. Come hear about the new Cloud Accelerator Service offered by Palo Alto Networks. This service will allow you to confidently move workloads to the cloud, securely.

Offered	Thursday, 12:15 pm – 12:45 pm
Speakers	Franck Chabert, Professional Services Global Practice Lead, Palo Alto Networks
Keywords	Public Cloud, Best Practices/Troubleshooting, Overview Session

Accelerating Security Operations with Phantom

Security automation and orchestration technologies have become a necessity for SOC teams struggling to keep up with the volume of alerts they receive. Manual responses consume significant time and resources, and the longer an attack remains active in an enterprise, the more complicated IR processes become and the higher the damages. This session will demonstrate the force multiplying effect of the Phantom Security Operations Platform with a focus on use cases that include Palo Alto Networks.

Offered	Thursday, 9:10 am – 10:00 am
Keywords	App Framework Partners, Application Framework, Next Generation Security Platform, Technical Session

Achieving Zero-Touch Automation: A Network Security Policy Management Maturity Model

Organizations that struggle to keep pace with the frequency of network security change requests are turning to a policy-driven approach to support business agility while maintaining the overall security of their business. But where do security and network teams begin and what steps can they take to continue to strengthen the security posture of their company while improving responsiveness to business requests? And how do moves to the cloud impact the overall adoption of network security policy management?

Based on the collective experiences of customers, partners and industry analysts, Tufin has compiled a six-stage maturity model for network security policy management. From Visibility to Zero-Touch Automation, security and network operations teams will discover how policy-based automation and orchestration is being adopted to address firewall administration, change management and regulatory compliance.

Learn how to successfully navigate the stages of the maturity model and see a demonstration of zero-touch automation in practice.

Offered	Tuesday, 4:20 pm – 5:10 pm
Speakers	Reuven Harrison, CTO & Co-Founder, Tufin
Keywords	Overview Session, Technology Integration, Management

All Your Clouds Are Belong to Us - Hunting Compromise in Azure

MongoDB, Redis, Elastic, Hadoop, SMBv1, IIS6.0, Samba. What do they all have in common? Thousands of them were pwned. In Azure. In 2017.

Attackers have shifted tactics, leveraged nation-state leaked tools and are leveraging ransomware to monetize their attacks. Cloud networks are prime targets; the DMZ is gone, the firewall doesn't exist and customers may not realize they've exposed insecure services to the internet until it's too late.

In this talk I'll discuss hunting, finding and remediating compromised customer systems in Azure - a non-trivial task with 1.59 million exposed hosts and counting. Remediating system compromise is only the first stage so I'll also cover how we applied the lessons learned to proactively secure Azure Marketplace and research I've done into the default security stance of Marketplace images.

Offered	Thursday, 10:30 am – 11:20 am
Speakers	Nate Warfield, Sr. Security Program Manager, Microsoft
Keywords	Technical Session, Threat Research/Unit 42, Azure

Allergan: How a Multi-National Pharmaceutical Enabled Cloud-based DLP for SaaS

While cloud adoption offers tremendous business value and continues to be a top priority for companies, it introduces significant complexity with respect to maintaining the security of corporate applications and data. Cloud vendors are responsible for the security of their SaaS applications, however, visibility into and securing the usage of corporate data within SaaS applications is a challenge that all companies must address. This presentation will provide information on extending visibility and data protection controls to authorized cloud applications using Palo Alto’s Aperture solution. During this presentation we will discuss strategy, implementation approach, and lessons learned on our journey to extend data protection controls to the cloud using the Aperture platform.

Offered	Tuesday, 4:20 pm – 5:10 pm
Keywords	SaaS/Aperture, Best Practices/Troubleshooting, Case Study/Use Case, Technical Session

Allstate: Planning and Scaling SSL Decryption in a Large Enterprise

As the world continues to use SSL more and more, Allstate needed to scale up for SSL decryption. This presentation will include discussion of the metrics used to scale properly, rationale for decisions made on what to and what not to decrypt, features/functions available for SSL decryption, and why some were enabled and others were not.

Allstate’s lead Network Security Engineer and their Palo Alto Networks Systems Engineer will discuss and review Allstate’s journey to SSL decryption on a large scale while alleviating any performance concerns.

Review SSL decrypt features and options in PAN-OS
Recap the SSL decryption improvements in the PA-5200 series
Discuss Allstate’s previous architecture, process and the challenges presented
Review the reporting/metrics that highlighted the need for an upgrade sooner than later
Discuss Allstate’s new architecture (post-5260 upgrade) as well as updated processes
Review the new SSL Decryption Broker feature in PAN-OS 8.1

Offered	Wednesday, 10:30 am – 11:20 am
Speakers	Patrick Rufener, Security Engineer, Allstate David Guretz, Systems Engineer, Palo Alto Networks
Keywords	Network Security, Case Study/Use Case, Technical Session, Management, NGFW

Amazon Web Services Security, Palo Alto Networks, and You

As more enterprises adopt Amazon Web Services (AWS), they want to know what tools and best practices exist in the cloud and how their existing security controls and compliance frameworks can be applied. AWS offers a wide range of security features and services that enable customers to operate in the security model that best fits their use case. In this session we will help you understand the key AWS security features that are relevant to Palo Alto Networks users as part of their AWS strategy. We will dive into AWS networking components, features that enable you to be able to secure your overall AWS account, and detail common hybrid and all-in AWS architectures customers are using with Palo Alto Networks. Finally, we will spend some time talking about compliance and how customers are able to achieve the necessary compliance profiles with Evident while running on AWS.

Offered	Thursday, 9:10 am – 10:00 am
Keywords	AWS, Cloud Partner, Public Cloud, Technical Session

An attribution solution. Implementing User Identification in a Globally Distributed Enterprise Environment.

An attribution solution. Implementing User Identification in a Globally Distributed Enterprise Environment.

Bechtel is one of the largest private construction and civil engineering companies in the United States. Like most large enterprises, Bechtel has a large technology footprint spread across multiple data centers globally as well as remote project sites with limited bandwidth. During the course of this presentation we will cover why we went with Palo User-ID, our approach, stumbling blocks and successes.

We will cover the 3-tiered user-id/attribution architecture that we implemented. We will also share some helpful technical content including scripts for performing Kerberos Authentication on Unix/Linux systems and performing domain controller discovery to communicate with the closest collection agents.

Finally, we will discuss the challenges we faced as we tested and transitioned to Palo Alto’s user-id solution in our environment. We hope that by sharing our experiences it will provide sound advice to others that wish to follow in our footsteps.

Offered	Thursday, 7:45 am – 8:15 am
Speakers	Randy Collins, IT Security Senior, Bechtel
Keywords	Management, Overview Session, Case Study/Use Case, Network Security

Application Framework App Highlight 1

This session will highlight one of our latest Application Framework partners. Stay tuned for more details as we are approaching Ignite.

Offered	Wednesday, 7:00 am – 7:30 am
Keywords	App Framework Partners, Application Framework, Overview Session

Application Framework App Highlight 2

This session will highlight one of our latest Application Framework partners. Stay tuned for more details as we are approaching Ignite.

Offered	Wednesday, 11:30 am – 12:00 pm
Keywords	App Framework Partners, Application Framework, Overview Session

Application Framework App Highlight 3

This session will highlight one of our latest Application Framework partners. Stay tuned for more details as we are approaching Ignite.

Offered	Thursday, 7:00 am – 7:30 am
Keywords	App Framework Partners, Application Framework, Overview Session

Application Framework App Highlight 4

This session will highlight one of our latest Application Framework partners. Stay tuned for more details as we are approaching Ignite.

Offered	Thursday, 7:45 am – 8:15 am
Keywords	App Framework Partners, Application Framework, Overview Session

Application Framework App Highlight 5

This session will highlight one of our latest Application Framework partners. Stay tuned for more details as we are approaching Ignite.

Offered	Tuesday, 7:30 am – 8:00 am
Keywords	App Framework Partners, Application Framework, Overview Session

Application Framework Developer Lightning Round 1

In this exclusive developer lightening round, hear from 5 third-party innovators you should consider in 50 minutes. They will share key use-cases, value, and how you can take advantage of new technology as part of the Application Framework.

Offered	Thursday, 8:00 am – 8:50 am
Speakers	Scott Simkin, Director Threat Intelligence, Palo Alto Networks
Keywords	App Developers, Application Framework, Next Generation Security Platform, Overview Session

Application Framework Developer Lightning Round 2

In this second exclusive developer lightening round, hear from more third-party innovators. They will share more key use-cases, value, and how you can take advantage of new technology as part of the Application Framework.

Offered	Thursday, 10:30 am – 11:20 am
Keywords	App Developers, Application Framework, Next Generation Security Platform, Overview Session

Application Framework and Microsoft Intelligent Security Graph: End-to-End Security Use Cases

Palo Alto Networks and Microsoft are partnering to integrate Application Framework with the Intelligent Security Graph, allowing customers to easily access an unprecedented amount of information from cloud, on-premise and endpoint security solutions. This unique integration provides customers with a consolidated integration point in both the Application Framework and the Intelligent Security Graph to programmatically access their own security data, alerts and business context data from their environment for better visibility, protection and automated remediation. The integration encompasses all of the Palo Alto Networks enterprise security platform (including Next Generation Firewalls, Traps, Magnifier, AutoFocus and WildFire), the Microsoft security ecosystem (including Microsoft 365 and Azure solutions and other 3rd party applications. This session will provide an overview of Palo Alto Networks Application Framework, the Microsoft Intelligent Security Graph, and the key use cases that can be enabled through the integration, with real world examples.

Offered	Wednesday, 4:00 pm – 4:50 pm
Speakers	Francesco Vigo, Partner Architect, Palo Alto Networks
Keywords	App Framework Partners, Application Framework, Next Generation Security Platform, Overview Session

Applied Analytics-Driven Security Automation Use Cases at University of San Francisco

How USF Implements Splunk and Palo Alto Networks Integrations for Fast and Efficient Incident Response and Security Operations.

University of San Francisco’s lean security team relies on their security automation framework to secure their 13,000 students and faculty on a daily basis. In this session, we will cover specific technical use cases on how USF utilizes Splunk to trigger alert actions based on correlation searches of Palo Alto Networks wildfire, traffic and firewall data with other CMDB and Infrastructure data in Splunk. The actions triggered from Splunk include automatic creation of a security incident ticket, posting of a message in a Slack channel and sending notifications to IT admins (server owners) on firewall rules specific to their servers. We will go over the Splunk integrations, dashboards, and searches used behind such automation. To close, we’ll round out with a demo of the latest version of the Palo Alto Networks App for Splunk which enables security analysts, administrators, and architects to correlate application and user activities across all network and security infrastructures from a real-time and historical perspective.

Offered	Wednesday, 1:30 pm – 2:20 pm
Speakers	Wissam Ali-Ahmad, Sr. Solutions Architect, Security Alliances, Splunk Tim Ip, Information Security and Compliance, University of San Francisco
Keywords	Overview Session, Technology Integration, Automation, Case Study/Use Case

Applying Cloud Principles to Network Security

To enable digital transformation, many organizations are embracing cloud principles for their data center architectures, including in-depth virtualization of resources, modern automation, analytics, and open scale-out designs.The complexity of providing secure access, protecting critical business data, end-user privacy, and assuring business continuity in these hyper-dynamic, high-performance infrastructures is driving a new approach in network and data security.

In modern data center environments, embedded security in hypervisors addresses inter-VM communication and physical firewalls addresses protection of north-south traffic. However, no solution exists to secure east-west traffic between application clusters and non-virtualized workloads, or attached legacy applications running on bare metal servers. This poses a challenge for security architects to gain visibility into flow information for the east-west traffic flows as well as compromised assets from within.

In this session we present Macro-Segmentation Service, which implements cloud principles of open & programmable, scale-out and automation to address the growing gap in security deployments. Specifically aimed at securing traffic between physical-to-physical (P-to-P) and physical to virtual (P-to-V) workloads, It provides a scale-out model of integration of network and security systems and logically inserts security devices to secure east-west traffic flows and gain visibility as well. It provides complete flexibility on placement of service devices and workloads and leverages automation capabilities offered in firewall and modern network operating systems, to provide integration and application of security policies. By applying the cloud principle of open and programmable, it drives operational efficiencies to eliminate errors while seamlessly implementing corporate security rules in the modern data centers

Offered	Wednesday, 12:15 pm – 12:45 pm
Speakers	Shyam Kota, Principal Product Manager, Arista Networks
Keywords	Network Security, Overview Session, Private Cloud/Datacenter

Applying DevOps Principles to Security: Real World Experiences (Luncheon)

How can security teams take advantage of the DevOps movement as they transition to the cloud? To maximize agility, security teams should consider replacing manual processes and dated high availability architectures with automation and on-demand scaling. They should avoid rigid maintenance windows, lengthy change control processes, and siloed groups that do not communicate with one another. Attend this panel to learn how leading organizations are applying DevOps principles to security to streamline operations and ultimately improve security outcomes.

Offered	Tuesday, 11:30 am – 1:00 pm
Keywords	Management

Are Applications Running in the Wild in Your Network?

Understand how to use the power of App-ID to protect your network. The session will showcase how the new content update structure streamlines APP-ID adoption while improving your security posture. We will explore best practices based recommendations for SaaS application control like how to up the ante against malicious risky SaaS applications using new capabilities like SaaS characteristic-based controls, how to manage consumer versus enterprise versions of SaaS applications with HTTP header insertion.

Offered	Wednesday, 1:30 pm – 2:20 pm
Speakers	Mandeep Singh Sandhu, Product Manager, Palo Alto Networks
Keywords	Network Security, Technical Session, Management, Next Generation Security Platform

Are You Leveraging Identity Based Security Effectively?

This session will look beyond the traditional Role Based Access Control (RBAC) for enforcing security based on Identity. Learn how USER-ID is becoming increasingly important for the network security, SaaS Security, and behavior analytics. Also learn how to use Identity to deploy other capabilities of Palo Alto Networks Security Platform and prevent successful cyber attacks.

Offered	Wednesday, 2:40 pm – 3:30 pm
Speakers	Nithin Varam, Product Manager, Palo Alto Networks
Keywords	Management, Network Security, Technical Session, NGFW

Ask the AWS Expert

You've poked around in AWS, or maybe you're already there and are now puzzled as to which of the many options AWS offers you should take. Hosted by AWS experts from AWS and Palo Alto Networks, this session will allow you to ask how do I architect my environment on AWS? Expect heavy whiteboarding and brainstorming. (AUDIENCE LIMITED TO 100)

Offered	Wednesday, 2:40 pm – 3:30 pm
Speakers	Jason Meurer, Consulting Engineer, Palo Alto Networks Jaime Franklin, Consulting Engineer, Palo Alto Networks
Keywords	AWS, Public Cloud, Technical Session, Best Practices/Troubleshooting

Attack Your Attack Surface - Improve Vulnerability Prioritization by Combining Threat Signatures and Vulnerability Data

Recent reports show that the number of vulnerabilities listed in MITRE’s National Vulnerability Database doubled in 2017. While this is a positive improvement in terms of discovery, it makes the job of vulnerability management evermore challenging, as analysts continue to be overwhelmed by a deluge of vulnerabilities and no true understanding of what to address first.

Using CVE scores alone for prioritizing vulnerabilities and remediation does not provide enough context to accurately assess risk. To deal with the problem of “too much vulnerability data,” security teams must consider multiple factors, including the network and security controls in place, the importance of a particular asset to the businesses, and continuous threat intelligence on which vulnerabilities are being exploited in the wild. With this context, they are better able to determine the true risk a particular vulnerability poses, where to put it on their list of priorities, and how to mitigate — which may not always involve a patch.

This presentation will walk you through a case study explaining how organizations are integrating PAN and Skybox to improve vulnerability management outcomes by combining threat signatures, vulnerability data, comprehensive attack surface visibility, predictive threat modeling/breach simulation, and advanced analytics. And when patching is not an option, learn how these tools assist decision-making for threat mitigation.

Offered	Wednesday, 8:00 am – 8:50 am
Speakers	Sean Keef, Global Director of Technology Marketing, Skybox Security
Keywords	Technology Integration, Overview Session

Azure Architecture Whiteboarding and Brainstorming

Maybe you are just beginning to move workloads to Azure. Or you are already there and now looking for ways to scale architecturally, yet securely, but you are puzzled as to which of the many Azure options you should take. Hosted by experts from Azure and Palo Alto Networks, this session will outline four different architectures from basic to advanced and answer how-to questions around each. Expect heavy whiteboarding, brainstorming and minimal use of PowerPoint. (AUDIENCE LIMITED TO 100)

Offered	Thursday, 8:00 am – 8:50 am
Speakers	Keith Blackstone, Consulting Engineer, Cloud, Palo Alto Networks Kambiz Kazemi, Consulting Engineer, Cloud, Palo Alto Networks
Keywords	Azure, Public Cloud, Technical Session, Best Practices/Troubleshooting

Best Practices for ICS/SCADA Network Segmentation

Network segmentation of ICS/SCADA network continues to be a very important topic for critical infrastructure protection. Join our round table to hear from your industry peers on how they are approaching zoning of their industrial networks. We’ll explore topics such as:

Which levels/interfaces from Levels 4 through Level 1 are most strategic in terms of visibility and enforcement?
How to apply App-ID, User-ID and Content ID in policy to better manage the attack surfaces
How to plan and roll out your segmentation strategy to ensure robustness

Offered	Wednesday, 11:30 am – 1:00 pm
Keywords	ICS/SCADA, Best Practices/Troubleshooting, Segmentation, Industry Roundtables

Best Practices for the Centralized Firewall Management Using Panorama

Whether it's a handful or hundreds of firewalls, Panorama can help you maintain their security effectiveness and performance. This session will cover best practices for maintaining centralized configurations, tracking changes, and streamlining workflows using Panorama. We will also provide an overview of Panorama 8.1 features such as Rule Usage Analysis, Reusability of Templates, and Device Performance Metrics, which will help network practitioners to simplify operations and adopt next-generation security with confidence.

