[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/ai-security?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Next-Gen Trust Security](https://www.paloaltonetworks.com/network-security/next-gen-trust-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-security-solution?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.paloaltonetworks.com/deploybravely?ts=markdown) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Security Operations](https://www.paloaltonetworks.com/cyberpedia/security-operations?ts=markdown) 3. [EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr?ts=markdown) 4. [Best EDR Tools](https://www.paloaltonetworks.com/cyberpedia/edr-solutions?ts=markdown) Table of Contents * Best EDR Solutions (2026): Top 9 Endpoint Detection \& Response Tools * [What Are EDR Solutions and Why Do They Matter](https://www.paloaltonetworks.com/cyberpedia/edr-solutions#what?ts=markdown) * [Key EDR Trends to Watch in 2026](https://www.paloaltonetworks.com/cyberpedia/edr-solutions#key?ts=markdown) * [9 Best EDR Solutions for 2026](https://www.paloaltonetworks.com/cyberpedia/edr-solutions#best?ts=markdown) * [How to Choose the Best EDR Tool](https://www.paloaltonetworks.com/cyberpedia/edr-solutions#how?ts=markdown) * [EDR Solutions and Tools FAQs](https://www.paloaltonetworks.com/cyberpedia/edr-solutions#faqs?ts=markdown) * [What Is Endpoint Detection and Response (EDR)?](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr?ts=markdown) * [Understanding EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#understanding?ts=markdown) * [Key Benefits of EDR Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#key?ts=markdown) * [How EDR Works: A Detailed Breakdown](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#how?ts=markdown) * [Evolution of EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#evolution?ts=markdown) * [EDR Implementation Process](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#process?ts=markdown) * [Common Challenges and Solutions in EDR Adoption](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#common?ts=markdown) * [Advanced EDR Strategies and Optimization Techniques](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#advanced?ts=markdown) * [EDR and the Evolving Threat Landscape](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#landscape?ts=markdown) * [How to Evaluate an EDR Solution](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#solution?ts=markdown) * [EDR FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#faqs?ts=markdown) * [What Is Endpoint Detection and Response (EDR) Management?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management?ts=markdown) * [EDR Management Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#edr?ts=markdown) * [Key Capabilities of EDR Management](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#capabilities?ts=markdown) * [The Crucial Role of EDR Management in Modern Cybersecurity](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#crucial?ts=markdown) * [EDR Management Challenges and Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#solutions?ts=markdown) * [Best Practices for Effective EDR Management](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#best?ts=markdown) * [EDR vs. EPP: A Complementary Relationship](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#vs?ts=markdown) * [Integrating EDR Management with a Broader Security Ecosystem](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#integrating?ts=markdown) * [Case Study of a Successful EDR Implementation](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#implementation?ts=markdown) * [EDR Management FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#faqs?ts=markdown) * [What Is Endpoint Detection and Response (EDR) Deployment?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment?ts=markdown) * [Understanding EDR Deployment](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment#understanding?ts=markdown) * [Key Benefits of Implementing EDR Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment#benefits?ts=markdown) * [EDR Preparation and Deployment Steps](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment#preparation?ts=markdown) * [Operational Considerations for EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment#operational?ts=markdown) * [Addressing Challenges in EDR Deployment](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment#challenges?ts=markdown) * [Maximizing the Value of Your EDR Deployment](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment#maximizing?ts=markdown) * [EDR Deployment FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment#faqs?ts=markdown) * [What is EDR-as-a-Service Managed Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-as-a-service-managed-security?ts=markdown) * [EDR: Definition and Importance](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-as-a-service-managed-security#edr?ts=markdown) * [How Does EDR Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-as-a-service-managed-security#how?ts=markdown) * [EDR Solutions in the Market](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-as-a-service-managed-security#solutions?ts=markdown) * [EDR-as-a-Service Managed Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-as-a-service-managed-security#faqs?ts=markdown) * [What Are Endpoint Detection and Response Tools?](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools?ts=markdown) * [Endpoint Detection and Response Overview](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#endpoint?ts=markdown) * [Control Points of EDR Tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#control?ts=markdown) * [EDR Critical Capabilities](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#critical?ts=markdown) * [Visibility and Efficiency EDR Feature Evaluation Checklists](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#visibility?ts=markdown) * [Endpoints Supported by EDR Tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#endpoints?ts=markdown) * [Benefits of EDR Tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#benefits?ts=markdown) * [Deployment of EDR Tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#deployment?ts=markdown) * [EDR Tools vs. EDR Services](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#tools?ts=markdown) * [EDR Use Cases](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#usecases?ts=markdown) * [EDR Tools FAQs](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#faqs?ts=markdown) * [What is EDR vs. Antivirus?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus?ts=markdown) * [What is Antivirus?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus#what?ts=markdown) * [What is EDR?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus#edr?ts=markdown) * [Use Cases for Antivirus](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus#use?ts=markdown) * [Use Cases for EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus#cases?ts=markdown) * [How EDR Differs From MDR and XDR](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus#how?ts=markdown) * [EDR vs. Antivirus FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus#faqs?ts=markdown) * [How Does EDR Enhance Small Business Cybersecurity?](https://www.paloaltonetworks.com/cyberpedia/edr-for-small-business-cybersecurity?ts=markdown) * [What is EDR?](https://www.paloaltonetworks.com/cyberpedia/edr-for-small-business-cybersecurity#what?ts=markdown) * [EDR Benefits for Small Businesses](https://www.paloaltonetworks.com/cyberpedia/edr-for-small-business-cybersecurity#edr?ts=markdown) * [Traditional Antivirus vs EDR vs XDR](https://www.paloaltonetworks.com/cyberpedia/edr-for-small-business-cybersecurity#taditional?ts=markdown) * [EDR for Small Business FAQs](https://www.paloaltonetworks.com/cyberpedia/edr-for-small-business-cybersecurity#faqs?ts=markdown) * [How Does EDR Leverage Machine Learning?](https://www.paloaltonetworks.com/cyberpedia/how-edr-leverages-machine-learning?ts=markdown) * [How EDR and ML Work Together](https://www.paloaltonetworks.com/cyberpedia/how-edr-leverages-machine-learning#how?ts=markdown) * [How EDR Leverages Machine Learning](https://www.paloaltonetworks.com/cyberpedia/how-edr-leverages-machine-learning#learning?ts=markdown) * [Workflow Example of EDR and Machine Learning Integration](https://www.paloaltonetworks.com/cyberpedia/how-edr-leverages-machine-learning#workflow?ts=markdown) * [The Future of EDR: Predictions and Emerging Trends](https://www.paloaltonetworks.com/cyberpedia/how-edr-leverages-machine-learning#the?ts=markdown) * [How EDR Leverages Machine Learning FAQs](https://www.paloaltonetworks.com/cyberpedia/how-edr-leverages-machine-learning#faqs?ts=markdown) * [What Is Endpoint Detection and Response (EDR) Compliance?](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr-compliance?ts=markdown) * [What is EDR?](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr-compliance#what?ts=markdown) * [Why EDR Compliance Is Important](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr-compliance#why?ts=markdown) * [Key Steps for EDR Compliance](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr-compliance#key?ts=markdown) * [EDR Non-Compliance Consequences](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr-compliance#consequences?ts=markdown) * [What to Look for in an EDR Compliance Solution](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr-compliance#solution?ts=markdown) * [EDR Compliance FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr-compliance#faqs?ts=markdown) * [What is the Difference Between EDR vs. SIEM?