SUMMER INTERNSHIP REPORT ON

Palo Alto Cybersecurity

in partial fulfillment for the award of the degree

of
BACHELOR OF TECHNOLOGY
IN
ARTIFICAL INTELLIGENCE AND MACHINE LEARNING

Submitted by
BOKKA SRI VALLI
216N1A6107

Department of Artificial Intelligence and Machine Learning

SRINIVASA INSTITUTE OF ENGINEERING AND TECHNOLOGY

(Autonomous)

(2024-2025)
 SRINIVASA INSTITUTE OF ENGINEERING AND TECHNOLOGY

(UGC – Autonomous Institution)

(Approved by AICTE, Permanently affiliated to JNTUK, Kakinada, ISO 9001: 2015 certified Institution)

(Accredited by NAAC with 'A' Grade; Recognised by UGC under sections 2(f) & 12(B))

NH-216, Amalapuram-Kakinada Highway, Cheyyeru (V), Amalapuram-533216.

DEPARTMENT OF ARTIFICIAL INTELLIGENCE

AND MACHINE LEARNING

CERTIFICATE

This is to certify that B.SRI VALLI Reg. No. 216N1A6107 has completed his/her Internship
in AICTE Eduskills on Palo Alto Cybersecurity as a part of partial fulfillment of the requirement for
the Degree of Bachelor of Technology in the Department of Artificial Intelligence and Machine
Learning for the academic year 2024-2025.

Mentor Head of the Department

Principal
 TABLE OF CONTENTS

S.NO CONTENTS

1 CERTIFICATE OF INTERNSHIP

2 ACKNOWLEDGEMENT

3 ABSTARCT

4 INTERNSHIP ACTIVITES
WEEK-1

WEEK-2

WEEK-3

WEEK-4

WEEK-5

WEEK-6

WEEK-7

WEEK-8

5 RESULTS AND DISCUSSIONS

6 CONCLUSION
 ACKNOWLEDGEMENT

I would like to extend my sincere gratitude to Sarvanan Rajagopal, Training Partner Manager, APAC
Palo Alto Networks, Shri Buddha Chandrasekhar, Chief Coordinating Officer NEAT Cell, AICTE and
Dr. Satya Ranjan Biswal, Chief Technology Officer, Eduskills for their invaluable support throughout my
Palo Alto Cybersecurity Virtual Internship. This opportunity provided me with practical insights into network
security and threat analysis, significantly enhancing my technical skills and professional growth. Your leadership
was key to making this learning experience truly impactful.

I sincerely appreciate AWS Academy for the comprehensive curriculum in my Palo Alto Cybersecurity
Virtual Internship. It provided invaluable insights into network security and significantly enhanced my
technical capabilities for future challenges.

Our sincere gratitude goes to Chaitanya, our Internship Coordinator, whose constant support, valuable feedback,
andmotivating presence steered us through the challenges we encountered during the project. His leadership
played a critical role in the successful completion of our internship.

I am deeply indebted to Dr. R.Srinivas, Head of the Department, for his guidance and for ensuring we had
access tothe necessary resources and support throughout the internship. His encouragement has been a driving
force in our progress.

My sincere thanks also go to M.Sreenivasa Kumar, Principal, for providing us with the opportunity to embark
on thisjourney, as well as for the continuous support extended during this period.

Finally, I would like to express my appreciation to our College Management, faculty, lab technicians, non-
teaching staff, and friends, who have played an essential role in helping us complete the internship. Their timely
support, bothdirect and indirect, contributed greatly to our success.
 ABSTRACT

The internship report provides an overview of the Cybersecurity Virtual Internship conducted by
Palo Alto Networks, powered by Beacon. The internship offered an in-depth understanding of
cybersecurity principles, network security, and threat detection techniques. Through a series of
hands on exercises and real-world simulations, participants were introduced to industry-standard
practices for protecting digital infrastructures against cyber threats.

The PCCET (Palo Alto Networks Certified Cybersecurity Entry-level Technician)

certification is the first of its kind credential to cover foundational knowledge of industry recognized
cybersecurity and network security concepts as well as various cutting-edge advancements across all Palo
Alto Networks technologies.

