[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/ai-security?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Next-Gen Trust Security](https://www.paloaltonetworks.com/network-security/next-gen-trust-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-security-solution?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection and Response (CDR)](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection and Response (CDR)](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.paloaltonetworks.com/deploybravely?ts=markdown) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Security Operations](https://www.paloaltonetworks.com/cyberpedia/security-operations?ts=markdown) 3. [Threat Detection \& Prevention](https://www.paloaltonetworks.com/cyberpedia/what-is-user-entity-behavior-analytics-ueba?ts=markdown) 4. [CrowdStrike Competitors](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives?ts=markdown) Table of contents * [What is UEBA (User and Entity Behavior Analytics)?](https://www.paloaltonetworks.com/cyberpedia/what-is-user-entity-behavior-analytics-ueba?ts=markdown) * [How UEBA works](https://www.paloaltonetworks.com/cyberpedia/what-is-user-entity-behavior-analytics-ueba#how?ts=markdown) * [Benefits of Implementing UEBA](https://www.paloaltonetworks.com/cyberpedia/what-is-user-entity-behavior-analytics-ueba#benefits?ts=markdown) * [Examples of UEBA](https://www.paloaltonetworks.com/cyberpedia/what-is-user-entity-behavior-analytics-ueba#examples?ts=markdown) * [Common Use Cases for UEBA](https://www.paloaltonetworks.com/cyberpedia/what-is-user-entity-behavior-analytics-ueba#common?ts=markdown) * [Challenges and Considerations in UEBA Deployment](https://www.paloaltonetworks.com/cyberpedia/what-is-user-entity-behavior-analytics-ueba#challenges?ts=markdown) * [Diverse Threats Addressed by UEBA](https://www.paloaltonetworks.com/cyberpedia/what-is-user-entity-behavior-analytics-ueba#diverse?ts=markdown) * [Integrating UEBA and XDR](https://www.paloaltonetworks.com/cyberpedia/what-is-user-entity-behavior-analytics-ueba#integrate?ts=markdown) * [UEBA vs NTA](https://www.paloaltonetworks.com/cyberpedia/what-is-user-entity-behavior-analytics-ueba#nta?ts=markdown) * [UEBA vs SIEM](https://www.paloaltonetworks.com/cyberpedia/what-is-user-entity-behavior-analytics-ueba#siem?ts=markdown) * [UEBA vs IAM](https://www.paloaltonetworks.com/cyberpedia/what-is-user-entity-behavior-analytics-ueba#iam?ts=markdown) * [Future Trends and Developments in UEBA](https://www.paloaltonetworks.com/cyberpedia/what-is-user-entity-behavior-analytics-ueba#future?ts=markdown) * [Choosing the Right UEBA Solution](https://www.paloaltonetworks.com/cyberpedia/what-is-user-entity-behavior-analytics-ueba#choose?ts=markdown) * [UEBA FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-user-entity-behavior-analytics-ueba#faqs?ts=markdown) * Best CrowdStrike Competitors \& Alternatives for 2026 * [Reasons to Consider CrowdStrike Alternatives](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives#reasons?ts=markdown) * [6 Best CrowdStrike Competitors in 2026](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives#best?ts=markdown) * [CrowdStrike Agentic SOC Competitors](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives#crowdstrike?ts=markdown) * [CrowdStrike Endpoint Competitors](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives#endpoint?ts=markdown) * [CrowdStrike Exposure Management Competitors](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives#exposure?ts=markdown) * [CrowdStrike Attack Surface Competitors](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives#attack?ts=markdown) * [CrowdStrike Competitors and Alternatives FAQs](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives#faqs?ts=markdown) * [What Is Threat Prevention? \[Definition, Explanation, + How-tos\]](https://www.paloaltonetworks.com/cyberpedia/what-is-threat-prevention?ts=markdown) * [Why is threat prevention important?](https://www.paloaltonetworks.com/cyberpedia/what-is-threat-prevention#why-is-threat-prevention-important?ts=markdown) * [How does threat prevention work?](https://www.paloaltonetworks.com/cyberpedia/what-is-threat-prevention#how-does-threat-prevention-work?ts=markdown) * [What are the differences between threat prevention, detection, and protection?](https://www.paloaltonetworks.com/cyberpedia/what-is-threat-prevention#what-are-the-differences-between-threat-prevention-detection-and-protection?ts=markdown) * [What are the different types of threat prevention?](https://www.paloaltonetworks.com/cyberpedia/what-is-threat-prevention#what-are-the-different-types-of-threat-prevention?ts=markdown) * [Top 5 threat prevention tips, tricks, and best practices](https://www.paloaltonetworks.com/cyberpedia/what-is-threat-prevention#top-5-threat-prevention-tips-tricks-and-best-practices?ts=markdown) * [Why threat prevention is harder than it sounds (yet more achievable than it used to be)](https://www.paloaltonetworks.com/cyberpedia/what-is-threat-prevention#why-threat-prevention-is-harder-that-it-sounds?ts=markdown) * [Threat prevention FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-threat-prevention#threat-prevention-faqs?ts=markdown) * [What Is Penetration Testing?](https://www.paloaltonetworks.com/cyberpedia/what-is-penetration-testing?ts=markdown) * [Why Is Security Penetration Testing Important?](https://www.paloaltonetworks.com/cyberpedia/what-is-penetration-testing#why?ts=markdown) * [Pen Testing's Role in Compliance](https://www.paloaltonetworks.com/cyberpedia/what-is-penetration-testing#pen?ts=markdown) * [Pen Testing Approaches to Assessments](https://www.paloaltonetworks.com/cyberpedia/what-is-penetration-testing#testing?ts=markdown) * [What Is Teaming in Pen