* [Blog](https://www.paloaltonetworks.com/blog)
* [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/)
* [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/)
* Update: Prisma Cloud Addr...

# Update: Prisma Cloud Addresses Log4Shell: CVE-2021-44228, CVE-2021-45046 Mitigations

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Flog-4-shell-vulnerability%2F)  
[](https://twitter.com/share?text=Update%3A+Prisma+Cloud+Addresses+Log4Shell%3A+CVE-2021-44228%2C+CVE-2021-45046+Mitigations&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Flog-4-shell-vulnerability%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Flog-4-shell-vulnerability%2F&title=Update%3A+Prisma+Cloud+Addresses+Log4Shell%3A+CVE-2021-44228%2C+CVE-2021-45046+Mitigations&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/log-4-shell-vulnerability/&ts=markdown)  
\[\](mailto:?subject=Update: Prisma Cloud Addresses Log4Shell: CVE-2021-44228, CVE-2021-45046 Mitigations)  
Link copied  
By [Ariel Zelivansky](https://www.paloaltonetworks.com/blog/author/ariel-zelivansky/?ts=markdown "Posts by Ariel Zelivansky"), [Elad Shuster](https://www.paloaltonetworks.com/blog/author/elad-shuster/?ts=markdown "Posts by Elad Shuster"), [Eran Yanay](https://www.paloaltonetworks.com/blog/author/eran-yanay/?ts=markdown "Posts by Eran Yanay"), [Artur Avetisyan](https://www.paloaltonetworks.com/blog/author/artur-avetisyan/?ts=markdown "Posts by Artur Avetisyan"), [Alexandre Cezar](https://www.paloaltonetworks.com/blog/author/alexandre-cezar/?ts=markdown "Posts by Alexandre Cezar") and [Sharon Ben Zeev](https://www.paloaltonetworks.com/blog/author/sharon-ben-zeev/?ts=markdown "Posts by Sharon Ben Zeev")  
Dec 12, 2021  
11 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)  
[Apache Log4J](https://www.paloaltonetworks.com/blog/tag/apache-log4j/?ts=markdown)  
[critical vulnerabilities](https://www.paloaltonetworks.com/blog/tag/critical-vulnerabilities/?ts=markdown)  
[Unit 42](https://www.paloaltonetworks.com/blog/tag/unit-42/?ts=markdown)  
[WAAS](https://www.paloaltonetworks.com/blog/tag/waas/?ts=markdown)

This post is also available in: [日本語 (Japanese)](https://www.paloaltonetworks.com/blog/cloud-security/log-4-shell-vulnerability/?lang=ja "Switch to Japanese(日本語)")

On December 9, 2021, a remote code execution vulnerability in the popular Java package [Apache Log4j 2](https://logging.apache.org/log4j/2.x/index.html) was publicly disclosed. Since the abrupt release of the vulnerability, numerous exploits had been publicly shared and attackers made use of the opportunity to attack instances in the wild. The vulnerability had been dubbed "Log4Shell."

Log4j is a logging framework designed to be used by any Java application. Due to its nature, it has been used in various Java programs from web servers to video games, all affected by this issue. We analysed this vulnerability and determined that it is of the highest severity possible, with a score of 10 in CVSS 3.1. The vulnerability was abruptly released, and the ease of exploitation and such a severe impact of remote code execution makes it an "ideal" vulnerability for mass exploitation by attackers. Due to the widespread use of log4j, the severity of the vulnerability and its ease of exploitation, the vulnerability had been compared to [Shellshock](https://unit42.paloaltonetworks.com/addressing-bash-vulnerability-shellshock-palo-alto-networks-mitigation-cve-2014-6271/) which made a serious impact on internet security a few years ago.

We strongly recommend that users of this package upgrade it to the latest, fixed version, 2.16.0. To read more about the full details of vulnerability, its exploitation and risks please refer to our [Unit 42 analysis](https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/).

The good news is that Prisma Cloud users can easily detect software components affected by this vulnerability. The Prisma Cloud [Intelligence Stream](https://docs.paloaltonetworks.com/prisma/prisma-cloud/21-08/prisma-cloud-compute-edition-admin/technology_overviews/intel_stream.html) (IS) automatically updates to include the vulnerability information from official vendor feeds. Prisma Cloud reflects any update or analysis by Linux distribution and application maintainers. This allows Prisma Cloud to accurately detect any affected images and hosts based on the most up-to-date information.

