* [Blog](https://www.paloaltonetworks.com/blog)
* [Network Security](https://www.paloaltonetworks.com/blog/network-security/)
* [Cloud Network Security](https://www.paloaltonetworks.com/blog/category/cloud-network-security/)
* Year of the Defender: Fli...

# Year of the Defender: Flipping the Script on 25-Minute Attacks

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fyear-of-the-defender-flipping-the-script-on-25-minute-attacks%2F)  
[](https://twitter.com/share?text=Year+of+the+Defender%3A+Flipping+the+Script+on+25-Minute+Attacks&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fyear-of-the-defender-flipping-the-script-on-25-minute-attacks%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fyear-of-the-defender-flipping-the-script-on-25-minute-attacks%2F&title=Year+of+the+Defender%3A+Flipping+the+Script+on+25-Minute+Attacks&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/network-security/year-of-the-defender-flipping-the-script-on-25-minute-attacks/&ts=markdown)  
\[\](mailto:?subject=Year of the Defender: Flipping the Script on 25-Minute Attacks)  
Link copied  
By [Rajeev Jain](https://www.paloaltonetworks.com/blog/author/rajeev-jain/?ts=markdown "Posts by Rajeev Jain")  
Mar 16, 2026  
5 minutes  
[Cloud Network Security](https://www.paloaltonetworks.com/blog/category/cloud-network-security/?ts=markdown)  
[Cloud NGFW](https://www.paloaltonetworks.com/blog/network-security/category/cloud-ngfw/?ts=markdown)  
[CLARA](https://www.paloaltonetworks.com/blog/tag/clara/?ts=markdown)

In 2026, the digital world has changed: we have moved from just using AI to living in an AI-run economy where automated software agents now far outnumber human employees. In this fast-moving world, it's a business risk to try to block threats as they happen.

Recently, a global financial firm neutralized a sophisticated multimodal deepfake attack where an autonomous AI agent impersonated the CEO's voice and video to authorize a fraudulent high-value transfer. This success highlights the power of defenders and agility. In this situation, the defender was a proactive security team using AI to gain the upper hand, combined with the agility to automate defenses to outpace modern threats. While traditional controls remained blind to the ruse, the organization's security fabric identified a subtle anomaly originating from an unrecognized plugin within a cloud VPC.

The speed of this response was critical and enabled by automated migration tools that hardened their cloud environment and triggered an instantaneous circuit breaker in real time. This automated action isolated the malicious traffic and blocked the transaction before it could be signed, effectively flipping the script on the attacker. By prioritizing these capabilities, the firm demonstrated how rapid, automated execution can neutralize threats that move too fast for human intervention.

# Year of the Defender: Stopping the 25-Minute Attack

For a long time, cybersecurity felt like a losing game of catch-up. But 2026 is different. We are calling this the **"** [Year of the Defender](https://www.paloaltonetworks.com/perspectives/2026-the-year-of-the-defender/?ts=markdown)," the point where smart, AI-driven tools finally give the good guys the upper hand. Hackers use AI to speed up their work and sometimes steal data in a matter of hours, but defenders now fight back just as fast.

## The Speed Trap: 4x Faster Attacks

Last year, we measured attacks in hours, and now we measure them in minutes. Hackers are using AI to move four times faster than they did just a year ago. They can scan your systems for weaknesses within 15 minutes of a new bug being discovered, often starting their theft before a human team even knows there's a problem.

The time-to-exfiltration, which measures the duration between initial compromise and confirmed data theft, [shows a sharp acceleration at the fastest end of the spectrum](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report#:~:text=Unit%2042%20research%20found%20that,finished%20reading%20the%20vulnerability%20advisory?ts=markdown). The quickest quartile of intrusions reached exfiltration in just over an hour (72 minutes) in calendar year 2025, down from nearly 5 hours (285 minutes) in 2024. For any leader, holding executives personally responsible for how their company manages AI risks, staying ahead of these threats is now a requirement for staying in business.

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2026/03/Year_Defender_Blog_Chart.png)

*The quickest quartile of intrusions reached exfiltration in just over an hour (72 minutes) in calendar year 2025, down from nearly 5 hours (285 minutes) in 2024.*

# Staying Ahead of the Game of Catch-Up

To stop a 25-minute attack, we have to move past a scattered collection of tools and embrace a [Hybrid Mesh Firewall](https://www.paloaltonetworks.com/cyberpedia/what-is-a-hybrid-mesh-firewall?ts=markdown) that provides a single, intelligent architecture that protects your entire enterprise as one unified shield for systems on-premises, in the cloud, and in a hybrid infrastructure.

This transformation is driven by three strategic shifts currently unfolding in the cloud, enabled by Cloud Next-Generation Firewall (Cloud NGFW) and available as a fully managed, cloud-native firewall as a service in [Azure](https://tv.paloaltonetworks.com/video/5c517d33-ad2a-5255-a3d3-5d3199737792/cloud-ngfw-for-azure-in-action)and [AWS](https://tv.paloaltonetworks.com/video/b8ac0748-e247-5d9a-bf00-051f890d50d0/cloud-ngfw-for-aws-simplify-cloud-security-with-a-fully-managed-firewall-service).