As the cybersecurity landscape becomes more complex, Palo Alto Networks Education Services has
taken steps to align with industry standards following the NIST/NICE (National Institute of Standards
and Technology/National Initiative for Cybersecurity Education) workforce framework.

The program covered essential topics, including firewalls, intrusion detection systems, cloud security,
and endpoint protection, enabling participants to develop critical skills in analyzing and mitigating
security vulnerabilities.

Participants engaged in hands-on labs, exploring tools like firewalls, VPNs, and security operations
centers (SOCs) to detect, prevent, and respond to cyber threats. This report highlights the key learnings
from the internship, along with the practical applications and challenges encountered throughout the
program. It also reflects on how this experience has enriched my knowledge and prepared me for future
roles in the cybersecurity field.
 WEEK – 1,2

Introduction to Cyber Security

This course introduces the fundamentals of cybersecurity, including the concepts

needed to recognize and potentially mitigate attacks against home networks and
mission-critical infrastructure.

Topics
• Cyber Security Landscape
• Cyberattack Types
• Cyberattack Techniques
• APTs and Wi-Fi Vulnerabilities
• Security Models

Cyber Security Landscape:

The modern cyber security landscape is a rapidly evolving hostile environment

with advanced threats and increasingly sophisticated threat actors. This lesson
describes the current cyber security landscape, explains SaaS application challenges,
describes various security and data protection regulations and standards, identify cyber
security threats and attacker profiles, and explains the steps in the cyber attack
lifecycle.

Cyberattack Types:

Attackers use a variety of techniques and attack types to achieve their objectives. Malware and
exploits are integral to the modern cyberattack strategy. This lesson describes the different
malware types and properties, the relationship between vulnerabilities and exploits, and how
modern malware plays a central role in a coordinated attack against a target. This lesson also
explains the timeline of eliminating a vulnerability.
Malware Types:

Cyberattack Techniques :

Attackers use a variety of techniques and attack types to achieve their objectives.
Spamming and phishing are commonly employed techniques to deliver malware and
exploits to an endpoint via an email executable or a web link to a malicious website.
Once an endpoint is compromised, an attacker typically installs back doors, remote
access Trojans (RATs), and other malware to ensure persistence. This lesson
describes spamming and phishing techniques, how bots and botnet’s function, and
the different types of botnets.

Advanced Persistent Threats and Wi-Fi Vulnerabilities:

With the explosive growth in fixed and mobile devices over the past decade,
wireless (Wi-Fi) networks are growing exponentially and so is the attack surface for
advanced persistent threats.
Advanced persistent threats, or APTs, are a class of threats that are far more
deliberate and potentially devastating than other types of cyberattacks. APTs are
generally coordinated events that are associated with cybercriminal groups.
Security Models :
The goal of a security model is to provide measurable threat prevention through trusted
and untrusted entities. This can be a complicated process, as every security model
will have its own customizations and many variables need to be identified. This lesson
describes the core concepts of a security model and why the model is important, the
functions of a perimeter- based security model, the Zero Trust security model design
principles, and how the principle of least privilege applies to the Zero Trust security
model.
Perimeter-Based Security Model :
Perimeter-based network security models date back to the early mainframe era (circa
late 1950s),when large mainframe computers were located in physically secure
“machine rooms.” These rooms could be accessed by a limited number of remote job
entry (RJE) terminals directly connected to the mainframe in physically secure areas.

Relies on Physical Security :

Today’s data centers are the modern equivalent of machine rooms, but perimeter-
based physical security is no longer sufficient. Click the arrows for more information
about several obvious but important reasons for the security issues associated with
perimeter-based security.
 WEEK – 3,4

Fundamentals of Network Security

This training introduces someone with no prior knowledge to the fundamentals of

network security including concepts they must understand to recognize and potentially
defend home networks and mission-critical infrastructure.

