Ignite 2016 Sessions  Download Agenda

Security programs that aren't driven from an intelligence platform are guessing. What's worse, anecdotal evidence in the media tells us they're guessing poorly. An intelligence-led approach to planning, building and running an enterprise security program promises to provide more accurate direction on budget, process, staffing and technology. But the problem is getting there from where you are. Using an insightful process adopted from studying successful intelligence-led enterprise security programs, this session will give a security leader the tools to effectively orient themselves and their security strategy to combat modern threats and serve the company mission effectively. The power of this process is in the simplicity and clarity it provides, and every new and seasoned security leader should try this out.

This session chronicles a customer journey deploying the Palo Alto Networks platform using Traps, Wildfire, and the next-gen firewalls. The session will provide a real-world example of how an organization removed four different endpoint security agents (including AV removal); decreasing costs while increasing security and employee satisfaction. Challenges including regulatory compliance, ROI analysis, and operational/deployment issues will be examined using this biotech customer case study.

PCI compliance is a steep enough challenge, but what happens when your entire infrastructure is in AWS? Do the same concepts of segmentation and seperation apply, and if so how? This session will cover how a customer is using AWS and the VM-Series to maintain seperation of data and traffic for better security and PCI compliance.

Cybersecurity is an increasingly important factor in ensuring resiliency, reliability, and safety of the electricity system. In this session, learn what Southern California Edison is doing to secure critical electric infrastructure by incorporating innovative security technologies into our grid, developing a next-generation Smart Grid architecture, and actively engaging with government agencies to share information on threats and protection measures.

Last year you voted with your attendance, making our threat prevention best practices session one of the most attended sessions at Ignite 2015. We listened… and  this year we’re providing you with a new 2-hour threat-packed session of real-life attacks in real time and the best practices to counter them. In part 2, Eric Yunghans executes live threats demonstrating the latest targeted attack techniques and how you can leverage your Palo Alto Networks Platform to outsmart them, including advanced tips and  tricks from John Harrison.

While many organizations have experimented with or deployed various "next generation" endpoint protection products, few have completely removed their anti-virus software. In this presentation we will explore a real world example of overhauling endpoint protection across the enterprise that involved decommissioning AV solutions, both servers and workstations, physical and virtual, on-premise and remote, with the up and downsides involved. We will examine ways to (bi-directionally) integrate multiple solutions, namely Traps, Carbon Black, Splunk, Palo Alto Networks NGFW, and other solutions to increase the overall resilience and effectiveness of endpoint protection.

In recent years, the VELUX Group's approach to security has transitioned from a traditional point solution approach to an integrated next-generation security strategy heavily utilizing Palo Alto Networks technology. The journey has been fruitful but also included both concerns and doubt. During this presentation we will tell our story, explain what drove us to make the choices we made, talk about design, implementation, and operations and of course of why we find the whole journey a great success. ELUX is a global manufacturing and sales company with approximately 10,000 employees. The company is based out of Copenhagen, Denmark.

HTTP Cookies are commonly used by websites to store user information while the user is browsing the website. As an efficient mechanism to store unique identity for each user, cookies play a fundamental role for user tracking, user authentication and anti-spoofing. While the cookies are so prevalent in normal http traffic, how about their use in underground traffic. Does the malicious server employ cookies to uniquely identify its evil peer? What is the concealing information between evil peers? In this presentation, we conduct an empirical study to answer the aforementioned questions. We study malware, the malicious entities that spawn millions of cookies every day, and their below-the-surface logic of using cookies. In particular, we monitor malware's running behaviors of generating cookies for their communication. With the reference of malware behaviors, we extract the potential encoding and decoding schemes for cookies and discover the underlying meaning of each malicious cookie. Based on that, we propose a set of effective heuristics and real-time detection approaches for identifying malicious traffic among high volume of live traffic. Our study is conducted on a dataset containing over 10,000 http sessions generated by confirmed malware samples. The evaluation shows our scheme can detect the malicious traffic among our test dataset with higher accuracy in comparison with traditional detection methods.