Offered	Thursday, 8:00 am – 8:50 am
Keywords	Management, Network Security, Best Practices/Troubleshooting, Technical Session, NGFW

Best Practices on Testing Endpoint Protection

Learn what to look for when testing and evaluating endpoint products to ensure you’re effectively balancing prevention with usability and enabling your teams for success.

Offered	Wednesday, 8:00 am – 8:50 am
Speakers	Shahar Razon, Product Manager, Palo Alto Networks
Keywords	Best Practices/Troubleshooting, Endpoint/Traps, Technical Session

Best Practices to Protect Your Endpoints from Day 1

Learn the “secret sauce” behind Traps default policy and the security profiles introduced in Traps 5.0, that enable your teams to quickly protect different users, departments, and groups as well as add new profiles to fit the needs of your organization.

Offered	Wednesday, 10:30 am – 11:20 am
Speakers	Liat Hayun, Product Line Manager, Palo Alto Networks
Keywords	Best Practices/Troubleshooting, Endpoint/Traps, Technical Session

Beyond perimeter

How many people in your company have a laptop? How many people in your company take them home or travel with their laptop? I bet your perimeter security is top notch and your company is already using all the bells and whistles available from your Palo Alto next-gen firewall.

What are your company’s security controls outside of the perimeter? Do you use global protect and back haul all traffic to the datacenter or the main branch? Do you use split tunneling or full tunneling? How is the latency and user experience? What are your company’s security controls for corporate SaaS applications such as Dropbox, Box.net, Office 365, Salesforce, and so forth? Does your organization have an AWS or Azure environment? How do you know it is secure?

We want to share our story on how we used PaloAlto Next-gen firewall, Global Protect Cloud Services, Logging Services and Aperture to achieve unified security controls that are independent of device type, application type and location. Come hear our lessons learned, including the challenges we experienced and the policy we ended up creating to unify + improve security posture.

Offered	Thursday, 7:00 am – 7:30 am
Keywords	Network Security, Overview Session, Next Generation Security Platform, Case Study/Use Case

Bringing Data Science to Threat Prevention

Data Science is a hot topic across many different industries – from health care to manufacturing and finance. In the fight against Malware, we have many advantages, such as vast amounts of data with good labels. We have huge clusters of computers and top notch engineers. The adversary, however, quickly morphs their attacks to stymie static prevention systems. This is a fascinating time to be a Data Scientist in the security space. In this session we will talk about why we need Data Science and how we use it to solve these problems at scale. Specifically, we’ll dive into how Palo Alto Networks uses Machine Learning to classify webpages, protect business documents in the cloud, detect malware, and prevent phishing attacks that help our customers defeat the adversary. Our Senior Data Scientist will also give some insight into where machine learning in security is going and some of the open challenges we face.

Offered	Thursday, 10:30 am – 11:20 am
Speakers	William Hewlett, Sr. Manager, Data Science, Palo Alto Networks
Keywords	Technical Session, Threat Detection and Prevention, Network Security, Next Generation Security Platform

Building Advanced Threat Intelligence Operations

As security professionals, we’re often guilty of focusing our attention on the cybersecurity topic du jour. Whether it’s a new technology, vulnerability, or attack, the latest, shiniest theme inevitably catches our attention. And often, to our detriment, basic housekeeping tasks and simple preventative policy measures are deprioritized in pursuit of the “Next Big Thing.” In this session, we’ll demonstrate how mastering those building blocks can enable defenders to keep pace with the evolving security landscape. Attendees will learn how they can leverage both internal and external threat data to implement a true intelligence-driven security operation.

Offered	Thursday, 8:00 am – 8:50 am
Speakers	Bryan Lee, Threat Intelligence Analyst, Unit 42, Palo Alto Networks
Keywords	Threat Research/Unit 42, Technical Session

Building North Dakota's Mission Control for the Cyber Moonshot

The State of North Dakota sees the safety of the Internet and our citizens’ information as absolutely essential to our collective future. North Dakota intends to rise to the challenge by creating a comprehensive, state-wide, approach to cyber across our educational systems and workforce organizations. This approach will include cyber education from Kindergarten through Master’s degrees in every school and classroom (required for ~120,000 annually in K-12, and available for ~100,000 University) in the state. Additionally numerous executive branch agencies will align their workforce initiatives to encourage cyber careers. Shawn Riley will expound on how this will be accomplished and details of execution as North Dakota pursues “mission control for the cyber moonshot.”

Offered	Thursday, 8:00 am – 8:50 am
Keywords	Case Study/Use Case, Technical Session

Building a Zero Trust Model in the Cloud with Micro-segmentation

The historical approach to business security has focused on defending a fixed perimeter. The objective was to keep threats on the outside of the perimeter of a wall around a castle. However, today the reality is that these same boundaries are harder to define and very porous. The assumption that systems and traffic within a data center can be trusted is flawed because once a single host is compromised, moving within a trusted zone is often easy. While it is often hard to directly attack high-value assets from outside the network, using an indirect attack using systems inside the network is much simpler, although more time-consuming. These same principles are equally applicable to public cloud deployments.

The Zero Trust architecture is the foundation of the future of public cloud security. The ability to authenticate and secure communication without relying on the location of the endpoints or the security of the network means that our clients can adopt the cloud paradigm and embrace its benefits of cost and flexibility while maintaining control of their data and compliance in virtual environments.
By the end of this session, attendees will

• Understand how Palo Alto Networks and Stealth enable the Zero-Trust model within the cloud.
• Understand Palo Alto Networks and Stealth Zero-Trust segmentation platform.
• Understand how this solution can accelerate cloud adoption.
• Understand methods and metrics by which the next generation of CISO's can define and deliver success in the public cloud.

Offered	Thursday, 9:10 am – 10:00 am
Speakers	Salvatore Sinno, Chief Security Architect, Unisys John Kindervag, Field CTO, Palo Alto Networks
Keywords	Case Study/Use Case, Public Cloud, Segmentation, Technical Session, AWS, Azure, Google Cloud

Centralizing Cloud Connectivity and Security with a Digital Edge Control Point

As enterprises embark on a digital transformation towards hybrid and multi-cloud environments, security concerns remain a primary barrier to large-scale, production adoption. Security executives continue to raise questions about the level of protection their applications and data are afforded in the cloud, which has amounted to pauses, if not vetoes, of cloud initiatives.

To help overcome these concerns, enterprises should consider the adoption of a Digital Edge Control Point (DECP) architectural element, which centralizes all the functions and capabilities necessary to support cloud resiliency, agility, segmentation and interconnectivity. The DECP enables enterprises to establish distributed visibility and control of data at the cloud edge, segment cloud traffic, solve regulation, sovereignty and compliance issues and establish secure public and private connectivity to key ecosystems. A DECP is necessary to establish these types of controls against multiple public cloud providers, SaaS providers, and network service providers. In this session Equinix fully describes the DECP it sees thousands of its large enterprise customers creating as they adopt and expand their cloud footprint.

Equinix will highlight the pros and cons of common DECP architecture examples, including how to segment multiple systems and build an interconnection architecture that incorporates connectivity to SaaS applications, other enterprises and networks as well as cloud provider options such as AWS DirectConnect, Azure ExpressRoute and Google InterConnect

Offered	Wednesday, 2:40 pm – 3:30 pm
Keywords	Public Cloud, Overview Session, Cloud Partner, AWS, Azure, Google Cloud, Technology Integration

Chevron: Automate Cloud Security? “Sure, We Can Do That”

In the new age of cloud technology, speed is the key to fully leverage the agility and scale the cloud brings to the table. “How much can we automate and how much can we templatize? We do not want to add any manual processes.” This is what you hear often from developers. And they are right. Why create manual processes in an environment built for speed and accessibility? How do we enable speed while securing our data? How do we answer the question “why do we need a firewall, it will just slow us down?”. Of course, the answer to “why we need a firewall?” is easy: to protect the data. The key is to not slow developers down.

Luckily, the Palo Alto Networks VM-Series firewall deployment and configuration can be fully automated. This session will cover how Chevron has automated the VM-Series deployment on Azure, eliminating manual processes that could slow scaling and policy creation. Using processes that work with Ansible and Azure functions and utilize API calls to build out VM-Series change management processes that are automated and agile, Chevron is securing outgoing, and incoming traffic in a highly automated fashion. The combination of API calls and easily deployable firewalls built from ARM templates allow us to ensure that security can adapt and keep pace with the fast-moving Azure cloud environment.

Offered	Wednesday, 1:30 pm – 2:20 pm
Speakers	Jeremy Haynes, Network Security Engineer, Chevron
Keywords	Public Cloud, Automation, Case Study/Use Case, Technical Session, App Developers, Azure

Clearing SSL Decryption Hurdles

If you’re not decrypting SSL as part of your cybersecurity program, cyber criminals may be conducting their activities right under your nose. What’s preventing your use of SSL decryption, and how can these be overcome? Come share your war stories about SSL decryption and hear how your peers are tackling this problem. Discuss the new SSL Decryption Broker capability in PAN-OS as another option offering simplicity and greater efficiency with an expert from Palo Alto Networks.

Offered	Wednesday, 11:30 am – 1:00 pm
Keywords	PAN-OS 8.1, NGFW, Best Practices/Troubleshooting, Industry Roundtables

Compliance at the Speed of Cloud

What do you do when your workloads in the public cloud require compliance? Security concerns are a top inhibitor to the public cloud adoption. This discussion will cover how to address high value/compliant workloads in the public cloud(s). We will address how to securely move, develop and manage workloads in AWS and Azure. The focus will primarily be on meeting compliance requirements. Where does native security in the cloud stop and Palo Alto Networks start? What is the shared responsibility model? How can I apply my required security controls and assurance of compliance? Can I move an application, or do I need to rewrite? How do I provide high availability? Can I auto-scale? What is the best deployment pattern to use? What development tools should I use? What cloud features? What reporting tools? After this session you will have an understanding as to how to approach high-value/compliant workloads in the public clouds. We will discuss industry use cases and specific compliance architectures using cloud Palo Alto Networks security functions.

Session is ideal for technical professionals who are planning or have already deployed applications that must meet industry compliance.

Offered	Wednesday, 10:30 am – 11:20 am
Keywords	Cloud Partner, Public Cloud, Technical Session, AWS, Azure, Best Practices/Troubleshooting, Segmentation

Container Security -- An Introduction

As container technology continues to mature, organizations are accelerating their adoption for increased application deployment speed and development efficiencies. But, security remains a top concern impacting container technology adoption. We will review these security challenges and key considerations you should plan for addressing container security in public, private and hybrid cloud deployments. We will also discuss in detail and demo practical examples of securing google kubernetes engine (GKE) deployment with your existing investments in VM-Series virtual firewalls.

Offered	Wednesday, 9:10 am – 10:00 am
Keywords	Private Cloud/Datacenter, Containers, Technical Session, NGFW, Segmentation

Continuous Security for the Cloud to Protect Your Data and Workloads

While organizations are migrating to Amazon Web Services, Microsoft Azure and Google Cloud Platform, they are trying to overcome the lack of security visibility in the cloud. Application and security teams want to take an inside-out approach for their public cloud deployments, looking beyond logs to protect against insider threats while maintaining regulatory compliance. This presentation will provide information on how you can continuously monitor these cloud environments to ensure your data and workloads are secure without compromising on the speed of application development.

Offered	Thursday, 10:30 am – 11:20 am
Keywords	SaaS/Aperture, Technical Session, Public Cloud

Creating effective security feedback loops that drive actionable security outcomes

Managed Security Service Providers (MSSPs) and enterprises are challenged to create effective security feedback loops with the evolution of complex, uncorrelated, and poorly integrated security deployments that also are producing significant amounts of data that requires rapid analysis. This session will showcase how information generated by our NGFW can be used programmatically. We’ll illustrate some of the different ways to capture information from the firewall and how to use modern tools like the ElasticStack to easily visualize the data. We’ll show how MSSPs can deliver greater value to their customers, and how enterprises can achieve better security outcomes with more effective analysis of data.

Offered	Wednesday, 7:45 am – 8:15 am
Keywords	Overview Session, NGFW, Next Generation Security Platform, Service Providers

Credit Unions – Birds of a Feather

Join your peers from credit unions and share stories on recent and upcoming security projects, regulatory changes, and other areas of concern for this sub-sector of Financial Services. Learn about deployments of Palo Alto Networks solutions at other credit unions, share your experiences, and network with industry peers.

Offered	Wednesday, 11:30 am – 1:00 pm
Keywords	Best Practices/Troubleshooting, Industry Roundtables

Cryptocurrency (In)Security

Blockchain and cryptocurrency - what do they mean, how do they work and how does it impact you? We'll break down the basics of what these things are and then dive into the security concerns around them including:

Android malware stealing cryptocurrency wallet credentials
IoT botnets used to mine cryptocurrency
Coinhive javascript being covertly loaded in users' browsers by websites to mine cryptocurrency
Unauthorized spinning up of AWS EC2 instances for Bitcoin mining
How crypto miners are getting hacked remotely to divert funds

Attendees will leave this session with an understanding of how blockchain and cryptocurrency function, the associated security risks, and an understanding of basic mitigations and how to practically apply the Palo Alto Networks platform to mitigate risks.

Offered	Wednesday, 2:40 pm – 3:30 pm
Speakers	Jamie Brummell, SE, Palo Alto Networks Alex Hinchliffe, Unit42, EMEA, Palo Alto Networks
Keywords	Overview Session, Threat Detection and Prevention, Network Security, Next Generation Security Platform, Endpoint/Traps, Threat Research/Unit 42

Cyber Range Level I

Cyber Range Level I: A hands-on, interactive, network security best practices class. This Level I session includes instructor guidance to ensure students learn how to mitigate a broad variety of single-vector threats.

Prerequisite: Cyber Range Level I requires daily hands-on NGFW experience or completion of the NGFW UTD.

Offered	Tuesday, 1:30 pm – 5:30 pm Wednesday, 8:00 am – 12:30 pm
Keywords	Hands-on Trainings

Cyber Range Level II

An increasingly complex, interactive, network security best practices class. This Level II session uses a Unit 42 cyber adversary playbook and includes less Instructor guidance.

Prerequisite: Cyber Range Level II/Advanced requires completion of Cyber Range Level I.

Offered	Wednesday, 1:00 pm – 5:00 pm Thursday, 8:00 am – 12:00 pm
Keywords	Hands-on Trainings

Cybersecurity from the Outside In – A Layered Approach for Water Districts

I want to touch on many things starting at the edge and MFA solutions, then moving into micro-segmentation as a method to minimize disruption, then layers of protection for SCADA environments, and then end user and password protections…

Offered	Wednesday, 8:00 am – 8:50 am
Speakers	Dale Badore, Datacenter Operations Supervisor, Rancho California Water District
Keywords	Overview Session, Case Study/Use Case

Deep Dive: AWS Transit VPC with the VM-Series

Organizations with hundreds of workloads deployed across multiple VPCs can face a significant challenge to efficiently and consistently secure the communications amongst the VPCs as well as administering those connections once setup. The dynamic nature of these types of environments where VPCs are being added and removed can greatly increase the complexity. Consider an enterprise organization with over 10 VPCs which are created automatically utilizing infrastructure as code. When each VPC is spun up, it should securely talk to all other VPCs. VPC peering in a mesh layout is one way of achieving this, with the newly introduced cross region VPC peering. This architecture is fine unless your organization has a requirement to have security controls on the traffic flow between these VPCs. This is where the Transit VPC with the VM-Series may help.

The Transit VPC solution uses a hub and spoke architecture to centralize connectivity and security. It is a fully automated solution that manages the connectivity and application of VM-Series next generation security for subscribing VPCs (spokes) that may originate in any pre-authorized AWS account. This session describes how the solution was implemented using AWS capabilities and the Palo Alto Networks VM-Series platform.

Offered	Tuesday, 4:20 pm – 5:10 pm
Speakers	John Plishker, Solution Architect, REAN Cloud
Keywords	AWS, Cloud Partner, Technical Session, Public Cloud

Deep Dive: Auto Scaling the VM-Series on AWS

The latest update (Feb 2018) to the VM-Series Auto Scaling solution on AWS introduced many enhancements including a hub and spoke architecture to improve scale, use of Network Load Balancers and a simplified template that is easier to customize. In this session, product experts will review deployment tips, tricks and lessons learned.

Offered	Wednesday, 1:30 pm – 2:20 pm
Keywords	AWS, Public Cloud, Technical Session, App Developers, Best Practices/Troubleshooting

Deep Dive: Building transit VM-Series architectures on Google Cloud

Using a shared services architecture to centralize commonly used services such as security and connectivity is an efficient way to simplify security management and reduce costs. This session will walk through the hub and spoke components of a Shared VPC in Google Cloud, delving into setup, supported deployment scenarios, and benefits.