Topics
• The Connected Globe
• Addressing and Encapsulation
• Network Security Technologies
• Endpoint Security and Protection

The Connected Globe :

In this lesson, we will discuss how hundreds of millions of routers deliver Transmission
Control Protocol/Internet Protocol (TCP/IP) packets using various routing protocols across
local-area networks and wide-area networks. We also will discuss how the Domain Name
System (DNS) enables internet addresses, such as www.paloaltonetworks.com, to be
translated into routable IP addresses.

In the 1960s, the U.S. defence Advanced Research Projects Agency (DARPA) created
ARPANET, the precursor to the modern internet. ARPANET was the first packet-
switched network. A packet- switched network breaks data into small blocks (packets),
transmits each individual packet from node to node toward its destination, and then
reassembles the individual packets in the correct order at the destination.

Addressing and Encapsulation :

This lesson describes the functions of physical, logical, and virtual addressing in
networking, IP addressing basics, subnetting fundamentals, OSI and the TCP/IP
models, and the packet lifecycle.

Introduction to Subnetting :

Subnetting is a technique used to divide a large network into smaller, multiple

subnetworks by segmenting an IP address into two parts: the network portion of the
address and the host portion of the address.
OSI Model and TCP/IP Protocol Layers :
The OSI model is defined by the International Organization for Standardization and
consists of seven layers. This model is a theoretical model used to logically describe
networking processes.

Network Security Technologies :

In this lesson, we will discuss the basics of network security technologies such as
firewalls, intrusion detection systems (IDSs) and intrusion prevention systems (IPSs),
web content filters, virtual private networks (VPNs), data loss prevention (DLP), and
unified threat management (UTM), which are deployed across the industry.

There are some type of technologies mentioned below:

• Legacy Firewalls
• Packet Filtering Firewalls
• Operation
• Match
Endpoint Security and Protection :
In this lesson, we will explore endpoint security challenges and solutions, including
malware protection, anti-malware software, personal firewalls, host-based intrusion
prevention systems (HIPSs), and mobile device management (MDM) software. We
will also introduce network operations concepts, including server and systems
administration, directory services, and structured host and network troubleshooting.
Endpoint Security :
In 2022, there were more than 11.5 billion internet of things (IoT) devices worldwide,
including machine-to-machine (M2M), wide-area IoT, short-range IoT, massive-and-
critical IoT, and multi- access edge computing (MEC) devices. Traditional endpoint
security encompasses numerous security tools

Endpoint Protection :

Advanced malware and script-based attacks can bypass traditional antivirus solutions
with ease and potentially wreak havoc on your business.

Secure the Enterprise :

The networking infrastructure of an enterprise can be extraordinarily complex. The
Palo Alto Networks prevention-first security architecture secures enterprises'
perimeter networks

Prevention-First’ Architecture :
Simplifying your security posture allows you to reduce operational costs and
infrastructure while increasing your ability to prevent threats to your organization.
Next-Generation Firewall :
The Palo Alto Networks Next-Generation Firewall is the foundation of our product
portfolio. The firewall is available in physical, virtual, and cloud-delivered
deployment options
 WEEK – 5,6

Fundamentals of Cloud Security

This training introduces the viewer to the fundamentals of cloud security,

including concepts they must understand to recognize threats and potentially
defend data centers, public/private clouds, enterprise networks, and small
office/home office (SOHO) networks from cloud- based attacks.

Topics :
• Cloud Computing
• Cloud Native Responsibilites
• Cloud Native Technologies
• Four C’s

Cloud Computing :
The move toward cloud computing not only brings cost and operational benefits but
also technology benefits. Data and applications are easily accessed by users no matter
where they reside, projects can scale easily, and consumption can be tracked
effectively.

Definition:
Cloud computing is not a location but rather a pool of resources that can be rapidly
provisioned in an automated, on-demand manner. Read the quote below for the
definition of cloud computing according to the U.S. National Institute of Standards
and Technology.
Cloud Computing Ecosystem :
The cloud computing ecosystem consists of service models, deployment models,
responsibilities, and security challenges.
Service Models, Deployment Models, and Responsibilities :
Virtualization is a critical component of a cloud computing architecture that, when
combined with software orchestration and management tools that are covered in this
course, allows you to integrate disparate processes so that they can be automated,
easily replicated, and offered on an as-needed basis.
Cloud Security Responsibilities :
In general terms, the cloud provider is responsible for security of the cloud, including
the physical security of the cloud data centers, and foundational networking, storage,
compute, and virtualization services.