The volume and velocity of cyberattacks continues to increase. One driver of this is the ease with which attackers can architect and execute attacks leveraging automated capabilities. This has put pressure on many organizations' cyber defense efforts. These pressures are often exacerbated by a reliance on traditional security controls and scarce security resources (people, time, money). Leading security organizations are making moves to improve cyber defenses by not only deploying next-generation security controls but also by increasing their focus on security integration and the use of automation to be a force multiplier to cyber defense efforts.

Attack vectors and detection methods are entangled in an ever-faster co-evolution. Determined criminals have access to defense tools and increasingly invest in methods to evade them. Defenders, on the other hand, do not yet take an equally proactive stance, which would require access to the latest attacker tools or – short thereof – a service to retrace the evolution of attack capabilities. This talk will show how driven by real world examples / attacks that are not detected in the first place drive to establish a self-organized vendor-agnostic eco-system raising the bar for attackers. Following our research we will also outline trends of the future importance of endpoint centric security. This renaissance of endpoint based security without old fashioned signature-based technologies will become a major effort for security teams to decide what is needed to stay ahead.

As the world leading service provider for travel and tourism, Amadeus has taken on a lot of responsibility. Part of this responsibility includes security and privacy for the travelers' personal data and financial information. Over quite some years Amadeus has successfully mastered these challenges. Recently, it became quite hard to keep up with the newest tricks of the attackers. In order to secure its infrastructure services even better, Amadeus has deployed the endpoint protection provided by Traps. This talk will firstly introduce you to Amadeus, its business and some of its security challenges. It will give some insights to the decision to look at Traps and how the proof-of-concept was prepared and performed. We will also cover design and setup details which are important for roll-out in the entire data center. The last part of the presentation will outline the next steps and plans for the future. Some lessons learned and things to be considered for other IT landscapes will close the talk.

More sources of threat intelligence exist than ever before, but organizations struggle to make use of this volume of threat data in practical ways. A new way to collect, aggregate, and surface high-value indicators across multiple sources is required—one that can also easily share new protections with peers and other security devices. With these challenges in mind, Palo Alto Networks developed an innovative open source tool, MineMeld. Early adopters of MineMeld have called it the “swiss army knife” of threat intelligence feeds, built on an incredibly flexible engine, and freely available to modify in true open source fashion. This session will introduce MineMeld, including an in-depth demo of how you can use the tool in your organization. Highlights include:

-Aggregating multiple feeds and determination of their efficacy
Consuming TAXII feeds
-Sharing high-value indicators with peer groups and partners
-Pushing new security controls to Palo Alto Networks devices, including IP addresses, URLs and domain names.
-Extending the functionality with an easy to use, flexible platform.

No one will argue that the threat landscape is constantly growing and evolving. Next-generation firewalls have advanced our defenses, but the industry still faces difficulties managing the existing generation of firewalls. So can we best prepare to manage this next-generation of defense?

TIP is in its infancy. Just a year ago, Gartner analyst Anton Chuvakin lamented in his blog that he couldn't characterize the new category without breaching non-disclosure agreements. But he credited Facebook with breaking the TIP ice, characterizing the new genre of point solutions as comprising three high-level parts: threat feeds, big data analytics and real-time response. One area where TIP breaks new ground is its focus on community data sharing, and the concomitant requirement to ensure that threat indicators are standardized and exchangeable between various tools and systems. For example, many APT vendors can report information about indicators of compromise (IOC) but that data isn't easily used outside of the product generating the information. The TIP vendors are working to deepen the utility of threat data interchange. But TIP is not the best solution to knit together all data exchange across disparate point solutions and enable real-time response. If we take a look at the tools commonly deployed in the security ecosystem, we find firewalls, next-gen antivirus, spam filters, data loss prevention solutions, network access control (NAC) systems, disk encryption, etc. All of these systems perform specific functions that could be augmented if they could learn from other tools or share what they know with other tools. Continuous monitoring and mitigation systems are already positioned to enable all of these security components to talk to one another, expand where they can gather and exchange information and automate the response to threats, one of the key challenges facing IT security.

Process Control systems face threats so advanced that traditional segmentation of business and process control networks is insufficient. To prevent today's attacks, networks must be further segmented and secured from threats, users, and applications.

