[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Threats](https://www.paloaltonetworks.com/cyberpedia/threat?ts=markdown) 3. [Cyberthreat Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti?ts=markdown) 4. [What Are Cyberthreat Intelligence Tools?](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools?ts=markdown) Table of Contents * [What Is Cyber Threat Intelligence (CTI)?](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti?ts=markdown) * [What Data Is Considered Threat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#considered?ts=markdown) * [Sources of Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#sources?ts=markdown) * [Tools and Services in Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#tools?ts=markdown) * [Practical Implementation of Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#implementation?ts=markdown) * [The Threat Intelligence Lifecycle: An Overview](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#lifecycle?ts=markdown) * [Building an Effective Threat Intelligence Program](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#program?ts=markdown) * [Threat Intelligence FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#faq?ts=markdown) * [Threat Intelligence Use Cases and Examples](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples?ts=markdown) * [What Are the 4 Types of Threat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#types?ts=markdown) * [Top 4 Use Cases for a Threat Intel Platform (TIP)](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#use-cases?ts=markdown) * [Specific Examples of Threat Intelligence Use Cases](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#examples?ts=markdown) * [MITRE ATT\&CK as a Threat Intelligence Use Case](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#mitre?ts=markdown) * [Threat Intelligence Use Cases FAQs](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#faq?ts=markdown) * [What is the Threat Intelligence Lifecycle?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-threat-intelligence-life-cycle?ts=markdown) * [Why is the Threat Intelligence Lifecycle Important?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-threat-intelligence-life-cycle#why?ts=markdown) * [The 6 Stages of the Threat Intelligence Lifecycle](https://www.paloaltonetworks.com/cyberpedia/what-is-the-threat-intelligence-life-cycle#lifecycle?ts=markdown) * [Benefits of the Threat Intelligence Lifecycle Framework](https://www.paloaltonetworks.com/cyberpedia/what-is-the-threat-intelligence-life-cycle#benefits?ts=markdown) * [Threat Intelligence Lifecycle FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-threat-intelligence-life-cycle#faqs?ts=markdown) * [What is a Threat Intelligence Platform (TIP)?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform?ts=markdown) * [The Value of a Threat Intelligence Platform](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#value?ts=markdown) * [How Threat Intelligence Works](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#intelligence?ts=markdown) * [Types and Examples of Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#examples?ts=markdown) * [Why Do Organizations Need a Threat Intelligence Platform (TIP)?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#organizations?ts=markdown) * [Key Characteristics of a Threat Intelligence Platform](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#characteristics?ts=markdown) * [Types of Threat Intelligence Data](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#threat?ts=markdown) * [Implementation of a Threat Intelligence Platform](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#platform?ts=markdown) * [Threat Intelligence Platforms FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#faqs?ts=markdown) * [What Are Unknown Cyberthreats?](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats?ts=markdown) * [How Unknown Cyberthreats Are Redefining Cloud Security](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats#how?ts=markdown) * [Why Unknown Threats Matter](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats#why?ts=markdown) * [Types of Unknown Cyberthreats](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats#types?ts=markdown) * [Advanced Defense Strategies for Modern Threats](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats#advanced?ts=markdown) * [Resilient Cloud Security Starts with Visibility and Adaptation](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats#resilient?ts=markdown) * [Unknown Cyberthreats FAQs](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats#faqs?ts=markdown) * What Are Cyberthreat Intelligence Tools? * [Types of Threat Intelligence Tools](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#types?ts=markdown) * [How Threat Intelligence Tools Work](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#tools?ts=markdown) * [Key Functions of Threat Intelligence Tools](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#key?ts=markdown) * [What is a Threat Intelligence Platform (TIP)?](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#platform?ts=markdown) * [Best Practices for Implementing Threat Intelligence Tools](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#practices?ts=markdown) * [Emerging Trends in Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#trends?ts=markdown) * [Threat Intelligence Tools FAQs](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#faqs?ts=markdown) * [What are the