Cloud Native Technologies :

Like a new universe, the cloud native ecosystem has many technologies and projects
quickly spinning off and expanding from the initial core of containers.
A useful way to think of cloud native technologies is as a continuum spanning
from virtual machines (VMs) to containers to serverless. On one end are
traditional VMs operated as stateful entities, as we’ve done for over a decade now.
On the other are completely stateless, serverless apps that are effectively just
bundles of app code without any packaged accompanying operating system (OS)
dependencies.
Cloud Native Security :
The speed and flexibility that are so desirable in today’s business world have led
companies to adopt cloud technologies that require not just more security but new
security approaches.

In the cloud, you can have hundreds or even thousands of instances of an application,
presenting exponentially greater opportunities for attack and data theft.

The Four Cs of Cloud Native Security :

The CNCF defines a container security model for Kubernetes in the context of cloud
native security. Each layer provides a security foundation for the next layer.
Cloud :
The cloud (and data centers) provide the trusted computing base for a Kubernetes
cluster. If the cluster is built on a foundation that is inherently vulnerable or configured
with poor security controls, then the other layers cannot be properly secured.
Clusters:

Securing Kubernetes clusters requires securing both the configurable cluster components and
the applications that run in the cluster.

Containers :
Securing the container layer includes container vulnerability scanning and OS
dependency scanning, container image signing and enforcement, and
implementing least privilege access.

Code :
The application code itself must be secured. Security best practices for securing code
include requiring TLS for access, limiting communication port ranges, scanning
third-party libraries for known security vulnerabilities, and performing static and
dynamic code analysis.
 WEEK-7,8

Fundamentals of SOC (Security Operation Center)

The Fundamentals of Security Operations Centre training is a high-level introduction to

the general concepts of SOC and SecOps. This lesson provides an overview of the
Security Operations framework.
Topics :

• Fundamentals of SOC
• Day in the Life of a SOC Analyst
• Employee Utilization
• SOAR

Fundamentals of SOC :
The Fundamentals of Security Operations Centre training is a high-level introduction to the
general concepts of SOC and SecOps. It will introduce the Security Operations framework, people,
processes, and technology aspects required to support the business, the visibility that is required
to defend the business, and the interfaces needed with other organizations outside of the SOC.

Day in the Life of a SOC Analyst :

A SOC analyst on the Security Operations team and it is his job to triage alerts to
determine if there is a security threat. Before Erik starts his job, he will need to
understand the general concepts of SOC and SecOps, and the business goals. Erik
will need training and support from the people he interacts with on a daily basis. While
mitigating threats, Erik will need to know the processes to follow, the teams he will
be interacting with, and the technology he will be using to gain visibility into the
network.

Employee Utilization:
Methods should be developed to maximize the efficiency of a Security Operations team
specific to the existing staff. Security Operations staff are prone to burnout due to
console burn out and extreme workloads. To avoid this, team members should be
assigned different tasks throughout the day. These tasks should be structured and may
include:
 • Shift turnover stand up meeting (beginning of shift)

• Event triage

• Incident response

• Project work

• Training

• Reporting

• Shift turnover stand-up meeting( end to shift)

Training :
Proper training of staff will create consistency within an organization. Consistency
drives effectiveness and reduces risk. Use of a formal training program will also enable
the organization to bring on new staff quickly. Some organizations resort to on-the-job
or shadow training for new hires, which is not recommended on its own. While
shadowing other analysts during initial employment in the SOC is important, it should
not be the only means of training.

Technology :
The beginning of our scenario has been mitigated. Erik now needs to work with SOC team members
and other teams to determine if the current network technology can be used to automate a process
or response to automatically remediate this issue, or similar issues that may arise. The
Technology pillar includes tools and technology to increase our capabilities to prevent or greatly
minimize attempts to infiltrate your network.