Testing?](https://www.paloaltonetworks.com/cyberpedia/what-is-penetration-testing#what?ts=markdown) * [Types of Pen Testing](https://www.paloaltonetworks.com/cyberpedia/what-is-penetration-testing#types?ts=markdown) * [7 Stages of the Penetration Testing Process](https://www.paloaltonetworks.com/cyberpedia/what-is-penetration-testing#stages?ts=markdown) * [Pen Testing Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-penetration-testing#tools?ts=markdown) * [Penetration Testing FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-penetration-testing#faqs?ts=markdown) * [3 Challenges to Identifying Evasive Threats](https://www.paloaltonetworks.com/cyberpedia/3-challenges-to-identifying-evasive-threats?ts=markdown) * [](https://www.paloaltonetworks.com/cyberpedia/3-challenges-to-identifying-evasive-threats#threats?ts=markdown) * [](https://www.paloaltonetworks.com/cyberpedia/3-challenges-to-identifying-evasive-threats#traditional?ts=markdown) * [](https://www.paloaltonetworks.com/cyberpedia/3-challenges-to-identifying-evasive-threats#helps?ts=markdown) * [](https://www.paloaltonetworks.com/cyberpedia/3-challenges-to-identifying-evasive-threats#protect?ts=markdown) * [What is a Port Scan?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-port-scan?ts=markdown) * [How a Port Scan Works](https://www.paloaltonetworks.com/cyberpedia/what-is-a-port-scan#how?ts=markdown) * [Types of Port Scans](https://www.paloaltonetworks.com/cyberpedia/what-is-a-port-scan#types?ts=markdown) * [Port Scanning Results](https://www.paloaltonetworks.com/cyberpedia/what-is-a-port-scan#port?ts=markdown) * [How Bad Actors Use Port Scanning as an Attack Method](https://www.paloaltonetworks.com/cyberpedia/what-is-a-port-scan#method?ts=markdown) * [Port Scan FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-port-scan#faqs?ts=markdown) # Best CrowdStrike Competitors and Alternatives in 2026 6 min. read Table of contents * * [Reasons to Consider CrowdStrike Alternatives](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives#reasons?ts=markdown) * [6 Best CrowdStrike Competitors in 2026](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives#best?ts=markdown) * [CrowdStrike Agentic SOC Competitors](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives#crowdstrike?ts=markdown) * [CrowdStrike Endpoint Competitors](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives#endpoint?ts=markdown) * [CrowdStrike Exposure Management Competitors](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives#exposure?ts=markdown) * [CrowdStrike Attack Surface Competitors](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives#attack?ts=markdown) * [CrowdStrike Competitors and Alternatives FAQs](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives#faqs?ts=markdown) 1. Reasons to Consider CrowdStrike Alternatives * * [Reasons to Consider CrowdStrike Alternatives](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives#reasons?ts=markdown) * [6 Best CrowdStrike Competitors in 2026](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives#best?ts=markdown) * [CrowdStrike Agentic SOC Competitors](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives#crowdstrike?ts=markdown) * [CrowdStrike Endpoint Competitors](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives#endpoint?ts=markdown) * [CrowdStrike Exposure Management Competitors](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives#exposure?ts=markdown) * [CrowdStrike Attack Surface Competitors](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives#attack?ts=markdown) * [CrowdStrike Competitors and Alternatives FAQs](https://www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives#faqs?ts=markdown) Enterprise security platforms have consolidated rapidly, while detection, response, and risk reduction capabilities have expanded across endpoints, clouds, identities, and external infrastructure. This guide analyzes the most relevant CrowdStrike competitors and CrowdStrike alternatives in 2026. Readers will find a technical, expert-level breakdown of CrowdStrike's biggest competitors across agentic SOC, endpoint protection, exposure management, and attack surface management, explaining how each alternative to CrowdStrike performs, integrates, and scales in practice. In 2026, the meaningful differentiator isn't 'more alerts', it's fewer cases requiring human effort. Platforms that unify detection, investigation, and response, and apply agentic AI and automation, can streamline alert triage and accelerate remediation far beyond toolchains built around endpoint-first visibility. * **Best Overall CrowdStrike Alternative for SOC transformation** : Cortex XSIAM Unified SecOps platform that detects in real-time with machine learning, automates triage AI-driven grouping and scoring, and accelerates response workflows with agentic AI. ## Reasons to Consider CrowdStrike Alternatives ### Coverage Gaps CrowdStrike's endpoint-first architecture leaves some organizations underserved in cloud workload protection, identity threat detection, and external attack surface visibility. As environments expand across SaaS, multi-cloud, and distributed infrastructure, teams often patch coverage gaps with point tools that weren't designed to work together. ### Operating Model The shift from alert-based SOCs to case-based, autonomous operations is where many evaluations begin. Organizations that have invested in reducing analyst triage burden are looking for platforms where AI handles investigation end-to-end, not just assists with it. If your SOC measures success by cases closed rather than alerts reviewed, that operating model preference will shape which platform fits. ### Cost Model Consumption-based pricing, per-endpoint licensing, and data ingestion