* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/corporate/)
* [Announcement](https://origin-researchcenter.paloaltonetworks.com/blog/category/announcement/)
* Palo Alto Networks Secure...

# Palo Alto Networks Secures Black Hat from Itself

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2023%2F07%2Fsecure-black-hat-from-itself%2F)  
[](https://twitter.com/share?text=Palo+Alto+Networks+Secures+Black+Hat+from+Itself&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2023%2F07%2Fsecure-black-hat-from-itself%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2023%2F07%2Fsecure-black-hat-from-itself%2F&title=Palo+Alto+Networks+Secures+Black+Hat+from+Itself&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/2023/07/secure-black-hat-from-itself/&ts=markdown)  
\[\](mailto:?subject=Palo Alto Networks Secures Black Hat from Itself)  
Link copied  
By [Jason Reverri](https://www.paloaltonetworks.com/blog/author/jason-reverri/?ts=markdown "Posts by Jason Reverri")  
Jul 25, 2023  
5 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)  
[Black Hat](https://www.paloaltonetworks.com/blog/tag/black-hat/?ts=markdown)  
[NOC](https://www.paloaltonetworks.com/blog/tag/noc/?ts=markdown)  
[SOC](https://www.paloaltonetworks.com/blog/tag/soc/?ts=markdown)

Founded by Jeff Moss in 1997, the Black Hat conference has grown considerably. Since its inception, it has gone from a maverick event that gave attendees a glimpse into the hacker mindset, to a global event series held in Europe, Asia and the Middle East. It has evolved into the ["intersection of network security and hacker ingenuity... where the establishment and the underground are equally at home."](https://www.google.com/url?q=https://www.blackhat.com/html/bh-about/about.html&sa=D&source=docs&ust=1690224685486776&usg=AOvVaw0AHSYd9prtaKhnvs1ntbFR)

The network and security operations center (NOC/SOC) at the [Black Hat USA Conference](https://www.blackhat.com/us-23/) serves the critical role of ensuring that the conference's entire network is running smoothly and efficiently, as well as detecting and responding to any security threats. Black Hat can be an attractive target for threat actors looking for the infamy associated with disrupting the conference or stealing personally identifiable information (PII) from attendees.

To thwart attacks from both internal attendees and external actors, Black Hat partners with a select group of cybersecurity organizations. Each partner serves a different function to provide solutions that work together to establish and defend a stable and well-protected network. For example, Black Hat features some of the top training in the world with students eager to try out the latest attack techniques on *live targets* . In addition, Palo Alto Networks Next-Generation Firewalls (NGFWs) isolate that activity from the rest of the network\*.\*

## Trusted Partner of Black Hat

As a trusted partner, Palo Alto Networks has officially supported Black Hat 18 times over the last six years at their conferences around the world. At this year's Black Hat USA, we are providing three functions within the NOC/SOC:

1. We will provide network firewall services, including full layer 3 dynamic routing, proper network segmentation/isolation and protection of the Black Hat owned infrastructure from any network-based attacks.
2. We'll collaborate with other vendors to provide threat hunting and threat context of traffic to help the NOC team determine appropriate courses of action.
3. We will exclusively provide the NOC with security orchestration, automation and response (SOAR) with a wide range of automation and integration with the different products used by the NOC.

A significant portion of the Palo Alto Networks products portfolio is used to provide these services. [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr) provides visibility and reporting for threat hunters and NOC guests. Our PA-5280 [NGFWs](https://www.paloaltonetworks.com/network-security/next-generation-firewall-hardware) will be deployed in High Availability, protecting Black Hat owned systems and internal infrastructure. The firewalls also provide network App-ID visibility and CDSS alert profiles on the entire network.
![The NOC dashboard at Black Hat.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/07/noc-1.png)
A view of the NOC.

Our threat hunters will leverage dedicated NGFWs enabled with the [CDSS](https://www.paloaltonetworks.com/network-security/security-subscriptions) suite:

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention) to detect network attacks, defend against vulnerabilities, detect malleable C2 and zero day SQLi, as well as CMDi attacks.
* [DNS Security](https://www.paloaltonetworks.com/network-security/dns-security) to identify bad Domains and detect threats, which leverage DNS as a vector.
* [Advanced URL](https://www.paloaltonetworks.com/network-security/advanced-url-filtering)to identify malicious URLs and detect threats, which leverage HTTP(s).
* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire) to identify malicious files.
* [IoT security](https://www.paloaltonetworks.com/network-security/enterprise-device-security) to identify the target/source device types used in incident response prioritization.