Offered	Wednesday, 4:00 pm – 4:50 pm
Keywords	Public Cloud, Google Cloud, Technical Session, App Developers, Best Practices/Troubleshooting

Deep Dive: Transit VNET with the VM-Series on Azure

A Transit VNET with the VM-Series on Azure uses a hub and spoke architecture to centralize security and connectivity for traffic between several VNETs hosting applications, to Internet and to on-premises environments. In this session, product experts will walk through the deployment of the Hub and Spoke infrastructure discussing routing and configuration best practices.

Offered	Wednesday, 10:30 am – 11:20 am
Keywords	Azure, Public Cloud, Technical Session, Best Practices/Troubleshooting

Delivering the Platform from a Cloud-based Security Infrastructure: GlobalProtect Cloud Service

Proxies/Secure Web Gateways, VPNs, Secure DNS and MPLS are losing their relevance in today's world. With many applications shifting to the cloud, organizations are looking for a modern take on how to build the security infrastructure necessary to meet requirements today.

In this session, learn about a better approach using cloud-delivered security using GlobalProtect cloud service. This session will take a look at the problems that organizations need to solve, and introduce the fundamental concepts behind deploying GlobalProtect cloud service as the security infrastructure for protecting remote networks and mobile users.

Offered	Thursday, 8:00 am – 8:50 am
Speakers	Nicole Powell, Systems Engineer, Palo Alto Networks
Keywords	Next Generation Security Platform, Overview Session, GlobalProtect

DevOps and Security

Are applications being rolled out without security for the sake of speed? Processes used by DevOps and Security teams, respectively aren’t naturally in sync with one another. Is there a discrepancy in the time it takes to define, test, and implement firewall changes in IaaS environments versus the expectations of DevOps? Hear how your peers are enabling security in their development life cycle management in this age of CI/CD. Come share your experiences with aligning the people, processes, and technology to accommodate security policy changes at cloud speed for a DevOps environment.

Offered	Thursday, 11:30 am – 1:00 pm
Keywords	Public Cloud, App Developers, Automation, Industry Roundtables

Developing for the Application Framework

Palo Alto Networks Application Framework is a powerful technology that lets customers and partners build solutions able to analyze, enrich and process security information, achieving unprecedented levels of protection.

On the Application Framework, customers can quickly enable 3rd party services to securely access their own data lake, or feed it with additional information. APIs are also provided to allow clients to build their own security controls and processes around Palo Alto Networks Application Framework.

Multiple integrations become possible through the services made available by the Application Framework: this session describes its components and interfaces, and presents many of the most relevant existing and future partner integration use cases across multiple security areas, such as Security Analytics, Threat Intelligence, Security Operations and Orchestration.

Offered	Wednesday, 9:10 am – 10:00 am
Keywords	App Developers, Application Framework, Technical Session

End-to-End Cloud Security Automation with Terraform

In public cloud deployments, automation is allowing customers to use the cloud to move towards more rapid and iterative application development methodologies. From a security perspective, automation can be used to eliminate the bottleneck that infrastructure security change control best practices can inject, allowing you to embed security into your application development framework. With the newly available Terraform Provider for PAN-OS, you can now use a single tool, Terraform, to automate the creation of your cloud environment along with the deployment and configuration of the VM-Series firewall.

In this session, we will walk through how you can use an existing provider for AWS, Azure or Google Cloud, to automate the creation of a VPC on AWS or Google Cloud, or a Resource Group in Azure, complete with a VM-Series firewall. Then, using the Terraform Provider for PAN-OS, security teams can fully automate the configuration of the (deployed) VM-Series virtualized firewall, effectively performing end-to-end deployment automation and embedding security into the application development framework.

Offered	Wednesday, 10:30 am – 11:20 am
Speakers	Vinay Venkataraghavan, Solutions Architect, Palo Alto Networks
Keywords	Public Cloud, Technical Session, App Developers, AWS, Azure, Google Cloud, Automation

Endpoint Protection

Compromised endpoints continue to play a prominent role in data breaches. What challenges do you still face in protecting your laptops, desktops, and servers – physical and virtual? What else can be done to better defend these endpoints against malware and exploits? How can your endpoint protection supplement your firewall controls? Join your peers for a discussion on endpoint security and hear what’s working for them and what concerns remain. Seize the opportunity to ask questions of your peers and a Palo Alto Networks endpoint expert.

Offered	Wednesday, 11:30 am – 1:00 pm
Keywords	Endpoint/Traps, Industry Roundtables

Enhance the Security of Your SD-WAN Using a Zero Trust Approach

Organizations are interested in adopting SD-WAN technology since it helps them to optimize the cost of using different network technologies like MPLS and commercial broadband to connect their various remote offices and/or branches to one another. At the same time, as organizations connect to the various cloud providers and use newer types of endpoints they want to ensure that such a move will not increase the attack surface of their network. The good news is that there is a way to make SD-WAN more secure than a traditional WAN – by using the zero-trust model. Join Ben Hendrick, Partner & Global Competency Leader Infrastructure & Endpoint Security at IBM to understand IBM’s approach to make this happen.

Offered	Wednesday, 2:40 pm – 3:30 pm
Keywords	Overview Session, Segmentation, Technology Integration

Evident: Securing the Public Cloud at the Speed of DevOps

Security and DevOps are at odds: one team wants to be right, the other team wants to go fast. But organizations don’t have to sacrifice either security or speed to be secure and compliant in the cloud. By clearly articulating through code the guardrails and policies necessary for operational environments, organizations can gain superior awareness and actionability. When security becomes a part of your DevOps pipeline, you move beyond just monitoring and into holistic cloud security, including automated response, auto-remediation and one-click reporting for compliance and attribution.

Learn how hundreds of organizations have woven security into the fabric their DevOps and DevSecOps teams using Evident, and how you, too, can secure your cloud without compromise.

Offered	Wednesday, 10:30 am – 11:20 am
Speakers	John Martinez, Director, Technical Support, Palo Alto Networks
Keywords	Overview Session, Public Cloud, SaaS/Aperture, Compliance

Experiences with Behavior Analytics

Behavior analytics offers cybersecurity professionals another approach to ward off malicious attacks. Come hear about experiences with cloud-based behavior analytics and machine learning from beta tests and early adoption of Magnifier. Learn about the threats found, the benefits realized, and ask questions about these initial deployments of Magnifier, which is part of the Palo Alto Networks Application Framework.

Offered	Wednesday, 11:30 am – 1:00 pm
Keywords	Application Framework, Next Generation Security Platform, Industry Roundtables

Exploring a P2P Transient Botnet - From Discovery to Enumeration

From DDoS attacks to malicious code propagation, Botnets continue to represent a strength threat to entities and users connected to the Internet and, due to this, continue to be an important research area. The power of those numerous networks proved us its power when they interrupted great part of the Internet causing impacts to companies like Twitter and Netflix when Mirai P2P Botnet targeted Dyn company’s DNS services back in 2016. In this paper, we present the study that allowed us to find out a “Mirai-like” botnet called Rakos - from our high interactivity honeypot recruitment to the detailed analysis and exploitation of this botnet C&C protocol using crawling and node-injection methods to enumerate and estimate its size. Our contribution includes also a comparison between two P2P botnet exploration methods used in our research and in which situations they may be better suitable in further analysis. Additionally, we propose the term “transient” to designate botnets formed by malware that does not use persistence on the compromised system as this tends to be usual amongst modern threats to IoT (Internet of Things) devices.

Offered	Tuesday, 4:20 pm – 5:10 pm
Speakers	Renato Marinho, Researcher, Morphus Labs
Keywords	Technical Session, Threat Research/Unit 42, Case Study/Use Case

Extending Zero Trust the Endpoint - Traps + GlobalProtect

The terms “never trust, always verify” rings a familiar tune to those focused on securing the network. However, as security technologies have advanced to necessitate cross-communication between network and endpoints, Zero Trust principles must also extend from the network to the endpoints. Join us as we discuss why endpoints need to talk and integrate with other security technologies, and provide a framework as to why and how to extend Zero Trust to the endpoint.

Offered	Tuesday, 4:20 pm – 5:10 pm
Speakers	Lieuwe Jan Koning, CTO, ON2IT John Kindervag, Field CTO, Palo Alto Networks
Keywords	Case Study/Use Case, Endpoint/Traps, GlobalProtect, Segmentation, Overview Session

Extending your Security Perimeter in AWS – A State Government Implementation

A hybrid deployment model in AWS can provide the flexibility and security needed for enterprise services in the cloud. First step, extending your security perimeter by creating a "services" Virtual Private Cloud (VPC).

Offered	Wednesday, 10:30 am – 11:20 am
Speakers	Aaron Schubert, Senior Infrastructure Specialist, Missouri Office of Cyber Security Isaac Hayes, Infrastructure Team Lead, Missouri Office of Cyber Security
Keywords	AWS, Case Study/Use Case, Technical Session

Finding Evil at Scale with PANW: Using PAN to Detect, Respond and Contain Threats

It's 3 o'clock in the morning and you just received a Palo Alto Networks alert for command- and-control (C2) traffic originating from a laptop in a remote manufacturing office.
Palo Alto Networks provided you an investigative lead, now you need to pursue it. In this talk, we'll show you how to take an investigative lead from Palo Alto Networks, pursue it and go from alert to fix using real-world examples from the front lines of an MSSP. We'll use Palo Alto Networks data sources to answer investigative questions to scope incident activity. In the process we’ll walk you through how we detect and respond to evil at scale using Palo Alto Networks.

Offered	Wednesday, 7:00 am – 7:30 am
Speakers	Peter Silberman, Director of Innovation and Integrations, Expel
Keywords	Threat Detection and Prevention, Overview Session

Fireside Chat with Mary Pat McCarthy, Palo Alto Networks Board Member

Join Mary Pat McCarthy, Palo Alto Networks board member, and moderator Melinda Thompson for an intimate discussion about cybersecurity and why it’s become a board-level topic for companies around the globe. As a board member for multiple companies, Mary knows first-hand what boards expect from their security teams. Attend this fireside chat to find out what reports CISOs should prepare for their board of directors. Mary will also share her 34-year career journey in finance and how she rose to become a Vice Chair at KPMG LLP. Receive advice from Mary on how to make an impact in your organization and how to successfully navigate career challenges.

Offered	Tuesday, 4:00 pm – 8:00 pm
Keywords	Network Security

Firewall Automation Basics and Best Practices

As networks continue to evolve and progress, organizations now require increased agility and flexibility that go beyond the physical datacenter and now into areas such as containers, VNFs and public cloud instances. With included Palo Alto Networks Ansible modules, network teams are now able to automate configurations and operational tasks on premises, off premises, or a mix of both without the manual interaction of underlying network platforms. Start small with automating physical Palo Alto Networks firewalls then scale to next-gen virtual Palo Alto Networks firewalls in a hybrid cloud environment.

Offered	Wednesday, 8:00 am – 8:50 am
Speakers	Stanley Karunditu, Solutions Engineer, Ansible (Red Hat)
Keywords	Public Cloud, Automation, App Developers, AWS, Azure, Google Cloud, Technical Session

Fiserv: Transforming How We Deliver Our Services While Securing the Data Center and Private Cloud

Fiserv embarked on a journey of transformation from a legacy culture into a more agile and client-driven one while leveraging Palo Alto Networks to help define their architectural framework – not only for security, but for how they provision services to their external clients. As Fiserv reshaped the way it delivers on client expectations, they fostered a culture embracing automation, self-service provisioning, and a focus on applications/services instead of networks and infrastructure. Leveraging Palo Alto Networks and their partnership with VMware, Fiserv has become more agile, more productive, and more secure than ever before.

Offered	Wednesday, 1:30 pm – 2:20 pm
Speakers	Anthony Gravanda, Director, Security Architecture and Engineering, Fiserv
Keywords	Private Cloud/Datacenter, Overview Session, Case Study/Use Case, Automation, Segmentation, NGFW

From Blockbusters to Bitcoins: Insights into Lazarus

In this presentation, we will analyze three Lazarus attack campaigns organically discovered by Palo Alto Networks researchers. We’ll explore the relationships between Lazarus, Operation Blockbuster, attacks on the SWIFT banking system, and Bitcoin themed-attacks. Audience members will be guided through campaign targets, tools, and technical indicators with a strong focus on threat discovery, hunting, and pivoting.

Offered	Wednesday, 1:30 pm – 2:20 pm
Speakers	Anthony Kasza, Principal Threat Researcher, Palo Alto Networks
Keywords	Technical Session, Threat Research/Unit 42

From K-12 to SE: What I've Learned (Best Practices)

Dave has been in your shoes. If only he knew then what he knows now! There are a million things to get done, so where do you begin? Dave will show how you can improve your security posture and how to get the best of your investment in the Palo Alto Networks security platform. He will go in-depth with the features of the security platform that you can apply immediately in your environment, including:

App-IDs – do you have what you need in place?
When did you last review your security policies?
Are you leveraging Palo Alto Networks SEs and partner resources to better improve your security posture?
Are you utilizing customer success tools, such as heatmaps and BPA?
Have you reviewed your ACC tab lately?
Do you understand the products beyond the subscription?

Offered	Wednesday, 9:10 am – 10:00 am
Speakers	David Cumbow, Systems Engineering Manager, Palo Alto Networks
Keywords	Overview Session, Case Study/Use Case, Technical Session

From the Trenches: Mitigating Cyberattacks Across a Fast-Growing Global Network

If your organization’s global footprint is growing rapidly how do you effectively — and manageably — scale your network security architecture to keep pace with the attackers?

In this session, Motorola Mobility CISO Richard Rushing will present what he learned from protecting a global organization with more than 25,000 employees and 10 subsidiaries. He has built an infrastructure that includes Palo Alto Network Firewalls to block threats on premises, integrated with a cloud-based network detection and response tool to accelerate analysis and remediation which also integrates with a SIEM serving as a central logging tool. Rushing will explain how he’s able to stay ahead of the attackers and seamlessly transition between the integrated solutions for better incident response resulting from network visibility at the packet level, contextual understanding of security events, identification of users and apps associated with threats via User-ID and App-ID, and automated threat mitigation.

Offered	Thursday, 9:10 am – 10:00 am
Speakers	Richard Rushing, CISO, Motorola Mobility
Keywords	Network Security, Best Practices/Troubleshooting, Case Study/Use Case, Technical Session, NGFW

GDPR is Here: Are You Ready?

The GDPR applies to entities that process personal data of individuals in the European Union, even if the entity is not established in the EU. This regulation is far reaching and non-compliance can result in fines up to 4% of an entity's global annual turnover. Join this panel to hear about Palo Alto Networks’ journey towards GDPR readiness, to find out about resources we have made available for your GDPR compliance, and learn how our technology (NGFW, WildFire, Traps, etc) can help you with GDPR.

Offered	Thursday, 9:10 am – 10:00 am
Speakers	Cynthia Cox, GRC Principal, Palo Alto Networks Paola Zeni, Sr. Director, Sr Privacy Counsel, Palo Alto Networks
Keywords	Next Generation Security Platform, Overview Session, Best Practices/Troubleshooting, Compliance

Getting Started with CASB. Tips, Tricks and Lessons Learned

Are you looking for a way to identify Credit Card and Social Security numbers in your SaaS applications? Have you recently acquired Aperture, Palo Alto Networks CASB solution? Come hear about tips for initial configuration, tricks for ongoing operation, and lessons learned from a recent implementation. Learn how you can identify files with sensitive content in google Drive, Dropbox, and even S3, subsequently alerting users or even automating remediation.

Offered	Wednesday, 1:30 pm – 2:20 pm
Keywords	SaaS/Aperture, Case Study/Use Case, Best Practices/Troubleshooting, Technical Session

GlobalProtect Best Practices

Deploying GlobalProtect within your organization provides many opportunities to integrate with your existing infrastructure. In this session, get best practices on deploying GlobalProtect and integrating with your authentication servers, certificate authorities, and enterprise mobile management environments.

Offered	Wednesday, 4:00 pm – 4:50 pm
Keywords	Network Security, Best Practices/Troubleshooting, GlobalProtect, Technical Session

GlobalProtect Cloud Service Best Practices

GlobalProtect cloud service greatly simplifies the security infrastructure needed to deliver consistent security to the branch office and mobile workforce. In this session, get tips on how to fit GlobalProtect cloud service with your existing network design and the best practices in on-boarding to the GlobalProtect cloud service.

Offered	Wednesday, 9:10 am – 10:00 am
Keywords	SaaS/Aperture, GlobalProtect, Best Practices/Troubleshooting, Technical Session

Google Architecture Whiteboarding and Brainstorming

Newly supported by the VM-Series in PAN-OS 8.1, this session will use the four basic architectures we’ve seen to date as the kick off point for a lively discussion on how to build a secure and scalable environment on Google Cloud. Hosted by experts from Google and Palo Alto Networks, this session will answer how-to questions and encompass whiteboarding, brainstorming and minimal use of PowerPoint. (AUDIENCE LIMITED TO 100)

Offered	Tuesday, 4:20 pm – 5:10 pm
Speakers	Scott Sumner, Consulting Engineer, Cloud, Palo Alto Networks
Keywords	Public Cloud, Google Cloud, Technical Session, Best Practices/Troubleshooting

Hands-On Workshop: Advanced Next-Generation Firewall Deployment

Designed for security and network engineers, this session dives deep into Palo Alto Networks security policies and network configuration. It is designed to enhance your understanding of how to configure and manage some of the more advanced features of Palo Alto Networks next-generation firewalls.