costs can create budget unpredictability as environments scale. Some organizations find that CrowdStrike's bundling structure doesn't align with how they actually use the platform, and they're paying for capabilities they don't need while lacking depth in the areas they do. ### Architecture Fit Endpoint-first platforms make different design trade-offs than platform-first ones. If your security stack already has strong [SIEM](https://www.paloaltonetworks.com/cyberpedia/what-is-siem?ts=markdown) or SOAR investments, open integration matters more than native consolidation. Organizations with mature toolchains often prioritize alternatives that complement what they have rather than replace it wholesale. ### Compliance and Residency Regulated industries and public sector organizations sometimes have requirements for data residency, tenant isolation, audit trails, and retention periods that a single consolidated platform can't easily meet. Alternatives that offer dedicated tenancy, configurable retention, and granular audit logging can be a better fit where compliance is a hard constraint, not just a checkbox. ## 6 Best CrowdStrike Competitors in 2026 The following table summarizes the top CrowdStrike competitors across agentic SOC, endpoint security, exposure management, and attack surface management. Each platform offers distinct architectural approaches and operational strengths for organizations evaluating alternatives to CrowdStrike Falcon. | **Competitor** | **Primary Strength** | **Key Capabilities** | **Integration Posture** | **Watch-Outs** | |-----------------------------------|---------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------|----------------------------------------------------------------------| | **#1 Palo Alto Networks Cortex** | SOC + Endpoint + Exposure + ASM | Unified agentic SOC (XSIAM + AgentiX), endpoint XDR with strong independent evaluation results, exposure management with significant noise reduction, and external attack surface management (Xpanse) | Suite-native; integrates across Cortex products with third-party data ingestion | Full-suite commitment required for maximum value | | **#2 SentinelOne Singularity** | Endpoint | Autonomous endpoint protection with strong independent evaluation results, AI-accelerated threat hunting via Purple AI, low alert volume relative to detection coverage | Vendor-agnostic; open APIs and broad SIEM/SOAR integrations | Exposure management depth is limited compared to dedicated platforms | | **#3 Trend Micro Vision One** | Endpoint + XDR | Unified XDR across email, endpoint, server, network, and cloud; recognized in Gartner EPP evaluations; strong Linux protection track record | Suite-native with third-party connector support | Legacy architecture can slow cloud-native deployments | | **#4 Microsoft Defender (suite)** | Endpoint + ASM | Native Microsoft 365 and Azure integration, external attack surface management, unified security operations across identity, endpoints, and cloud | Suite-native; deep Microsoft stack integration, limited outside it | Value drops significantly in non-Microsoft environments | | **#5 Tenable One** | Exposure | Attack path analysis, CAASM-style asset discovery, unified exposure management across IT, cloud, OT, and identity | Vendor-agnostic; integrates with major scanners and SIEMs | Not a SOC or endpoint platform; requires pairing | | **#6 Trellix Endpoint Security** | Endpoint | Behavioral analysis, Dynamic Application Containment, extended telemetry retention, and AI-powered alert investigation | Suite-native with XDR integration | Smaller independent evaluation footprint than top-tier competitors | ### How We Evaluated This list reflects a structured review of platforms that directly compete with CrowdStrike Falcon across four capability tracks: agentic SOC, endpoint protection, exposure management, and attack surface management. We assessed each platform on architectural approach, integration posture, and operational fit for enterprise security teams. What we didn't do: we did not conduct hands-on product testing, nor did we independently verify vendor-supplied performance claims. Where specific metrics appear in vendor materials without third-party validation, we've described capabilities qualitatively rather than repeating uncited figures. Analyst recognition (Gartner, MITRE evaluations) is noted where publicly available and relevant, but placement in this list is not an endorsement. ## CrowdStrike Agentic SOC Competitors An agentic [SOC](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc?ts=markdown) platform goes beyond AI-assisted triage. It autonomously investigates alerts, builds evidence chains, and executes or recommends responses without human prompting at each step. When evaluating agentic SOC alternatives, the criteria that matter most are autonomy depth (how much the system handles end-to-end vs. hands-off), evidence traceability (can you see exactly how a conclusion was reached), human-in-the-loop controls (where and how analysts stay in the loop), and audit log completeness (does every action leave a reviewable trail). ### 1. Palo Alto Networks Cortex XSIAM with AgentiX **Best for** : Enterprise SOC teams consolidating SIEM, [XDR](https://www.paloaltonetworks.com/cyberpedia/what-is-extended-detection-and-response-XDR-security?ts=markdown), SOAR, and exposure management into a single AI-driven platform. **Standout** : [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) is built from the ground up for autonomous operations rather than layering AI onto legacy infrastructure. [Cortex AgentiX](https://www.paloaltonetworks.com/resources/datasheets/agentix?ts=markdown) brings agentic reasoning and dynamic workflow execution across detection, investigation, and