A Palo Alto Networks Professional-Services led discussion of field-tested methodologies in deploying application-based security policies in production. Migrating a legacy firewall policy to Palo Alto Networks, but leaving it in layer-4 mode is not sufficient. This discussion goes through the recommended process of deploying next-generation policies with minimal risk or user-impact.

Next-generation firewalls and threat intelligence have the power to secure the applications and users that run your business, but only if integrated and configured appropriately. In this session, learn "best practices" around configuring NGFW in Internet Gateway or perimeter deployments. In this session, you will learn: how to understand and assess relevant business risk, understand models of compromise from the Internet, best practices to reduce attack surface and block threats, best practices to identify the presence of attackers in your network, a pragmatic policy model for defining and refining security policies, the role of whitelisting, blacklisting, and positive enforcement, strategies for dealing with encrypted traffic, drill-down best practices for: Application and User-based enablement, URL Filtering, DNS, file transfer, vulnerability protection, C&C, and malware. This session will teach you how to take advantage of advanced next-generation capabilities, and more importantly why those advanced capabilities are critical to achieving a strong security posture in today's IT environments.

Dr. Paul Vixie, an Internet pioneer and world-renowned DNS expert, will discuss how rampant domain name abuse is fueling cyberattacks and outline practical tools and steps security analysts can take to protect their organization. Vixie founded the first anti-spam and network reputation company (MAPS) in 1996, and later went on to invent DNS Response Rate Limiting (RRL) and DNS Response Policy Zones (RPZ), which are open technologies meant to protect DNS from us, and to protect us from DNS.

Healthcare security is tough; How do you lock down hospital PCs on the network without upsetting too many doctors? Join this session led by two Security Engineers from hospitals in the US for some "how tos" and creative ideas for using your NGFW to ramp up your security programs in complex networks, like a boss.

As your organization migrates applications to the cloud, it becomes increasingly challenging to monitor and maintain network security. Join this session to learn how you can preserve centralized visibility, control and compliance of security policies in the evolving enterprise network.

Branch offices have become the new attack point but many are using security solutions that are stuck in the past. Like the person who still wears an old day glow jacket skiing, they may think they are covered but instead are just hot and sweaty. At Columbia Sportswear, we believe in innovation. We've created an award winning adaptable jacket that keeps you warm and dry. Now we have partnered with VMWare, Palo Alto Networks and CloudGenix to create a virtualized, dynamic security perimeter for the branch office. This software-defined branch solution delivers Columbia a new preventative model for securing remote offices that rapidly adapts to the changing threat landscape. The design also provides Columbia with business agility while coming in at a lower price point. The presentation will include how the solution was designed, a demo of how it works and why the enterprise needs to think differently about the branch! (Warning, this presentation will include several 80s and 90s popular references).

Customers talking about securing SaaS and how Aperture solves the problems.

You've poked around in AWS, or maybe your already there and are now puzzled as to which of the many options AWS offers you should take. Hosted by experts from both AWS and Palo Alto Networks, this session will allow you to ask, how do I architect my environment in AWS? Expect heavy white-boarding and brainstorming. 

Learn how to combat the latest threats to your datacenter leveraging the Palo Alto Networks Next Generation Security Platform. We will analyze the techniques attackers use in the datacenter and show how to mitigate them with proper segmentation strategy and the use of best practices across all of the prevention-focused capabilities offered by our security platform.

Leveraging state-of-art network virtualization platform and best-in-class firewall capabilities the Department of Water secures IT service delivery while monitoring key metrics and performance indicators that form the foundation of any sound security strategy.

The growing demand for firewall rule changes in the datacenter perimeters made CaixaBank embrace a new project to build a software compiler that could automate correct security policy creation out of the business processes data stores and push it out to the firewalls using open API calls.

In this session, CaixaBank CISO, Carles Sole, will talk about how CaixaBank met compliance requirements, reduce attack surface area, ease audit processes and automate firewall operations with their new approach towards compiling business data store information into firewall security policies.