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-siem?ts=markdown) * [What is SIEM?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-siem#siem?ts=markdown) * [What is EDR?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-siem#edr?ts=markdown) * [A Detailed Comparison of EDR and SIEM](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-siem#compare?ts=markdown) * [SIEM vs SOAR](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-siem#siem-vs-soar?ts=markdown) * [SIEM vs EDR FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-siem#faq?ts=markdown) * [What is EDR vs. XDR?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-xdr?ts=markdown) * [EDR and XDR Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-xdr#what?ts=markdown) * [Importance of EDR and XDR in Cybersecurity](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-xdr#importance?ts=markdown) * [EDR vs. XDR: Key Differences](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-xdr#differences?ts=markdown) * [Which Is Better: EDR or XDR?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-xdr#which?ts=markdown) * [EDR vs. XDR FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-xdr#faq?ts=markdown) # EDR solutions: Top 9 Tools in 2026 3 min. read Table of Contents * * [What Are EDR Solutions and Why Do They Matter](https://www.paloaltonetworks.com/cyberpedia/edr-solutions#what?ts=markdown) * [Key EDR Trends to Watch in 2026](https://www.paloaltonetworks.com/cyberpedia/edr-solutions#key?ts=markdown) * [9 Best EDR Solutions for 2026](https://www.paloaltonetworks.com/cyberpedia/edr-solutions#best?ts=markdown) * [How to Choose the Best EDR Tool](https://www.paloaltonetworks.com/cyberpedia/edr-solutions#how?ts=markdown) * [EDR Solutions and Tools FAQs](https://www.paloaltonetworks.com/cyberpedia/edr-solutions#faqs?ts=markdown) 1. What Are EDR Solutions and Why Do They Matter * * [What Are EDR Solutions and Why Do They Matter](https://www.paloaltonetworks.com/cyberpedia/edr-solutions#what?ts=markdown) * [Key EDR Trends to Watch in 2026](https://www.paloaltonetworks.com/cyberpedia/edr-solutions#key?ts=markdown) * [9 Best EDR Solutions for 2026](https://www.paloaltonetworks.com/cyberpedia/edr-solutions#best?ts=markdown) * [How to Choose the Best EDR Tool](https://www.paloaltonetworks.com/cyberpedia/edr-solutions#how?ts=markdown) * [EDR Solutions and Tools FAQs](https://www.paloaltonetworks.com/cyberpedia/edr-solutions#faqs?ts=markdown) EDR (Endpoint Detection and Response) is security software that continuously monitors endpoint activity, detects suspicious behavior, and helps teams investigate and contain threats before they spread. Unlike traditional antivirus, EDR focuses on post-compromise detection and response using telemetry, behavioral analytics, and automation. This guide compares 9 EDR tools for 2026, highlights best for fit, and provides a selection checklist. ## What Are EDR Solutions and Why Do They Matter [Endpoint detection and response](https://www.paloaltonetworks.com/cortex/endpoint-detection-and-response?ts=markdown) platforms monitor endpoint activity in real time, recording process executions, file modifications, registry changes, network connections, and user behaviors to detect threats that bypass preventive controls. EDR solutions analyze telemetry streams from laptops, servers, mobile devices, and cloud workloads to identify attack patterns, contain breaches, and enable forensic investigation after incidents occur. ### EDR vs. AV vs. EPP vs. [XDR](https://www.paloaltonetworks.com/cyberpedia/what-is-extended-detection-and-response-XDR-security?ts=markdown): What's the Difference? Security teams often use these terms interchangeably, but they describe very different capabilities. Here's how they stack up: | | AV (Antivirus) | EPP (Endpoint Protection Platform) | EDR (Endpoint Detection \& Response) | XDR (Extended Detection \& Response) | | Primary goal | Block known malware via signatures | Prevent threats before execution | Detect and respond to post-compromise activity | Correlate and respond across the entire environment | | Data sources | File signatures | Endpoint files, processes, web, email | Endpoint telemetry (processes, memory, network, registry) | Endpoint + network + cloud + identity + email | | Typical buyer | SMBs with basic compliance needs | Organizations replacing legacy AV | Security teams need visibility and response depth | Enterprise SOCs consolidating detection across domains | | Key limitation | Blind to unknown threats and fileless attacks | Limited post-compromise visibility | Endpoint-scoped; limited cross-domain correlation | Higher complexity and cost; requires mature operations | |----------------|-----------------------------------------------|---------------------------------------|-----------------------------------------------------------|--------------------------------------------------------| EDR isn't a replacement for AV or EPP; it's what kicks in when prevention fails. And prevention does fail. EDR is designed to reduce mean time to detect (MTTD) and mean time to respond (MTTR) by giving security teams high-fidelity alerts and built-in containment actions the moment something slips through. Key Points * **Continuous monitoring:** Records endpoint telemetry, process trees, file modifications, registry changes, and network connections, across Windows, macOS, Linux, and mobile, in real time. \* **Behavioral detection:** Flags suspicious patterns such as credential dumping, privilege escalation, and ransomware encryption based on behavior, not just known malware signatures. \* **Response automation:** Isolates compromised endpoints, kills malicious processes, and quarantines artifacts through automated playbooks or analyst-initiated actions. \* **Threat hunting:** Enables proactive queries across historical telemetry to surface stealthy, dormant threats that automated detection hasn't flagged. \* **Forensics:** Reconstructs attack timelines and establishes scope, supporting root-cause analysis and containment validation after an incident. \* **Integrations:** Feeds telemetry into XDR, SIEM, and [SOAR](https://www.paloaltonetworks.com/cyberpedia/what-is-soar?ts=markdown) platforms for cross-domain correlation across network, cloud, and identity data. \* **Telemetry retention:** Stores endpoint activity logs across hot storage (fast, queryable, typically 30--90 days) and cold storage (longer-term archival). Hot storage duration directly affects how quickly analysts can pivot through historical data during active investigations. \* **Agent architecture:** EDR sensors operate at the kernel level, giving them deep visibility into process injections, memory manipulation, and driver-based attacks. Kernel-level instrumentation delivers higher-fidelity detection but also means agent design matters: poorly optimized sensors create performance overhead that impacts production systems. ### Why EDR Matters Sophisticated attackers routinely bypass preventive controls by exploiting zero-day vulnerabilities, using living-off-the-land techniques, and leveraging legitimate admin tools that antivirus software doesn't flag. EDR platforms are built on the assumption that a breach will happen --- and that what you do in the first minutes after matters most. By combining high-fidelity behavioral alerts with automated containment, EDR gives security teams a real shot at cutting MTTD and MTTR before lateral movement or data exfiltration takes hold. ## Key EDR Trends to Watch in 2026 Organizations deploying EDR platforms face accelerating shifts in architecture, automation capabilities, and coverage requirements as threat actors weaponize AI and compress attack timelines. Here's what's shaping buying decisions right now, and what each trend actually means for your operations. ### AI-Driven Autonomous Response Machine learning has fundamentally changed how EDR platforms handle containment. Leading vendors now deploy autonomous agents that identify threats, correlate attack chains, and execute remediation actions without waiting for analyst approval. AI models trained on millions of incidents can distinguish credential dumping from legitimate administrative activity, terminate ransomware encryption processes within seconds of initial file modifications, and isolate compromised systems before lateral movement succeeds. Behavioral analytics has also matured beyond simple anomaly detection into predictive threat modeling. EDR platforms establish baselines for normal endpoint activity, then flag deviations indicating reconnaissance, privilege escalation, or data staging. Advanced systems correlate process execution patterns, memory manipulation techniques, and network connection sequences to catch living-off-the-land attacks that leverage native OS tools like PowerShell or WMI, even when signature-based detection fails. **Reality check:** Autonomous response can significantly reduce triage time, but it also raises the risk of false-positive disruption. Think of an isolated production server or a terminated business-critical process. Before enabling autonomous actions in production, validate the platform's guardrails, approval modes, and rollback capabilities in a controlled pilot. **So what?