All the NGFWs and services will be monitored using our [Panorama](https://www.paloaltonetworks.com/network-security/panorama) Network Security Management M-300. Panorama also provides log access to threat hunters, including other vendor's teams.

[Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar) is key to the NOC automation workflows and integrations with the other products supporting the Black Hat team. XSOAR is connected to the other partners operating in the NOC, such as Artista, the wireless LAN vendor. It is also paired with threat intelligence from Palo Alto Networks and the other vendors in the SOC. XSOAR playbooks are used to automatically provide context and enrichment to any incidents that occur, then progress the incidents to investigation and closure.

XSOAR also changes automation processes based on how the Black Hat infrastructure is segmented. This means incidents originating from training classrooms are treated differently and with lower priority compared to live attacks sent from the internet towards the external perimeter of the environment or the registration network, which are a much higher priority.

## Black Hat's Infrastructure Is a Target

As one of the largest cybersecurity conferences in the world, Black Hat has some of the most talented researchers attending and speaking about their projects, who oftentimes highlight new attack techniques and vulnerabilities. Over the years, we have seen attendees immediately test these attacks on the network. They even attempt to attack fellow attendees or the conference infrastructure. This is an excellent example of what organizations face today: Attackers don't need much time to find ways to abuse a software bug. The conference focuses on the learning and education of advanced attack and defense techniques. With the partners in the NOC, this can happen without being disruptive to all the attendees, effectively protecting Black Hat from itself.

The Palo Alto Networks threat hunting team is in the NOC, actively reporting credible threats to the Black Hat team, specifically attacks against the registration and internal infrastructure. Based on this threat intel, the Black Hat staff is able to leverage a Cortex XSOAR slack integration to instantly block bad actors through address tagging on the firewall. The team works in close collaboration with the other NOC partners: Arista, Cisco, Corelight, Lumen and Netwitness.
![The black hat USA NOC team.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/07/word-image-299089-2.png)
The Black Hat NOC team in 2022.

To see this NOC team in action, the Black Hat NOC will be streamed live via the conference Twitch channel, or you can visit and tour the [NOC on-site](https://www.blackhat.com/us-23/noc.html). With the help of partners like Palo Alto Networks, Black Hat is able to provide a strong network and security infrastructure that allows attendees to focus on learning and networking without worrying about their cybersecurity.

For more information about Palo Alto Networks cybersecurity solutions and its support of the Black Hat NOC, visit our Booth #1332 and watch the [live feed of the NOC](https://www.twitch.tv/blackhatnoc.) during the conference.

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Event](https://www.paloaltonetworks.com/blog/category/event/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)

[#### Palo Alto Networks Helps Secure Black Hat Asia 2025](https://origin-researchcenter.paloaltonetworks.com/blog/2025/03/secure-black-hat-asia-2025/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Incident Response](https://www.paloaltonetworks.com/blog/category/incident-response/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com)

[#### Introducing Unit 42 Managed XSIAM 2.0](https://origin-researchcenter.paloaltonetworks.com/blog/2026/02/introducing-unit-42-managed-xsiam-2-0/)

### [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)

[#### Security Operations Under Fire Inside Black Hat's NOC](https://origin-researchcenter.paloaltonetworks.com/blog/2025/09/security-operations-inside-black-hats-noc/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Application Security](https://www.paloaltonetworks.com/blog/cloud-security/category/application-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Introducing Cortex Cloud --- The Future of Real-Time Cloud Security](https://origin-researchcenter.paloaltonetworks.com/blog/2025/02/announcing-innovations-cortex-cloud/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)

[#### What's New in Cortex: The Latest Innovations for the World's #1 SecOps Platform (Feb '25 Release)](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/whats-new-in-cortex-the-latest-innovations-for-the-worlds-1-secops-platform-feb-25-release/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Cortex Copilot - Another Step Forward in SOC Transformation](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/cortex-copilot-another-step-forward-in-soc-transformation/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language