This session will focus on firewall and Panorama features useful for deployments in large and complex networks.

Required: Participants must bring a laptop with an HTML5-compatible browser.

Prerequisites: Must have prior knowledge of Palo Alto Networks next-generation firewalls and Panorama.

Offered	Monday, 3:30 pm – 5:30 pm Tuesday, 1:00 pm – 3:00 pm Wednesday, 1:00 pm – 3:00 pm Thursday, 9:30 am – 11:30 am
Keywords	Hands-on Trainings, NGFW, Management, Technology Integration, Threat Detection and Prevention

Hands-On Workshop: Automating Multi-Cloud Security Using Terraform and Ansible

With a growing footprint of cloud-native applications, enterprises have demonstrated that leveraging security along with automation can reap significant benefits with ever-increasing public cloud adoption. Automation greatly simplifies the onboarding of new applications and VPCs as well as managing configurations across different cloud platforms, such as AWS and Azure. Automation can also help ensure security keeps pace with application innovation and deployment. You can use the cloud-native security capabilities of VM-Series firewalls together with third-party automation tools, such as Terraform and Ansible, to fully automate and accelerate cloud adoption.

In this session, we’ll present the techniques and give you a chance to try the tools developed for cloud-native application architectures using Terraform and Ansible, in conjunction with the VM-Series firewall, on cloud platforms like AWS and Azure. We’ll discuss real-world use cases that address cloud-native architectural patterns and paradigms, the requirements for a strong security architecture, and using automation to ensure application deployments are agile and secure.

Required: Participants must bring a laptop with an HTML5-compatible browser.

Offered	Monday, 3:30 pm – 5:30 pm Tuesday, 1:00 pm – 3:00 pm Wednesday, 1:00 pm – 3:00 pm Thursday, 9:30 am – 11:30 am
Keywords	Hands-on Trainings, Automation, NGFW, PAN-OS 8.1, Public Cloud, Technology Integration

Hands-On Workshop: Cloud Security for Amazon Web Services (AWS)

In this lab-based session, our AWS product experts will lead a series of hands-on exercises to provide an introduction to AWS and how you can use the VM-Series on AWS to deploy next-generation security services. You’ll learn about:

Targeted use cases for the VM-Series firewall on AWS
Deploying VM-Series firewalls in AWS through CloudFormation templates
Protecting your data and service in AWS with a VM-Series firewall
Using Dynamic Address Group (DAG) to protect dynamic EC2 instances
Leveraging threat intelligence with External Dynamic List (EDL)

Required: Participants must bring a laptop with an HTML5-compatible browser.

Offered	Monday, 1:00 pm – 3:00 pm Tuesday, 3:30 pm – 5:30 pm Wednesday, 9:30 am – 11:30 am Wednesday, 3:30 pm – 5:30 pm
Keywords	Network Security, AWS, Hands-on Trainings, NGFW, Public Cloud

Hands-On Workshop: Deep Dive With SSL Decryption

More and more enterprise traffic is being obscured with SSL, including some of the applications and sites that introduce the most risk for your business. Palo Alto Networks firewalls provide the capability to decrypt and inspect traffic for visibility, control and granular security.

This session will guide you in setting up SSL decryption for a forward proxy with deployment best practices. The lab will navigate you through understanding the various features available to support SSL decryption. Additionally, you’ll go through a troubleshooting exercise to learn how to overcome challenges you may fac

Required: Participants must bring a laptop with an HTML5-compatible browser.

Offered	Monday, 3:30 pm – 5:30 pm Tuesday, 1:00 pm – 3:00 pm Wednesday, 1:00 pm – 3:00 pm Thursday, 9:30 am – 11:30 am
Keywords	Hands-on Trainings, NGFW, Best Practices/Troubleshooting

Hands-On Workshop: Develop Your First Third-Party Application for the Application Framework

Palo Alto Networks Application Framework is the means to create, deliver and consume innovative security products. To that end, the Application Framework introduces three powerful JSON APIs for interfacing with the Logging Service, Event Service and Directory Service – the fundamental building blocks of an application. The Palo Alto Networks Cloud SDK was created to enable developers to rapidly build or integrate security products using the Application Framework.

In this course, you’ll learn beginner-to-advanced level features of the third-party developer APIs, execute example scripts and attempt to build your first application.

The course will introduce the Palo Alto Networks Cloud SDK, equipped with a Python library and command-line utility for programmatically interacting with the Logging Service, Event Service and Directory Service APIs. You’ll also discover what the Reference Application is and how it can help accelerate the development cycle. You’ll be provided access to a developer environment, but you’re encouraged to build your own.

Required:

Participants must bring a laptop with an HTML5-compatible browser and SSH client (e.g., Mac laptop with Terminal, Windows laptop with SecureCRT or PuTTY, or Linux laptop

Prerequisite:

Previous experience using APIs

Optional:

Python 3.6 with pipenv installed

Helpful:

Prior experience with Palo Alto Networks Cloud SDK (repo and URL to be finalized before Ignite) https://github.com/PaloAltoNetworks/pancloud

Offered	Monday, 1:00 pm – 3:00 pm Tuesday, 3:30 pm – 5:30 pm Wednesday, 9:30 am – 11:30 am Wednesday, 3:30 pm – 5:30 pm
Keywords	Hands-on Trainings, Application Framework, App Developers, App Framework Partners, NGFW, Technology Integration

Hands-On Workshop: Drive Action on Threat Intelligence With AutoFocus and MineMeld

Learn how to bridge the gap between machine-generated threat data and security operations professionals with AutoFocus contextual threat intelligence and MineMeld syndication engine. Enriched with context from WildFire service, the Unit 42 threat research team and third-party feeds, AutoFocus enables you to identify and act against the most critical threats facing your organization. This industry-first threat operations approach allows native workflows between intelligence generation, verification and prevention enforcement through the Next-Generation Security Platform. You’ll learn:

How to use integrated threat intelligence to improve existing security workflows
The value of adding real-time context to security events
How to enable aggregation of any third-party threat intelligence feed with MineMeld
How to drive automated prevention enforcement for highly targeted attacks

Required: Participants must bring a laptop with an HTML5-compatible browser.

Offered	Monday, 1:00 pm – 3:00 pm Tuesday, 3:30 pm – 5:30 pm Wednesday, 9:30 am – 11:30 am Wednesday, 3:30 pm – 5:30 pm
Keywords	Hands-on Trainings, NGFW, Technology Integration

Hands-On Workshop: Improve Firewall Security Policy with Expedition

In this session, we’ll make use of Expedition, a tool that facilitates complex device configuration tasks and analyzes configuration and log data to make recommendations on firewall policy improvements.

We’ll retrieve a PAN-OS device configuration and perform analyses against best practices to identify weak aspects and points for improvement.

Some security rules may be considered too permissive. We’ll apply data analysis and learning techniques on your traffic logs to improve the existing security policy. Additionally, we’ll show you how to replace specific security rules with new ones automatically generated via machine learning techniques.

Required: Participants must bring a laptop with an HTML5-compatible browser.

Offered	Monday, 3:30 pm – 5:30 pm Tuesday, 1:00 pm – 3:00 pm Wednesday, 1:00 pm – 3:00 pm Thursday, 9:30 am – 11:30 am
Keywords	Hands-on Trainings, Application Framework, Automation, NGFW

Hands-On Workshop: Industrial Cybersecurity

Set in a fully virtualized industrial control systems environment complete with human-machine interfaces and programmable logic controllers – HMIs and PLCs, respectively – this workshop focuses on how to use next-generation firewalls and Traps advanced endpoint protection to increase visibility, enforce granular segmentation and prevent successful cyberattacks on ICS/SCADA networks and endpoints.

You’ll complete ICS-specific lab exercises for:

Zoning – Layer 3 and Layer 2/VLAN insertion
Visibility and control for industrial protocols, such as Modbus and DNP3
Custom ICS App-ID creation
User-ID for role-based controls
How to use threat prevention capabilities in the next-generation firewall and Traps to protect automation servers and HMIs.

An overview of the new ruggedized next-generation firewall for industrial applications, the PA-220R, will also be provided.

Required: Participants must bring a laptop with an HTML5-compatible browser.

Offered	Monday, 3:30 pm – 5:30 pm Tuesday, 1:00 pm – 3:00 pm Wednesday, 1:00 pm – 3:00 pm Thursday, 9:30 am – 11:30 am
Keywords	Hands-on Trainings, Network Security, NGFW, PAN-OS 8.1, Endpoint/Traps

Hands-On Workshop: Introduction to PAN-OS XML API for Automation

Palo Alto Networks PAN-OS XML API allows you to perform many administrative and operational functions, including automation, integration, monitoring, device provisioning and more.

In this workshop, you’ll learn about beginner- and intermediate-level features of the API as well as perform sample operational and configuration use cases.

The command-line program panxapi.py, part of the pan-python package, will be introduced. You’ll get access to your own PAN-OS VM-Series and Ubuntu environment for the hands-on labs.

Required: Participants must bring a laptop with an HTML5-compatible browser and SSH client (e.g., Mac laptop with Terminal, Windows laptop with SecureCRT or PuTTY, or Linux laptop)

Prerequisites: Previous experience using APIs and using the PAN-OS CLI and using panxapi.py from pan-python:

https://github.com/kevinsteves/pan-python/blob/master/doc/panxapi.rst

Offered	Monday, 1:00 pm – 3:00 pm Tuesday, 3:30 pm – 5:30 pm Wednesday, 9:30 am – 11:30 am Wednesday, 3:30 pm – 5:30 pm
Keywords	Hands-on Trainings, App Developers, Automation

Hands-On Workshop: Network Security Best Practices

A successful deployment of next-generation security requires careful consideration during the design and implementation phases. This session provides administrators with best practices and configuration guidelines to improve security posture and reduce exposure to potential risks. Attendees will also be able to exercise some of the recommended best practices in this hands-on session.

Required: Participants must bring a laptop with an HTML5-compatible browser.

Offered	Monday, 1:00 pm – 3:00 pm Tuesday, 3:30 pm – 5:30 pm Wednesday, 9:30 am – 11:30 am Wednesday, 3:30 pm – 5:30 pm
Keywords	Hands-on Trainings, Best Practices/Troubleshooting, Management, NGFW, Threat Detection and Prevention

Hands-On Workshop: Preventing Credential Theft

Credential theft and abuse is one of the oldest attacks in the book, yet it remains highly effective. With stolen credentials, an adversary can impersonate a valid user to bypass the entire attack lifecycle, move uninterrupted throughout an organization's network and shift to the abuse of credentials from within.

In this session, you’ll see a real-life phishing kit in action and implement policies to prevent credential theft. Additionally, you’ll learn how to enforce multi-factor authentication, or MFA, through the firewall to neutralize an attacker's ability to use stolen credentials for lateral movement.

Required: Participants must bring a laptop with an HTML5-compatible browser and will have the option to use a phone and mobile number for the MFA lab exercise.

Offered	Monday, 3:30 pm – 5:30 pm Tuesday, 1:00 pm – 3:00 pm Wednesday, 1:00 pm – 3:00 pm Thursday, 9:30 am – 11:30 am
Keywords	Hands-on Trainings, NGFW, Threat Detection and Prevention

Hands-On Workshop: Safely Enable Your SaaS Applications

The adoption of software-as-a-service applications continues to grow at an impressive rate. You don’t want to clamp down on these applications because they are valuable tools for many of your employees, but they do expose your organization to potentially disastrous security risks, such as data leakage, malware and regulatory noncompliance. You need a clear definition of which SaaS applications are sanctioned and unsanctioned by the company so you can put in place proper solutions to control their usage.

This session will show you how to safely enable today's important business SaaS applications with the next-generation firewall and Aperture SaaS security service on Palo Alto Networks Next-Generation Security Platform.

Required: Participants must bring a laptop with an HTML5-compatible browser.

Offered	Monday, 1:00 pm – 3:00 pm Tuesday, 3:30 pm – 5:30 pm Wednesday, 9:30 am – 11:30 am Wednesday, 3:30 pm – 5:30 pm
Keywords	SaaS/Aperture, NGFW, Public Cloud, Threat Detection and Prevention, Hands-on Trainings

Hands-On Workshop: Securing Applications in Google Cloud Platform

In this lab-based session, our Google Cloud Platform product experts will lead a series of hands-on exercises that will introduce you to GCP and how you can deploy the VM-Series on GCP. You’ll learn:

Targeted use cases for the VM-Series on GCP
How to deploy VM-Series firewalls on GCP through Deployment Manager templates and Google Cloud Shell
How to protect your data and service in GCP with a VM-Series firewall

Required: Participants must bring a laptop with an HTML5-compatible browser.

Offered	Monday, 3:30 pm – 5:30 pm Tuesday, 1:00 pm – 3:00 pm Wednesday, 1:00 pm – 3:00 pm Thursday, 9:30 am – 11:30 am
Keywords	Hands-on Trainings, NGFW, Public Cloud, Google Cloud, Network Security

Hands-On Workshop: Securing Applications on Azure

In this lab-based session, our Azure product experts will lead a series of hands-on exercises that will introduce Microsoft Azure and how you can use the VM-Series on Azure to deploy next-generation security services. You’ll learn:

Targeted use cases for the VM-Series on Azure
Deploying VM-Series firewalls through Azure Resource Manager templates
Protecting your data and service in Azure with a VM-Series firewall
How to configure user defined route to forward traffic to the firewall

Required: Participants must have a Microsoft Azure account and bring a laptop with an HTML5-compatible browser.

Offered	Monday, 1:00 pm – 3:00 pm Tuesday, 3:30 pm – 5:30 pm Wednesday, 9:30 am – 11:30 am Wednesday, 3:30 pm – 5:30 pm
Keywords	Azure, Hands-on Trainings, Network Security, NGFW, Public Cloud

Hands-On Workshop: Securing Workloads in Kubernetes Cluster

Containers provide us with dramatically more flexibility for running cloud-native applications on physical and virtual infrastructures.

Containers need to be managed and connected to the outside world for tasks such as scheduling, load balancing, and distribution. This is where a container orchestration tool like Kubernetes comes into its own.

In this hands-on workshop, we will show you how you can leverage your existing VM-Series NGFW to secure your workloads running in GKE (Google Kubernetes Engine) from inbound and outbound network-based threats.

Required: Participants must bring a laptop with an HTML5-compatible browser.

Prerequisite: Must have basic knowledge of Containers and Kubernetes.

Offered	Monday, 3:30 pm – 5:30 pm Tuesday, 1:00 pm – 3:00 pm Wednesday, 1:00 pm – 3:00 pm Thursday, 9:30 am – 11:30 am
Keywords	Hands-on Trainings, Automation, Public Cloud, Containers, Google Cloud, Technology Integration

Hands-On Workshop: Security With GlobalProtect Cloud Service

GlobalProtect cloud service reduces the operational burden associated with securing your remote networks and mobile users by leveraging a cloud-based security infrastructure managed by Palo Alto Networks. In this shared ownership model, administrators can manage GlobalProtect cloud service with Panorama and extend protections from the Palo Alto Networks Next-Generation Security Platform to remote networks and mobile users with two deployment options.

This session will demonstrate deployment of consistent security policies from corporate to all locations and users. You’ll learn how to onboard and secure remote networks as well as secure mobile users’ traffic to the internet and remote access to data center resources using GlobalProtect cloud service.

Required: Participants must bring a laptop with an HTML5-compatible browser.

Offered	Monday, 1:00 pm – 3:00 pm Tuesday, 3:30 pm – 5:30 pm Wednesday, 9:30 am – 11:30 am Wednesday, 3:30 pm – 5:30 pm
Keywords	Management, Hands-on Trainings, GlobalProtect, NGFW, Next Generation Security Platform

Helping DevOps and Security Teams Work Collaboratively

Cloud security conversations increasingly revolve around the time it takes to determine, define, test, approve and implement firewall changes in IaaS environments when contrasted with the speed of deployment / cadence of change that DevOps engineers expect. Multi-million dollar projects have failed, or taken far longer than necessary, due to delays introduced by security industry change control best practices. Firewall change requests are often based on spreadsheets, are poorly or incorrectly defined by developers that do not fully understand how their apps are communicating on the network, compounded by the time it takes for the security team to test, approve and implement the resulting security policy.

During this session, we will demonstrate how we can help reduce security induced friction by using the machine learning capabilities of our Expedition firewall migration tool in the developer build environment and process to automate the generation of VM-Series firewall policies. Expedition machine learning to observe your actual cloud traffic - and of course based on apps not ports & protocols – to then build a firewall security policy dynamically and automatically. The result is a security policy that the developer understands, is not overly permissive (i.e. only allows what is necessary), is dynamic (i.e. able to change as the developer adds new apps) and is easy for the security team to audit, approve and implement. We will also explore how Evident gives DevOps & InfoSec teams confidence that the configurations of their Iaas/PaaS environments are secure.