In addition, the Prisma Cloud research team also analyzed this vulnerability internally and published a [**Pre-Filled CVE**](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_management/prisma_cloud_vulnerability_feed.html) for this issue. CVE-2021-44228 has blown up quickly, and some vendors are still analyzing it to determine affected versions and packages. The Intelligence Stream will continue to update as vendors release vulnerability information, but thanks to our analysis the vulnerability will be detected in all affected packages immediately.

Users can search for the CVE in Vulnerability Explorer where Defender agents are deployed.
![Figure 1. CVE-2021-44228 search results in Vulnerability Explorer](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/Upated-Figure-1-Apache-Log4j.png)
Figure 1. CVE-2021-44228 search results in Vulnerability Explorer

The below screenshot is an example of container image details where CVE 2021-44228 is shown as Critical.
![Figure 2. CVE-2021-44228 detected in Prisma Cloud](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/Updated-Figure-2-Apache-Log4j.png)
Figure 2. CVE-2021-44228 detected in Prisma Cloud

**Update 1:** On December 13, our research team determined that Log4j 1.x releases may be affected by a [similar vulnerability](https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx). This vulnerability has been assigned CVE-2021-4104. Log4j 1.x is at [end of life](https://logging.apache.org/log4j/1.2/) status since August 2015, and will not be fixed. The Intelligence Stream has been updated with this CVE and **vulnerable 1.x instances are detected in Prisma Cloud** .

**Update 2:** On December 14, it was discovered that the fix released in Log4j 2.15.0 was insufficient. CVE-2021-45046 was assigned for the [new vulnerability discovered](https://lists.apache.org/thread/83y7dx5xvn3h5290q1twn16tltolv88f). Per our preliminary analysis, the impact of this vulnerability is Denial of Service (DoS) but not full remote code execution. The Intelligence Stream has been updated with a Pre-Filled CVE entry for CVE-2021-45046, and Prisma Cloud customers can detect this vulnerability. Previous mitigations suggested by configuring Log4J are not helpful in remediating this new vulnerability.

The risk can only be fully remediated by upgrading to Log4J 2.16.0.

**Update 3:** On December 15, a refined WAAS rule with improved coverage of obfuscated exploits had been released. WAAS users are encouraged to use the updated rule (also provided below).

**Update 4:** On December 18, a [new vulnerability was discovered](https://lists.apache.org/thread/6gxlmk0zo9qktz1dksmnq6j0fttfqgno) in Log4j through 2.16.0, assigned with CVE-2021-45105. Also it is not a variant of the original CVE-2021-44228, it has a similar attack vector, abusing attacker-controlled lookups in logged data. The impact of this vulnerability is Denial of Service (DoS). The Intelligence Stream has been updated with a Pre-Filled CVE entry for CVE-2021-45105, and Prisma Cloud customers can detect this vulnerability.

The risk can only be fully remediated by upgrading to Log4J 2.17.0, 2.12.3 (for Java 7) or 2.3.1 (for Java 6).

Another mitigation strategy suggested in the [Log4j security notes](https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105) is to change the configuration as follows:

* In PatternLayout in the logging configuration, replace Context Lookups like ${ctx:loginId} or $${ctx:loginId} with Thread Context Map patterns (%X, %mdc, or %MDC).
* Otherwise, in the configuration, remove references to Context Lookups like ${ctx:loginId} or $${ctx:loginId} where they originate from sources external to the application such as HTTP headers or user input.

**Update 5:** On December 17, CVE-2021-45046 CVSS base score changed from 3.7 (low) to 9.10 (high). Additional exploits were found against the Log4j 2.15.0 release that could lead to information leaks, RCE (remote code execution), and LCE (local code execution) attacks.

In addition to 2.16.0, also 2.12.2 (for Java 7) and 2.3.1 (for Java 6) remediates this issue.

**Update 6:** On December 28, a new vulnerability for log4j was discovered, and has been assigned with CVE-2021-44832. The impact of this vulnerability is Arbitrary Code Execution, however its severity is lower than Log4Shell, as a modification of the configuration is required.