response. SmartGrouping automatically connects related alerts into comprehensive incident chains, while SmartScore applies ML and contextual rules to prioritize genuine threats and reduce analyst noise. **Key controls**: Human-in-the-loop approval workflows; full audit trails across automated and manual actions; configurable autonomy thresholds by alert type or severity. **Integrates with**: Broad third-party data ingestion via the extended data lake (XDL); thousands of prebuilt integrations and playbooks; Unit 42 threat intelligence. **POC questions**: * How does AgentiX handle alert types not covered by its prebuilt playbooks? * What controls govern which response actions execute autonomously vs. require approval? * How are investigation conclusions surfaced and explained to analysts? ### 2. Prophet Security Agentic AI SOC Platform **Best for**: Security teams looking to fully automate alert investigation without building or maintaining playbooks. **Standout**: Prophet Security operates as an autonomous SOC, completing full alert analysis, including artifact extraction and investigation planning, without human prompting. The platform selects the optimal AI model for each task and applies a hallucination-prevention framework, making its reasoning reviewable rather than opaque. **Key controls**: Full audit trails showing evidence gathering, analysis steps, and decision rationale; human-in-the-loop approval for response actions. **Integrates with**: SIEM, EDR, security data lakes, object storage, and collaboration tools. **POC questions**: * How does the hallucination prevention framework work in practice? * What does a full investigation audit trail look like for a complex, multi-stage alert? * How are false positive corrections fed back into the system? ### 3. Dropzone AI SOC Analyst **Best for**: Teams wanting autonomous investigation that adapts to their environment without requiring structured playbooks or custom prompting. **Standout**: Dropzone AI uses recursive collect-comprehend-conclude cycles to investigate alerts by forming hypotheses and drawing evidence-based conclusions. The platform learns organizational policies and analyst preferences through continuous feedback loops rather than rigid workflow definitions. **Key controls**: Single-tenant architecture prevents data co-mingling; human-in-the-loop approval workflows for response action execution. **Integrates with**: SIEM, EDR, firewalls, cloud security, and identity systems. **POC questions**: * How quickly does the platform adapt to organization-specific policies and context? * How are investigation hypotheses formed and what evidence is used to accept or reject them? * What happens when the system encounters an alert type it hasn't seen before? ### 4. Exaforce Agentic SOC Platform **Best for**: SOC teams that want task-specific AI agents across the full security operations lifecycle, from detection engineering through threat hunting. **Standout**: Exaforce uses layered semantic, behavioral, statistical, and knowledge models before applying LLM reasoning --- an approach designed to reduce hallucinations before they reach analyst-facing outputs. Specialized Exabots cover detection, triage, investigation, risk management, and threat hunting as distinct functions. **Key controls**: Layered pre-LLM reasoning framework for hallucination prevention; natural language querying across security data lakes; BI-style interface for analyst oversight. **Integrates with**: Cloud logs, identity telemetry, SaaS data, endpoints, and network traffic; available as SaaS or fully managed MDR. **POC questions**: * How do the pre-LLM reasoning layers reduce false or misleading outputs in practice? * How are the specialized Exabots coordinated on a single complex investigation? * What does the MDR service model include vs. the self-managed SaaS option? ## CrowdStrike Endpoint Competitors CrowdStrike Falcon competitors in the endpoint space have moved well beyond traditional antivirus and EPP. The meaningful architectural divide today is between endpoint-first platforms, where telemetry and detection logic originate at the agent, and platform-first approaches that treat the endpoint as one data source among many. Equally important are on-device autonomy (can the agent act without cloud connectivity?) versus cloud-dependent analytics, and how well each vendor connects prevention posture to response workflow quality. Organizations evaluating alternatives should assess not just detection coverage, but how quickly a confirmed threat translates into a contained one. ### 1. Palo Alto Networks Cortex XDR **Best for**: Enterprise teams that want prevention-first endpoint security with a clear path to unified SOC operations. **Standout**: Cortex XDR has performed strongly across independent MITRE ATT\&CK evaluations over multiple consecutive rounds, with results including high technique-level detection coverage and low false-positive rates. The platform's data lake architecture centralizes security telemetry across endpoint, network, cloud, identity, and email, and provides a direct migration path to Cortex XSIAM for teams ready to consolidate SOC operations. **Key controls**: Behavioral threat protection; zero-day ML examining file characteristics at scale; exploit prevention; automated grouping of detections into prioritized unified cases; direct SSH access to compromised endpoints for surgical containment. **Integrates with**: Windows, macOS, Linux, iOS, and cloud runtimes, including Kubernetes; Cortex XSIAM for SOC consolidation; third-party telemetry sources via the extended data lake. **POC questions**: * How does the platform handle endpoint detection without consistent cloud connectivity? * What does the migration path from Cortex