1. Accelerating Cloud Migration with Confidence

-----------------------------------------------

The biggest obstacle to modernizing security in the cloud has always been the migration tax. Historically, moving from basic cloud-native security to enterprise-grade protection meant weeks of intensive work to manually rewrite policy.

Modern automated discovery tools allow you to instantly modernize legacy cloud security by converting outdated, port-based rules into sophisticated, application-aware policies in minutes. This shift moves your team away from managing granular network plumbing and toward enforcing intent, including the ability to define high-level business requirements, such as "allow only finance apps to access this database."

These modern tools also enable the system to automatically apply those rules across a multicloud environment. By using a single management console to govern these policies, you ensure consistent security regardless of where your workloads reside.

2. Embedding Intelligence Everywhere

------------------------------------

Once your cloud is set up, your security must move beyond basic traffic blocking to a firewall-as-a-service (FWaaS) model that thinks and acts in real-time. By building this intelligence directly into your managed cloud infrastructure, you can stop sophisticated attacks that standard tools simply cannot see. This proactive defense is powered by three core capabilities:

1. **Stopping New Threats Instantly:** The system uses embedded AI to analyze data as it moves through your network, instantly identifying and blocking brand-new, AI-generated threats before they can touch your workloads.

2. **Checking the Safe List:** Much like an intelligent phonebook, the system verifies every destination your traffic tries to reach. If it detects a fake or malicious address, it blocks the connection instantly to stop a breach from "calling home."

3. **Woven-In Data Safety:** Protecting your company secrets is no longer a separate, error-prone chore. Data safety is now woven directly into the security fabric to automatically prevent sensitive information from being stolen or accidentally leaked.

4. Growing with Your Business

-----------------------------

As your business uses more cloud apps and AI, your security must scale automatically with you. This ensures you always have deep visibility and protection for your busiest workloads, so that even if one part of your system is targeted, the rest of your business stays safe and running.

# Build a Resilient Future Through Cyber Agility

In 2026, operational agility is your most effective defense. As AI-driven threats compress attack timelines to mere minutes, your security must move at the speed of the business it protects. By transitioning from fragmented tools to a unified, intent-based architecture, you replace reactive firefighting with proactive, automated governance. This shift ensures that your enterprise remains resilient, allowing your team to focus on innovation rather than infrastructure.

To begin baselining your current posture, identifying hidden vulnerabilities and provide actionable intelligence, get a free personalized [Cloud Network and AI Risk Assessment (CLARA)](https://www.paloaltonetworks.com/network-security/cloud-and-ai-risk-assessment?ts=markdown).

*** ** * ** ***

## Related Blogs

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Cloud Network Security](https://www.paloaltonetworks.com/blog/category/cloud-network-security/?ts=markdown), [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown)

[#### Why Container Security Is Now a Business Imperative](https://www.paloaltonetworks.com/blog/network-security/why-container-security-is-now-a-business-imperative/)

### [Cloud NGFW](https://www.paloaltonetworks.com/blog/network-security/category/cloud-ngfw/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)

[#### From Control to Command: The Future of Multicloud Security](https://www.paloaltonetworks.com/blog/network-security/from-control-to-command-the-future-of-multicloud-security/)

### [Cloud NGFW](https://www.paloaltonetworks.com/blog/network-security/category/cloud-ngfw/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown)

[#### The New Security Operating Model for Cloud and AI Workloads](https://www.paloaltonetworks.com/blog/network-security/the-new-security-operating-model-for-cloud-and-ai-workloads/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Network Security](https://www.paloaltonetworks.com/blog/category/cloud-network-security/?ts=markdown), [Cloud NGFW](https://www.paloaltonetworks.com/blog/network-security/category/cloud-ngfw/?ts=markdown), [Guest Post](https://www.paloaltonetworks.com/blog/category/guest-post/?ts=markdown), [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Untangling Hybrid Cloud Security](https://www.paloaltonetworks.com/blog/2025/12/untangling-hybrid-cloud-security/)

### [Cloud NGFW](https://www.paloaltonetworks.com/blog/network-security/category/cloud-ngfw/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)

[#### Cloud Security's Breaking Point: Is Your Operating Model Failing?](https://www.paloaltonetworks.com/blog/network-security/cloud-security-breaking-point-is-your-operating-model-failing/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Cloud NGFW](https://www.paloaltonetworks.com/blog/network-security/category/cloud-ngfw/?ts=markdown)

[#### How Secure Are Your AI and Cloud Environments? Just Ask CLARA](https://www.paloaltonetworks.com/blog/network-security/how-secure-are-your-ai-and-cloud-environments-just-ask-clara/)

### Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language