Offered	Wednesday, 7:45 am – 8:15 am
Speakers	Jamie Brummell, SE, Palo Alto Networks
Keywords	Public Cloud, Overview Session

How Machine Learning and Automation Simplifies Policy Rollout - Reducing Costs and Time-to-Market While Improving Security

How do you realize a fully-operational and thorough next-generation firewall policy when there is no authoritative information on the traffic your business requires? You may have found yourself in this situation when told to improve or create a new security policy. By applying machine learning and data analytics techniques on your firewall traffic logs, Expedition can automate the creation of the security policies including App-ID and User-ID. However, this is just the tip of the iceberg when both firewall traffic logs and machine learning are available.

Analytics of this data opens up other possibilities that can offer significant added value to customers. In this session, Palo Alto Networks will discuss the new capabilities of Expedition, and a special guest from a major financial institution will describe how they used it to automate firewall policy creation and shorten the time to market, while providing increased value and security controls at no additional cost.

Offered	Thursday, 8:00 am – 8:50 am
Speakers	Didac Gil, Solutions Architect, Palo Alto Networks
Keywords	NGFW, Network Security, Overview Session, Case Study/Use Case, Management

How Organizations Can Gain Infrastructure Efficiency by Automating Their Network Operations

Most IT professionals have an overwhelming list of projects and upgrades they’d like to complete, if only they had the time. Instead, we spend most of our days dealing with urgent issues and addressing our ever-growing to-do list. But how much more could we get done if we managed to automate some of these “to-do” items? Even more pressing, what if these items are really mission-critical “must-haves”?

With all that is expected of IT and Security departments in today’s world, how can anyone be sure that the tasks required to be completed by their teams cannot be automated to save time, money and resources? In this discussion, we will show you how to improve efficiencies by automating a large number of your disaster recovery procedures, while validating that the procedures were completed correctly, and proactively automating many other additional tasks that might appear in the future.

Offered	Tuesday, 12:45 pm – 1:15 pm
Speakers	Rafi Zvi, CEO, BackBox
Keywords	Automation

How and Why Temple University Chose and Implemented the Palo Alto Platform – A Case Study

This proposed presentation will be from the point-of-view of the engineering team that implemented the Palo Alto platforms at Temple University. After reviewing the scope of Temple’s network and our centralized IT organizational structure, we will explore the motivations and business drivers (from an operational perspective) for migrating to Palo Alto. This will lead us into a discussion of the technical challenges of our multi-phased implementation, security architectural design, and finally lessons learned.

This presentation will be conducted by Paul M. Smith, MBA, CISSP, Assistant Director of Network Security at Temple University. Paul is the lead engineer behind the implementation and operations of the Palo Alto platform at Temple University. In addition to 20 + years of networking and security experience, Paul is also an Adjunct Professor for both the School of Business and the College of Engineering at Temple University. The role of adjunct professor allows Paul to bridge his day-to-day experiences in Network Security into the classroom and security related conferences. (https://www.linkedin.com/in/paulmatthewsmith/)

Offered	Wednesday, 4:00 pm – 4:50 pm
Speakers	Paul Smith, Assistant Director, Network Security, Temple University
Keywords	Next Generation Security Platform, Case Study/Use Case, Technical Session

How to Automate Yourself Out of a Job (and why you should)

In the context of the Digital Age, automation is by no means a recent phenomenon and can be traced back to the 1950s, when the book “Automation: Its Impact on Business and Labor” was first published. Even then, automation was seen as a “dilemma” and the book even addressed the economic and social consequences of introducing automation to various industries. Fast-forward to today and the conversation around automation is still heavily focused on the impact of technology on the division of labor, and whether humans will eventually be left without a slice. How exactly does one automate themselves out of a job? Is automation inherently “good” or “bad”? How could automation affect my career? This session addresses these and other questions/topics by presenting a series a case studies involving automation in the workplace. More specifically, the case studies seek to illuminate the impact of automation on the careers of two individuals, who either sought or encountered opportunities to successfully leverage automation.

Offered	Wednesday, 1:00 pm – 1:30 pm
Speakers	Nate Bitting, Sr Mgr, Customer Success Automation & Analytics, Palo Alto Networks
Keywords	Network Security, Management, Automation, Overview Session

How to Obtain Complete Visibility and Ease Security Operations Workflows Using Panorama

Discover how Panorama helps you gain visibility and context to answer important security questions about user activity, traffic patterns, and potential threats to your entire network. You will learn how to use Panorama to confirm, detect, and mitigate an attack that was prevented by your Palo Alto Networks platform. We will also talk about how to reduce the attack surface by fine-tuning policies based on the SaaS visibility report.

Offered	Thursday, 10:30 am – 11:20 am
Speakers	Anubhav Gupta, Product Manager, Palo Alto Networks
Keywords	Management, Network Security, Technical Session, NGFW, Best Practices/Troubleshooting, Threat Detection and Prevention

How to Test, Implement, and Manage NGFW - Lessons Learned by a Former CISO

In this session, a former CISO and his technical security engineer will share experiences about acquiring, implementing and managing next-generation firewalls. We will cover how we tested different firewalls, what implementation challenges we faced, and what lessons we learned. We will also discuss what worked to address DevOps team's concerns with respect to SSL decryption, and share details about a real security incident that we experienced during the implementation and how we tackled it effectively.

Offered	Thursday, 10:30 am – 11:20 am
Speakers	Jovan Aleksov, Security Engineer, ING Bank
Keywords	Network Security, Best Practices/Troubleshooting, Case Study/Use Case, Technical Session, NGFW

How we Protect Palo Alto Networks with GlobalProtect

The Palo Alto Networks InfoSec team is responsible for protecting our people and information from external threats. One of the security measures that we use is GlobalProtect, which is crucial for the way that we mitigate the risk that our mobile workforces are exposed to. In this session, we will cover planning and design for implementing GlobalProtect at Palo Alto Networks.

Offered	Wednesday, 1:00 pm – 1:30 pm
Keywords	GlobalProtect, Overview Session

ICS Zoning and Step Up Authentication

Learn how a major American gas and electric utility leveraged the Palo Alto Networks platform to not only improve the cybersecurity within their ICS networks, but also to increase the resilience required to maintain business continuity. Attendees will learn about the following important topics:

The different and often unique challenges security professionals may encounter when operating and securing critical ICS and SCADA networks
How VWIRE mode and sustained traffic monitoring can be used to identify and develop business use cases for App-ID and User-ID in OT security policy
How to combine these learnings along with best-practice zoning strategies for OT (Purdue Model / ISA95) and shadow (port/protocol) rules during migration to implement optimized OT segmentation, including securing access for business partners
How to apply tiered Device Groups in Panorama to create a templatized security policy for ease of deployment and operations management, and reduction of “policy divergence” across multiple devices
Using Palo Alto Networks insight into network communications to help identify and troubleshoot network performance issues

Offered	Tuesday, 4:20 pm – 5:10 pm
Speakers	Alex Waitkus, Security Architect, Securicon, LLC
Keywords	ICS/SCADA, Network Security, Case Study/Use Case, Technical Session, Management, NGFW

IT-OT Collaboration and Cybersecurity Implications of Convergence

The integration of information technology's (IT) data-centric systems with operational technology's (OT) process control systems is a severe challenge for all industries that use them. A problem that goes beyond technology is the collision of two worlds that traditionally operated in silos. Join our roundtable discussion as we look at ways that IT and OT teams can collaborate to overcome the challenges of convergence and the security concerns it brings. In our conversation, we will look at:

Ways to define IT OT accountability
Outdated systems and how to decrease the security risks
Mitigating risks to productivity

Offered	Thursday, 11:30 am – 1:00 pm
Keywords	ICS/SCADA, Network Security, Industry Roundtables

Implementing an Information-Centric Defense in Higher Ed

Research universities have almost every kind of information system found throughout society. With them comes all kinds and capabilities of threat actors as well as most compliance requirements in existence. Universities also have mission needs for innovation, agility and autonomy. Penn State is implementing an information-centric defense Palo Alto NGFWs playing a central role. This presentation will discuss the strategy, the architecture, and the transition from a unit-centric defense across 69 IT organizations and 24 campuses

Offered	Tuesday, 4:20 pm – 5:10 pm
Keywords	Case Study/Use Case

Implementing and Securing DevOps on Hybrid Cloud

Is improving security posture and simplifying security environment for your Continuous Integration and Continuous Deployment (CI/CD) process important to you? Securing DevOps environment in a hybrid cloud environment is challenging. Learn how AccountantsWorld addressed those challenges by architecting a hybrid cloud solution using Palo Alto Networks next-generation firewalls to secure their DevOps environment.

Using GlobalProtect, AccountsWorld also enabled remote users with secure access to their environment. It not only simplified AccountsWorld environment it also improved security, and reduced the time to deploy and address deployment errors.

Offered	Wednesday, 4:00 pm – 4:50 pm
Keywords	Network Security, Overview Session, Private Cloud/Datacenter, Public Cloud

Incident Response from the Endpoint – Best Practices from Palo Alto Networks SOC

Learn from our own SOC team the strategies, techniques, and integration between Traps, AutoFocus, and WildFire that help them tackle IR behind our own walls including configurations to enable Traps to collect data useful in the IR process.

Offered	Thursday, 9:10 am – 10:00 am
Keywords	Threat Detection and Prevention, Best Practices/Troubleshooting, Endpoint/Traps, Technical Session

Inside Out: Using the Application Framework to Find Internal Traffic Matching External Threat Intelligence from Recorded Future

Recorded Future helps security professionals reduce risk and proactively defend against emerging threats by arming them with threat intelligence derived from the broadest set of external sources. With Palo Alto's new Application Framework, security professionals can now augment their threat intelligence research with queries into their own firewall logs and other network traffic, providing faster insight and better assessments of risk within their organization.

The primary delivery mechanism for this is via Recorded Future's Intel Cards, which summarize all the threat intelligence gathered around a specific entity such as an IP address or domain. With the new Application Framework extension, analysts can query their firewall logs with a single click from within the Intel Card. Analysts can quickly see if the entity has been observed already within their network and under what circumstances, thus connecting threat intelligence directly with their network analysis.

During this session we'll review the integration architecture and expected use cases. We'll also demonstrate the app in action and provide information on how customers can enable and utilize this in their own security environments.

Offered	Wednesday, 2:40 pm – 3:30 pm
Keywords	App Framework Partners, Application Framework, Next Generation Security Platform, Overview Session

Inside the Mind of a Hacker: Track Every Step of an Attack with Behavioral Analytics

Do you want to know how attackers operate? Most highly-motivated adversaries use well-known tools and tricks to carry out their attacks. Join Giora Engel, VP of Product Management at Palo Alto Networks, as he describes how attackers infiltrate networks, expand their realm of control, and locate and steal or destroy sensitive information.

With Magnifier Behavioral Analytics, organizations now have a powerful defense to shutdown advanced threats. During this session, Engel will describe attackers’ methods and reveal how Magnifier detects every stage in the post-intrusion attack lifecycle. He will explain how Magnifier interrogates suspicious endpoints to determine which process initiated an attack, analyzes the endpoint process using WildFire, and integrates with the Next-Generation Firewall to disrupt the attack before the damage is done.

Attend this session to learn:

The latest tactics, techniques, and procedures of malicious actors
A hacker’s step-by-step attack playbook
How to hunt down and eradicate advanced threats with Magnifier Behavioral Analytics, a cloud-based application for the Palo Alto Networks Application Framework

Offered	Tuesday, 4:20 pm – 5:10 pm
Speakers	Giora Engel, VP, Product Management, Palo Alto Networks
Keywords	Application Framework, Technical Session

Is Secure SD-WAN an Oxymoron?

SD-WAN is expected to grow at a triple digit pace to become an $8B market (source: IDC) due to its ability to connect remote sites with applications deployed in data centers and the cloud securely over any WAN link including direct Internet. What does this mean from a security perspective? How can SD-WAN fit into an enterprise architecture without compromising the security perimeter? Join this session with Kumar Ramachandran, CEO at CloudGenix to learn how a unified, consistent application policy for security and networking can enable agility and next-generation customer experiences while maintaining or improving stringent security and threat prevention requirements.

Offered	Wednesday, 12:15 pm – 12:45 pm
Speakers	Kumar Ramachandran, Founder/CEO, CloudGenix
Keywords	Technology Integration, Cloud Partner, Public Cloud, Overview Session

Is Your Company a Talent Magnet?

The cybersecurity industry faces a predicted employee shortage of 2 to 3.5 million by 2021, threatening our ability to keep our organizations secure, let alone grow. In order to address this threat, technical organizations must create cultures that are truly engaging and inclusive, and build a brand that attracts non-traditional employees. Palo Alto Networks is in the midst of meeting this challenge. In this session we will share our strategies and successes so far, and invite an open discussion around additional insights and opportunities.

Offered	Monday, 2:00 pm – 4:00 pm
Keywords	Management, Overview Session

Journey from Network Segmentation to Zero Trust

Flat, wide open networks are an ideal playground for cyber attackers, and allow them to explore the environment for high value targets. How much network segmentation have you deployed for security? What has been your experience with network segmentation? What hurdles did you encounter, and how were they overcome? Is Zero Trust within reach? Zero Trust answers two questions about network segmentation. Number one, why am I segmenting and number two, how will I enforce the segmentation? Come join your peers and a Palo Alto Networks expert to share experiences with network segmentation, and don’t forget to bring your questions, too!

Offered	Wednesday, 11:30 am – 1:00 pm
Speakers	John Kindervag, Field CTO, Palo Alto Networks
Keywords	Segmentation, Network Security, Industry Roundtables

Logging Service - A Key Component of Application Framework, GlobalProtect Cloud Service, and Traps

Learn about our cloud-based log collection product: The Logging Service. In this session you will learn architecture, how easy it is to deploy and manage and how it fits with our cloud-delivered services such as GlobalProtect cloud service and Traps Management Solution. Also, how it’s a foundation of Palo Alto Networks Application Framework, which will help companies consume security innovations without having to deploy anything new.

Offered	Wednesday, 1:30 pm – 2:20 pm
Keywords	Application Framework, Next Generation Security Platform, Technical Session

Migrating Data Center Security from Legacy to Cloud Architectures

As data centers migrate from legacy architectures to Cloud and SDN, how do you embed security into the architecture? Doing so in greenfield data centers is straightforward, but how do you approach it for a brownfield data center? What do you need to do to change your security architecture design so that it doesn’t add complexity to the migration efforts? In this session, we will discuss in detail, security best practices being followed by organizations across the world as they migrate their brownfield data center deployments.

Offered	Wednesday, 10:30 am – 11:20 am
Speakers	Christer Swartz, Consulting Engineer, Palo Alto Networks
Keywords	Private Cloud/Datacenter, Technical Session, Network Security, NGFW, Segmentation

Moody's: Automating Security across a Multi-cloud Environment

Enterprises such as Moody’s, with a growing footprint of cloud applications, have demonstrated that leveraging security along with automation can reap significant benefits. They encounter scenarios requiring the need to onboard new applications, VPC’s, and acquisitions into their cloud deployment footprint and also ensure they are secured appropriately. Terraform is their tool of choice to define and deploy their application and security infrastructure for the different use cases. Additionally, Moody’s also leverages the ability to re-use and modify existing templates to address new application patterns along with the right security posture. The ability to deploy the VM-Series firewall using Terraform and the configuration of security policies using Ansible, greatly enhances their ability to embed security into the application deployment process. Moody’s also use the same tools, that affords consistency, to deploy into both AWS and Azure.

Palo Alto Networks will co-present with Moody’s, the techniques and tools adopted to address the security needs of their cloud native application architectures, which ensures that they remain a leader in the highly competitive financial sector. Together, they will describe numerous real-world use cases which address: cloud native architectural patterns and paradigms, the requirements for a strong security architecture, and the ability to use automation to ensure applications are deployed with agility and security, and lastly, the ability to package security in a highly re-usable and distributable manner.

Offered	Wednesday, 9:10 am – 10:00 am
Speakers	Vinay Venkataraghavan, Solutions Architect, Palo Alto Networks Shankar Chandrasekhar, Assistant Vice President, Cyber Security, Moodys Corporation
Keywords	Public Cloud, Case Study/Use Case, Technical Session, AWS, Azure, Automation

More MineMeld Use Cases

Have you had success in collecting and correlating threat intelligence with MineMeld? Come share your experiences with peers, and hear what they have done as well. Discuss the security and operational benefits realized with your MineMeld efforts. Learn about other possibilities for MineMeld to obtain contextual data from various sources that can then also be used as part of your firewall policy. Bring your questions for a Palo Alto Networks expert, too!

Offered	Thursday, 11:30 am – 1:00 pm
Keywords	Next Generation Security Platform, Automation, Technology Integration, Industry Roundtables

Network Security: Keys to Effective Network Segmentation in Local Government

The Threat Landscape is continuously changing making it clear that traditional, perimeter centric security strategies are no longer effective. There is inadequate visibility, control and protection of user and application traffic. The City of Glendale has taken a segmented approach to strengthen their security posture and adhere to compliance and regulatory requirements. Learn how the City of Glendale applies this approach to departments like Police, Water and Power, and the Library System.

Offered	Wednesday, 2:40 pm – 3:30 pm
Speakers	Eric Brumm, Deputy Chief Information Officer, City of Glendale
Keywords	Network Security, Overview Session, Case Study/Use Case, Segmentation, Technical Session

Next Generation Security for your Cisco ACI Powered Data Center

What are the key requirements for security when your organization is considering Cisco Application Centric Infrastructure (ACI) for your data center? How is Palo Alto Networks solving the data center security challenges in a Cisco ACI fabric? If you seek answers to these questions, this session is for you. We will provide an overview of Cisco ACI concepts every security team should be aware of, you will also learn how Palo Alto Networks firewalls can be integrated with Cisco ACI fabric, what are different design considerations for firewall insertion, real-world deployment use cases and best practices to follow for security when migrating your data center to a Cisco ACI enabled network fabric.