XDR to Cortex XSIAM look like in practice? * How are automated remediation actions scoped and approved? ### 2. Trend Micro Vision One Endpoint Security **Best for**: Organizations that need unified XDR coverage across email, endpoint, server, network, and cloud from a single console. **Standout**: Trend Vision One Endpoint Security delivers integrated EDR and XDR capabilities, with recognized performance in Gartner Magic Quadrant EPP evaluations and a strong track record of protecting Linux environments based on independent testing results. The platform's breadth across workload types makes it a strong fit for organizations with diverse infrastructure. **Key controls**: Signature filtering, pre-execution ML, and runtime behavioral analysis; IPS for applications; integrity monitoring and log inspection; generative AI assistant for threat activity analysis. **Integrates with**: AWS, Azure, GCP, VMware, and Active Directory; email and network telemetry natively within the Vision One console. **POC questions**: * How does the platform handle detection consistency across Windows, Linux, and cloud workloads? * What does the generative AI assistant surface that standard dashboards don't? * How are legacy on-premises deployments managed alongside cloud-native workloads? ### 4. Sophos Intercept X Endpoint **Best for**: Organizations seeking deep-learning-based protection with strong anti-ransomware capabilities and MDR optionality. **Standout**: Sophos Intercept X integrates deep learning, anti-ransomware, and EDR into the broader Sophos XDR ecosystem. The platform has maintained a consistent Gartner Magic Quadrant EPP Leadership position over multiple evaluation cycles and has received strong customer recognition in both EPP and XDR categories. **Key controls**: Dynamically elevated defenses when hands-on-keyboard attacks are detected; malicious encryption termination with automatic file rollback; signature-free malware detection; customizable threat hunting queries. **Integrates with**: Sophos firewall, email, cloud, and Microsoft 365 telemetry natively; third-party SIEM and SOAR platforms via open APIs. **POC questions**: * How does the platform detect and respond to hands-on-keyboard activity in practice? * What does the MDR service model cover vs. the self-managed option? * How are threat hunting query results actioned from within the console? ### 5. Trellix Endpoint Security Suite **Best for**: Enterprises that need extended telemetry retention for retrospective hunting alongside automated alert investigation. **Standout**: Trellix Endpoint Security Suite combines unified endpoint protection, EDR with forensics, and AI-powered automation into an integrated platform. Trellix Wise automatically investigates alerts through workflows trained on threat data at scale, reducing the manual effort required to move from detection to decision. **Key controls**: Behavioral analysis, machine learning, and Dynamic Application Containment; extended telemetry retention for retrospective threat hunting; granular file and registry rollback to avoid system reimaging. **Integrates with**: Endpoint, email, network, data security, and cloud telemetry natively within the Trellix suite; XDR integration for cross-domain correlation. **POC questions**: * How long does Trellix Wise take to complete a typical alert investigation? * How is Dynamic Application Containment tuned to avoid blocking legitimate activity? * What does the forensics capability surface beyond standard EDR telemetry? ## CrowdStrike Exposure Management Competitors Exposure management is not the same as vulnerability management, nor is it the same as maintaining a CAASM inventory. Vulnerability management identifies weaknesses. CAASM tells you what assets you have. Exposure management tells you which weaknesses, on which assets, under current conditions, represent the highest real-world risk, and what to do about them first. Leading platforms now differentiate on the depth of validation, the strength of exploitability proof, and their ability to connect findings to actual attacker behavior. The result is a control plane that determines which weaknesses matter now, not which weaknesses exist in theory. ### 1. Palo Alto Networks Cortex Exposure Management **Best for**: Enterprise teams that want a single prioritization and remediation workflow spanning vulnerability management, asset context, and live risk intelligence. **Standout** : [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown)ingests findings from native and third-party vulnerability scanners, combines them with CAASM-style asset discovery and control posture data, and distills large backlogs into actionable exposure cases. Running on the Cortex Extended Data Lake, prioritization reflects reachability, exploit intelligence, asset criticality, and compensating controls rather than raw CVE volume, significantly reducing the operational noise that makes traditional vulnerability management difficult to act on at scale. **Key controls**: Cross-scanner deduplication with reachability and control evaluation; Cortex Vulnerability Risk Score, incorporating live threat intelligence and exploit activity; grouping related vulnerabilities into single-exposure cases to reduce remediation overhead. **Integrates with**: Native and third-party vulnerability scanners; attack surface management via Cortex Xpanse; cloud security, endpoint vulnerability detection, and internal network scanning; Cortex XSIAM for SOC alignment. **POC questions**: * How does the platform handle conflicting findings across multiple scanner inputs? * How is asset criticality determined, and can it be customized to reflect business context? * How are exposure cases prioritized when intelligence and reachability