Types of Cyberthreat Intelligence (CTI)?](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence?ts=markdown) * [What is Cyberthreat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence#cyberthreat?ts=markdown) * [What is Strategic Threat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence#strategic?ts=markdown) * [What is Tactical Threat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence#tactical?ts=markdown) * [What is Operational Threat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence#operational?ts=markdown) * [Application of Cyberthreat Intelligence](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence#application?ts=markdown) * [Challenges in Cyberthreat Intelligence](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence#challenges?ts=markdown) * [Cyberthreat Intelligence FAQs](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence#faqs?ts=markdown) # What Are Cyberthreat Intelligence Tools? 3 min. read Table of Contents * * [Types of Threat Intelligence Tools](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#types?ts=markdown) * [How Threat Intelligence Tools Work](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#tools?ts=markdown) * [Key Functions of Threat Intelligence Tools](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#key?ts=markdown) * [What is a Threat Intelligence Platform (TIP)?](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#platform?ts=markdown) * [Best Practices for Implementing Threat Intelligence Tools](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#practices?ts=markdown) * [Emerging Trends in Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#trends?ts=markdown) * [Threat Intelligence Tools FAQs](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#faqs?ts=markdown) 1. Types of Threat Intelligence Tools * * [Types of Threat Intelligence Tools](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#types?ts=markdown) * [How Threat Intelligence Tools Work](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#tools?ts=markdown) * [Key Functions of Threat Intelligence Tools](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#key?ts=markdown) * [What is a Threat Intelligence Platform (TIP)?](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#platform?ts=markdown) * [Best Practices for Implementing Threat Intelligence Tools](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#practices?ts=markdown) * [Emerging Trends in Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#trends?ts=markdown) * [Threat Intelligence Tools FAQs](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#faqs?ts=markdown) Threat intelligence tools are software applications and platforms that assist with [threat management](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti?ts=markdown) by collecting, analyzing, and providing actionable information about cybersecurity threats and vulnerabilities. Threat intelligence software enhances cyberthreat intelligence by delivering up-to-date information about individual threats that may attack points of vulnerability (endpoints, applications, cloud gateways, and more). Security operations (SecOps) and IT teams use threat intelligence tools to spot potential problems before they hit, often linking to other sources and threat intelligence feeds. ## Types of Threat Intelligence Tools When it comes to safeguarding an organization's digital assets, having the right threat intelligence tools at your disposal is paramount. These three primary categories of threat intelligence tools can benefit your cybersecurity strategy. ### Open-Source Threat Intelligence Solutions Open-source threat intelligence is a comprehensive process of gathering and analyzing cybersecurity threat data from publicly available sources. These sources include online forums, social media, blogs, and websites. The purpose of this approach is to obtain a better understanding of the threat landscape and stay ahead of cybercriminals. The following types of data are collected: * Indicators of Compromise (IOCs): specific pieces of information, such as IP addresses, domains, or hashes, that can indicate the presence of malicious activity * Malware samples: malicious software programs that are analyzed to understand their behavior and identify potential vulnerabilities * Vulnerabilities: weaknesses in software or systems that can be exploited by attackers * Tactics, techniques, and procedures (TTPs) used by attackers: methods and strategies used by attackers to breach a network or system, including phishing, social engineering, brute-force attacks, etc. ### Commercial Threat Intelligence Solutions Commercial [threat intelligence solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti?ts=markdown) provide organizations with real-time data, analysis, risk assessment, advisory, and consulting services to help them understand, identify, and protect against cyberthreats. These solutions integrate with existing security infrastructure and provide a centralized platform for security teams to make informed decisions. They are essential for a proactive approach to cybersecurity. #### Benefits of Commercial Threat Intelligence Management Commercial threat intelligence management provides improved operational efficiency, lower risk, and cost savings. It aggregates threat data from various sources, surfaces attacks quickly, reduces dwell time, and identifies vulnerabilities. This proactive approach saves money and eliminates the need for