[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Cloud Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security?ts=markdown) 3. [DSPM](https://www.paloaltonetworks.com/cyberpedia/what-is-dspm?ts=markdown) 4. [What Is Data Detection and Response (DDR)?](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr?ts=markdown) Table of Contents * [What is Data Security Posture Management? DSPM Guide](https://www.paloaltonetworks.com/cyberpedia/what-is-dspm?ts=markdown) * [DSPM Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-dspm#dspm-explained?ts=markdown) * [How DSPM Works](https://www.paloaltonetworks.com/cyberpedia/what-is-dspm#works?ts=markdown) * [The Importance of Data Security Posture Management](https://www.paloaltonetworks.com/cyberpedia/what-is-dspm#dspm-importance?ts=markdown) * [DSPM Capabilities](https://www.paloaltonetworks.com/cyberpedia/what-is-dspm#dspm-capabilities?ts=markdown) * [DSPM Vs. CSPM](https://www.paloaltonetworks.com/cyberpedia/what-is-dspm#dspm-vs-cspm?ts=markdown) * [DSPM Use Cases](https://www.paloaltonetworks.com/cyberpedia/what-is-dspm#dspm-use-cases?ts=markdown) * [Data Security Posture Management Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-dspm#dspm-tools?ts=markdown) * [Data Security Posture Management FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-dspm#faq?ts=markdown) * [How DSPM Is Evolving: Key Trends to Watch](https://www.paloaltonetworks.com/cyberpedia/dspm-evolving-trends?ts=markdown) * [From Static Discovery to Dynamic Intelligence](https://www.paloaltonetworks.com/cyberpedia/dspm-evolving-trends#static?ts=markdown) * [The Convergence of DSPM with Cloud-Native Security Architectures](https://www.paloaltonetworks.com/cyberpedia/dspm-evolving-trends#native?ts=markdown) * [Real-Time Data Detection and Response](https://www.paloaltonetworks.com/cyberpedia/dspm-evolving-trends#response?ts=markdown) * [AI Security and Generative AI Data Protection](https://www.paloaltonetworks.com/cyberpedia/dspm-evolving-trends#protection?ts=markdown) * [Automation, Policy-as-Code, and DevSecOps Integration](https://www.paloaltonetworks.com/cyberpedia/dspm-evolving-trends#automation?ts=markdown) * [DSPM Key Trends FAQs](https://www.paloaltonetworks.com/cyberpedia/dspm-evolving-trends#faq?ts=markdown) * [DSPM Market Size: 2025 Guide](https://www.paloaltonetworks.com/cyberpedia/dspm-market?ts=markdown) * [DSPM Market Size and Financial Overview](https://www.paloaltonetworks.com/cyberpedia/dspm-market#dspm?ts=markdown) * [Growth Drivers Reshaping the DSPM Market](https://www.paloaltonetworks.com/cyberpedia/dspm-market#growth?ts=markdown) * [Market Segmentation and Adoption Patterns](https://www.paloaltonetworks.com/cyberpedia/dspm-market#market?ts=markdown) * [Palo Alto Networks DSPM Market Position](https://www.paloaltonetworks.com/cyberpedia/dspm-market#position?ts=markdown) * [DSPM Market Forecast Through 2030](https://www.paloaltonetworks.com/cyberpedia/dspm-market#dspm?ts=markdown) * [DSPM Market FAQs](https://www.paloaltonetworks.com/cyberpedia/dspm-market#faqs?ts=markdown) * [How DSPM Combats Toxic Combinations: Enabling Proactive Data-Centric Defense](https://www.paloaltonetworks.com/cyberpedia/dspm-defense?ts=markdown) * [What Are Toxic Combinations?](https://www.paloaltonetworks.com/cyberpedia/dspm-defense#what?ts=markdown) * [The Role of Attack Path Analysis in Detection](https://www.paloaltonetworks.com/cyberpedia/dspm-defense#role?ts=markdown) * [DSPM Capabilities for Toxic Combination Mitigation](https://www.paloaltonetworks.com/cyberpedia/dspm-defense#dspm?ts=markdown) * [Aligning with Frameworks and Zero Trust](https://www.paloaltonetworks.com/cyberpedia/dspm-defense#aligning?ts=markdown) * [Best Practices for Implementation](https://www.paloaltonetworks.com/cyberpedia/dspm-defense#best?ts=markdown) * [How DSPM Combats Toxic Combinations FAQs](https://www.paloaltonetworks.com/cyberpedia/dspm-defense#faqs?ts=markdown) * [What Is a Data Flow Diagram?](https://www.paloaltonetworks.com/cyberpedia/data-flow-diagram?ts=markdown) * [Data Flow Diagram Explained](https://www.paloaltonetworks.com/cyberpedia/data-flow-diagram#data?ts=markdown) * [What Symbols Are in Data Flow Diagrams?](https://www.paloaltonetworks.com/cyberpedia/data-flow-diagram#what?ts=markdown) * [What Are the Different Levels of DFDs?](https://www.paloaltonetworks.com/cyberpedia/data-flow-diagram#different?ts=markdown) * [What Are the Benefits of Using a Data Flow Diagram?](https://www.paloaltonetworks.com/cyberpedia/data-flow-diagram#benefits?ts=markdown) * [Data Flow FAQs](https://www.paloaltonetworks.com/cyberpedia/data-flow-diagram#faqs?ts=markdown) * [What Is Data Exfiltration?](https://www.paloaltonetworks.com/cyberpedia/data-exfiltration?ts=markdown) * [Data Exfiltration Vs. Data Breach](https://www.paloaltonetworks.com/cyberpedia/data-exfiltration#data?ts=markdown) * [Risks of Data Exfiltration](https://www.paloaltonetworks.com/cyberpedia/data-exfiltration#risks?ts=markdown) * [Examples of Data Exfiltration](https://www.paloaltonetworks.com/cyberpedia/data-exfiltration#examples?ts=markdown) * [Data Exfiltration in Public Clouds](https://www.paloaltonetworks.com/cyberpedia/data-exfiltration#public?ts=markdown) * [Data Exfiltration Warning Signs](https://www.paloaltonetworks.com/cyberpedia/data-exfiltration#warning?ts=markdown) * [Preventing Data Exfiltration](https://www.paloaltonetworks.com/cyberpedia/data-exfiltration#preventing?ts=markdown) * [Data Exfiltration FAQs](https://www.paloaltonetworks.com/cyberpedia/data-exfiltration#faqs?ts=markdown) * [What Is Data Movement?](https://www.paloaltonetworks.com/cyberpedia/data-movement?ts=markdown) * [Data Movement Explained](https://www.paloaltonetworks.com/cyberpedia/data-movement#explained?ts=markdown) * [Data Movement and Cloud Data Security](https://www.paloaltonetworks.com/cyberpedia/data-movement#data-security?ts=markdown) * [5 Types of Data Movement, With Examples](https://www.paloaltonetworks.com/cyberpedia/data-movement#types?ts=markdown) * [The Fragmented Landscape of Data Movement Tools](https://www.paloaltonetworks.com/cyberpedia/data-movement#tools?ts=markdown) * [Data Movements FAQs](https://www.paloaltonetworks.com/cyberpedia/data-movement#faqs?ts=markdown) * [What Is a Data Breach?](https://www.paloaltonetworks.com/cyberpedia/data-breach?ts=markdown) * [Data Breaches Explained](https://www.paloaltonetworks.com/cyberpedia/data-breach#data?ts=markdown) * [The Breach Lifecycle](https://www.paloaltonetworks.com/cyberpedia/data-breach#lifecycle?ts=markdown) * [Why Preventing Data Breaches Matter](https://www.paloaltonetworks.com/cyberpedia/data-breach#why?ts=markdown) * [Data Breach Reporting](https://www.paloaltonetworks.com/cyberpedia/data-breach#reporting?ts=markdown) * [How Do Data Breaches Happen?](https://www.paloaltonetworks.com/cyberpedia/data-breach#how?ts=markdown) * [The Prevalence of Data Breaches](https://www.paloaltonetworks.com/cyberpedia/data-breach#prevalence?ts=markdown) * [Lessons