The Intelligence Stream has been updated with a Pre-Filled CVE entry for CVE-2021-44832, and Prisma Cloud customers can detect this vulnerability. Upgrading to versions 2.17.1 (for Java 8 and later), 2.12.4 (for Java 7), or 2.3.2 (for Java 6) will mitigate this vulnerability.

## **Query Your Environment for Hosts With This Risk**

Prisma Cloud's RQL (Resource Query Language) provides a quick and easy way to query for resources impacted. In this case users can utilize the Prisma platform's capabilities to isolate assets with vulnerabilities and also prioritize it further by looking for internet exposed assets receiving traffic.

Know the hosts in your cloud that has the specific vulnerability CVE-2021-44228:

config from cloud.resource where finding.type = 'Host Vulnerability' AND protection.finding.name = 'CVE-2021-44228'
![Figure 3. CVE-2021-44228 vulnerability information for hosts with RQL query](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/Figure-3-Apache-Log4j.png)
Figure 3. CVE-2021-44228 vulnerability information for hosts with RQL query

Know the Internet exposed hosts that are receiving traffic in your cloud and have the specific vulnerability CVE-2021-44228:

network from vpc.flow\_record where bytes \> 0 AND source.resource IN ( resource where finding.type IN ( 'Host Vulnerability' ) AND finding.source IN ( 'Prisma Cloud' ) AND finding.name IN ('CVE-2021-44228') ) AND destination.publicnetwork IN ('Internet IPs', 'Suspicious IPs')
![Figure 4. Internet-exposed hosts with CVE-2021-44228 receiving traffic](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/Figure-4-Apache-Log4j.png)
Figure 4. Internet-exposed hosts with CVE-2021-44228 receiving traffic

## **Runtime Protection for Containers**

Protecting running containerized applications is a core requirement for defense-in-depth against Log4Shell. Prisma Cloud automatically builds runtime models of your images and uses this information to let you create runtime policies that prevent anomalous processes from being deployed and run.

The runtime policy for a vulnerable image is shown below with the Processes and File System tabs highlighted.  
![Figure 5. Prevent Processes enabled from the Defend \> Runtime \> Container policy UI Figure 6. File system monitoring enabled from the Defend \> Runtime \> Container policy UI](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/Figure-5-Apache.png)  
Figure 5. Prevent Processes enabled from the Defend \> Runtime \> Container policy UI

![Figure 6. File system monitoring enabled from the Defend \> Runtime \> Container policy UI](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/Figure-6-Apache.png)
Figure 6. File system monitoring enabled from the Defend \> Runtime \> Container policy UI

With this policy in place, we can see that the download of an external object is blocked due to a violation of the runtime policy.

![Figure 7. Runtime audit details showing attack prevention](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/Figure-7-Apache.png)
Figure 7. Runtime audit details showing attack prevention

## Web Application and API Security Protections

Not only does Prisma Cloud detect components affected by the vulnerability, but it can also detect and actively block exploitation attempts. Our researchers crafted a special rule that can catch exploitation attempts of this vulnerability. We tested this rule against known exploits and exploits used in the wild, and it was able to prevent these exploitation attempts.

Two virtual patches are available for Prisma Cloud [Web Application and API Security](https://www.paloaltonetworks.com/prisma/cloud/web-application-API-security?ts=markdown) (WAAS) Enterprise users and Compute users running the latest console version (21.08.525, Update 2). We recommend users enable these virtual patch on [Prevent](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/waas/waas_custom_rules.html) in their existing applications by opening them, navigating to custom rules, and selecting the virtual patches (Log4Shell - CVE-2021-45046, Log4Shell - CVE-2021-44228).

Users running older releases can create a custom rule for this rule by navigating to **Defend \> Custom rules \> WAAS \> Add rule.**