** If your team is understaffed or overwhelmed by alert volume, prioritize platforms with strong automation and clearly defined human-override controls. Automation without guardrails creates a different kind of operational risk. ### XDR Convergence and Platform Consolidation EDR has evolved into extended detection and response architectures that unify endpoint, network, cloud, and identity telemetry through a single interface. Top vendors are eliminating point-product sprawl by folding network detection and response, cloud workload protection, and identity threat detection into converged platforms. Organizations that have standardized on XDR report improved correlation accuracy as unified data lakes enable cross-domain threat hunting across endpoints and cloud infrastructure. Security teams are increasingly rejecting the complexity of managing five or more separate consoles. EDR software has grown from standalone agents into comprehensive security operations platforms that ingest telemetry from firewalls, email gateways, identity providers, and SaaS applications and can correlate a phishing attempt directly with the endpoint compromise that follows. **Reality check:** Converged platforms promise simplicity, but consolidation isn't painless. Migrating from a multi-vendor stack takes time, and vendor lock-in is a real consideration. Cross-domain correlation is only as good as the quality of telemetry from each source; gaps in integration depth can leave blind spots. **So what?** If you're running a fragmented security stack, XDR consolidation is worth evaluating seriously. If you're multi-vendor by design, prioritize platforms with open integrations and a normalized data model that doesn't require ripping out existing tools. ### Cloud-Native Architecture Dominates Deployment Cloud-delivered EDR has captured dominant market share by offering elastic scalability and operational simplicity that on-premises architectures can't match. Organizations deploying cloud-native EDR eliminate server infrastructure overhead, receive real-time updates to detection models without maintenance windows, and scale telemetry processing instantly as endpoint populations grow. Zero Trust integration has also become table stakes. EDR vendors are embedding continuous verification, micro-segmentation enforcement, and least-privilege access controls directly into endpoint agents. **Reality check:** Cloud-native delivery isn't universally appropriate. Air-gapped environments, strict data sovereignty requirements, and regulated industries may require on-premises or hybrid deployment options. Evaluate whether a vendor's cloud-first architecture accommodates your compliance constraints before committing. **So what?** If operational simplicity and fast deployment are priorities, cloud-native EDR is the clear path. If you operate in a regulated or air-gapped environment, make data residency and offline operation capabilities non-negotiable evaluation criteria. ### Identity + Endpoint Convergence Credential theft has become the most reliable pathway from initial endpoint compromise to domain-wide damage. Attackers increasingly use compromised credentials to move laterally, escalate privileges, and blend into normal administrative activity, making endpoint telemetry alone insufficient to catch them. Leading EDR vendors are now correlating endpoint behavioral signals with identity data, flagging anomalies such as impossible travel, unusual authentication patterns, and privilege escalation that span both the endpoint and the identity plane. **Reality check:** Identity-endpoint convergence is still maturing. Not all vendors offer the same level of integration between EDR and identity threat detection. Some rely on SIEM correlation rather than native signals. Validate the depth of integration rather than taking marketing claims at face value. **So what?** If credential theft and identity-based attacks are a top concern (and they should be), prioritize EDR platforms with native identity threat detection or tight integration with your identity provider. Endpoint visibility alone won't catch attackers who've already stolen valid credentials. ### MDR Bundling and Outcome-Based Operations Many organizations aren't buying EDR in isolation anymore; they're buying EDR plus managed detection and response as a combined outcome. Vendors that bundle 24/7 MDR services into platform licensing are winning deals with security teams that lack the staffing or expertise to operate EDR at full capacity. Outcome-based contracts, in which vendors are accountable for response-time SLAs and detection coverage, are becoming a meaningful differentiator. **Reality check:** Bundled MDR services vary widely in quality. "24/7 coverage" can mean anything from a dedicated analyst team to a shared SOC with limited response authority. Scrutinize analyst-to-customer ratios, escalation procedures, and whether the MDR team can take action in your environment, or only advise. **So what?