from Headlining Breaches](https://www.paloaltonetworks.com/cyberpedia/data-breach#lessons?ts=markdown) * [‍How to Prevent Data Breaches](https://www.paloaltonetworks.com/cyberpedia/data-breach#prevent?ts=markdown) * [Data Breach FAQs](https://www.paloaltonetworks.com/cyberpedia/data-breach#faqs?ts=markdown) * [DSPM Tools: How to Evaluate and Select the Best Option](https://www.paloaltonetworks.com/cyberpedia/dspm-tools?ts=markdown) * [The Need for Data Security Posture Management (DSPM) Solutions](https://www.paloaltonetworks.com/cyberpedia/dspm-tools#solutions?ts=markdown) * [The Key 7 Components of DSPM Tools](https://www.paloaltonetworks.com/cyberpedia/dspm-tools#key?ts=markdown) * [How to Select the Right DSPM Solution](https://www.paloaltonetworks.com/cyberpedia/dspm-tools#how?ts=markdown) * [Common Challenges in Implementing DSPM](https://www.paloaltonetworks.com/cyberpedia/dspm-tools#common?ts=markdown) * [Data Security Posture Management FAQs](https://www.paloaltonetworks.com/cyberpedia/dspm-tools#faqs?ts=markdown) * [How DSPM Enables XDR and SOAR for Automated, Data-Centric Security](https://www.paloaltonetworks.com/cyberpedia/dspm-xdr-soar?ts=markdown) * [Why Data Context Matters in Modern Security](https://www.paloaltonetworks.com/cyberpedia/dspm-xdr-soar#why?ts=markdown) * [What DSPM Brings to XDR](https://www.paloaltonetworks.com/cyberpedia/dspm-xdr-soar#what?ts=markdown) * [How DSPM Powers SOAR Automation](https://www.paloaltonetworks.com/cyberpedia/dspm-xdr-soar#how?ts=markdown) * [The Synergy of DSPM, XDR, and SOAR](https://www.paloaltonetworks.com/cyberpedia/dspm-xdr-soar#synergy?ts=markdown) * [Best Practices for Implementation](https://www.paloaltonetworks.com/cyberpedia/dspm-xdr-soar#best?ts=markdown) * [How DSPM Enables XDR and SOAR FAQs](https://www.paloaltonetworks.com/cyberpedia/dspm-xdr-soar#faqs?ts=markdown) * What Is Data Detection and Response (DDR)? * [Data Detection and Response Explained](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#data?ts=markdown) * [Why Is DDR Important?](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#why?ts=markdown) * [Improving DSPM Solutions with Dynamic Monitoring](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#improving?ts=markdown) * [A Closer Look at Data Detection and Response (DDR)](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#ddr?ts=markdown) * [How DDR Solutions Work](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#how?ts=markdown) * [How Does DDR Fit into the Cloud Data Security Landscape?](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#landscape?ts=markdown) * [Does the CISO Agenda Need an Additional Cybersecurity Tool?](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#does?ts=markdown) * [Supporting Innovation Without Sacrificing Security](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#supporting?ts=markdown) * [DSPM and Data Detection and Response FAQs](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#faqs?ts=markdown) * [What Is Data-Centric Security?](https://www.paloaltonetworks.com/cyberpedia/data-centric-security?ts=markdown) * [Why a Data-Centric Security Strategy Matters](https://www.paloaltonetworks.com/cyberpedia/data-centric-security#why?ts=markdown) * [When a Data Focus for Security Is Necessary](https://www.paloaltonetworks.com/cyberpedia/data-centric-security#when?ts=markdown) * [Data-Centric Security FAQs](https://www.paloaltonetworks.com/cyberpedia/data-centric-security#faqs?ts=markdown) * [What Is Unstructured Data?](https://www.paloaltonetworks.com/cyberpedia/unstructured-data?ts=markdown) * [Understanding Unstructured Data in the Cloud](https://www.paloaltonetworks.com/cyberpedia/unstructured-data#understanding?ts=markdown) * [Unstructured Data and Challenges with Data Security](https://www.paloaltonetworks.com/cyberpedia/unstructured-data#unstructured?ts=markdown) * [Key Aspects of Data Security for Unstructured Data](https://www.paloaltonetworks.com/cyberpedia/unstructured-data#key?ts=markdown) * [Unstructured Data FAQs](https://www.paloaltonetworks.com/cyberpedia/unstructured-data#faqs?ts=markdown) * [What Is Data Access Governance?](https://www.paloaltonetworks.com/cyberpedia/data-access-governance?ts=markdown) * [Data Access Governance Explained](https://www.paloaltonetworks.com/cyberpedia/data-access-governance#data?ts=markdown) * [Data Access Governance in Compliance and Auditing](https://www.paloaltonetworks.com/cyberpedia/data-access-governance#compliance?ts=markdown) * [Data Governance in Cloud Security](https://www.paloaltonetworks.com/cyberpedia/data-access-governance#cloud-security?ts=markdown) * [Software Used for Data Access Governance](https://www.paloaltonetworks.com/cyberpedia/data-access-governance#software?ts=markdown) * [Data Access Governance FAQs](https://www.paloaltonetworks.com/cyberpedia/data-access-governance#faqs?ts=markdown) * [DSPM for AI: Navigating Data and AI Compliance Regulations](https://www.paloaltonetworks.com/cyberpedia/dspm-data-ai-compliance?ts=markdown) * [How DSPM Secures Data Integrity and Enables Compliance](https://www.paloaltonetworks.com/cyberpedia/dspm-data-ai-compliance#how?ts=markdown) * [Navigating Global AI Compliance with DSPM](https://www.paloaltonetworks.com/cyberpedia/dspm-data-ai-compliance#navigating?ts=markdown) * [Securing the AI Lifecycle with DSPM](https://www.paloaltonetworks.com/cyberpedia/dspm-data-ai-compliance#lifecycle?ts=markdown) * [Integrating DSPM Across the Security Ecosystem](https://www.paloaltonetworks.com/cyberpedia/dspm-data-ai-compliance#ecosystem?ts=markdown) * [The Future of DSPM: Business Value and Responsible AI](https://www.paloaltonetworks.com/cyberpedia/dspm-data-ai-compliance#future?ts=markdown) * [DSPM for AI FAQs](https://www.paloaltonetworks.com/cyberpedia/dspm-data-ai-compliance#faqs?ts=markdown) * [What Is Data Discovery?](https://www.paloaltonetworks.com/cyberpedia/data-discovery?ts=markdown) * [How Data Discovery Works](https://www.paloaltonetworks.com/cyberpedia/data-discovery#how?ts=markdown) * [Data Discovery: The Key to Data Classification](https://www.paloaltonetworks.com/cyberpedia/data-discovery#data?ts=markdown) * [Benefits of Data Discovery](https://www.paloaltonetworks.com/cyberpedia/data-discovery#benefits?ts=markdown) * [Data Discovery FAQs](https://www.paloaltonetworks.com/cyberpedia/data-discovery#faqs?ts=markdown) * [What Is Structured Data?](https://www.paloaltonetworks.com/cyberpedia/structured-data?ts=markdown) * [Structured Data Explained](https://www.paloaltonetworks.com/cyberpedia/structured-data#structured?ts=markdown) * [Benefits of Structured Data](https://www.paloaltonetworks.com/cyberpedia/structured-data#benefits?ts=markdown) * [Challenges with Structured Data](https://www.paloaltonetworks.com/cyberpedia/structured-data#challenges?ts=markdown) * [Internal and External Sources of Structured Data](https://www.paloaltonetworks.com/cyberpedia/structured-data#internal?ts=markdown) * [Structured