multiple platforms and integration resources. ### In-House Customized Tools In-house customized threat intelligence tools are specialized software solutions developed and maintained by an organization's IT or cybersecurity team. Tailor-made to fit the organization's unique security requirements and infrastructure, these tools focus on collecting and analyzing cyberthreat data from various sources, including open-source intelligence and internal network data. They offer seamless integration with existing security systems, customizable dashboards for monitoring, and features supporting incident response and risk management. While resource-intensive to develop and maintain, these tools provide flexibility, control, and specificity in managing cyberthreats, making them particularly valuable for organizations with specialized needs or those in highly regulated industries. ## How Threat Intelligence Tools Work Understanding the inner workings of threat intelligence tools and the fundamental mechanisms that power them is crucial to harnessing their full potential in fortifying your cybersecurity posture. ![Lifecycle of threat intelligence platform](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/lifecycle-of-threat-intelligence-platform.png "Lifecycle of threat intelligence platform") ### Data Collection and Aggregation Threat intelligence tools begin by casting a wide net across the digital landscape. They systematically gather data from diverse sources, including network logs, security events, open-source intelligence feeds, forums, blogs, and more. This extensive data collection process ensures a comprehensive view of the threat landscape. * Continuous data retrieval from various sources * Data normalization and enrichment for better analysis * Integration of multiple data feeds into a unified repository ### Data Analysis and Pattern Recognition Data analysis and pattern recognition are interconnected fields that involve examining large sets of data to identify meaningful information, trends, and patterns. **Data analysis** involves collecting and cleaning data from various sources, exploring it to understand its properties, selecting relevant variables, applying statistical analysis to uncover relationships, testing hypotheses, and interpreting the results to draw conclusions. **Pattern recognition** involves collecting and cleaning data, extracting relevant features, and selecting appropriate algorithms such as machine learning, statistical models, or neural networks. The algorithm is trained on a subset of the data and then tested on another set to identify patterns and recognize similarities, anomalies, sequences, or trends. The model is refined and retrained to improve accuracy and relevance based on the initial results. Data analysis and pattern recognition are complementary processes. Data analysis often provides the foundational understanding necessary for effective pattern recognition. Insights from pattern recognition can lead to further data analysis, and vice versa, creating a continuous improvement loop. Both data analysis and pattern recognition rely heavily on computational methods, especially as data volumes and complexity grow. They are crucial in fields like finance, healthcare, marketing, and cybersecurity, where understanding patterns and trends can lead to better decision-making, forecasting, and anomaly detection. ### Contextualizing Threats Beyond mere detection, threat intelligence tools excel in providing context around identified threats. They unveil essential details, such as the threat actor or group responsible, attack methods, and targeted assets or vulnerabilities. This contextualization equips security teams with the knowledge needed to fully understand the gravity and implications of a potential threat. * Correlating threat data with historical and global threat intelligence * Attribution of threats to specific threat actors or groups * Mapping of threats to affected assets for precise remediation ## Key Functions of Threat Intelligence Tools A "true" cyberthreat intelligence tool must provide information on new and emerging threats and vulnerabilities. It also shares in-depth instructions on how to address and remediate problems resulting from these threats. Threat intelligence tools provide information on four types of threat intelligence data: strategic, tactical, operational, and technical. Strategic intelligence provides high-level information about the threat landscape, while tactical intelligence focuses on attack methods. Operational intelligence offers in-depth details about specific threats and attacks, and technical intelligence provides highly technical data used by IT and security teams. In addition to the above-mentioned features of data collection and aggregation, data analysis and pattern recognition, and contextualizing threats, the following are key functions of threat intelligence tools. ### Alerting and Reporting When a potential threat is detected, threat intel tools generate alerts and detailed reports. These alerts are sent to security teams in real-time, providing immediate notification of the issue. Moreover, threat intelligence tools often include severity assessments, allowing security professionals to prioritize their responses based on the perceived threat level. ### Supporting Decision -Making Threat intelligence tools go beyond just detection; they assist security professionals in making informed decisions. They offer recommendations