** If your internal team can't realistically operate EDR around the clock, bundled MDR should be factored into your total cost comparison, not just platform licensing. A cheaper tool that requires full internal operation may end up costing more than a pricier platform with MDR included. ## 9 Best EDR Solutions for 2026 Top EDR vendors in 2026 distinguish themselves through AI-driven automation, behavioral analytics maturity, and depth of integration with extended detection and response architectures. The best EDR tools balance autonomous threat response with analyst-accessible investigation capabilities. ### How We Evaluated These EDR Solutions These rankings are based on structured analysis of vendor capabilities across eight dimensions that reflect real-world security operations requirements. We assessed publicly available documentation, independent testing results, analyst research, and customer feedback, not paid placement or vendor briefings. **Detection quality:** Behavioral analytics depth, MITRE ATT\&CK technique coverage, alert suppression and tuning flexibility, and performance in independent evaluation frameworks. **Response depth:** Endpoint isolation speed, process termination, file quarantine, ransomware rollback capabilities, and remote shell access for active investigation. **Investigation UX:** Timeline visualization, process tree clarity, cross-event search speed, and how quickly an analyst can go from alert to root cause. **Coverage:** Operating system support across Windows, macOS, and Linux; cloud workload and container protection; and virtual desktop infrastructure compatibility. **Integrations:** Native and API-based connectivity with SIEM, SOAR, and XDR platforms, plus telemetry ingestion from identity providers, email gateways, and network security tools. **Data model and retention:** Query performance at scale, hot storage duration, cold storage accessibility, and data export controls for compliance and forensic use cases. **Operations:** Agent resource consumption, deployment complexity across diverse environments, policy management flexibility, and update cadence. **Commercials:** Licensing model clarity, module bundling transparency, MDR service availability, and total cost predictability over a three-year horizon. **What we didn't do:** We did not run controlled lab testing or head-to-head detection simulations. Rankings reflect capability analysis, not empirical benchmarking. We recommend running a proof-of-concept in your own environment before making a final decision. Detection performance varies significantly based on infrastructure complexity, endpoint diversity, and existing tool integrations. | EDR solution | Standout capability | Platform scope | Best for | |----------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------|----------------------------------------------------------------------------------------------------| | #1 Palo Alto Networks Cortex XDR | AI-powered behavioral analytics with AgentiX Assistant for autonomous investigation and response at machine speed | Converged XDR-SIEM-SOAR platform | Enterprises consolidating security operations with native Palo Alto Networks ecosystem integration | | #2 Microsoft Defender XDR | Deep Microsoft 365 and Azure integration with predictive shielding that anticipates attacker progression | Native XDR across endpoints, identities, email, and cloud apps | Organizations standardized on Microsoft infrastructure, seeking unified licensing | | #3 CrowdStrike Falcon | Charlotte AI assistant with natural language queries, achieving detection accuracy exceeding industry benchmarks | Cloud-native XDR with modular add-ons | Enterprises requiring lightweight agents and threat intelligence-led detection | | #4 Stellar Cyber Open XDR | Kill Chain Analytics auto-correlates low-confidence alerts into attack narratives across multi-vendor telemetry | Vendor-agnostic XDR platform | Organizations preserving existing security investments through open architecture | | #5 SentinelOne Singularity | Autonomous endpoint agent executing real-time detection and rollback remediation without cloud dependency | AI-driven XDR with Purple AI assistant | Enterprises demanding offline protection and ransomware recovery capabilities | | #6 Trend Micro Vision One | Risk-based detection prioritization across endpoints, email, servers, and cloud workloads | Multi-layered XDR platform | Organizations requiring comprehensive threat visibility in hybrid environments | | #7 Sophos Intercept X | Deep learning malware detection with synchronized security across endpoint, network, email, and cloud | Adaptive ecosystem integration | Mid-market organizations seeking turnkey deployment with vendor flexibility | | #8 Bitdefender GravityZone | HyperDetect behavioral