Data FAQs](https://www.paloaltonetworks.com/cyberpedia/structured-data#faqs?ts=markdown) * [What Is Shadow Data?](https://www.paloaltonetworks.com/cyberpedia/shadow-data?ts=markdown) * [Shadow Data Explained](https://www.paloaltonetworks.com/cyberpedia/shadow-data#shadow?ts=markdown) * [The Dangers of Shadow Data](https://www.paloaltonetworks.com/cyberpedia/shadow-data#the?ts=markdown) * [Mitigating Shadow Data Risks](https://www.paloaltonetworks.com/cyberpedia/shadow-data#mitigating?ts=markdown) * [Shadow IT FAQs](https://www.paloaltonetworks.com/cyberpedia/shadow-data#faqs?ts=markdown) * [How DSPM Enables Continuous Compliance and Data Governance](https://www.paloaltonetworks.com/cyberpedia/dspm-data-governance?ts=markdown) * [Why Traditional Compliance Approaches Fall Short](https://www.paloaltonetworks.com/cyberpedia/dspm-data-governance#why?ts=markdown) * [DSPM as a Foundation for Continuous Compliance](https://www.paloaltonetworks.com/cyberpedia/dspm-data-governance#dspm?ts=markdown) * [Strengthening Data Governance with DSPM](https://www.paloaltonetworks.com/cyberpedia/dspm-data-governance#strengthening?ts=markdown) * [Regulatory Alignment and Business Enablement](https://www.paloaltonetworks.com/cyberpedia/dspm-data-governance#regulatory?ts=markdown) * [Implementation Considerations and Best Practices](https://www.paloaltonetworks.com/cyberpedia/dspm-data-governance#implementation?ts=markdown) * [DSPM for Continuous Compliance and Data Governance FAQs](https://www.paloaltonetworks.com/cyberpedia/dspm-data-governance#faqs?ts=markdown) * [What Is Data Classification?](https://www.paloaltonetworks.com/cyberpedia/data-classification?ts=markdown) * [Data Classification Explained](https://www.paloaltonetworks.com/cyberpedia/data-classification#data?ts=markdown) * [Why Data Classification Matters](https://www.paloaltonetworks.com/cyberpedia/data-classification#why?ts=markdown) * [Data Classification Levels](https://www.paloaltonetworks.com/cyberpedia/data-classification#levels?ts=markdown) * [Data Classification Use Cases](https://www.paloaltonetworks.com/cyberpedia/data-classification#usecases?ts=markdown) * [How Does Data Classification Improve Data Security?](https://www.paloaltonetworks.com/cyberpedia/data-classification#how?ts=markdown) * [Data Classification FAQs](https://www.paloaltonetworks.com/cyberpedia/data-classification#faqs?ts=markdown) * [DSPM Vs. CSPM: Key Differences and How to Choose](https://www.paloaltonetworks.com/cyberpedia/dspm-vs-cspm?ts=markdown) * [Understand the Fundamentals --- What Are CSPM and DSPM?](https://www.paloaltonetworks.com/cyberpedia/dspm-vs-cspm#understand?ts=markdown) * [DSPM Vs. CSPM: What's the Difference?](https://www.paloaltonetworks.com/cyberpedia/dspm-vs-cspm#difference?ts=markdown) * [Pros and Cons of Each Approach](https://www.paloaltonetworks.com/cyberpedia/dspm-vs-cspm#pros-and-cons?ts=markdown) * [Use Cases: When to Use DSPM, CSPM, or Both](https://www.paloaltonetworks.com/cyberpedia/dspm-vs-cspm#use-cases?ts=markdown) * [Choosing the Right Approach (or Integrating Both)](https://www.paloaltonetworks.com/cyberpedia/dspm-vs-cspm#approach?ts=markdown) * [DSPM Vs. CSPM FAQs](https://www.paloaltonetworks.com/cyberpedia/dspm-vs-cspm#faqs?ts=markdown) * [What Is Cloud Data Protection?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-data-protection?ts=markdown) * [Why Companies Need Cloud Data Protection](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-data-protection#why?ts=markdown) * [How Companies Can Better Protect Their Data in Cloud Environments](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-data-protection#how?ts=markdown) * [The Benefits of Cloud Data Protection](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-data-protection#benefits?ts=markdown) * [Cloud Data Protection FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-data-protection#faqs?ts=markdown) # What Is Data Detection and Response (DDR)? 5 min. read Table of Contents * * [Data Detection and Response Explained](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#data?ts=markdown) * [Why Is DDR Important?](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#why?ts=markdown) * [Improving DSPM Solutions with Dynamic Monitoring](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#improving?ts=markdown) * [A Closer Look at Data Detection and Response (DDR)](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#ddr?ts=markdown) * [How DDR Solutions Work](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#how?ts=markdown) * [How Does DDR Fit into the Cloud Data Security Landscape?](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#landscape?ts=markdown) * [Does the CISO Agenda Need an Additional Cybersecurity Tool?](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#does?ts=markdown) * [Supporting Innovation Without Sacrificing Security](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#supporting?ts=markdown) * [DSPM and Data Detection and Response FAQs](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#faqs?ts=markdown) 1. Data Detection and Response Explained * * [Data Detection and Response Explained](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#data?ts=markdown) * [Why Is DDR Important?](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#why?ts=markdown) * [Improving DSPM Solutions with Dynamic Monitoring](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#improving?ts=markdown) * [A Closer Look at Data Detection and Response (DDR)](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#ddr?ts=markdown) * [How DDR Solutions Work](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#how?ts=markdown) * [How Does DDR Fit into the Cloud Data Security Landscape?](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#landscape?ts=markdown) * [Does the CISO Agenda Need an Additional Cybersecurity Tool?](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#does?ts=markdown) * [Supporting Innovation Without Sacrificing Security](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#supporting?ts=markdown) * [DSPM and Data Detection and Response FAQs](https://www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr#faqs?ts=markdown) Data detection and response (DDR) is a technology solution designed to detect and respond to data-related security threats in real time. It focuses on monitoring data at its source, which allows organizations to identify threats that might not be detected by traditional infrastructure-focused security solutions. DDR continuously scans data activity logs, such as those from AWS CloudTrail and Azure Monitor, to identify anomalous data access and suspicious behaviors indicative of potential threats. Once a threat is detected, DDR triggers alerts to notify security teams, enabling swift response to contain and mitigate the threat. ## Data Detection and Response Explained At the heart of a DDR solution are advanced data analytics and [machine