signals conflict? ### 2. Cymulate Exposure Management Platform **Best for**: Security teams that want continuous validation of whether exposures are actually exploitable under existing controls, not just theoretically present. **Standout**: Cymulate integrates vulnerability management scanners and CAASM-style asset discovery with breach-and-attack simulation and continuous, automated red teaming. Rather than relying on scanner output alone, the platform validates which findings remain exploitable given the current security stack and surfaces that gap directly in the prioritization workflow. **Key controls**: Continuous breach and attack simulation across the full kill chain; stack-ranked exposures using validated prevention and detection results alongside compensating controls and active threat intelligence; chained multi-stage attack scenarios aligned to MITRE ATT\&CK. **Integrates with**: Vulnerability management tools, CAASM asset inventories, and security control telemetry; endpoint, SIEM, and XDR platforms for applying custom detection logic derived from validated attack paths. **POC questions**: * How frequently does the platform revalidate exposures as the environment changes? * How are custom detection rules generated from validated attack paths pushed to downstream tools? * What does the remediation prioritization workflow look like when simulation results conflict with scanner findings? ### 3. Tenable One Exposure Management Platform **Best for**: Organizations that need unified exposure management across IT, cloud, OT, IoT, identity, and application environments from a single platform. **Standout**: Tenable One aggregates vulnerability management data, CAASM-style asset inventories, and third-party security telemetry to model how attackers can traverse assets, identities, and misconfigurations to reach critical systems. Attack path analysis moves prioritization beyond individual CVEs toward understanding how weaknesses chain together in practice. **Key controls**: Unified asset and identity discovery across IT, cloud, OT, IoT, applications, and Kubernetes; combined Vulnerability Priority Rating and Asset Criticality Rating into a single Asset Exposure Score; attack path mapping to identify remediation actions that collapse multiple risk paths simultaneously. **Integrates with**: Major vulnerability scanners and SIEM platforms via vendor-agnostic connectors; third-party security telemetry for enriching exposure context. **POC questions**: * How does the platform model attack paths across hybrid environments combining IT, OT, and cloud assets? * How is Asset Criticality Rating determined, and can it be adjusted to reflect operational context? * How does the platform handle exposure management for assets that can't be scanned directly? ### 4. HivePro Uni5 Xposure **Best for**: Teams that want exposure management tightly connected to threat actor behavior, with remediation options beyond patching. **Standout**: HivePro Uni5 Xposure integrates CAASM-connected asset context, vulnerability management workflows, and breach-and-attack simulation to prioritize exploitable weaknesses. The platform maps exposures to relevant threat actors and attack techniques, focusing remediation effort on weaknesses that reflect realistic adversary behavior rather than theoretical risk scores. **Key controls**: Asset criticality and operational context enrichment via CAASM and CMDB-aligned data; threat actor and attack technique mapping for prioritization; breach-and-attack simulation to validate exploitability under existing controls; alternative remediation options, including configuration changes and compensating controls alongside patching. **Integrates with**: Vulnerability management tools and CAASM data sources; CMDB platforms for asset and ownership context; bidirectional remediation orchestration to keep stakeholder workstreams synchronized. **POC questions**: * How are threat actor mappings maintained and updated as the threat landscape evolves? * How does the platform handle remediation prioritization when patching isn't operationally feasible? * What does bidirectional remediation orchestration look like across security and IT teams in practice? ## CrowdStrike Attack Surface Competitors [Attack surface management](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management?ts=markdown) has moved from passive discovery into an operational discipline. Leading platforms now combine attacker-perspective reconnaissanceת finding what an adversary would findת with exploitability validation, ownership attribution, and direct routing of findings into SOC workflows. The meaningful differentiators today are how accurately a platform attributes assets to the right organization, how well it connects external exposure to active threat intelligence, and how readily its outputs translate into SOC-ready action. ### 1. Palo Alto Networks Cortex Xpanse **Best for**: Enterprise SOC teams that need external attack surface findings to feed directly into detection, investigation, and response workflows. **Standout** : [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) continuously identifies unknown and unmanaged external assets using active reconnaissance techniques, and maps them to their owning organization with high attribution accuracyת reducing the false positives that commonly affect ASM platforms. The Threat Response Center and Web Attack Surface Management modules extend discovery into exposure intelligence, enabling SOC teams to prioritize remediation during fast-moving events such as internet-wide vulnerability disclosures. Findings flow directly into Cortex XSIAM and Cortex XDR, making Xpanse a natural fit for organizations that need ASM outputs to support incident response and