analytics with a risk analytics engine for proactive threat scoring | Unified endpoint and cloud platform | Enterprises requiring multi-OS support with low resource consumption | | #9 Cynet 360 | All-in-one NGAV, EDR, NDR, UEBA with CyOps 24/7 MDR bundled in platform licensing | Integrated security platform | Lean security teams needing consolidated tooling without vendor sprawl | **Quick take:** Converged XDR platforms deliver tighter correlation and automated response through unified data lakes. Vendor-agnostic EDR tools preserve existing investments but require more integration effort to achieve cross-domain visibility. ### 1. Palo Alto Networks Cortex XDR ![Palo Alto Networks Cortex XDR](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/edr-solutions/cortex-xdr.png "Palo Alto Networks Cortex XDR") [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) unifies endpoint, network, cloud, and identity telemetry through a converged platform that deploys AgentiX Assistant AI agents to investigate alerts and autonomously execute response actions. **Best for:** Enterprises consolidating security operations platforms while maintaining native integration across Palo Alto Networks infrastructure, including firewalls, cloud security, and attack surface management. **Strength:** Behavioral analytics correlates process execution chains, memory operations, and network connections to detect living-off-the-land attacks that bypass signature-based detection. **What to validate:** * Whether platform licensing economics work favorably compared to per-endpoint or data volume pricing models at your projected scale * Integration quality and telemetry depth when deploying alongside non-Palo Alto Networks security tools in heterogeneous environments ### 2. Microsoft Defender XDR ![Microsoft Defender XDR](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/edr-solutions/microsoft-defender-xdr.png "Microsoft Defender XDR") Microsoft Defender XDR delivers native threat detection across endpoints, identities, email, SaaS applications, and cloud workloads, using predictive shielding to identify and harden vulnerable assets before exploitation. **Best for:** Organizations standardized on Microsoft 365, Azure, and Entra ID seeking unified licensing that bundles endpoint protection with identity and email security in existing subscriptions. **Strength:** Automatic attack disruption correlates signals across Defender for Endpoint, Defender for Identity, and Defender for Office 365 to execute coordinated containment without analyst intervention. **What to validate:** * Coverage gaps when protecting non-Windows endpoints or mixed operating system fleets across macOS, Linux, and mobile platforms * Whether Defender Experts for XDR managed services or third-party MDR partnerships deliver the required 24/7 analyst coverage ### 3. CrowdStrike Falcon ![CrowdStrike Falcon](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/edr-solutions/crowdstrike.png "CrowdStrike Falcon") Falcon combines cloud-native architecture with the Charlotte AI assistant, enabling natural-language threat-hunting queries that meet detection accuracy benchmarks across MITRE ATT\&CK evaluation frameworks. **Best for:** Enterprises requiring lightweight agent deployment with minimal endpoint resource consumption and threat intelligence-driven detection informed by global telemetry analysis. **Strength:** Falcon OverWatch managed threat hunting service staffs dedicated analysts who proactively search customer environments for sophisticated adversary behaviors that automated detection misses. **What to validate:** * Total cost when adding required modules for complete coverage, including identity protection, cloud workload security, and log management * Alert volume and false positive rates in environments with complex legitimate administrative activity and developer workflows ### 4. Stellar Cyber Open XDR ![Stellar Cyber Open XDR](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/edr-solutions/stellar-cyber.png "Stellar Cyber Open XDR") Stellar Cyber's Open XDR platform ingests telemetry from existing security tools across endpoints, networks, and cloud infrastructure, then applies Kill Chain Analytics to auto-correlate disparate alerts into unified attack narratives. **Best for:** Organizations preserving existing security investments while gaining cross-domain correlation through vendor-agnostic architecture supporting hundreds of third-party integrations. **Strength:** AI Investigator translates natural language questions into complex queries across normalized telemetry from multiple EDR vendors, firewalls, and cloud platforms simultaneously. **What to validate:** * Integration effort and telemetry normalization quality when connecting specific