SOAR :
Scale is one of the biggest challenges for SOCs. We stepped through each pillar to
mitigate a threat, but while Erik was working on one threat, alerts and incidents
continued to pour in. The number of incidents that each member of the SOC team must
respond to is greater than what can be managed through human intervention.
The only reasonable long-term solution is to empower existing resources with a
combination of innovative orchestration, artificial intelligence, and machine learning
technologies to automate many of the manual processes that a SOC team faces each
data.
RESULTS:

Firewall Configuration and Management: One of the primary hands-on activities was
configuring Palo Alto Networks firewalls. Participants learned how to manage firewall rules,
monitor traffic, and secure networks from potential threats. This exercise improved my
understanding of traffic control, packet filtering, and creating security policies.
Threat Detection and Mitigation: The internship involved working with Security Information
and Event Management (SIEM) systems to identify, analyze, and respond to security incidents. I
developed skills in threat hunting, using logs to detect anomalies, and implementing mitigation
strategies to counter real-time attacks.
Endpoint Security: Practical exercises emphasized securing endpoints using tools like Global
Protect. Participants were introduced to key strategies for protecting systems from malware,
phishing, and other forms of cyberattacks, highlighting the importance of endpoint security in
protecting an organization’s overall network.
Cloud Security Fundamentals: The internship covered cloud security and best practices for
securing cloud environments. Through exercises on virtualized infrastructure, I gained insights
into how cloud based applications and services are secured from various types of threats,
particularly focusing
Incident Response: A significant part of the internship focused on incident response
workflows, where participants practiced responding to simulated cyberattacks. This
process involved identifying the breach, containing it, and implementing remediation
actions.
DISCUSSIONS:
The internship provided practical experience with real-world cybersecurity scenarios,
which enhanced my theoretical knowledge with hands-on learning. The configuration
and management of firewalls improved my technical skills, while the exercises in
threat detection and response allowed me to understand how cybersecurity teams
operate in a corporate setting.

While working on the exercises, I encountered some challenges, particularly in

analyzing complex network traffic patterns and distinguishing between false positives
and real threats. This experience highlighted the importance of continual learning in
cybersecurity, as the landscape is constantly evolving with new types of attacks and
vulnerabilities.

The cloud security module was particularly valuable, as more organizations are
adopting cloud services, and understanding cloud security fundamentals is crucial
for protecting these environments. The insights gained from these exercises have
prepared me to handle future cybersecurity challenges with confidence. Overall, the
internship not only helped develop technical skills but also improved problem-
solving abilities, critical thinking, and the ability to respond effectively to
cybersecurity incidents.
CONCLUSION:

The Cybersecurity Virtual Internship provided by Palo Alto Networks, powered by Beacon,
has been a highly rewarding and educational experience. The internship offered a solid
foundation in key cybersecurity principles, including network security, threat detection,
firewall configuration, incident response, and cloud security. Through a combination of
theoretical knowledge and practical, hands-on exercises, I gained valuable insights into real-
world cybersecurity challenges and how to effectively address them. These experiences have
deepened my understanding of how modern organizations protect themselves from a constantly
evolving threat landscape.
The structured approach of the internship helped me apply theoretical concepts to real-world
scenarios, improving my problem-solving abilities and technical proficiency. Furthermore, the
exposure to both network security and cloud environments has prepared me to tackle the
cybersecurity challenges of today’s increasingly connected digital world.
The experience of configuring firewalls, analyzing network traffic, and mitigating cyber threats
has enhanced both my technical skills and my understanding of how cybersecurity teams
operate to protect organizations from evolving threats. Additionally, the cloud security and
endpoint protection modules have prepared me for the increasing shift towards cloud-based
infrastructures and remote working environments.
Overall, this internship has strengthened my cybersecurity knowledge, sharpened my problem-
solving abilities, and increased my readiness to contribute to the cybersecurity industry. In
conclusion, this
internship has been a transformative learning experience, equipping me with the tools and
confidence to further pursue opportunities in cybersecurity. I am now better prepared to
contribute to the field and face emerging threats with a proactive and informed approach.