threat hunting, rather than having them sit in a separate inventory tool. **Key controls**: Continuous active reconnaissance for unknown and unmanaged asset discovery; organization-level asset attribution to reduce false positives; web asset discovery covering technologies, misconfigurations, and insecure content; attack surface risk ranking based on weaponization status, patch availability, and observed attacker activity. **Integrates with**: Cortex XSIAM and Cortex XDR for direct SOC routing; Cortex Exposure Management for combined internal and external risk context. **POC questions**: * How does the platform attribute assets to the correct organization when infrastructure is shared or inherited? * How quickly do new external exposures surface in SOC workflows following discovery? * How does the Threat Response Center prioritize emerging CVEs against your specific external footprint? ### 2. Check Point Infinity Platform **Best for**: Organizations that want attack surface management embedded within a broader unified security fabric rather than deployed as a standalone tool. **Standout**: Check Point Infinity approaches ASM as part of an integrated platform spanning network, cloud, workspace, and email controls. External risk management findingsת including phishing domains, brand impersonation, dark web exposure, and supply chain risksת are tracked within the same platform used for security enforcement, and attack surface signals feed directly into SOC workflows via Infinity XDR. **Key controls**: External asset discovery covering cloud services, SaaS applications, and third-party exposure; tracking of phishing domains, brand impersonation, and dark web exposure; centralized policy enforcement across network, cloud, email, and endpoint to mitigate identified attack surface risk. **Integrates with**: Infinity XDR for SOC correlation and response; ThreatCloud AI for sharing attack surface signals across enforcement points. **POC questions**: * How are third-party and supply chain risks discovered and tracked within the platform? * How does ThreatCloud AI translate attack surface signals into enforcement actions across the security fabric? * How are ASM findings prioritized when they span multiple enforcement domains simultaneously? ### 3. Microsoft Defender External Attack Surface Management **Best for**: Organizations already running Microsoft security operations that want external attack surface management embedded natively in their existing stack. **Standout**: Microsoft Defender EASM extends Microsoft's threat protection into continuous external discovery, focusing on unknown, unmanaged, and internet-facing assets that expand organizational risk beyond the traditional perimeter. Findings route directly into Microsoft Defender and Microsoft Sentinel, making it operationally straightforward for teams already operating within the Microsoft security model. **Key controls**: Discovery of internet-facing assets, domains, IP ranges, and cloud services; external asset scoring based on exposure, configuration weaknesses, and threat relevance; clarification of ownership and accountability using identity and tenant correlation. **Integrates with**: Microsoft Defender and Microsoft Sentinel for native SOC routing; Azure, hybrid, and multi-cloud environments without requiring standalone tooling. **POC questions**: * How does the platform handle asset discovery for infrastructure outside Azure or Microsoft-managed environments? * How are ownership gaps resolved when discovered assets can't be mapped to a known tenant or identity? * How do EASM findings influence prioritization within Microsoft Sentinel investigation queues? ### 4. CyCognito Platform **Best for**: Teams that want ASM grounded in attacker-style reconnaissance and continuous exploitability testing, not passive inventory. **Standout**: CyCognito performs automated attacker-style reconnaissance to discover known, unknown, and unmanaged external assets, then conducts continuous non-intrusive testing to validate which weaknesses are actually exploitableת rather than relying on passive signals alone. Asset mapping to business units, subsidiaries, and ownership structures makes findings SOC-ready rather than just inventory-complete. **Key controls**: Automated attacker-style reconnaissance for asset discovery; continuous non-intrusive exploitability testing; asset mapping to business units and ownership structures; attack surface risk ranking based on discoverability, ease of exploitation, and observed attacker interest. **Integrates with**: Security and IT team workflows via evidence-backed remediation steps; SIEM and SOC platforms for findings routing. **POC questions**: * How is non-intrusive testing scoped to avoid disrupting production systems? * How does the platform handle asset-ownership mapping for subsidiaries or newly acquired infrastructure? * How are exploitability test results updated as the environment or threat landscape changes? ### 5. Recorded Future Attack Surface Intelligence **Best for**: SOC and threat intelligence teams that want external attack surface findings enriched with real adversary activity, not just technical exposure data. **Standout**: Recorded Future Attack Surface Intelligence approaches ASM from a threat-intelligence-first perspective, continuously mapping external assets and enriching findings with real-time intelligence from the Recorded Future Intelligence Cloud. The platform links external assets to known threat-actor infrastructure, elevating ASM findings from inventory to a SOC-relevant risk context. **Key controls**: Continuous discovery of domains, IP ranges, servers, and exposed services; linking external assets to known threat-actor infrastructure; enriching ASM findings with