* [Blog](https://www.paloaltonetworks.com/blog) * [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/) * [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem/) * Mitigate Cloud Breaches W... # Mitigate Cloud Breaches With a Holistic Approach to Cloud Identity and Access [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fdefense-in-depth-cloud-identity-security%2F) [](https://twitter.com/share?text=Mitigate+Cloud+Breaches+With+a+Holistic+Approach+to+Cloud+Identity+and+Access&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fdefense-in-depth-cloud-identity-security%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fdefense-in-depth-cloud-identity-security%2F&title=Mitigate+Cloud+Breaches+With+a+Holistic+Approach+to+Cloud+Identity+and+Access&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/defense-in-depth-cloud-identity-security/&ts=markdown) \[\](mailto:?subject=Mitigate Cloud Breaches With a Holistic Approach to Cloud Identity and Access) Link copied By [John Chavanne](https://www.paloaltonetworks.com/blog/author/john-chavanne/?ts=markdown "Posts by John Chavanne") Jul 03, 2023 10 minutes [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem/?ts=markdown) [Cloud Security](https://www.paloaltonetworks.com/blog/tag/cloud-security/?ts=markdown) [defense in depth](https://www.paloaltonetworks.com/blog/tag/defense-in-depth/?ts=markdown) [IAM](https://www.paloaltonetworks.com/blog/tag/iam/?ts=markdown) [Secrets](https://www.paloaltonetworks.com/blog/tag/secrets/?ts=markdown) [threat research](https://www.paloaltonetworks.com/blog/tag/threat-research/?ts=markdown) There's no hiding from it. Cloud data breaches are on the rise. Threat actors are more prevalent and sophisticated. And the stakes for organizations across all industries remain high. In this post I'll walk you through recent cloud threat data from Unit 42's [Cloud Threat Report, Volume 7: Navigating the Expanding Attack Surface](https://start.paloaltonetworks.com/unit-42-cloud-threat-report-volume-7.html). With a focus on identities and access management (IAM), I'll build on that info to demonstrate how identity-based attacks happen. I'll then show you how to establish a defense-in-depth approach to help your organization reduce your risks and stop breaches before they happen. ## Cloud Breaches and Oversights in the Cloud Let's look at two breaches analyzed in the Unit 42 report as they break down the [MITRE ATT\&CK Cloud Matrix](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix?ts=markdown) tactics, techniques and procedures (TTPs). The order of tactics corresponds to the paths of each attack. #### Incident \#1: Sim-Swap Scam ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/06/word-image-297038-1.png) Figure 1: SIM swap incident #### Incident \#2: Cryptojacking Attack ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/06/word-image-297038-2.png) Figure 2: Cryptojacking botnet incident When evaluating these incidents, we see common identity and access issues. Below, you'll find more details on the incidents, as well as key findings from the 1,300 organizations mapped to these security issues in the Unit 42 report. ### Issue 1: Hard-Coded Credentials \*\*Incident #1:\*\*Credential leak in source control management (SCM) --- Attacker uncovered 10 access keys belonging to four different cloud accounts. **Incident #2**: Credential leak in virtual machine (VM) --- Attacker exfiltrated temporary credentials associated with the VM instance. The threat actor also enumerated and viewed all the VM instances' user data. A hard-coded GitHub credential in one VM instance's user data allowed the threat actor to access the source code repositories for the entire company. **Key Findings**: * 83% of organizations have hard-coded credentials in their source control management systems * 85% of organizations have hard-coded credentials in virtual machines' user data ### Issue 2: Weak Authentication and Unauthorized Access **Incident #1:** Two new users were created to impersonate valid employees. **Incident #2:** Threat actor created a backdoor IAM role that allowed access from an attacker-controlled account. **Key Findings:** * 76% of organizations don't require [multifactor authorization (MFA)](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication?ts=markdown) for console users. * 58% of organizations don't enforce symbols in passwords. ### Issue 3: Overly Permissive Access Leading to Lateral Movement and Privilege Escalation **Incident #1:** One access key with the AWS IAMFullAccess role allowed the threat actor to create new users in the compromised account. This allowed attackers to perform reconnaissance and move laterally with ease. **Incident #2:** The threat actor cloned all the repositories and scanned for more credentials. A cloud access key hard-coded in a continuous integration, continuous delivery (CI/CD) automation script granted the attacker administrator permissions. **Key Findings** ([Cloud Threat Report Volume 6](https://www.paloaltonetworks.com/resources/research/unit-42-cloud-threat-report-volume-6?ts=markdown)) * 66% of organizations use access keys for more than 90 days. * 99% of permissions granted are inactive. As shown, organizations face the same risks observed in the two cloud breaches, indicating a high likelihood of remaining vulnerable to these and similar security incidents. Let's look at recommendations for mitigation and how Prisma Cloud can help you take a defense-in-depth approach to effectively eliminate these attack paths. ## Mitigation Steps for Hard-Coded Credentials **Step 1: Enable secrets scanning across the development lifecycle, especially as far left as possible.