Use the following syntax in the rule content:

req.path contains /(?i)(?:$|%24)\\s\*?(?:{|%7b)\\s\*?(jndi\\s\*?(?::|%3a)|(?:$|%24)\\s\*?(?:{|%7b)\[\\s\\S\]*?(?:}|%7d)|\[jndi\]*?(?:$|%24)(?:{|%7d)(?:(?:lower:|upper:)|(?:.*?:)*?(?:-\[jndi\]?|(?:}|%7d))))/

or

req.header\_names contains /(?i)(?:$|%24)\\s\*?(?:{|%7b)\\s\*?(jndi\\s\*?(?::|%3a)|(?:$|%24)\\s\*?(?:{|%7b)\[\\s\\S\]*?(?:}|%7d)|\[jndi\]*?(?:$|%24)(?:{|%7d)(?:(?:lower:|upper:)|(?:.*?:)*?(?:-\[jndi\]?|(?:}|%7d))))/

or

req.header\_values contains /(?i)(?:$|%24)\\s\*?(?:{|%7b)\\s\*?(jndi\\s\*?(?::|%3a)|(?:$|%24)\\s\*?(?:{|%7b)\[\\s\\S\]*?(?:}|%7d)|\[jndi\]*?(?:$|%24)(?:{|%7d)(?:(?:lower:|upper:)|(?:.*?:)*?(?:-\[jndi\]?|(?:}|%7d))))/

or

req.query\_param\_names contains /(?i)(?:$|%24)\\s\*?(?:{|%7b)\\s\*?(jndi\\s\*?(?::|%3a)|(?:$|%24)\\s\*?(?:{|%7b)\[\\s\\S\]*?(?:}|%7d)|\[jndi\]*?(?:$|%24)(?:{|%7d)(?:(?:lower:|upper:)|(?:.*?:)*?(?:-\[jndi\]?|(?:}|%7d))))/

or

req.query\_param\_values contains /(?i)(?:$|%24)\\s\*?(?:{|%7b)\\s\*?(jndi\\s\*?(?::|%3a)|(?:$|%24)\\s\*?(?:{|%7b)\[\\s\\S\]*?(?:}|%7d)|\[jndi\]*?(?:$|%24)(?:{|%7d)(?:(?:lower:|upper:)|(?:.*?:)*?(?:-\[jndi\]?|(?:}|%7d))))/

or

req.body\_param\_values contains /(?i)(?:$|%24)\\s\*?(?:{|%7b)\\s\*?(jndi\\s\*?(?::|%3a)|(?:$|%24)\\s\*?(?:{|%7b)\[\\s\\S\]*?(?:}|%7d)|\[jndi\]*?(?:$|%24)(?:{|%7d)(?:(?:lower:|upper:)|(?:.*?:)*?(?:-\[jndi\]?|(?:}|%7d))))/

or

req.body contains /(?i)(?:$|%24)\\s\*?(?:{|%7b)\\s\*?(jndi\\s\*?(?::|%3a)|(?:$|%24)\\s\*?(?:{|%7b)\[\\s\\S\]*?(?:}|%7d)|\[jndi\]*?(?:$|%24)(?:{|%7d)(?:(?:lower:|upper:)|(?:.*?:)*?(?:-\[jndi\]?|(?:}|%7d))))/

or

req.cookie\_names contains /(?i)(?:$|%24)\\s\*?(?:{|%7b)\\s\*?(jndi\\s\*?(?::|%3a)|(?:$|%24)\\s\*?(?:{|%7b)\[\\s\\S\]*?(?:}|%7d)|\[jndi\]*?(?:$|%24)(?:{|%7d)(?:(?:lower:|upper:)|(?:.*?:)*?(?:-\[jndi\]?|(?:}|%7d))))/

or

req.cookie\_values contains /(?i)(?:$|%24)\\s\*?(?:{|%7b)\\s\*?(jndi\\s\*?(?::|%3a)|(?:$|%24)\\s\*?(?:{|%7b)\[\\s\\S\]*?(?:}|%7d)|\[jndi\]*?(?:$|%24)(?:{|%7d)(?:(?:lower:|upper:)|(?:.*?:)*?(?:-\[jndi\]?|(?:}|%7d))))/

or

req.http\_method contains /(?i)(?:$|%24)\\s\*?(?:{|%7b)\\s\*?(jndi\\s\*?(?::|%3a)|(?:$|%24)\\s\*?(?:{|%7b)\[\\s\\S\]*?(?:}|%7d)|\[jndi\]*?(?:$|%24)(?:{|%7d)(?:(?:lower:|upper:)|(?:.*?:)*?(?:-\[jndi\]?|(?:}|%7d))))/

or

req.http\_scheme contains /(?i)(?:$|%24)\\s\*?(?:{|%7b)\\s\*?(jndi\\s\*?(?::|%3a)|(?:$|%24)\\s\*?(?:{|%7b)\[\\s\\S\]*?(?:}|%7d)|\[jndi\]*?(?:$|%24)(?:{|%7d)(?:(?:lower:|upper:)|(?:.*?:)*?(?:-\[jndi\]?|(?:}|%7d))))/