exploit availability and observed exploitation trends. **Integrates with**: Recorded Future Intelligence Cloud; SIEM and SOAR platforms for direct routing to SOC workflows. **POC questions**: * How are threat actor infrastructure links maintained and updated as adversary infrastructure changes? * How does the platform differentiate between theoretical exposure and actively targeted assets? * How do ASM findings flow into existing SIEM investigation and triage workflows? ## CrowdStrike Competitors and Alternatives FAQs ### Is CrowdStrike EDR or XDR? CrowdStrike Falcon started as an EDR platform and has expanded into XDR by incorporating telemetry from cloud, identity, and network sources alongside endpoint data. In practice, how much of that XDR breadth you actually use depends on which Falcon modules you've licensed. Organizations that find themselves relying heavily on point tools to fill coverage gaps outside the endpoint are often the ones most actively evaluating alternatives. ### What should a CrowdStrike replacement POC include? A well-structured POC should cover at minimum: detection coverage against a representative set of real-world attack techniques (not just commodity malware), response workflow quality from confirmed detection to containment, integration behavior with your existing SIEM or data lake, analyst experience under realistic alert load, and autonomy controls (what executes automatically, what requires approval, and how that's configured). If you're evaluating an agentic SOC platform, add investigation traceability - can you follow exactly how a conclusion was reached? ### How do we migrate detections and response workflows safely? Migration risk is highest when detections are embedded in custom SIEM rules or SOAR playbooks that assume a specific data schema. Before committing to an alternative, map your highest-priority detection logic to the new platform's data model and confirm parity. Run both platforms in parallel for a defined period, comparing their outputs using the same telemetry. Response workflows are harder to migrate than detections. Prioritize the workflows that touch active incident response first, and migrate lower-frequency playbooks in a second phase once the core environment is stable. ### Why do organizations look for alternatives to CrowdStrike? The most common drivers are coverage gaps outside the endpoint (cloud workloads, identity, external attack surface), operating model mismatch (alert-based vs. case-based SOC), cost unpredictability as environments scale, and architecture fit when existing SIEM or SOAR investments make open integration more valuable than native consolidation. Compliance and data residency requirements are also recurring factors for regulated industries and public-sector organizations. ### Which CrowdStrike competitors offer better endpoint protection? Rather than selecting by vendor name, evaluate on three criteria: independent evaluation results (MITRE ATT\&CK rounds are the most comparable public benchmark), on-device autonomy (can the agent act without cloud connectivity?), and response workflow quality (how quickly does a confirmed detection translate into containment?). Platforms with strong results across all three tend to perform well in POCs regardless of brand. ### What are the top CrowdStrike alternatives for agentic SOC platforms? Evaluate agentic SOC alternatives on autonomy depth, evidence traceability, human-in-the-loop controls, and audit log completeness. Platforms vary significantly in how much they handle end-to-end versus how much they still rely on analyst prompting. The most mature options complete full investigations - artifact extraction, hypothesis formation, and conclusion - without requiring structured playbooks, and make their reasoning reviewable rather than opaque. ### How do CrowdStrike alternatives compare in pricing and deployment models? Pricing structures vary considerably. Some platforms offer modular licensing that lets you adopt capabilities incrementally rather than committing to full-suite bundling. Cloud-native options typically operate on SaaS models with per-investigation or per-asset pricing. Legacy vendors tend to support on-premises, hybrid, and cloud deployments with more traditional licensing. The key question to ask in any evaluation is how costs scale as your data ingestion, endpoint count, or user base grows --- consumption-based models can surprise you in either direction. Related content [Palo Alto Networks Cortex Cortex by Palo Alto Networks is an AI-driven security operations platform that unifies endpoint protection, threat detec...](https://www.paloaltonetworks.com/cortex?ts=markdown) [XDR for Dummies Download the XDR For Dummies e-book to get everything you need to know about XDR --- from core capabilities to real-world use cases.](https://www.paloaltonetworks.com/resources/guides/xdr-for-dummies?ts=markdown) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=Best%20CrowdStrike%20Competitors%20%26%20Alternatives%20for%202026&body=Compare%20CrowdStrike%20alternatives%20for%20agentic%20SOC%2C%20endpoint%2FXDR%2C%20exposure%20management%2C%20and%20attack%20surface%20management%20with%20a%20competitor%20matrix%20and%20buyer%20checklist.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/crowdstrike-competitors-and-alternatives) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-user-entity-behavior-analytics-ueba?ts=markdown) What is UEBA (User and Entity Behavior Analytics)? [Next](https://www.paloaltonetworks.com/cyberpedia/what-is-threat-prevention?ts=markdown) What Is Threat Prevention? \[Definition, Explanation, + How-tos\] {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/ai-security?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language