Offered	Tuesday, 4:20 pm – 5:10 pm
Speakers	David Spears, NA, Palo Alto Networks
Keywords	Case Study/Use Case, Private Cloud/Datacenter, Technical Session, Automation, Segmentation, Technology Integration

Organizational Silos Are Killing Your Cloud

As customers begin to adopt Infrastructure as a Service, and “move to the cloud”, many are struggling with the organizational changes required to architect, design, implement, and operate these new services. The legacy model of utilizing separate server, storage, network, and security personnel to manage their own components in the datacenter simply doesn’t work with converged infrastructures. With the highly coupled nature of IaaS, organizations are finding that they must combine the disparate technical groups into an integrated services organization to best implement integrated, non-discreet infrastructures.

In this session we will present one use case of large financial services that is moving their entire on-premise infrastructure to AWS, the challenges they faced, the process they went through to integrate their security requirements into the new infrastructure, and why they eventually had to bring the different groups to the table, security included, to make choices about the entire design. We will also discuss how the move to the cloud for this organization has provided some capabilities for scaling in a very cost effective and timely manner using orchestration and automation tools to automatically deploy new environments, security components included, as new services are provisioned, and as additional capacity is required.

Specific attention will paid to the dependencies between DNS, load balancing, NGFW, and network design.

There will be a live/video demo of the AWS console, and how a new “pod” including load balancing, servers, and VM-Series firewalls can be deployed in minutes with automation tools like Ansible and AWS CloudFormation Templates.

Offered	Wednesday, 8:00 am – 8:50 am
Speakers	Chris Yates, Senior Security Architect, Critical Start Chris Russell, SOC Engineering Manager, Critical Start
Keywords	Public Cloud, Overview Session, Cloud Partner, App Developers, AWS, Azure

Our Own Security Operations Journey

Join Matt Mellen and Rinki Sethi from Palo Alto Networks own Information Security team to hear the journey that Palo Alto Networks embarked on to build an internal SOC. In addition to building our security program that follows a prevention-first philosophy, and leveraging the best in our platform, we will discuss the successes, failures and learnings we experienced throughout our journey. This session is perfect for you if you’re trying to build a SOC, making a decision on whether or not to build your SOC internally, or if you’re trying to show ROI in your current SOC and need the appropriate metrics and data to roll up to your executive team or board.

Offered	Thursday, 10:30 am – 11:20 am
Speakers	Rinki Sethi, Sr. Director, Information Security, Palo Alto Networks
Keywords	Next Generation Security Platform, Technical Session

PA-7000/PA-5200 Series - Data Center Troubleshooting Best Practices

Want to know more about troubleshooting and best practices to follow while deploying PA-7000/PA-5200 Series firewalls in your data center, this is the session for you. We will walkthrough proper troubleshooting techniques to isolate and remediate security related issues within data center, primarily focused around the PA -7000 and 5200 Series product line. This will include case studies mirroring commonly reported issues. The presentation is geared towards technical staff and empowers your security teams to solve their own issues as well as assist TAC with capturing the proper information in efforts to facilitate timely problem resolution.

Offered	Wednesday, 4:00 pm – 4:50 pm
Speakers	Karthik Prakash, Technical Leader, E-TAC, Palo Alto Networks
Keywords	NGFW, Private Cloud/Datacenter, Technical Session, Best Practices/Troubleshooting

PAN-OS Authentication Capabilities to Secure Access and Prevent Credential Abuse Attacks

Credentials Abuse is a serious security problem. Palo Alto Networks Next-Generation Firewall (NGFW) supports a multitude of technologies to allow users to authenticate to Global Protect, administrators to access the firewall UI and users to access protected websites or other resources on the network. Authentication methods already supported include LDAP, RADIUS, TACACS+, SAML.

PAN-OS 8.0, introduced new features such as blocking the submission of corporate credentials to insecure sites and API-based Multi-Factor Authentication integrations with leading vendors in the Identity arena. This session provides technical guidance on different authentication capabilities available in the platform and when and how to use them in order to minimize the impact Credential Abuse attacks in your organization.

Offered	Wednesday, 8:00 am – 8:50 am
Speakers	Francesco Vigo, Partner Architect, Palo Alto Networks Nithin Varam, Product Manager, Palo Alto Networks
Keywords	Network Security, PAN-OS 8.1, Technical Session, Threat Detection and Prevention, Management, NGFW

Palo Alto Networks: Applying CI/CD Principles to VM-Series Deployment and Management

Adopting infrastructure as code and CI/CD principles allows organizations like Palo Alto Networks to create a unified framework that tells developers exactly what their inventory is and allows them to automate deployments and updates as a means of preventing human errors. It’s important to remember that even if you’re using the leading next generation firewall, a configuration error can still lead to a security incident.

In this session, members of the Palo Alto Networks IT team will discuss how they are applying CI/CD principles to support the Palo Alto Networks Campus on the Cloud where all offices and locations are connected and protected with the VM-Series next generation firewall. The speakers will walk through how they are using a combination of native cloud tools, Python, Ansible, Terraform and VM-Series features to fully automate the following tasks:

• Infrastructure creation including the basic networking infrastructure.
• VM-Series deployment.
• Firewall configuration and ongoing policy updates to accommodate the addition of new workloads.

By having a dynamic (infrastructure as) code base that can be deployed out to many environments, in a consistent, rapid and repeatable manner greatly eliminates the chance of human mistypes and allows one to spin up multiple full suite configurations within seconds for different regions within the Campus on The Cloud. The source of truth in version control and combining it with Continuous Integration allows developers to provision environments that can dramatically reduce setup time and eliminate possible configuration errors with a consistent, repeatable methodology.

Offered	Thursday, 9:10 am – 10:00 am
Speakers	Patrick Ryan, Site Reliability Engineer, Palo Alto Networks
Keywords	Public Cloud, Technical Session, App Developers, AWS, Case Study/Use Case

People Centric Protection at Northwestern Mutual Implementing Proofpoint with Palo Alto Networks Wildfire

With their goal of increasing security posture, visibility and efficacy, Northwestern Mutual looked at complimenting their existing Palo Alto Networks security platform. That path led Northwestern to seek a layered approach using dual email security for their Microsoft O365 environment by integrating Palo Alto Networks and Proofpoint for stopping sophisticated targeted email phishing and Ransomware threats. During this break out session, we’ll discuss the net value seen by Northwestern Mutual in their implementation, orchestration, and streamlining response processes. In addition, the journey to increasing effectiveness by integrating existing resources, specifically Palo Alto Networks Wildfire and Proofpoint Targeted Attack Protection will be covered.

Offered	Wednesday, 4:00 pm – 4:50 pm
Keywords	Overview Session, Technology Integration, Case Study/Use Case

Phished Again? How Innovative Detection Techniques Prevent Targeted Phishing

Targeted phishing attacks still succeed despite continued investment in security solutions. In fact, a recent survey found that 76% of infosec professionals indicate their organizations experienced phishing attacks in 2017. And the annual cost of detecting and re-mediating attacks is on the rise, averaging $11.7M in 2017. To improve the effectiveness of your security infrastructure, you must get ahead of phishing attacks. Your security infrastructure needs information about malicious phishing sites before their attacks go live.

Join this session to learn:

How innovative techniques that proactively hunt for and uncover new phishing sites and campaigns before attacks launch enable threat data harvesting early in the attack lifecycle.
How early threat data coupled with decisive actions provides the critical missing ingredient necessary to protect you from targeted phishing attacks.
Breakthrough security effectiveness results experienced by Fortune 1000 business that have integrated pre-emptive targeted attack protection with PAN firewalls.

Offered	Tuesday, 12:45 pm – 1:15 pm
Speakers	Jane Wasson, Product Marketing Manager, Area 1 Security
Keywords	Threat Detection and Prevention, Overview Session

Phishing: When Users Get Hooked – A Case Study in Higher Education

Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details for mostly malicious reasons. The attackers generally disguise as a trustworthy entity and use email spoofing to direct users to enter personal information on fake websites which look and feel almost identical to the legitimate websites

In this educational and entertaining talk, Mohamad Qayoom will share: (1) how users are reacting to sophisticated phishing attacks, (2) results from a simulated phishing campaign engagement with the Department of Homeland Security (DHS), and (3) best practices to protect users from phishing attacks

Offered	Thursday, 9:10 am – 10:00 am
Speakers	Mohamad Qayoom, IT Network Security Consultant, Louisiana State University Health Sceinces Center New Orleans
Keywords	Overview Session, Next Generation Security Platform, Case Study/Use Case

Practitioners Perspective on Automation of Large Scale Management

Every organization is facing security skills shortage. Learn how Palo Alto Networks IT team is overcoming that by using the notion of infrastructure as a code. The session will provide a perspective on our IT team is using next-generation management infrastructure and other automation technologies to overcome the challenges. We will talk about the lessons learned, best practices, and showcase how organizations can adopt infrastructure as a code notion to overcome the skills gap.

Offered	Thursday, 9:10 am – 10:00 am
Speakers	Pradeep Singh, Sr Dir, Infrastructure & Operations, Palo Alto Networks Satwant Jakher, Dir, Site Reliability Engineer, Palo Alto Networks
Keywords	Management, Network Security, Technical Session, NGFW

Preventing Known and Unknown Command-and-Control with the Next-Generation Firewall

Not all exploitations or malware infections can be stopped at the firewall level, especially if the technique or malware used is unknown and unique as with some targeted attacks. In addition, command-and-control, or C2, is at the heart of much of the modern malware we see, often using encryption as a means to obfuscate activity. In this session we'll take a look at some of the latest techniques attackers are using to establish C2 and how to use the Next-Generation Firewall to employ basic and advanced techniques to more effectively detect and prevent command-and-control traffic from exploited and infected hosts.

Offered	Thursday, 9:10 am – 10:00 am
Speakers	Martin Walter, Product Line Manager, Palo Alto Networks
Keywords	Technical Session, Threat Detection and Prevention, Network Security, Next Generation Security Platform

Protecting Mobile Workforces with GlobalProtect

Even when users are off-premise, network security is a critical requirement. The majority of attacks such as phishing, social engineering, exploits, and malware are delivered over the network and target end users, so stopping the attack from reaching the user is the first step in prevention. If the attacker succeeds in compromising a device, the escalation of the attack typically leverages the network to establishing communication the attacker’s C&C servers. Join this session to learn about how to build a GlobalProtect deployment suitable for delivering 24x7 advanced protection for your organization.

Offered	Wednesday, 1:30 pm – 2:20 pm
Speakers	Nicole Ayubi, Systems Engineer, Palo Alto Networks Matt Harmon, Sr. Network Engineer, Yardi
Keywords	GlobalProtect, Technical Session, Threat Detection and Prevention, Network Security

Protecting your Organization from the Inside: Using GlobalProtect for Network Segmentation

One of the core strategies for enterprises to secure their data centers from outside and inside threats is to implement segmentation policies protecting servers, resources and applications. This presentation will cover planning and technical aspects of implementing for controlling access internally access control internally using GlobalProtect, User-ID, Host Information Profile and Multi-Factor authentication.

Offered	Tuesday, 4:20 pm – 5:10 pm
Keywords	Private Cloud/Datacenter, Segmentation, GlobalProtect, Technical Session

Real-World Lessons: Deploying Next-Generation Firewalls as a Service from the Cloud

Midsize enterprises need the same security power of Palo Alto Networks Next-Gen Firewalls as large enterprises use today, but cost and complexity have kept them out of reach. Midsize enterprises do not have the budget, security personnel, or other resources to leverage these security products. No more. Palo Alto Networks resellers and service providers can now simply deliver Palo Alto Networks Next-Gen Firewalls as-a-service from the cloud. This breakthrough cloud-delivered approach enables Palo Alto partners to make enterprise-grade security accessible and affordable to midsize enterprises today.

In this session, Tom Turkot from managed services provider Arlington Computer Products (ACP) and Ken Ammon of security-as-a-service platform vendor OPAQ Networks, will share a case study on how ACP is utilizing this innovative cloud-based platform to:

Tap into new market opportunities
Increase revenue margins
Simplify management
Improve flexibility

Ken will explain how OPAQ Networks has integrated Palo Alto Networks Next-Gen Firewalls into the OPAQ Cloud, a private network backbone that empowers partners to deliver tightly integrated enterprise-grade security capabilities and centrally manage and enforce policies from a single interface.

Tom will discuss real-world use cases that leverage this innovative approach and the benefits associated with deploying Palo Alto Networks Next-Gen Firewalls as a cloud service.

Offered	Wednesday, 9:10 am – 10:00 am
Speakers	Tom Turkot, Vice President, Client Solutions, Arlington Computer Products Ken Ammon, Chief Strategy Officer, OPAQ Networks
Keywords	Technology Integration, Overview Session, Case Study/Use Case

Retail – Birds of a Feather

Whether you’re in e-commerce, brick and mortar, or a combination of both, come join your Retail peers for an open discussion on any and all things security. Share upcoming projects, war stories, or hear from your peers about how they are utilizing Palo Alto Networks technologies to secure their networks. Bring your security challenges and questions for your industry peers and a Palo Alto Networks expert.

Offered	Wednesday, 11:30 am – 1:00 pm
Keywords	Best Practices/Troubleshooting, Industry Roundtables

Rise of the Miners

Over the past year, we've witnessed a shift in malware used by both the common criminal and targeted actor alike. While ransomware was the belle of the ball in the past, it has been replaced with the up-and-coming cryptocurrency miner. In this session, we’ll explore cryptocurrency trends and the rising popularity of cryptocurrency miners being used and deployed by criminals. We'll talk about how and why the crypto mining-to-ransomware transition has occurred, as well as interesting case studies about how this malware winds up on a victim's machine. Finally, we'll also discuss the most popular cryptocurrencies being mined today, and strategies you can take to mitigate this threat.

Offered	Wednesday, 4:00 pm – 4:50 pm
Speakers	Alex Hinchliffe, Unit42, EMEA, Palo Alto Networks Josh Grunzweig, Threat Intelligence Analyst, Palo Alto Networks
Keywords	Threat Research/Unit 42, Overview Session

Schlumberger: Securing Workloads on Google Cloud Platform

With the guiding principle of using the right tool for the job, Schlumberger has deployed a hybrid cloud model on multiple public and private cloud platforms to take full advantage of the relative strengths of each.

Google Cloud Platform is known for performance and compute power, but how do we get advanced security protections in an environment where so many low-level functions have been abstracted away? Continuing with the theme of right tool for the job the VM-Series next-generation firewalls seemed like a good fit.

In this session, Jason Hrncir, perimeter security engineer will discuss Schlumberger’s experience in deploying the VM-Series on GCP including an architectural overview, and how they have addressed routing, networking resiliency and deployment challenges.

Offered	Wednesday, 2:40 pm – 3:30 pm
Keywords	Public Cloud, Case Study/Use Case, Technical Session, Best Practices/Troubleshooting, Google Cloud

Scouting OilRig's Offensive Playbook

When your boss forwards you the latest intelligence report with an urgent flag set and the message "What are we doing about this," what do you say? To be confident in your answer, you need to understand how that adversary operates, or what's in their Playbook. In this session we'll give you an in-depth report on OilRig, an adversary based in the Middle East that has launched a series of targeted attacks over the past three years. We'll show you how to analyze the threat to build a structured copy of their offensive plays, so you can better prepare your defensive line.

Offered	Wednesday, 10:30 am – 11:20 am
Speakers	Ryan Olson, Sr. Director, Threat Intelligence, Unit 42, Palo Alto Networks Robert Falcone, Threat Intelligence Analyst, Palo Alto Networks
Keywords	Threat Research/Unit 42, Overview Session

Securing AWS and Azure with the VM-Series and Evident

In this session, product experts will discuss how the combination of new VM-Series features and API-based security of Evident can protect your AWS and Azure deployment.

Offered	Wednesday, 4:00 pm – 4:50 pm
Keywords	AWS, Azure, Public Cloud, Technical Session, Overview Session

Securing Access to Public Cloud Workloads

Planning a strategy for access to cloud workloads requires more than just authentication. Organizations must also think about the architecture to enforce controls, and the policies needed to address the spectrum of users that need access. In this session, take a look at how to use GlobalProtect to implement authentication and User-ID policy. This is a deep dive session that will look at planning decisions for implementing authentication with GlobalProtect, and the designing architectures to address requirements for identity assurance.

Offered	Thursday, 10:30 am – 11:20 am
Speakers	Stan Lee, Director, Security Infrastructure, Palo Alto Networks
Keywords	AWS, Public Cloud, GlobalProtect, Technical Session, Azure, Case Study/Use Case, Google Cloud

Securing Multi-cloud

More workloads are being moved to the public cloud. To provide greater diversity (geographic, vendor), satisfy data residency, or to leverage distinctly native features, organizations are adopting the use of more than one cloud service provider. How are you reconciling differing local security capabilities across the CSPs? What automation of security has been possible across your various cloud workloads? Come share your cloud adoption stories and how security has been implemented for each. Bring your questions, and join your peers and a Palo Alto Networks expert for a discussion on the journey to multi-cloud.

