Unit 42 and Crypsis Combine to Offer Threat Intel, Incident Response

This post is also available in: 日本語 (Japanese)

What if your most trusted source of threat intelligence was also your most trusted security advisor? What if this advisor could assist you with every element of security, giving you the intelligence, advice, tools and assistance needed to protect your organization holistically? What if they could turn the latest discoveries from security incidents into new product updates in hours or even minutes?

All this is a reality at Palo Alto Networks. Today at Cortex Symphony 2021, we announced that we're bringing together our world-renowned Unit 42 threat researchers with our elite team of Crypsis security consultants to create an intelligence-driven organization that is ready for response.

The image shows the Crypsis and Unit 42 logos and how they've merged into the new Unit 42 - "Intelligence driven, response ready." The combination brings together threat intelligence and incident response.

The new Unit 42 organization will serve as a trusted partner to our clients before, during and after a breach. Going forward, Unit 42 will not only continue to deliver industry-leading threat intelligence to the security community but also expand its portfolio by providing a range of security consulting offerings, including incident response, proactive assessments, risk and compliance and board advisory services.


I am so honored to be here at Palo Alto Networks at this time to lead the Unit 42 organization and all its brilliant and knowledgeable security experts. My experience building the incident response and threat intelligence groups at Mandiant, CrowdStrike and IBM has helped prepare me to develop at Palo Alto Networks what is by far the most exceptional team yet.

Let’s take a look at two of the most capable teams in cybersecurity and how they combine to make up the new Unit 42.


Averting Crises With Our Elite Security Consultants

The Crypsis Group was founded six years ago by a team of security and forensics experts with the goal of creating a more secure digital world. They fulfill this mission every day by enabling clients to protect against, contain and recover from breaches.

Now a part of Palo Alto Networks, Crypsis is a formidable force in incident response and risk management. The Crypsis team of over 140 elite security consultants respond to more than 1,300 incidents a year, including some of the world’s most complex cyberattacks. They deliver an array of proactive services to strengthen clients’ security posture, uncover gaps in defenses and improve readiness. Their work reduces the risk of a breach and keeps clients from making news headlines for all the wrong reasons.


Mitigating Threats With Our World-Renowned Threat Researchers

Founded in 2014, the Unit 42 team quickly established themselves as a premier threat intelligence organization by bringing their research and analysis of cyberthreats to the world. Named as a reference to the number 42 in the comedic science fiction novel “The Hitchhiker’s Guide to the Galaxy,” Unit 42 has focused on providing "the Answer to the Ultimate Question of Life, the Universe and Everything" for cyberthreats.

Since its inception, Unit 42 has focused on arming the security community with in-depth insights into adversaries’ tactics, techniques and procedures. Unit 42 experts analyze threat data globally and deliver actionable guidance in the form of threat reports, threat assessments, research-driven blogs and much more. They collaborate with Palo Alto Networks product developers to update our products to stop fast-moving attacks. They also communicate with partners in the federal and international intelligence community, providing visibility into emerging threats long before they’re publicly disclosed, but always sharing their research discreetly and responsibly.


Uniting Threat Intelligence and Incident Response With a Shared Focus to Protect Clients From Cybercrime

Our combined Unit 42 threat intelligence and incident response team brings decades of experience, deep security expertise and a relentless passion to identify and root out threat actors and make the world a safer place.

Over the past six months, we’ve worked to integrate our threat researchers and incident responders. They collaborated with our product developers when the SolarStorm attack came to light, publishing guidance to the security community, introducing a rapid response program and bolstering our product defenses to stop SolarStorm, variants and imitators. Likewise, our threat researchers and incident responders partnered to mitigate threats such as the Microsoft Exchange Server exploits and to reveal the latest ransomware risks and trends in the 2021 Unit 42 Ransomware Threat Report.

Working as one integrated Unit 42 team, they can accomplish so much more.

  • Our threat researchers can truly operationalize their findings by continuously sharing the latest attack techniques with our incident responders.
  • The product development teams can incorporate powerful forensics capabilities into tools such as Cortex XDR.
  • Our incident responders can share new attack techniques discovered during real-life investigations to broaden our collective threat intelligence.

Threat intelligence and incident response and proactive services interact with Palo Alto Networks products, as shown in the image. This leads to prompt security updates, the sharing of observed attacker techniques and indicators of compromise, and swift data collection for investigations.

With threat intelligence and incident response combined, our new Unit 42 team can deliver a powerful set of services that enable you to respond to threats more rapidly than ever before. Moreover, Unit 42 plans to introduce a new lineup of proactive services that closely complement Palo Alto Networks product offerings. We expect to expand our incident response service to more regions around the globe, including Asia, Europe and the Middle East. With our integrated team and new capabilities, we cannot wait to work with you to win the fight against cybercrime! Contact us to get started.

To learn more about the new Unit 42 organization as well as the latest Cortex news, join us over the next two days at Cortex Symphony 2021. You can attend the must-see summit to hear SecOps best practices from your peers at organizations including Pfizer, Schlumberger, the California Highway Patrol and NTT.