The home of developer docs at

I know what this must look like — yet another blog article on how Large Language Models (LLMs) will revolutionize the world and guarantee human obsolescence (or extinction?!). To be fair, this isn’t the first time I’ve written about AI or automating one’s self out of a job, but I have to admit it feels different this time around. Maybe it’s all the Sci-Fi I’ve consumed in my lifetime? Maybe it’s our collective tendency to anthropomorphize animals/things that only very slightly remind us of ourselves? Whatever is the case with LLMs, (as you’ve probably already guessed) I am not really here to sing their praises. Don’t get me wrong, I am absolutely blown away by their demonstrated mastery of language, but I can’t help but be leery of how that mastery was attained or how vulnerable we are as a society to that “mastery” being exploited for nefarious purposes.

To reiterate from the previous post, on the Black Hat conference network we are likely to see malicious activity, in fact it is expected. As the Black Hat leadership team say, occasionally we find a “needle in a needlestack”, someone with true malicious intent. But how do you go about finding malicious activity with real intent within a sea of offensive security demonstrations and training exercises?

It’s been called one of the most dangerous networks in the world, and there are many good reasons why each Black Hat conference has its own IT infrastructure built from the ground up.

A Cloud NGFW resource provides next-generation firewall capabilities for your Amazon VPC traffic. This resource has built-in resiliency, scalability, and lifecycle management. In the previous parts of this blog series, we covered firewall-as-code and policy-as-code aspects of Cloud NGFW using Terraform(1), Cloud Formation(2), and Cloud Control CLI(3). In this part, we will explore the policy-as-code aspects of Cloud NGFW when using Palo Alto Networks Panorama to author security policy rules.

A Cloud NGFW resource provides next-generation firewall capabilities for your VPC traffic. This resource has built-in resiliency, scalability and lifecycle management. In the previous blog, we discussed activating Palo Alto Networks Cloud NGFW CloudFormation extensions and using CloudFormation templates to provision Cloud NGFW resources. In this blog, we will discuss using AWS CloudControl CLI to provision Cloud NGFW resources.

A Cloud NGFW resource provides next-generation firewall capabilities for your VPC traffic. This resource has built-in resiliency, scalability and lifecycle management. In the last blog, we covered the firewall-as-a-code and policy-as-a-code aspects of Cloud NGFW using Terraform. In this blog, we will discuss the same aspects using AWS Cloud Formation.

We released the first version of VM-Series Terraform modules v0.1.0 for Azure back in April 2021. We have come a long way since, from extending coverage for AWS and GCP to releasing 67 versions combined. At the time of writing this article, we have over 133k downloads from the Terraform Registry alone.

With over 100+ microservices deployed in production to power the Prisma Cloud Platform at Palo Alto Networks, we have had to deal with some basic reality checks as we grew the business from $XM to $XXXM in 3+ years going from tens to thousands of customers.

This is all true. It seems obvious when you think about code written in one of the general-purpose languages. A developer can even almost naturally assign a particular test to the requirements mentioned above: code standards — static code analysis, reliability — unit/integration testing, etc. Yet, this is not so obvious when you switch to declarative languages and tools such as HCL and Terraform, or in general, when talking about testing Infrastructure as Code. The image gets blurry, and you suddenly end up in a situation where testing one line of code means deploying a whole costly infrastructure.

I know what this must look like — yet another blog article on how Large Language Models (LLMs) will revolutionize the world and guarantee human obsolescence (or extinction?!). To be fair, this isn’t the first time I’ve written about AI or automating one’s self out of a job, but I have to admit it feels different this time around. Maybe it’s all the Sci-Fi I’ve consumed in my lifetime? Maybe it’s our collective tendency to anthropomorphize animals/things that only very slightly remind us of ourselves? Whatever is the case with LLMs, (as you’ve probably already guessed) I am not really here to sing their praises. Don’t get me wrong, I am absolutely blown away by their demonstrated mastery of language, but I can’t help but be leery of how that mastery was attained or how vulnerable we are as a society to that “mastery” being exploited for nefarious purposes.

To reiterate from the previous post, on the Black Hat conference network we are likely to see malicious activity, in fact it is expected. As the Black Hat leadership team say, occasionally we find a “needle in a needlestack”, someone with true malicious intent. But how do you go about finding malicious activity with real intent within a sea of offensive security demonstrations and training exercises?

It’s been called one of the most dangerous networks in the world, and there are many good reasons why each Black Hat conference has its own IT infrastructure built from the ground up.