learning](https://www.paloaltonetworks.com/cyberpedia/machine-learning-ml?ts=markdown) algorithms that continuously monitor and analyze vast amounts of data generated by an organization's cloud services, networks, and applications. These powerful analytical capabilities enable the DDR solution to detect anomalies, vulnerabilities, and suspicious activities in real time. By leveraging predictive and behavioral analytics, DDR systems can often identify threats before they cause significant damage. Once a potential threat is detected, the DDR process shifts into the response phase, a series of predefined and automated actions designed to contain and neutralize the threat. Response actions may include blocking suspicious network traffic, isolating infected devices, updating security policies, or triggering alerts to security teams for investigation and remediation. The effectiveness of a DDR system lies in its ability to integrate with security tools and technologies for a comprehensive and coordinated approach to cloud data security. ### Continuous Is Key to DDR Importantly, DDR isn't a one-time implementation. Data detection and response is an ongoing process that requires continuous monitoring, threat intelligence gathering, and updating of response protocols. As the threat landscape evolves and new attack vectors emerge, organizations must regularly review and refine their DDR strategies to ensure they remain effective and adaptable. By leveraging advanced data analytics and automated response mechanisms, DDR enables organizations to fortify their cloud data security posture and mitigate the impact of security incidents. Via this dynamic defense layer, DDR complements the static security measures provided by [cloud security posture management (CSPM)](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management?ts=markdown) and [data security posture management (DSPM)](https://www.paloaltonetworks.com/cyberpedia/what-is-dspm/content/pan/en_US/cyberpedia/what-is-dspm?ts=markdown) solutions, creating a holistic approach to protecting sensitive data across the enterprise. ![Data-centric security and cloud-native application protection deliver a more complete and streamlined solution for security, data, and development teams.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/data-detection-response/cloud-security-attack-path-analysis.jpg "Cloud Security Attack Path Analysis") ***Figure 1**: Data-centric security and cloud-native application protection deliver a more complete and streamlined solution for security, data, and development teams.* ## Why Is DDR Important? Data detection and response is essential in today's dynamic cybersecurity landscape, where the risks posed by [data breaches](https://www.paloaltonetworks.com/cyberpedia/data-breach?ts=markdown) have escalated to unprecedented levels. [The 2024 Data Breach Investigations Report (DBIR)](http://erizon.com/business/resources/reports/dbir/) paints a concerning picture, revealing a staggering 10,626 confirmed data breaches --- the highest number recorded to date. ### Understanding the Breadth of the Data Breach Landscape A significant 68% of the breaches analyzed in the DBIR involved a human element, underscoring the need for organizations to prioritize DDR solutions that can swiftly identify and respond to human errors. Compounding the challenge, the report highlights a dramatic 180% increase in breaches initiated through the exploitation of vulnerabilities compared to previous years.g. Then there's ransomware. No one thinks it will happen to them, yet ransomware and extortion techniques accounted for 32% of all breaches, again citing the 2024 DBIR. Implementing effective data detection and response strategies will help organizations quickly identify threats and mitigate their impact, safeguarding sensitive data and preserving the organization's reputation and financial well-being. ### A Closer Look at the Biggest Risks to Data As mentioned above, several factors --- including human error --- put data at risk. Coupled with this are shadow data and data fragmentation, each of which introduces unique vulnerabilities with the potential to compromise the integrity, confidentiality, and availability of data. #### Human Error: The Underlying Risk Human error remains the most pervasive threat to data security. Whether through accidental deletion, mismanagement of sensitive information, weak password practices, or falling victim to phishing attacks, individuals often create unintended vulnerabilities. Even the most sophisticated security systems can be undermined by a single mistake, making human error a foundational risk that permeates all aspects of [data security](https://www.paloaltonetworks.com/cyberpedia/what-is-data-security?ts=markdown). #### Shadow Data One of the most concerning byproducts of human error is the proliferation of [shadow data](https://www.paloaltonetworks.com/cyberpedia/shadow-data?ts=markdown). The term refers to data that exists outside officially managed and secured systems, often stored in unsanctioned cloud services, on personal devices, or in forgotten backups. Shadow data typically escapes the reach of regular security protocols, leaving it particularly vulnerable to breaches. Employees may inadvertently create or store this data in insecure locations, unaware of the risks their actions present. The hidden nature of shadow data creates a blind spot in the organization's security strategy. #### Data Fragmentation in the Multicloud Ecosystem In a multicloud environment, data fragmentation is an inherent risk factor. As data is distributed across multiple cloud platforms, often with varying security standards and management practices, maintaining consistent protection becomes increasingly difficult. Fragmentation of course complicates the enforcement of uniform security policies and increases the attack surface --- especially during data transfer between clouds. The lack of visibility and control over fragmented data further exacerbates the risk, making it challenging to track [data movement](https://www.paloaltonetworks.com/cyberpedia/data-movement?ts=markdown), detect anomalies, or ensure regulatory compliance. #### The Intersection of Risks Data risk factors intersect as human error leads to the creation of shadow data, which in turn elevates risk when data is fragmented across a multicloud environment. Now consider that data is frequently in motion, moving from one location to another. These risks create a Bermuda triangle of sorts if not effectively protected. ## Improving DSPM Solutions with Dynamic Monitoring The DSPM capabilities we've discussed to this point refer primarily to static risk --- finding sensitive data, classifying it, and reviewing the access controls and configurations applied to it. To maintain an effective data security posture, though, you need to continually monitor and analyze data access patterns and user behavior. Data detection and response does just that. ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/data-detection-response/protecting-data.png) ***Figure 2**: Protecting data in today's multicloud environments* Data detection and response provides real-time monitoring and alerting capabilities to help security teams quickly detect and respond to potential threats and suspicious activities --- while it prioritizes issues that put sensitive data at risk. By leveraging machine learning algorithms and advanced log analytics, DDR can identify anomalies in user behavior and access patterns that potentially indicate a compromised account or insider threat. ## A Closer Look at Data Detection and Response (DDR) DDR describes a set of technology-enabled solutions used to secure cloud data from exfiltration. It provides dynamic monitoring on top of the static defense layers provided by CSPM and DSPM tools. With today's organizations storing data across various cloud environments --- [PaaS](https://www.paloaltonetworks.com/cyberpedia/platform-as-a-service-paas?ts=markdown) (e.g., Amazon RDS), [IaaS](https://www.paloaltonetworks.com/cyberpedia/what-is-infrastructure-as-a-service?ts=markdown)(virtual machines running datastores), and DBaaS (e.g., Snowflake) --- it isn't feasible to monitor every data action. DDR solutions use real-time log analytics to monitor cloud environments that store data and detect data risks as soon as they occur. ## How DDR Solutions Work Data detection and response solutions incorporate DSPM capabilities to discover and [classify data](https://www.paloaltonetworks.com/cyberpedia/data-classification?ts=markdown) assets, identify risks such as unencrypted sensitive data or data sovereignty violations, and prioritize remediation by data owners or IT. Once sensitive data assets are mapped, DDR solutions monitor activity through [cloud-native](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native?ts=markdown) logging available in public clouds, generating event logs for every query or read request. ![Addressing real-time threats and configuration-based issues with DSPM and DDR](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/data-detection-response/addressing-real-time-threats-and-configuration.png "Addressing real-time threats and configuration-based issues with DSPM and DDR") ***Figure 3**: Addressing real-time threats and configuration-based issues with DSPM and DDR* The DDR tool analyzes logs in near real-time, applying a threat model to detect suspicious activity, such as data flowing to external accounts. Upon identifying new risks, DDR issues alerts and suggests immediate actions. These alerts are often integrated into [SOC](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc?ts=markdown) or [SOAR (security orchestration, automation, and response)](https://www.paloaltonetworks.com/cyberpedia/what-is-soar?ts=markdown) solutions for faster resolution and seamless alignment with existing operations. ### DDR Use Cases To envision the types of incidents a DDR solution addresses, consider a few examples seen among our users. #### Data Sovereignty Issues Legislation from recent years creates obligations to store data in specific geographical areas (such as the EU or California). DDR helps detect when data flows to an unauthorized physical location, preventing compliance issues down the line. #### Assets Moved to Unencrypted/Unsecure Storage As data flows between databases and cloud storage, it can make its way to an insecure datastore (often the result of a temporary but forgotten workaround). DDR alerts security teams to this type of movement. #### Snapshots and Shadow Backups Teams face increasing pressure to do more with data, leading to the prevalence of shadow analytics outside approved workflows. DDR helps find copies of data stored or shared in ways that may cause breaches. **Related Article** : [CNAPP, DSPM and DDR: A New Age in Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/cnapp-dspm-ddr-cloud-security/?ts=markdown) ## How Does DDR Fit into the Cloud Data Security Landscape? ### DDR Vs. CSPM and DSPM #### Cloud Security Posture Management [CSPM](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management?ts=markdown) is about protecting the posture of the cloud infrastructure (such as overly generous permissioning or misconfiguration). It doesn't directly address data --- its context and how it flows across different cloud services. #### Data Security Posture Management [DSPM](https://www.paloaltonetworks.com/cyberpedia/what-is-dspm?ts=markdown) protects data from the inside out. By scanning and analyzing stored data, DSPM tools identify sensitive information such as PII or access codes, classify the data, and evaluate its associated risk. This process provides security teams with a clearer picture of data risk and data flow, enabling them to prioritize cloud assets where a breach could cause the most damage. While DSPM offers more granular cloud data protection, both CSPM and DSPM are static and focused on posture. They allow organizations to understand where risk lies but offer little in terms of real-time incident response. In contrast, DDR is dynamic. It focuses on data events happening in real time, sending alerts, and giving security teams a chance to intervene and prevent significant damage. DDR monitors the specific event level, whereas other solutions look at configurations and data at rest. ### A Potential Situation Consider a scenario where an employee has authorized, role-based access to a database containing customer data. The employee plans to leave the company and, before notifying their managers of their intention to leave, copies the database to their personal laptop to take to the next company. In this example, permissions allow the employee to access the [database](https://www.paloaltonetworks.com/cyberpedia/database-security?ts=markdown) --- and yet, a major [data exfiltration](https://www.paloaltonetworks.com/cyberpedia/data-exfiltration?ts=markdown) event is unfolding. A DDR solution with a well-calibrated threat model detects the unusual batch of data (and other irregularities) contained in this export. The DDR tool sends an alert to the security team and provides full forensics --- pinpointing the exact asset and actor involved in the exfiltration. Saving critical time, the security team intervenes before the [insider threat](https://www.paloaltonetworks.com/cyberpedia/insider-threat?ts=markdown) achieves its goals. ## Does the CISO Agenda Need an Additional Cybersecurity Tool? DDR provides mission-critical functionality missing from the existing cloud security stack. When agents aren't feasible, you need to monitor every activity that concerns your data. DDR protects your data from exfiltration or misuse, as well as from compliance violations. By integrating with SIEM and SOAR solutions, enabling teams to consume alerts in one place, DDR helps reduce operational overhead. ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/data-detection-response/benefits-ddr.png) ***Figure 4**: Benefits of data detection and response* ### The Need for Agentless DLP Monitoring data assets in real time might seem obvious, but organizations, for the most part, lack an adequate way to protect sensitive data. In the traditional, on-premises world, work was mainly done on personal computers connected via an intranet to a server. Security teams monitored traffic and activity by installing agents (software components such as antivirus tools) on every device and endpoint that had access to organizational data. But you can't install an agent on a database hosted by Amazon or Google or place a proxy in front of thousands of datastores. The move to cloud infrastructure requires new approaches to [data loss prevention (DLP)](https://www.paloaltonetworks.com/cyberpedia/cloud-data-loss-prevention?ts=markdown). The industry gravitated toward static solutions geared toward improving the security posture of cloud [datastores](https://www.paloaltonetworks.com/cyberpedia/data-storage?ts=markdown) (CSPM, DSPM) by detecting misconfigurations and exposed data assets. But the challenge with data flow hadn't been addressed until DDR. ### When Static Defense Layers Aren't Enough: Lessons from a Breach The [2018 Imperva breach](https://threatpost.com/imperva-data-breach-cloud-misconfiguration/149127/) began with an attacker gaining access to a snapshot of an Amazon RDS database containing sensitive data. The attacker used an AWS API key stolen from a publicly accessible, misconfigured compute instance. Would CSPM and DSPM have prevented the breach? A CSPM solution could identify the misconfiguration, and DSPM could detect sensitive data stored on the misconfigured instance. Neither tool, though, would have been able to identify the unusual behavior once the attacker had gained access that appeared legitimate. And as it unfolded in 2018, the Imperva breach wasn't discovered for 10 months, via a third party. The attacker had exported the database snapshot to an unknown device --- and, all the while, the unaware company couldn't notify its users that their sensitive data had been leaked. A DDR solution would have addressed the gap by monitoring the AWS account at the event log level. Potentially identifying the attack in real time, it would have alerted internal security teams, allowing them to respond immediately. ## Supporting Innovation Without Sacrificing Security The cloud is here to stay, as are [microservices](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation?ts=markdown) and [containers](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container?ts=markdown). As cybersecurity professionals, we can't prevent the organization from adopting technologies that accelerate innovation and give developers more flexibility. But we need to do everything we can to prevent data breach. DSPM with DDR offers critical capabilities previously missing in the cloud security landscape --- [data discovery](https://www.paloaltonetworks.com/cyberpedia/data-discovery?ts=markdown), classification, static risk management, and continuous and dynamic monitoring of complex, multicloud environments. Providing organizations with the visibility and control necessary to effectively manage their data security posture enables organizations to catch incidents earlier, averting or minimizing disastrous data loss. ## DSPM and Data Detection and Response FAQs ### What are the challenges of securing multicloud architectures? Securing multicloud architectures involves managing security across multiple cloud service providers, each with unique configurations, policies, and compliance requirements. Consistent security policies and controls must be implemented across all environments to prevent misconfigurations. Data encryption, access controls, and identity management become more complex due to disparate systems. Monitoring and incident response require integration across different platforms, complicating visibility and coordination. Ensuring compliance with regulatory requirements across multiple jurisdictions adds another layer of complexity. Overcoming these challenges demands a comprehensive, unified security strategy and robust automation tools. ### How does microservices-based development affect data security? Microservices-based development introduces unique security challenges due to its decentralized and modular architecture. Each microservice operates independently, requiring secure communication channels and consistent security policies. Developers must implement robust authentication, authorization, and encryption mechanisms to protect data in transit and at rest. The increased number of endpoints amplifies the attack surface, necessitating continuous monitoring and anomaly detection. Containerization and orchestration tools like Kubernetes must be securely configured. Despite these challenges, microservices enable rapid scaling and isolation of compromised components, enhancing overall resilience. ### How does data democratization impact security? Data democratization aims to make data accessible to a broader range of users within an organization, empowering them to make informed decisions. While it enhances collaboration and innovation, it also poses security challenges. Increased data access amplifies the risk of unauthorized use, data leaks, and compliance violations. Implementing robust access controls, data classification, and encryption is essential to mitigate these risks. Security teams must balance accessibility with stringent security measures, ensuring that only authorized users can access sensitive data while maintaining compliance and safeguarding against potential threats. ### What is data inventory? A data inventory is a comprehensive list of all the data assets that an organization has and where they're located. It helps organizations understand and track: * Types of data they collect, store, and process; * Sources, purposes, and recipients of that data. Data inventories can be managed manually or automatically. The reasons for maintaining a data inventory vary --- and could include data governance, data management, data protection, data security, and data compliance. For example, having a data inventory can help organizations identify and classify sensitive data, assess the risks associated with different types of data, and implement appropriate controls to protect that data. It can also help organizations understand which data they have available to support business objectives, or to generate specific types of analytics reports. ### How is static risk analysis performed? Static risk analysis involves evaluating a system's security without executing the code. Analysts use tools to scan source code, configuration files, and architecture designs for vulnerabilities and misconfigurations. Techniques such as static code analysis, threat modeling, and architectural reviews identify potential security risks early in the development lifecycle. The process