and actionable insights on how to mitigate specific threats. This guidance helps security teams decide on the most appropriate course of action, whether it's isolating a compromised device, applying patches, or implementing additional security measures. ### Automating Responses Some advanced threat intelligence tools are equipped with automation capabilities. They can take predefined actions in response to identified threats. For instance, if a tool detects a malicious IP address, it can automatically block traffic from that source or isolate affected devices to contain the threat before it spreads. ### Continuous Monitoring Threat intelligence tools provide continuous monitoring of the threat landscape. They keep a vigilant eye on emerging threats and vulnerabilities in real-time. This proactive approach ensures that organizations stay ahead of potential risks and can adapt their security strategies accordingly to protect their digital assets effectively. ![Business value from threat intelligence platform](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/business-value-threat-intelligence-platform.png "Business value from threat intelligence platform") ## What is a Threat Intelligence Platform (TIP)? A [threat intelligence platform](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform?ts=markdown) (TIP) is a comprehensive, centralized solution designed to manage all aspects of threat intelligence, from data collection to analysis, sharing, and response. Threat intelligence tools, on the other hand, are specialized software or components that focus on specific functions within the threat intelligence lifecycle and may be used in conjunction with a TIP to address specific needs. Organizations often select and integrate both TIPs and threat intelligence tools based on their specific cybersecurity requirements and resources. TIPs provide a centralized and integrated environment for handling threat intelligence data and processes. They are typically designed to manage large volumes of threat data from diverse sources, offering a high degree of customization and flexibility. TIPs frequently incorporate advanced analytics, machine learning, and artificial intelligence capabilities to analyze threat data, detect patterns, and provide insights into emerging threats. They facilitate the sharing of threat intelligence data both within an organization and with external partners, enabling collaborative threat mitigation efforts. TIPs are designed to integrate with a wide range of cybersecurity tools and systems, allowing for automated responses to threats and seamless collaboration with other security solutions. They often include workflow management features that help organizations organize and prioritize tasks related to threat intelligence, incident response, and remediation. ## Best Practices for Implementing Threat Intelligence Tools Effectively implementing threat intelligence tools in your business involves a strategic approach that aligns with your organization's specific needs, resources, and cybersecurity posture. Here are key steps to consider: **Assess Your Needs and Capabilities** Identify relevant threats for your industry and assess your cybersecurity infrastructure for gaps where threat intelligence can help.d value. **Choose the Right Tools** Determine which solutions are appropriate for your needs: commercial products, developed in-house tools, or a combination of both. If you decide to use commercial solutions, evaluate vendors based on their data sources, integration capabilities, and the relevance of their intelligence to your business. **Integration with Existing Systems** Ensure that the threat intelligence tools integrate well with your existing security infrastructure, such as SIEM systems, firewalls, and incident response platforms. **Staff Training and Development** It is important to have a skilled team that can interpret threat intelligence and translate it into actionable insights. Regular training should be provided to keep the team's skills up to date with the evolving threat landscape and intelligence. technologies. **Establish Processes and Protocols** Develop standard operating procedures (SOPs) that provide clear guidelines on how to use threat intelligence in your security operations. These SOPs should cover incident response and risk management. Additionally, automation can be used to process and analyze large volumes of intelligence data. This can help free up your team to focus on more complex tasks. analysis. **Continuous Monitoring and Analysis** Implement tools for real-time monitoring of the threat landscape and regularly analyze intelligence data to identify emerging threats, trends, patterns, and evolving tactics.threat actors. **Feedback Loop** Regularly reviews the effectiveness of your threat intelligence implementation. Adjust strategies and tools as necessary based on feedback and changing business needs. **Legal and Compliance Considerations** Adhere to Regulations by ensuring that your threat intelligence practices comply with relevant laws, regulations, and industry standards. **Collaboration and Information Sharing** Consider joining industry-specific threat intelligence-sharing groups or forums. Collaboration can enhance your understanding of emerging threats. By following these steps, you can implement threat intelligence tools in a way that not only strengthens your cybersecurity posture but also supports your overall business objectives. Remember, the