or

req.http\_version contains /(?i)(?:$|%24)\\s\*?(?:{|%7b)\\s\*?(jndi\\s\*?(?::|%3a)|(?:$|%24)\\s\*?(?:{|%7b)\[\\s\\S\]*?(?:}|%7d)|\[jndi\]*?(?:$|%24)(?:{|%7d)(?:(?:lower:|upper:)|(?:.*?:)*?(?:-\[jndi\]?|(?:}|%7d))))/

![Figure 8. Custom WAAS Rule for CVE-2021-44228 and CVE-2021-45046](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/Updated-Figure-8-Log4Shell.png)
Figure 8. Custom WAAS Rule for CVE-2021-44228 and CVE-2021-45046

The first and only true remedy to this vulnerability is updating all vulnerable instances. However, attackers will continue to deliver exploit payloads even long after the issue is fixed, and WAAS can help detect and monitor these attackers and drop their connections.

## **Identity-Based Microsegmentation to Restrict Network Access**

Preventing network access to unknown or untrusted resources, such as a malicious LDAP server, is critical for protecting against Log4Shell. Microsegmentation can enforce least-privileged network access on workloads to deny outbound requests to unauthorized destinations.

With Prisma Cloud Enterprise Edition, users enforce Identity-Based Microsegmentation policy where Enforcer agents are deployed.

In the screenshots below, you can see a microsegmentation policy in place that allows traffic from the Internet to the frontend pod, but it only allows this same pod to initiate connections with the backend resources over the port tcp/80. Other traffic is implicitly denied.
![Figure 9. Identity-Based Microsegmentation policy](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/Figure-9-Apache.png)
Figure 9. Identity-Based Microsegmentation policy

By policy, the attacker is able to reach the vulnerable container from the internet; however, the attack is prevented because the pod is not authorized to communicate with the malicious LDAP server.
![Figure 10. Map view of malicious connection request](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/Figure-10-Apache.png)
Figure 10. Map view of malicious connection request

And we can view the same flow data in more detail to understand what happened and why.
![Figure 11. Network flow details of rejected network communications](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/Figure-11-Apache.png)
Figure 11. Network flow details of rejected network communications

## Summary

Log4Shell is one of the most severe vulnerabilities published in recent years. Log4j 2 is commonly used in Java applications and exploitation of the issue is straightforward. Therefore, we estimate its impact will continue to be seen long after its discovery, as vulnerable instances will continue to be open to the wild. Security teams need to take action to discover all vulnerable instances and patch this vulnerability as soon as possible.

Prisma Cloud can help in detecting all vulnerable instances in your deployments. Prisma Cloud may also be configured to fully prevent running any images or hosts vulnerable to this issue.

A complete proof-of-concept of Prisma Cloud protections for Log4J exploits, including runtime and WAAS protections, can be found below:

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Web Application \& API Security](https://www.paloaltonetworks.com/blog/cloud-security/category/web-application-api-security/?ts=markdown)

[#### Prisma Cloud Delivers Advanced Web Application Security Insights to Secure Hosts, Containers, and Serverless Applications](https://www.paloaltonetworks.com/blog/cloud-security/cloud-workload-protection/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### The Palo Alto Networks Full-Court Defense for Apache Log4j](https://www.paloaltonetworks.com/blog/2021/12/defense-for-apache-log4j/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Unit 42 Discovers First Known Malware Targeting Windows Containers](https://www.paloaltonetworks.com/blog/2021/06/siloscape-malware-windows-containers/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)

[#### Prisma Cloud Offers Certified Red Hat Vulnerability Scanning for Red Hat OpenShift](https://www.paloaltonetworks.com/blog/cloud-security/certified-red-hat-vulnerability-scan-2/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)

[#### Proud Diamond Sponsor at Black Hat USA](https://www.paloaltonetworks.com/blog/2024/07/proud-diamond-sponsor-at-black-hat-usa/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Advancing Innovation and Harnessing AI to Secure the Homeland](https://www.paloaltonetworks.com/blog/2024/06/advancing-innovation-and-harnessing-ai/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language