In this session, Anoop will talk about how Citrix NetScaler and Palo Alto Networks Next-Gen Firewall are integrated to enhance customer’s security posture. Anoop will walk through specific use cases:
·         Enforce user specific security policies on Palo Alto Next-Generation Firewall based on user information provided by Citrix NetScaler
·         Automate updates to host-profiles on Palo Alto Next-Generation Firewall based on End Point Analysis (EPA) scans from Citrix NetScaler
·         Trigger extended authentication on Citrix NetScaler based on content inspection results from Palo Alto Next-Generation firewall

Nivedita will cover various aspects of security within Citrix XenMobile Enterprise Mobility Management (EMM) solution. Nivedita will talk about Citrix’s partnership with key security vendors such as Palo Alto Networks and other CASB providers in fortifying the EMM solution. This session will cover the gamut of security capabilities available within the Citrix XenMobile EMM solution.

Does your current data center security posture give you sleepless nights? Listen to these trailblazers share their perspectives on key considerations, technologies, and challenges they had to overcome as they secured their software defined data center.

The migration to Office365 is presenting new security challenges within the organization. While not all companies are using cloud services yet, most are using Microsoft applications within their organization. With the move to Office365 any company using these applications is suddenly using the cloud. With that comes the advantages of the agility and collaboration of cloud services but it also brings the dangers. In this session we will go over how you can protect your data while safely enabling office365.

In this session, we will highlight upcoming features that will enhance how the VM-Series for AWS can protect your applications and data.

In this session, will focus on new features and products designed to protect your public cloud deployment.

Significant challenges exist in enforcing a holistic security posture for OpenStack clouds. Legacy security technologies fail to address these challenges. The joint integration between Mirantis and Palo Alto Networks is intended to secure production-grade OpenStack clouds. In this session we will discuss about the key drivers for implementing next-generation security within OpenStack clouds and share use-cases that can be addressed with our joint integration.

Ever wondered how unimaginable security threats could destroy business integrity, cause revenue loss, increase regulatory cost and potentially lead to loss of customers? This is exactly what we have seen in the high profile security breaches recently. A fundamental shift in traffic patterns, application usage and user behavior has resulted in an evolved threat landscape that makes it imperative for companies to rethink their approach to data center security. Software Defined Data Center (SDDC) architectures with VMware NSX network virtualization enables a fundamentally more secure data center network where security is architected into the network itself and best-in-class security services are dynamically inserted for advanced threat protection.

The integration of VMware NSX and Palo Alto Networks VM-Series automates the provisioning and distribution of next-generation firewall and advanced threat prevention as services to protect your applications and data. The NSX and VM-Series integration provides a turn-key security software solution that protects East-West traffic with the same security features that customers are using in a physical form-factor to protect their networks.

In this session we will review the integrated VMware NSX and Palo Alto Networks solution including solution features, review deployment scenarios, and highlight customer success stories. 

In this presentation, AirWatch will discuss important considerations for ensuring a successful mobile deployment in the enterprise. We'll highlight many of the lessons learned on how to protect both corporate data and intellectual property along with the privacy requirements that employees in the enterprise workforce are now demanding. You'll leave with a deep understanding of the challenges and risks associated with mobility, the ways to resolve those challenges, an understanding of how AirWatch can enable a successful mobility program, and how your investment in Palo Alto Networks can provide an extra layer of security.

As the lines between personal and corporate traffic blur, it challenges the idea of traditional IP address, application, and data protection. In this session we will discuss new IT challenges as a result of mobile devices and emerging threats. We will also talk about how to best leverage user, device, and application level context for end-to-end policy enforcement — regardless of location, user role, or access method.

Getting the necessary granularity to make network segmentation effective can be a difficult challenge. In this session, learn about how organizations use GlobalProtect to establish precise user and device-based access policies on an internal network.

With SaaS, applications and data shift to points outside of the network perimeter. In a world where users and the apps have left the building, how do organizations stay in control to make sure applications are used safely and appropriately? In this session, learn about applying the platform with Aperture and GlobalProtect to address SaaS scenarios.

As organizations move beyond remote access and look at how to protect the mobile workforce from malicious content at all times, new requirements emerge. This session covers technical details for establishing secure internet gateways to protect the user from known and unknown threats.

User-ID provides a number of methods for mapping identity repositories throughout the enterprise to an IP addresses for the enforcement of security policy. In this session, get practical advice on how to apply the right User-ID methods to meet your requirements.