Offered	Wednesday, 11:30 am – 1:00 pm
Speakers	Jason Meurer, Consulting Engineer, Palo Alto Networks
Keywords	Automation, Public Cloud, AWS, Azure, Google Cloud, Industry Roundtables

Securing Remote Office Networks

Brick and mortar branch offices are still commonplace in retail, banking, insurance, etc. Efforts to optimize costs have led to the widespread adoption of the internet connections at branch offices. To protect the remote site and the whole enterprise, what measures have you put in place for such branches? What additional security challenges have the branch environment presented? Come share your branch office and network experiences with your peers, and bring your questions for a Palo Alto Networks expert too.

Offered	Thursday, 11:30 am – 1:00 pm
Keywords	Network Security, Industry Roundtables

Securing Your Data Center and Private Cloud Infrastructure: What's New in PAN-OS 8.1

In this session, we will talk about new innovations and enhancements available in PAN-OS 8.1 for securing your private cloud and data center infrastructure.

Offered	Wednesday, 8:00 am – 8:50 am
Keywords	Overview Session, PAN-OS 8.1, Private Cloud/Datacenter

Security Automation

While operations are becoming increasingly more and more automated, security has been lagging behind. Join this round table to hear how Palo Alto Networks open API and integration points can be used to tie in with existing systems, augment turn up and shutdown processes, or automate security processes integrating with WildFire or AutoFocus. Come share your experiences automating your security improvements and the benefits realized from eliminating manual tasks. Ask questions of a Palo Alto Networks expert, too.

Offered	Thursday, 11:30 am – 1:00 pm
Keywords	Automation, Next Generation Security Platform, Industry Roundtables

Security Automation – Is It Security at Scale or Hype at Scale?

During this session, the presenters will walk through the journey towards security automation at-scale within Palo Alto Networks' own corporate information security team. By leveraging a services approach to security automation, information security teams around the world can enable security capabilities that were unachievable just a few years ago. We'll illustrate use of automation and analytics functions to orchestrate detection, enrichment and response to threat scenarios. We’ll also share with you the questions, mindsets and approaches to this problem that have helped us achieve security automation at-scale.

Offered	Wednesday, 8:00 am – 8:50 am
Keywords	Overview Session, Threat Detection and Prevention, Network Security, Next Generation Security Platform, Endpoint/Traps

Security Best Practices for Common Cloud Architectures

Getting the public cloud architecture “right” is a critical step in your digital transformation. The challenge some organizations face is the architecture development process overshadows or minimizes the security best practices conversation.

In this session, members of the Cloud Architecture and Threat Research teams will walk through security best practices for common cloud architectures such as hybrid (data center to cloud), inbound web applications, and outbound/internet facing. With the ultimate goal of ensuring your cloud deployment is secure, best practices recommendations will include both the use of native cloud security capabilities and Palo Alto Networks next-generation security capabilities.

Offered	Thursday, 8:00 am – 8:50 am
Speakers	Adrian Culley, Consulting Engineer, Palo Alto Networks Jaime Franklin, Consulting Engineer, Palo Alto Networks
Keywords	Public Cloud, Best Practices/Troubleshooting, Technical Session, AWS, Azure, Google Cloud

Security Innovations via the Application Framework

Consuming cybersecurity innovations has become nearly impossible due to the high cost of adoption. More time is spent on testing, integrating, and operating disconnected tools than stopping actual threats. In spite of this, you must continue to innovate your defenses as attackers constantly evolve their tactics. Come share any plans for and discuss what else you’d like to see from the Application Framework with your peers and a Palo Alto Networks expert.

Offered	Thursday, 11:30 am – 1:00 pm
Keywords	Application Framework, Automation, Industry Roundtables

Single Realm Multi-cloud Security Management with Palo Alto Networks

Customers around the world are rapidly moving towards a multi-cloud architecture as a means of leveraging provider core competencies and distributing their risks. As customers start to use this broad multi-cloud fabric, it becomes ever more important to look at new and innovative ways to centralize management and security.

In this session we will cover a new paradigm of thinking around Realm Management, the ability to manage multi-cloud infrastructure security from one central point of management and start collapsing the cloud providers down to a mission critical cloud fabric. Using the VM-Series and Panorama as the core elements of Realm Management, we are able to bring to life a single pane of glass management initiative that allows for central security, control and management of Microsoft Azure and Amazon AWS.

We will review the driving principles and technical architecture of Realm Management and how it can centralize security once, allowing you to push policy and updates across multiple cloud providers at scale.

Offered	Wednesday, 9:10 am – 10:00 am
Speakers	Peter Meister, Sr. Director - Product Strategy, 2nd Watch
Keywords	Cloud Partner, Public Cloud, NGFW, Technical Session, AWS, Azure, Best Practices/Troubleshooting

Step by Step Guide: Transformation to a Prevention-based Architecture

Clearly, an updated approach to security is necessary. A true transformation of the industry will require both an architectural shift and a parallel shift in operations. Join Kerry in exploring what this transformation looks like in a step by step, prioritized guide to achieving this transformation through feature adoption and the accompanying operations changes that need to occur. Understand the benefits of each step for the business including risk reduction outcomes as well as business and operations outcomes. A change is needed. Let's make it happen.

Offered	Tuesday, 12:00 pm – 12:30 pm
Speakers	Kerry Matre, Sr. PMM Professional Services, Palo Alto Networks
Keywords	Application Framework, Best Practices/Troubleshooting, Overview Session, Next Generation Security Platform

Stop Malware in Your Datacenter with Zero Trust: What You Need to Know

A recent survey of 2000 global organizations showed that only 1 in 10 was capable of detecting a sophisticated cyberattack. Advanced malware remains one of the top reasons for increased risk exposure. Organizations need a cybersecurity strategy that addresses this risk of malware spread within their data centers. We will discuss and present key tenets to follow while implementing an effective zero trust security strategy and how it can help prevent, proliferation of malware across your data center.

Offered	Thursday, 10:30 am – 11:20 am
Speakers	John Kindervag, Field CTO, Palo Alto Networks
Keywords	Overview Session, Private Cloud/Datacenter, Segmentation, NGFW, Threat Detection and Prevention

Stop the Breach without Stopping Business: Proper Tuning of Rulesets and Security Profiles

Proper implementation of Palo Alto Networks products requires all our Next-Generation features to be properly implemented and complementing each other. This includes properly tuned Security Policies and Security Profiles working in combination. When moving from a combination of port-based firewalls, IPS, and URL filtering products to the Palo Alto Networks Security Operating Platform, customers often have a hard time tuning the ruleset and the security profiles to get the required security posture confidently and without effect on business. Often the result is an overcomplicated ruleset and security profile architecture that is impossible to maintain and never reaches the best prevention possible.

This class, taught by the Global Practice Lead for Threat for Professional Services will show you practical ways to accomplish this.

Offered	Wednesday, 9:10 am – 10:00 am
Speakers	Suzanne VanPatten, Global Practice Lead - Threat, Prrofessional Services, Palo Alto Networks
Keywords	Best Practices/Troubleshooting, Technical Session, Threat Detection and Prevention, Network Security, Next Generation Security Platform, NGFW

Strengthen Your Internet Gateway – Understand Your Adversaries’ Tactics; Defend Your Networks and Endpoints

See your network from the vantage point of an attacker and learn what attackers do to achieve their objectives. Learn how to map the specific steps an attacker takes to prevention technologies available on a next-generation firewall. Based on this understanding, you will know how to defend your networks using App-ID, User-ID, Decryption, Threat Prevention and WildFire.

Offered	Tuesday, 3:00 pm – 4:00 pm
Keywords	Network Security, Next Generation Security Platform, Best Practices/Troubleshooting, Technical Session, Management, Threat Detection and Prevention

Successful Deployment of SSL Decryption in Local Government

* Why decrypt

SSL typically accounts for 40-50% of educational institutions overall traffic volume
15% of web-based, malicious Wildfire uploads are delivered via SSL
SSL Decryption allows for inspection of SSL and SSH traffic. Below are some examples of what
can be done with SSL Decryption enabled:
Identify SSL applications—e.g. logs will show application as Facebook-chat instead of SSL
Apply Threat Prevention to encrypted traffic
Apply File blocking and WildFire Analysis to files downloaded/uploaded via SSL or SSH
Apply URL Filtering to full URL’s, e.g. without decryption you can not selectively enable video’s on YouTube while blocking everything else. With decryption you can block YouTube.com while allowing YouTube.com/watch?v=2LeOH9AGJQM
Apply QoS to encrypted applications
Enforce safe search options with supported search engines
Plus much more

* Decrypt overview

* Details on CAs

* Project planning

Offered	Wednesday, 1:30 pm – 2:20 pm
Speakers	Jon Robinson, President, Digital Scepter
Keywords	Case Study/Use Case, Technical Session

Super Forecasting: Even You Can Perform High Precision Risk Assessments

Network defenders have avoided quantitative risk assessments in the past because they are too hard: the math is complex and too many variables exist. What if I told you we could use simple math tricks to reduce our uncertainty about ranges of possibilities and that is enough to help us make risk decisions? Come find out how.

Offered	Wednesday, 2:40 pm – 3:30 pm
Speakers	Rick Howard, Chief Security Officer, Palo Alto Networks
Keywords	Technical Session, Threat Research/Unit 42

Tackling the “Not Enough” Problem

Whether there’s not enough time, people, or budget, limited resources highlight the operational burden and intangible cost disconnected solutions cause in the modern enterprise. Understand how Traps Advanced Endpoint Protection integrates into the Palo Alto Networks Next-Generation Security Platform to automate prevention with operational agility.

Offered	Wednesday, 2:40 pm – 3:30 pm
Speakers	Luke Teeters, Information Security Analyst, Materion Corporation
Keywords	Overview Session, Case Study/Use Case, Endpoint/Traps

Targeting the Forgotten, an Attackers Playground

In recent years, security teams haven’t been able to bring true protection to lesser known systems such as MacOS and Linux enabling savvy attackers to exploit these gaps. Join us to learn about recent MacOS and Linux attacks and how Traps 5.0 prevents them from impacting your organization.

Offered	Thursday, 10:30 am – 11:20 am
Speakers	Gil Azar, Principal Staff Engineer, Palo Alto Networks
Keywords	Threat Detection and Prevention, Endpoint/Traps, Technical Session

Ten Security Best Practices When Moving Your Workloads into the Cloud: Lessons learned from the Frontlines in Adopting Public Cloud at Scale.

This is a candid talk of what works (and what does not) when client organizations go all in on the cloud. Tips, tricks and techniques around people, process and technology are covered from the point of view of the security professional.

Offered	Wednesday, 4:00 pm – 4:50 pm
Speakers	Elliott Abraham, Senior Security Architect, Hewlett Packard Enterprise
Keywords	Cloud Partner, Public Cloud, Best Practices/Troubleshooting, App Developers, AWS, Azure, Overview Session

The Application Framework: Consume Security Innovations Quickly

The Palo Alto Networks Application Framework enables you to consume security innovations quickly and efficiently. The Application Framework establishes a different model to adopt apps for detection, analytics, automated prevention, and rapid response. It eliminates the need to provision new sensors and enforcement points, extending the value of your existing investment in the Security Operating System. Teams can adopt apps from an ecosystem of security innovators and gain actionable insight from a wealth of security data built for analytics. The cloud-delivered approach lets you focus on using new capabilities, instead of spending time deploying and operating them. You can prevent successful cyberattacks by continually improving security with natively coordinated apps, without adding infrastructure.

Offered	Wednesday, 10:30 am – 11:20 am
Speakers	Scott Simkin, Director Threat Intelligence, Palo Alto Networks
Keywords	Application Framework, Overview Session

The Automated Implementation of 800 Virtual Firewalls at Nordstrom – A Case Study

This case study focuses on Nordstrom's experience in installing and automating 800 Palo Alto Networks Next Generation Security Firewalls. Part of the story explains how the company used bootstrapping, Algosec, and custom scripts very effectively to ensure a seamless rollout of VM300’s to 375 stores, and how Panorama is used to manage the devices centrally.

Offered	Wednesday, 2:40 pm – 3:30 pm
Speakers	Michael Bachman, Manager, Network Security / Content Delivery / Web Security, Nordstrom
Keywords	Next Generation Security Platform, Private Cloud/Datacenter, Management, Network Security, Overview Session, Case Study/Use Case, NGFW

The Future of Security Is Intent: Why You May Never Have to Write Another Firewall Rule Again

As enterprises adopt new networking technologies and development processes, security is being asked to move at warp speed amidst a highly fragmented, highly distributed network. In this world, firewall rules become obsolete and unwieldly fast.

The time for intent-based network security is here. Built upon concepts established by intent-based networking, the key to IBNS is defining a desired security state and then leveraging automation to turn security intent into security enforcement for every fragment of the network – all without ever having to write a rule yourself.

No more writing firewall rules? It may not be as far-fetched as you think. In this session, Tim Woods, VP of Technology Alliances for FireMon, will share strategies for defining security intent in your environment and reveal the four capabilities of FireMon’s patented technology that will take IBNS from a great idea on paper to a great idea in practice.

Offered	Wednesday, 10:30 am – 11:20 am
Speakers	Tim Woods, VP of Technology Alliances, FireMon
Keywords	Technology Integration, Management, Overview Session

The Threat of Remote Users and CryptXXX

Despite our best laid plans, end users remain a weak spot in any security infrastructure. Hear Ada County’s CryptXXX experience and why they made the move to Traps over others with a single person managing Traps and protecting thousands from constant attack.

Offered	Wednesday, 1:30 pm – 2:20 pm
Speakers	Bret Lopeman, IT Security Engineer, Ada County
Keywords	Case Study/Use Case, Endpoint/Traps, Technical Session

The Value of Attribution Beyond Law Enforcement Action

For years, there has been a long-held belief that attacker attribution is unrealistic – hard at best, risky if incorrect, and devoid of any real business purpose. Attribution, some say, is an effort best left to law enforcement. In this session, Unit 42 researchers Jen Miller-Osborn and Simon Conant will turn this attitude around. Using real-world examples, they will demonstrate effective attribution techniques, and explain how knowing your attacker is a fundamental component in assessing your exposure.

Offered	Wednesday, 8:00 am – 8:50 am
Speakers	Simon Conant, Threat Intelligence Analyst, Palo Alto Networks Jen Miller-Osborne, Threat Intelligence Analyst, Palo Alto Networks
Keywords	Threat Research/Unit 42, Overview Session

The Modality of Mortality in Domain Names

Domain names established for routine use are typically registered for one or more years, and faithfully renewed thereafter. Knowing nothing else, we'd expect that a domain existing today will still be there tomorrow. This is an expectation of "domain continuity."

Other domains get treated as being effectively "disposable." Those domains get registered, quickly abused for cybercrime-related purposes (such as spamming or phishing), and are then abandoned after becoming unusable due to being blocklisted or "held" by registrar action.

In this new study, we've obtained an ongoing feed of "Newly Observed Domains" from Farsight Security's SIE, and then periodically actively probed those names from global measurement points to determine:

-- What fraction of new domain names "die a premature death" due to being blocklisted or suspended?

-- What causes the "death" of those domains? Do they mostly get blocklisted? Or do they "die" due to action

by registrars or others?

-- What does the survival curve for those names look like over time?

-- Are there differences between the traditional gTLDs, ccTLDs and ICANN's new gTLDs?

Farsight Security CEO Dr. Paul Vixie will address these topics and make recommendations how to reduce domain name abuse.

Offered	Tuesday, 4:20 pm – 5:10 pm
Speakers	Paul Vixie, CEO, Cofounder, Farsight Security, Inc.
Keywords	Technical Session, Threat Detection and Prevention, Network Security

Threat Actor Oops and Bloops!

Cybercriminals are often seen as anonymous, international, hacker masterminds, who are nearly impossible to identify, understand, or capture. Despite the lore, adversaries are human too and as a result, are just as vulnerable to mistakes as others. Every day, Unit 42 researchers analyze attack campaigns and monitor adversaries as they carry out their operations. Sometimes we come across interesting situations that make us laugh, cringe, or scratch our heads. In this presentation, we will showcase examples of OPSEC mistakes, operational missteps and poor coding practices – all while having some fun at the expense of those responsible.

Offered	Wednesday, 9:10 am – 10:00 am
Speakers	Mike Harbison, Threat Intelligence Analyst, Palo Alto Networks Robert Falcone, Threat Intelligence Analyst, Palo Alto Networks
Keywords	Threat Research/Unit 42, Technical Session

Threat Hunting and Automated Enforcement for Service Providers with AutoFocus and Minemeld

Service Providers require new tools and approaches to address the increasing security challenges that are impacting their networks and their revenue producing customers. With expanding threat vectors and massive growth in usage of digital services, Service Providers need new ways to most effectively automate and leverage the vast amount of threat intelligence at their disposal, and quickly turn this information into actionable security outcomes that enables them to protect their customers and business operations.

During this session we will demonstrate how the combination of Palo Alto Networks AutoFocus and Minemeld can be used by Service Providers to drastically simplify threat hunting and significantly increase the speed and effectiveness of applying security enforcements with true “no-touch” automation.