includes examining code for known vulnerabilities, insecure coding practices, and compliance with security standards. By identifying issues before deployment, static risk analysis helps mitigate risks and ensures a more secure system architecture. ### What is dynamic monitoring in the context of data security? Dynamic monitoring continuously observes system behaviors and data flows in real-time to detect security incidents. It employs advanced techniques like anomaly detection, behavior analytics, and machine learning to identify deviations from normal patterns. Tools monitor network traffic, user activities, and application interactions, providing immediate alerts upon detecting suspicious actions. Dynamic monitoring integrates with incident response systems to automate threat mitigation. This proactive approach ensures rapid detection and response to security threats, maintaining the integrity and availability of data in complex environments. ### How do machine learning algorithms enhance data security? Machine learning algorithms enhance data security by analyzing vast amounts of data to identify patterns and anomalies indicative of potential threats. They continuously learn from new data, improving their ability to detect zero-day vulnerabilities and sophisticated attacks. Algorithms can automate threat detection, reducing response times and minimizing human error. By correlating data from various sources, machine learning enhances predictive analytics, allowing for proactive threat mitigation. These algorithms also help in user behavior analysis, detecting insider threats and compromised accounts through deviations from established behavioral baselines. ### What is data in motion? Data in motion refers to data that is actively being transmitted or transferred over a network or through some other communication channel. This could include data being sent between devices, such as from a computer to a server or from a smartphone to a wireless router. It could also refer to data being transmitted over the internet or other networks, such as between local on-premises storage to a cloud database. Data in motion is distinct from data at rest, which is data that is stored in a persistent state. ### What is data in use? Data in use refers to data that is actively stored in computer memory, such as RAM, CPU caches, or CPU registers. It's not passively stored in a stable destination but moving through various systems, each of which could be vulnerable to attacks. Data in use can be a target for exfiltration attempts as it might contain sensitive information such as PCI or PII data. To protect data in use, organizations can use encryption techniques such as end-to-end encryption (E2EE) and hardware-based approaches such as confidential computing. On the policy level, organizations should implement user authentication and authorization controls, review user permissions, and monitor file events. ### What is data flow monitoring? Data flow monitoring involves tracking the movement of data within a network to ensure integrity, confidentiality, and availability. It employs advanced tools to analyze data packets in real-time, identifying unauthorized access and data exfiltration attempts. Monitoring systems can detect anomalies in data transfer rates, unusual access times, and atypical data paths. By integrating with security information and event management (SIEM) systems, data flow monitoring provides comprehensive visibility into network activities. This visibility is crucial for detecting and responding to security incidents promptly, ensuring compliance with regulatory requirements. ### How is data lineage tracked and used? Data lineage tracks the flow of data through an organization's systems, from its origin to its final destination. Tools capture metadata about data transformations, movements, and usage, providing an end-to-end view of data processes. Analysts use this information to ensure data integrity, trace errors, and maintain compliance with regulatory requirements. Data lineage helps in impact analysis, identifying dependencies and potential risks associated with data changes. It also aids in auditing and reporting, enabling organizations to demonstrate data governance and security practices to stakeholders and regulators. ### What are snapshots in data security? Snapshots are point-in-time copies of data stored in a system, providing a way to capture the state of data at a specific moment. They're used in data security to enable quick recovery from data corruption, accidental deletions, or ransomware attacks. Snapshots can be taken manually or automatically at regular intervals and stored separately from the primary data. They allow for efficient data restoration without the need for full backups, minimizing downtime and data loss. In cloud environments, snapshots offer scalable and cost-effective solutions for maintaining data availability and integrity. ### How are access patterns analyzed for security purposes? Security systems analyze access patterns by collecting and evaluating logs from various sources, such as authentication systems, file servers, and applications. Machine learning algorithms and heuristic methods identify deviations from normal behavior. Analysts examine parameters like login times, IP addresses, and accessed resources. Unusual access patterns, such as repeated failed login attempts or access from unfamiliar locations, trigger alerts for further investigation. Continuous monitoring and analysis help in identifying compromised accounts, insider threats, and policy violations. This proactive approach ensures robust access control and mitigates potential security risks. ### What constitutes usage anomalies in data security? Usage anomalies in data security refer to deviations from established patterns of data access and usage that may indicate malicious activity. Examples include unexpected spikes in data transfer volumes, access to sensitive files during unusual hours, and login attempts from atypical geographic locations. Machine learning algorithms and statistical models analyze user behavior to establish baselines, making it easier to detect anomalies. Identifying these anomalies is crucial for early threat detection, as they often precede data breaches or insider attacks. Continuous monitoring and real-time alerts enable rapid response to mitigate potential security incidents. ### How is data classification implemented in security systems? Data classification in security systems involves categorizing data based on its sensitivity and criticality. Automated tools scan data repositories, using predefined policies and machine learning algorithms to tag data with appropriate classifications, such as confidential, internal, or public. Classification policies consider factors like regulatory requirements, data ownership, and business impact. Metadata tags are applied to data objects, enabling fine-grained access control and encryption. This