** Strong risk prevention demands secret scanning. Why? Because once code is committed into a repository, it's immutable and part of git history. Even if you make a new commit that removes the hard-coded secret, it's still searchable. Threat actors have tools that automatically search for this info. Additionally, if you only scan at runtime, you only temporarily remove the risk. The same secret stored in an image or code can repeatedly get pushed into running workloads. To ensure you properly mitigate these risks, Prisma Cloud gives you end-to-end [secrets scanning](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-code-security/scan-monitor/secrets-scanning). By scanning for and even blocking (i.e., block merge at the pull request level), you can address exposed secrets and credentials across the development lifecycle, including: 1. Developer's IDE (integrated development environment) 2. Source control management systems (both pre-merge and in repo) 3. [CI/CD pipelines](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security?ts=markdown) 4. Image repositories 5. Running compute resources such as VMs, containers, and functions ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/06/word-image-297038-3.png) Figure 3: Example of Prisma Cloud secrets scanning surfacing exposure at IDE, in a pull request, and findings sent to Prisma Cloud console **Step 2: Scan cloud data stores for exposed secrets and credentials.** Developers and practitioners often save information in cloud storage buckets. This practice creates an additional target for threat actors to find and gain access to secrets and other sensitive data. You can scan and surface this info, however, with Prisma Cloud's DLP [cloud data security](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-data-security) capabilities. **Step 3: Alert on anomalous credential usage.** If an attacker successfully exfiltrates cloud credentials from the VM --- a common step once an attacker has gained access to a machine --- Prisma Cloud can alert on the use of those credentials outside the VM. ## Mitigation Steps for Weak Authentication and Unauthorized Access **Step 1: Enable MFA for all console logins and APIs.** It should go without saying --- enabling MFA for all console logins and APIs is a critical best practice. If you haven't already implemented, you should do so immediately for all your Identities. **Step 2: Scan runtime and IaC configurations to enforce MFA and password policies across organizations.** Prisma Cloud helps identify MFA misconfigurations across [cloud service providers (CSPs)](https://www.paloaltonetworks.com/cyberpedia/cloud-service-provider?ts=markdown). It supports runtime and build time policies when using IaC, such as Terraform or CloudFormation, to configure MFA settings. Prisma Cloud can also equip you to block non-compliant MFA configurations at build time and/or auto-remediate issues at runtime. **Step 3: Adopt federated authentication with tools such as Okta and Azure Active Directory.** Prisma Cloud provides direct integration with common identity provider (IdP) services to give you full visibility and control across your cloud providers. What's more, Prisma Cloud can find users created outside your IdP service so you can remove or migrate them when needed. **Step 4: Alert on anomalous login and other unusual user behaviors.** Prisma Cloud provides out-of-the-box [user and entity behavior analytics (UEBA)](https://www.paloaltonetworks.com/cyberpedia/what-is-user-entity-behavior-analytics-ueba?ts=markdown) anomalous policies for the range of atypical activities --- from account hijacking to excessive login failures --- and will immediately alert you to suspicious behavior occurring in your cloud environments. ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/06/word-image-297038-4.png) Figure 4: Example of some of Prisma Cloud's anomaly policies **Step 5: Block unauthorized access on public-facing workloads.** In the case of AWS, configuring IMDSv2 alone won't prevent someone from accessing credentials from AWS's metadata service if the VM is compromised. When utilizing public-facing workloads, the use of an agent becomes critical. Prisma Cloud's agents can automatically block unauthorized access and secure the credentials from threats both at runtime and at the application layer. Prisma Cloud provides this level of security for any type of workload --- including VMs, containers, and serverless functions. ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/06/word-image-297038-5.png) Figure 5: Example of a simple curl command (in this case Azure) to access a CSPs metadata service where credentials are commonly stored and that attackers target (as observed in breach example 2 above). Example Prisma Cloud runtime check that PREVENTs this type of unauthorized access ## Mitigation Steps for Overly-Permissive Access Leads to Lateral Movement and Privilege Escalation **Step 1: Enforce key rotation policies and enable monitoring.** CSPs have improved their authentication capabilities in the last few years, now offering better temporary credential options, for example. Organizations should use these features when possible. Data tells us, though, that organizations struggle to migrate to and enforce use of these best practices, neglecting to rotate credentials and remove inactive identities --- both of which leave doors open to attackers. Prisma Cloud's out-of-the-box policies alert on inactive identities and access keys that haven't been used in 90 days, among other red flags. It also offers the ability to create custom policies to suit your organization's needs. **Step 2: Adopt cloud infrastructure entitlement management (CIEM) capabilities to calculate risky and unused permissions across your environment.** Implementing the Zero Trust model goes hand in hand with defense in depth, both ensuring you effectively secure the frontline and backdoors of your application lifecycle. [Prisma Cloud's CIEM](https://www.paloaltonetworks.com/prisma/cloud/cloud-infrastructure-entitlement-mgmt?ts=markdown) capabilities deliver simple, consistent IAM across Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP). By accurately calculating net-effective permissions, Prisma Cloud helps you understand your multicloud identity risk --- including identities managed with IdPs and SSO tools, such as Azure AD and Okta. To help enforce least-privileged access, Prisma Cloud provides you with recommendations to remove unused permissions. Users can also leverage automated remediation to rightsize permissions on an ongoing basis. ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/06/word-image-297038-6.png) Figure 6: Prisma Cloud IAM permissions graph ## Findings and Recommendations To avoid areas of weakness that allow threat actors to steal your credentials and gain unauthorized access, consider creating a strategy that works toward end-to-end visibility, risk prevention and runtime protection to secure identity and access issues across all stages and areas of your cloud environments. Prisma Cloud is designed to make that possible. ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/06/word-image-297038-7.png) Figure 7: A strategic end to end approach to secure identities and access across all stages and areas of your cloud environments. ## Going Beyond Identity and Access: Context Is King To accurately prioritize risks, you need to evaluate your identity and access issues in context of big-picture details, such as internet exposure, data exposure, critical and high vulnerabilities and anomalous activity. Only with full data context can you analyze your attack paths well enough to understand your risks and immediately mitigate your most crucial issues. Prisma Cloud has robust cloud data context through complete visibility across the development lifecycle. This, coupled with powerful threat intelligence, gives organizations extremely accurate anomaly detection, along with network threat and vulnerability data to maximize contextualization of your risks. ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/06/word-image-297038-8.png) Figure 8: Attack path analysis ## What Does AI Say About the Defense-in-Depth Approach? Curious to see what AI had to say on the topic of defense in depth, I prompted my tool of choice with several questions. AI responded with good advice and offered some well known best practices. Here are three key points I received from the prompt, "Explain why a holistic defense-in-depth approach is so critical to protect your identities and access in the cloud." **AI Response**: * The cloud is a complex environment with a wide range of potential attack vectors. This makes it difficult to protect against all possible threats with a single security control. * Attackers are constantly evolving their techniques and tactics. This means that security controls that are effective today may not be effective tomorrow. * Human error is a factor in many [data breaches](https://www.paloaltonetworks.com/cyberpedia/data-breach?ts=markdown). This is why it is important to have multiple layers of security in place to reduce the risk of a breach caused by human error. In short, AI agreed that a defense-in-depth approach helps organizations mitigate risks by layering multiple security controls across the cloud environment to protect against a range of attacks. Most notable to me about the feedback I received was AI's emphasis on the human element. It went as far as to say that employees (humans) are often the weakest link in the security chain. Palo Alto Networks research, among other leading research efforts, continue to highlight the risks and difficulties of managing cloud identities and access. There is no getting around the difficulty. It's really difficult. But, by taking time to understand the risks and how threat actors infiltrate cloud environments, you can build and implement an effective risk-based strategy. ## Learn More Prisma Cloud's holistic approach and ongoing innovations in cloud security give you the defense in depth you need to stay ahead of threat actors and keep your cloud assets and data safe. If you haven't checked us out in a while, I encourage you to experience Prisma Cloud firsthand with a free [30-day test drive](https://www.paloaltonetworks.com/prisma/request-a-prisma-cloud-trial?ts=markdown). *** ** * ** *** ## Related Blogs ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem/?ts=markdown) [#### Enhanced Least-Privilege Recommendations from Prisma Cloud and AWS](https://www.paloaltonetworks.com/blog/cloud-security/ciem-integration-aws-iam-access-analyzer/) ### [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem/?ts=markdown), [Cloud Network Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-network-security/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/category/zero-trust-security/?ts=markdown) [#### Zero Trust Security Model in Cloud Environments](https://www.paloaltonetworks.com/blog/cloud-security/zero-trust-cloud-network-security/) ### [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem/?ts=markdown), [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/category/cloud-infrastructure-entitlement-management/?ts=markdown) [#### Customizing IAM Policies: The Key to Meeting Your Organization's Unique Needs](https://www.paloaltonetworks.com/blog/cloud-security/customizing-iam-access-control-policies/) ### [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown), [IAM](https://www.paloaltonetworks.com/blog/cloud-security/category/iam/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown) [#### Why Are Net-Effective Permissions Critical for Cloud IAM?](https://www.paloaltonetworks.com/blog/cloud-security/net-effective-permissions-iam/) ### [AI Security](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security/?ts=markdown), [AI-SPM](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-spm/?ts=markdown), [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [DSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/dspm/?ts=markdown), [Identity Security](https://www.paloaltonetworks.com/blog/cloud-security/category/identity-security/?ts=markdown) [#### Is AI a New Challenge for Cloud Security? Yes and No.](https://www.paloaltonetworks.com/blog/cloud-security/ai-security-gap-cloud-models-agents/) ### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown) [#### Beyond the Cloud Dashboard: Exposure Management Requires Full-Scope Visibility and Real Action](https://www.paloaltonetworks.com/blog/security-operations/beyond-the-cloud-dashboard-exposure-management-requires-full-scope-visibility-and-real-action/) ### Subscribe to Cloud Security Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language