Offered	Tuesday, 7:30 am – 8:00 am Thursday, 12:15 pm – 12:45 pm
Speakers	John Newsome, Systems Engineer, Palo Alto Networks
Keywords	Overview Session, Automation, Service Providers

Threat Intelligence Automation: Maximizing a MineMeld Deployment

Threat Intelligence is a growing trend in the cyber security industry and over the past 3-4 years an increasing number of vendors and open source projects have emerged with solutions for management, aggregation and most recently automation/application of Threat Intelligence indicators. While there are several commercial, open source and closed community projects offering robust management and aggregation products there are very few solutions that offer flexibility and versatility with regards to integration and automation.

Although there are many Threat Intelligence platforms available this presentation will focus on MineMeld, an open source threat intelligence framework provided by Palo Alto Networks. This presentation will describe the components that make up the MineMeld framework, how the components interact with one another, configuration suggestions, lessons learned and some use cases.
The intention of this presentation is to introduce the community to MineMeld, share lessons learned and provide some working examples to further streamline existing incident response processes and network monitoring and enforcement capabilities.

Offered	Wednesday, 8:00 am – 8:50 am
Speakers	Sean Engelbrecht, Informaion Security Administrator, Devon Energy Chad Bailey, Information Security Professional, Deven Energy Xavier Homs, Solutions Architect, Palo Alto Networks
Keywords	Application Framework, Case Study/Use Case, Technical Session, ICS/SCADA

Today’s Threats – What’s New and How to Stop them with the Palo Alto Networks Platform

What are the latest real-world threats we see targeting our customers? Are you utilizing the Palo Alto Networks Next Generation Security Platform to its full potential to stop those threats? John and Erik are back with new material for 2018 highlighting some of the best techniques within the platform. This must-attend session will highlight some of the latest attack, command and control and exfiltration techniques, provide in-depth policy recommendations and offer many more "top tips" to simplify the job of stopping adversaries and using the platform in ways you never expected. Whether you're a veteran or new to Palo Alto Networks, you'll leave this fast-paced presentation with practical ways to better protect your organization.

Offered	Tuesday, 1:30 pm – 2:30 pm
Keywords	Threat Detection and Prevention, Best Practices/Troubleshooting, Technical Session, Network Security, Next Generation Security Platform

Traps Overhauled - New Look, New Feel, New Capabilities for Endpoint Protection

The recent release of Traps 5.0 brings a brand new user experience focused on reducing complexity and improving team efficiency across the platform. With a new cloud-based management console to simplify deployment, proactive scanning and Linux support, come find out what the buzz is about and the impact it’s had on our customers.

Offered	Wednesday, 4:00 pm – 4:50 pm
Speakers	Ofir Monza, Product Manager, Palo Alto Networks
Keywords	Endpoint/Traps, Technical Session

Ultimate Test Drive - Network Security Management (Panorama)

This hands-on session provides insight into Panorama network security management for the Next-Generation Security Platform. You’ll learn some of the unique features of Panorama that can help you manage and deploy Palo Alto Networks firewalls more effectively. Topics include:

How to utilize templates, device groups, and pre-, local- and post-policies
Import existing configurations into Panorama
Updating PAN-OS and subscription content on a group of firewalls
Enabling and managing Logging Service

Required: Participants must bring a laptop with an HTML5-compatible browser.

Prerequisites: Must have some knowledge of Palo Alto Networks next-generation firewall.

Offered	Monday, 3:30 pm – 5:30 pm Tuesday, 1:00 pm – 3:00 pm Wednesday, 1:00 pm – 3:00 pm Thursday, 9:30 am – 11:30 am
Keywords	Hands-on Trainings, Management, NGFW, PAN-OS 8.1

Ultimate Test Drive – Advanced Endpoint Protection

Join us in this hands-on session to learn how to defeat the adversary at the endpoint with Palo Alto Networks Traps advanced endpoint protection. You’ll learn how to:

Break down the sophisticated cyberattack lifecycle and chain-like nature of exploit
Prevent file and network-based exploits originating from executable or data files
Leverage cloud intelligence to enhance zero-day threat protection

Required: Participants must bring a laptop with an HTML5-compatible browser.

Offered	Monday, 1:00 pm – 3:00 pm Tuesday, 3:30 pm – 5:30 pm Wednesday, 9:30 am – 11:30 am Wednesday, 3:30 pm – 5:30 pm
Keywords	Endpoint/Traps, Hands-on Trainings, NGFW

Ultimate Test Drive – Next Generation Security Platform

Palo Alto Networks Next-Generation Security Platform protects our digital way of life by safely enabling applications as well as preventing known and unknown threats across networks, clouds and endpoints. This workshop demonstrates how the natively integrated Next-Generation Security Platform delivers a prevention architecture that can provide superior security and reduce the likelihood of successful cyberattacks.

Required: Participants must bring a laptop with an HTML5-compatible browser.

Offered	Monday, 1:00 pm – 3:00 pm Tuesday, 3:30 pm – 5:30 pm Wednesday, 9:30 am – 11:30 am Wednesday, 3:30 pm – 5:30 pm
Keywords	Next Generation Security Platform, Hands-on Trainings

Ultimate Test Drive – Virtual Data Center

This session provides data center managers and security administrators an opportunity to deploy Palo Alto Networks virtualized next-generation firewall in a virtualized data center. You’ll learn how to integrate the VM-Series on NSX firewall together with VMware standard networking functions and the NSX network virtualization and security platform. You’ll learn how to:

Enable application visibility and threat prevention in a virtualized environment
Experience the seamless integration between Palo Alto Networks and VMware NSX
Apply Palo Alto Networks Panorama network security management to manage both virtual and physical appliances
Deploy multi-tenancy solutions to secure more than one tenant, such as a customer or organization, with VMware NSX
Quarantine devices using automated security actions based on data center event triggers

Required: Participants must bring a laptop with an HTML5 compatible browser

Prerequisite: Must have some experience with VMware vCenter and ESXi.

Offered	Monday, 3:30 pm – 5:30 pm Tuesday, 1:00 pm – 3:00 pm Wednesday, 1:00 pm – 3:00 pm Thursday, 9:30 am – 11:30 am
Keywords	NGFW, Private Cloud/Datacenter, Segmentation, Technology Integration, Hands-on Trainings

Understanding CASB to Secure your SaaS Applications

For SaaS security, organizations are typically overwhelmed with many options in the market today. CASB vendors offer various architectural approaches and options such as forward proxy, reverse proxy and API-based offerings. This session will deep-dive on the ideal architecture and provide a comprehensive view of these approaches along with their pros and cons. After attending this session, you will have a good understanding of the overall CASB market and have all the information you need to build a short-term and long-term SaaS security strategy.

Offered	Wednesday, 8:00 am – 8:50 am
Keywords	SaaS/Aperture, Best Practices/Troubleshooting, Overview Session, Compliance

Understanding and Securing AWS: A Layered Approach to Achieve Enhanced Security in the Cloud

Despite organizations moving infrastructure, data, and applications to AWS, adherence to security best practices are often ancillary to business-driven initiatives and market acceleration. This common oversight in prioritization gives rise to unnecessary risk by exposing organizations to Cloud-specific attack vectors not present in traditional datacenter environments. This presentation covers the consulting firm’s perspective on previous Cloud Readiness engagements and provides the audience with technical guidance on the following:

1) securing the AWS environment prior to migration activities;

2) extending current, on-premises capabilities across operational security domains;

3) on-premises and AWS security architecture as a means to enable the secure operation of business; and

4) architecting Palo Alto Networks security products and services in the Cloud for enhanced protections.

The technical guidance is aimed toward the security professional, practitioner, and architect and draws upon a growing body of engagements and research that match the rate of innovation driving organizations to the Cloud. It has been observed that an “order of operations”, or layered approach, for securing the AWS environment not only reduces overall exposure and subsequent risk, but also provides organizations with a greater understanding of the costs associated with conducting secure Cloud migrations and operations. With unified understanding, organizations will be preconditioned to succeed in securing their AWS environments by replacing reactionary maneuvers with business enablement.

Offered	Wednesday, 1:30 pm – 2:20 pm
Speakers	Erick Sanz, Principal Cloud Security Architect, Set Solutions, Inc. Lance Grover, Sr. Security Solutions Architect, Set Solutions, Inc.
Keywords	AWS, Cloud Partner, Technical Session, Public Cloud, Best Practices/Troubleshooting, Segmentation

Use Machine Learning to Create NGFW Policy

Creating security policy for firewalls from scratch can be a daunting exercise – especially if business-required traffic flows are not known. Data analytics and machine learning can be used to generate security rules from actual network traffic. This reduces the time to market for dynamic and agile next-generation firewall policy deployment. Learn about this capability of Expedition, discuss additional use cases for it, and hear about other insights it may offer about your environment.

Offered	Thursday, 11:30 am – 1:00 pm
Keywords	NGFW, Automation, Case Study/Use Case, Industry Roundtables

Using the Cloud: Breaking the Notion of “It’s Easier to Say No”

Let’s face it - many organisations fear the cloud. Whether it is working with, from or going to the cloud. Most fear that the data that they store in their organisation's data centre cannot be stored securely in someone else’s other than their own. Well, what is that data? Is it easier to say no, or take a different approach where you define what you can and can’t do to leverage a model to secure your cloud differently?

When having a business level conversation about risk and the appetite an organisation has, there are four fundamental pieces to consider. When it comes to cloud, it isn’t always a binary ‘yes’ or ‘no’ discussion. This session will discuss what these pieces are and how you can start framing your cloud conversation accordingly:

Sharing security telemetry to a threat intelligence cloud to prevent attacks
Securing what you do in the cloud
Consuming services from the cloud
Sharing information to find a true unknown in your organisation

Offered	Thursday, 10:30 am – 11:20 am
Speakers	Sean Duca, Vice President, Regional Chief Security Officer - Asia Pacific, Palo Alto Networks
Keywords	Public Cloud, Overview Session, AWS, Azure, Segmentation, Google Cloud

Using Best Practices to Prevent Successful Cyber Attacks

This session covers our approach for gaining full visibility and reducing your attack surface to prevent successful cyber attacks across all areas of architecture. We discuss the best way to protect against cyber threats and build confidence that you are reducing risk. The session includes how to implement best practices without interrupting business continuity. We use three case studies as examples to show how we use the approach with customers.

Offered	Wednesday, 9:10 am – 10:00 am
Speakers	Scott Johanson, Customer Success Architect, Palo Alto Networks
Keywords	Network Security, Management, Next Generation Security Platform, Overview Session, NGFW, Best Practices/Troubleshooting

VM-Series - Virtualized Data Center Troubleshooting Best Practices

Want to know more about troubleshooting and best practices to follow while deploying VM-Series firewalls in your virtual data center, this is the session for you. We will walkthrough proper troubleshooting techniques to isolate and remediate security related issues, primarily focused around VM-Series and its hypervisor/SDN integrations. This will include case studies mirroring commonly reported issues. The presentation is geared towards technical staff and empowers your security teams to solve their own issues as well as assist TAC with capturing the proper information in efforts to facilitate timely problem resolution.

Offered	Thursday, 8:00 am – 8:50 am
Speakers	Mike Lue, Technical Leader E-TAC, Palo Alto Networks
Keywords	Best Practices/Troubleshooting, Private Cloud/Datacenter, Technical Session, NGFW, Technology Integration

VM-Series Integration with VMware NSX: Lessons Learned from Real-World Customer Deployments

Want to know what your peers are doing with VM-Series firewall integration with VMware NSX, this is the sessions for you. We will share the most popular use cases being addressed with the joint integration including, securing VDI environments, granular micro-segmentation, securing multiple sites and remote office/branch office(ROBO) deployments. VMware and Palo Alto Networks team will share key insights and takeaways derived from real-world customer deployments and how you can operationalize them in your software defined data center.

Offered	Thursday, 9:10 am – 10:00 am
Speakers	Stijn Vanveerdeghem, Sr. Technical Product Manager, VMware Jaimin Patel, Senior Product Manager, Palo Alto Networks
Keywords	Case Study/Use Case, Private Cloud/Datacenter, Segmentation, Technical Session, Automation, NGFW

Water Utilities – Birds of a Feather

Whether you’re a municipal water utility, represent a water district, or are part of a water authority, this round table is for you! Grow your professional network, share stories from the front lines, discuss the top threats to this industry, and hear how the Palo Alto Networks next generation security platform is used by your peers. Bring your questions for a Palo Alto Networks expert, too!

Offered	Thursday, 11:30 am – 1:00 pm
Keywords	Industry Roundtables

What’s Wrong with Machine Learning, and How Can We Use Machine Learning to Fix It?

Machine learning has been leveraged to provide additional layer of protection on the endpoint, allowing agents to identify malicious files, but simply using machine learning is not enough. Join us as we talk about the shortcomings of this technique and ways to overcome them.

Offered	Thursday, 8:00 am – 8:50 am
Speakers	Liat Hayun, Product Line Manager, Palo Alto Networks
Keywords	Endpoint/Traps, Overview Session

What’s new for the VM-Series on Google Cloud

Join product experts to hear about best practices for deploying the four commonly used VM-Series architectures on Google Cloud: Hybrid, IPSec VPN, Shared VPC and East/West threat prevention.

Offered	Wednesday, 9:10 am – 10:00 am
Keywords	Public Cloud, Google Cloud, Technical Session, Overview Session

When Hunter Becomes the Hunted: Operation Slipknot, A Review of Recent Targeted Attacks Against High-Profile Entities in Russia

Accenture iDefense spotted an usual pick in targeted attacks (both in cyber crime and cyber espionage) against high-profile entities in Russia and other FSU countries. The threat actors employed a combination of latest zero days, off-the-shelf malware and top-priced commercial implants to hunt the hunter. This presentation tries to shed light on the technical aspects of the these attacks.

Offered	Thursday, 9:10 am – 10:00 am
Speakers	Alireza Salimi, Sr. Security Principal - Lead Resercher, Accenture Secutity \| iDefense
Keywords	Technical Session, Threat Research/Unit 42

Why Integration Matters: How To Strengthen Your Security Posture

You’re an enterprise-level healthcare institution, and you know you’re a prime target for cyber crime. So you invested in the leading next generation security platform in the industry. You’ve configured app-based rules, zones, and IPS, URL filtering, anti-virus, anti-spyware, and WildFire profiles. You’ve deployed a GlobalProtect VPN to provide users secure remote access to the corporate network. Now that your Palo Alto next generation security platform is deployed and configured, what more can you do to improve the return on your investment and enhance your security strategy? Start by addressing more complicated IT challenges and add automation to your security strategy by integrating key partners into your Palo Alto platform:

• Prevent unauthorized access to GlobalProtect VPN services with an integrated MFA solution (Okta)
• Optimize your security strategy and automate support workflows (ServiceNow)

Unifying and adding key security solutions can improve your security posture and reduce your TCO. Join us as we explore how key partners can elevate your Palo Alto solution to provide a robust security posture against the latest threats.

Offered	Wednesday, 11:30 am – 12:00 pm
Speakers	Alex Vasquez, Security Practice Manager, Accudata Systems
Keywords	Private Cloud/Datacenter, Overview Session, Case Study/Use Case

WildFire and Threat Prevention Updates

In this session you'll learn all about the new capabilities in our WildFire, Threat Prevention and URL Filtering services. Some of the topics will include:

How we've enhanced our detection to defeat attackers using evasive packing techniques
The extension of WF visibility into zero-day threats targeting Linux servers and IoT devices
Expanded support for SMB protocol and archive formats

You’ll leave the session with an understanding of the latest and greatest features and capabilities in our threat services and how they can help protect your organization.

Offered	Wednesday, 4:00 pm – 4:50 pm
Keywords	Overview Session, PAN-OS 8.1, Threat Detection and Prevention, Network Security, Next Generation Security Platform

XDR – A Unified Approach to Detection and Response Across Network, Endpoint and Cloud

The endpoint only tells part of the story, to understand modern, multi-faceted attacks, you need to approach that leverages a prevention first strategy, combined with detection and response. Join us as we discuss the challenges EDR brings and the need for this time-worn technology to push into the next phase of its evolution and how Palo Alto Networks will lead the way with XDR.

Offered	Wednesday, 9:10 am – 10:00 am
Keywords	Endpoint/Traps

“Get Certified” PCNSE Preparation Sessions

These 50-minute certification preparation sessions cover the critical topics and issues that you might expect to be tested on in the PCNSE exam. Within these interactive sessions, you will review sample questions designed to focus your preparation on the relevant content.

The approach used will be as follows:

Introductory lecture – setting the scene and talking about some of the basics of the exam
Spend time focusing on the type of questions you will get:
1. Ask the question – participants use quiz-system to submit their answers
2. Discuss the answers and why certain answers are right, and others are not correct

Offered	Monday, 10:00 am – 10:45 am Tuesday, 10:00 am – 10:45 am Wednesday, 10:00 am – 10:45 am
Keywords	Hands-on Trainings

“Mass Enable” Security deployments with Automated and Repeatable Configuration Templates

Managed Security Service Providers (MSSPs) and enterprises with multiple locations and remote networks are challenged with mass enabling the large numbers of security configurations. This session will focus on how MSSPs and enterprises can establish a repeatable deployment model that leverages configuration templates to most effectively scale security deployments. MSSPs can establish a shorter time to revenue and drive immediate business results, while enterprises can significantly simplify their global security deployments.

Offered	Thursday, 11:30 am – 12:00 pm
Keywords	Service Providers, Overview Session, Next Generation Security Platform