structured approach ensures that sensitive data receives appropriate protection, aids in compliance efforts, and enhances the overall security posture by restricting access to authorized users only. ### What is real-time alerting? Real-time alerting is a security mechanism that provides immediate notifications upon detecting suspicious activities or policy violations. It integrates with monitoring systems and uses predefined rules and anomaly detection algorithms to identify potential threats. Alerts can be sent via various channels, including email, SMS, or integrated dashboards, ensuring that security teams can respond promptly. Real-time alerting minimizes the window of opportunity for attackers by enabling rapid incident response. This proactive approach enhances an organization's ability to prevent data breaches, limit damage, and maintain compliance with security policies and regulations. ### What is data sovereignty? Data sovereignty refers to the legal and regulatory requirements governing data stored within a particular jurisdiction. It mandates that data comply with the privacy and security laws of the country where it is physically located. Organizations must navigate complex international regulations to ensure data is handled appropriately, especially when using cloud services. Data sovereignty impacts data storage strategies, requiring localized data centers and specific access controls. Compliance with data sovereignty laws is crucial for avoiding legal penalties and maintaining customer trust, particularly in regions with stringent data protection regulations such as the EU's GDPR. ### What are shadow backups and how are they used? Shadow backups are incremental backups that capture only the changes made to data since the last backup. They use techniques like block-level or file-level differencing to minimize storage requirements and reduce backup windows. Shadow backups are crucial for ensuring data integrity and availability, particularly in environments with high data change rates. They enable rapid recovery by providing multiple restore points, making it easier to revert to a previous state in case of data corruption or loss. Organizations use shadow backups to enhance disaster recovery plans and maintain business continuity. ### What are the functions of automated response mechanisms in data security? Automated response mechanisms in data security execute predefined actions in response to detected threats, minimizing the window of exposure. They integrate with monitoring and alerting systems to trigger responses such as isolating compromised systems, revoking user access, or initiating data encryption. Automation reduces the need for manual intervention, accelerating incident response and decreasing the likelihood of human error. These mechanisms enhance the overall security posture by ensuring consistent and swift actions against potential threats, enabling organizations to maintain operational continuity and comply with regulatory requirements. ### How is data quarantine applied in threat mitigation? Data quarantine involves isolating suspicious or compromised data to prevent the spread of threats within a network. Security systems automatically detect anomalies or policy violations and move the affected data to a quarantine zone. This zone restricts access, allowing security teams to analyze and remediate the threat without affecting other data. Quarantining helps contain malware, ransomware, and insider threats, reducing the risk of widespread data compromise. Implementing data quarantine as part of an incident response strategy ensures that threats are promptly neutralized, maintaining the integrity and security of the overall data environment. ### How is a threat model developed? Developing a threat model involves systematically identifying, evaluating, and addressing potential security threats to a system. Security experts begin by defining the system's architecture, data flows, and entry points. They then identify potential threats, categorize them based on risk, and assess their impact and likelihood. Techniques such as STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) help classify threats. The team prioritizes threats and recommends mitigation strategies. Continuous review and updating of the threat model are essential to address evolving security challenges. ### How is user behavior analyzed for security purposes? User behavior analysis involves monitoring and evaluating user activities to detect anomalies indicative of potential security threats. Advanced analytics and machine learning algorithms establish baselines for normal user behavior by analyzing historical data. Real-time monitoring tools then compare current activities against these baselines to identify deviations, such as unusual login times, access to atypical resources, or abnormal data transfer volumes. Alerts trigger upon detecting suspicious behavior, enabling prompt investigation and response. This proactive approach helps identify compromised accounts, insider threats, and policy violations, enhancing overall security. Related content [Information Security Governance Protecting information consistently across the enterprise means having the right people to align the information security program with business and technology strategy.](https://www.paloaltonetworks.com/blog/prisma-cloud/information-security-governance/) [Use Data Policies to Scan for Data Exposure or Malware Detect malware and prevent inadvertent or malicious exposure of sensitive data with predefined data profiles and data patterns.](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-policies) [5 Orgs Achieve 360° Visibility and Compliance Learn how organizations achieve centralized visibility across cloud environments to remediate vulnerabilities and eliminate threats.](https://www.paloaltonetworks.com/resources/ebooks/customer-spotlight-visibility-and-compliance?ts=markdown) [Data Visibility and Classification Many organizations don't have enough visibility of critical data types such as personal identifiable information. This becomes problematic when facing audits and prioritizing data ...](https://www.paloaltonetworks.com/prisma/cloud/cloud-data-security?ts=markdown) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Data%20Detection%20and%20Response%20%28DDR%29%3F&body=Data%20detection%20and%20response%20%28DDR%29%20is%20a%20technology%20that%20uses%20real-time%20analytics%20to%20identify%20and%20respond%20to%20threats%20targeting%20sensitive%20data%20stored%20across%20cloud%20environments.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/data-detection-response-ddr) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/dspm-xdr-soar?ts=markdown) How DSPM Enables XDR and SOAR for Automated, Data-Centric Security [Next](https://www.paloaltonetworks.com/cyberpedia/data-centric-security?ts=markdown) What Is Data-Centric Security? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language