goal of threat intelligence is not just to collect data, but to enable informed decision-making and proactive defense against cyberthreats. ## Emerging Trends in Threat Intelligence As cyberthreats continue to evolve, organizations must take a forward-thinking approach to stay ahead of adversaries. Three key trends in threat intelligence can strengthen defenses against emerging dangers: * Leveraging AI and machine learning to automate threat analysis. By harnessing these technologies, organizations can rapidly detect threats and lighten the load on security teams. * Advancing collaboration and information sharing with partners. By exchanging real-time threat data across industries and borders, collective defenses become stronger. * Enabling predictive capabilities to get ahead of threats. Analyzing data to forecast vulnerabilities and attack trends allows for more proactive security and resource allocation. By closely following these trends in threat intelligence, organizations can enhance their resilience against an ever-changing threat landscape. The integration of automation, collaboration, and predictive analytics represents the next frontier in cyber defense. ## Threat Intelligence Tools FAQs ### What is an open-source threat intelligence platform? Although there are a large number of commercially available threat intelligence tools and services from different suppliers, the open-source software community also has cataloged a wide range of different threat intelligence tools. Most of these are free, although open-source vendors often offer maintenance contracts for a fee. ### What is SOAR? Security orchestration, automation, and response (SOAR) is an advanced cybersecurity solution that empowers organizations to take on the challenges of managing and responding to the vast amount of security alerts and data they receive daily. Its key components, including SOAR, work together seamlessly to enable coordinated and streamlined security operations. With SOAR, security teams can rest assured that they are better equipped to handle security incidents with efficiency and effectiveness while reducing the workload on their team. ### Why is Managed Detection and Response (MDR) important as a threat intelligence tool? MDR contributes to threat intelligence by performing such functions as threat detection, integrating threat intelligence feeds, analyzing threats, enhancing contextual understanding, and suggesting incidence response techniques based on its analysis of the threat. These activities are typically conducted in real time, giving security analysts and engineers the opportunity to use threat intelligence more proactively and comprehensively. ### What role does artificial intelligence play in threat intelligence tools? Leading providers of threat intelligence tools have enhanced their tools' capabilities and utility by integrating artificial intelligence (AI) into many of their tools, or by designing them with AI integrated from the start. AI upgrades the functionality of threat intelligence tools with such functions as anomaly detection, behavioral analysis, predictive analysis, natural language processing, and continuous learning. Related content [What is Threat Intelligence Management? cyberpedia Threat intelligence management empowers organizations to proactively defend against cyber threats by collecting, normalizing, and enriching actionable threat data to make faster, m...](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti?ts=markdown) [Cortex XSOAR overview video Learn how Cortex XSOAR with threat intel management enables security teams to leverage proven capabilities of SOAR and close the gap between tools, process and people.](https://www.paloaltonetworks.com/resources/videos/cortex-xsoar-threat-intelligence?ts=markdown) [EBook: Navigating the Evolving Threat Landscape: Resilient Cybersecurity Tactics for CISOs Palo Alto Networks's Unit 42 EBook explains how to respond to active threats, optimize your defense workflow for speed and repetition, empower your technical leadership and get tac...](https://www.paloaltonetworks.com/resources/ebooks/unit42-ciso-cybersecurity-tactics-advisory?utm_source=global-unit42&utm_medium=web&ts=markdown) [Requirements for Preventing Evasive Threats Access ESG's insights on why it's time for organizations to consider alternatives from signature-based detection and explore inline deep learning to deliver advanced protection aga...](https://start.paloaltonetworks.com/preventing-evasive-threats?utm_source=google-jg-amer-ngfw-SMCO-SMNP&utm_medium=paid_search&utm_campaign=google-ngfw-coresubs-amer-multi-lead_gen-en-eg&utm_content=gs-18089570869-157981581754-681671022898&utm_term=palo%20alto%20networks%20threat%20intelligence&sfdcid=7014u000001kaAlAAI&cq_plac=&cq_net=g&gad_source=1&gclid=EAIaIQobChMIq6OfltbvgwMV4khHAR3PDAFTEAAYASADEgIIwPD_BwE) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Are%20Cyberthreat%20Intelligence%20Tools%3F&body=Empower%20Your%20Cybersecurity%20Posture%20with%20Effective%20Threat%20Intelligence%20Tools%3A%20Explore%20insights%20and%20strategies%20for%20proactively%20protecting%20your%20digital%20assets%20against%20emerging%20threats.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats?ts=markdown) What Are Unknown Cyberthreats? [Next](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence?ts=markdown) What are the Types of Cyberthreat Intelligence (CTI)? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language