As organizations look to protect the workforce that is working away from the office, it becomes necessary to think about securing network traffic in entirely different ways. In this session, get the details on understanding GlobalProtect.

Get the insider's view on how to deploy GlobalProtect. In this session, learn about how GlobalProtect works and how to solve common scenarios for administration. In addition, learn about using GlobalProtect with enterprise directories, certificate authorities and authentication servers.

SaaS is disrupting the notion of where applications and data live, while also introducing new threat vectors. In order to get an understanding of what the precise security issues are, join this session to learn about SaaS security issues such as sanctioned/unsanctioned apps, cloud-based threats, and shadow IT. This session provides an introduction to SaaS security with Palo Alto Networks next-generation security platform with Aperture. For further content on SaaS security, join the sessions "Best Practices: Principles and Practices for Securing SaaS apps" and "Learn: The evolution of SaaS security" as well.

As organizations evaluate options for deploying business SaaS applications, it becomes clear that there are many different types of security concerns. Securing SaaS requires a look at how to implement a number of different types of security policies, including ones based on preventing the accidental spillage of sensitive data as well as stopping dangerous content. Approaches to address SaaS security to date have taken a partial view of the issues. For example, the rise in cloud access security brokers (CASB) may look at access policy, but overlook the threat vectors such as malware. In this session, learn about where evolution in SaaS security is happening, and get perspectives on why SaaS must be secured with a platform approach.

As organizations look to protect the workforce that is working away from the office, it becomes necessary to think about securing network traffic in entirely different ways. In this session, get the details on understanding GlobalProtect.

Do you have burning questions on how to provide protection to your mobile workforce? In this session, hear from our guest panelists on the decision points for today's critical security issues.

The cloud provides elasticity and coverage around the world, making it an ideal platform for deploying GlobalProtect. Learn about security innovations for automating GlobalProtect rollouts in support of cloud first initiatives for securing mobile workforces.

The AutoFocus service provides the intelligence, context and global correlation of threats to transform any organization into an advanced threat hunter. This session will highlight core AutoFocus capabilities, new innovation in the latest release, and provide an in-depth demonstration with our Unit 42 experts.

Advanced attacks have become so common that many have adopted the attitude that breaches are inevitable. Your organization is not threatened by super­human robots out to destroy your Friday night, but real ­life human beings with a family, a boss and a job to get done. The Pragmatic Adversary's tactics are often straightforward or even mundane but are overshadowed by news of more clever attacks.

Unit 42 will take you through an advanced attack campaign, starting with how they unearthed the adversary, profiled their methods, and brought to light their malicious operations. This session will provide actionable lessons for understanding the attackers targeting your company, how they operate, and how the Palo Alto Networks platform prevents their actions across the attack lifecycle.

What if you could see, and prevent, threats before they breach your organization? Cyber threat intelligence sharing has the promise of bringing organizations together, creating a community that is able to stay ahead of adversaries, as they deploy attacks across whole industries. While many leading organizations are adopting this practice, it can be fraught with both technical and policy challenges. We will share best practices, gathered from experts in the field, helping you take the first steps and share threat intelligence with your peers.

As high-profile breaches continue to make the front pages, cyberattacks are an increasingly important topic in C-Suite discussions. During this session, hear from leading incident response professionals about how to strategically respond to the most recent attack vectors and how to communicate about these attacks with non-technical executive management.

2015 saw a definitive shift in boardroom-level attention being paid to cybersecurity, bringing with it a new set of responsibilities to the CISO. During this session, hear about what makes for a strong CISO/Board relationship from both perspectives.

As Security Operations Centers continue to evolve in maturity to play an increasingly important role in managing organizational cybersecurity risk, it will be important for CISOs to ensure proper operationalization on one hand and to effectively communicate outcomes on the other. In this session hear from experienced practitioners on how to best organize this relationship in order to ensure effective management of cybersecurity risk.

Governments the world over are making cybersecurity a top policy priority, and many recent developments will have an impact on how organizations manage their own cybersecurity risks. During this session, hear from cybersecurity policy experts, including former US Cybersecurity Czar Richard Clarke, on what policy developments every CISO should be prepared for moving forward.