security tools currently deployed in your environment * Whether compliance reporting frameworks meet audit requirements for regulated industries versus purpose-built SIEM platforms ### 5. SentinelOne Singularity ![SentinelOne Singularity](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/edr-solutions/sentinelone.png "SentinelOne Singularity") Singularity deploys autonomous AI agents at each endpoint to execute detection, investigation, and response workflows locally, without requiring continuous cloud connectivity or human analyst intervention. **Best for:** Enterprises demanding offline endpoint protection and ransomware rollback capabilities that restore encrypted files to pre-attack states during active incidents. **Strength:** Purple AI assistant accelerates investigation workflows by automatically correlating attack techniques across the MITRE ATT\&CK framework and generating remediation recommendations in conversational language. **What to validate:** * Behavioral detection tuning requirements and false positive rates during initial deployment across diverse application environments * Agent resource consumption on legacy hardware, and whether offline operation mode limitations affect detection coverage ### 6. Trend Micro Vision One ![Trend Micro Vision One](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/edr-solutions/trend-vision-one.jpg "Trend Micro Vision One") Vision One correlates threat telemetry across endpoints, email gateways, servers, and cloud workloads through risk-based detection that prioritizes alerts according to asset criticality and attack progression likelihood. **Best for:** Organizations operating hybrid infrastructure requiring comprehensive visibility spanning on-premises data centers, multi-cloud environments, and distributed endpoint populations. **Strength:** Automated response workflows integrate natively with Trend Micro's email security, network defense, and cloud protection products to execute coordinated containment across attack vectors. **What to validate:** * Operational technology and industrial control system monitoring capabilities if protecting manufacturing or critical infrastructure environments * Custom detection rule development timelines and whether threat intelligence integration covers industry-specific attack patterns ### 7. Sophos Intercept X Endpoint ![Sophos Intercept X Endpoint](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/edr-solutions/intercept.jpg "Sophos Intercept X Endpoint") Intercept X applies deep learning neural networks to identify malware variants and zero-day exploits without signature updates while synchronizing response actions across Sophos endpoint, network, email, and cloud products. **Best for:** Mid-market organizations seeking turnkey deployment with vendor-agnostic telemetry ingestion from existing security tools through the Adaptive Cybersecurity Ecosystem. **Strength:** CryptoGuard ransomware protection monitors file system operations to detect encryption patterns, then automatically reverts modified files while isolating compromised endpoints. **What to validate:** * Whether Sophos MDR service delivers the required analyst expertise or if third-party managed services integration meets operational needs * Extended detection and response maturity compared to platforms purpose-built for cross-domain correlation versus bolt-on integrations ### 8. Bitdefender GravityZone ![Bitdefender GravityZone](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/edr-solutions/bitdefender.jpg "Bitdefender GravityZone") GravityZone's HyperDetect engine applies pre-execution behavioral analysis and machine learning models to block exploits, fileless attacks, and script-based threats across Windows, macOS, and Linux endpoints. **Best for:** Enterprises requiring multi-OS endpoint protection with consistently low resource consumption verified through independent performance testing across endpoint hardware configurations. **Strength:** Risk Analytics correlates endpoint vulnerabilities, patch status, and behavioral anomalies into prioritized risk scores that guide remediation resource allocation. **What to validate:** * Cloud workload protection depth and whether container security capabilities meet Kubernetes and serverless architecture requirements * Integration architecture with existing SIEM, SOAR, and ticketing systems versus native automation workflow capabilities ### 9. Cynet 360 ![Cynet 360](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/edr-solutions/cynet.jpg "Cynet 360") Cynet bundles next-generation antivirus, EDR, network detection and response, and user behavior analytics into a single-agent platform with CyOps 24/7 MDR included in base licensing. **Best for:** Lean security teams requiring a consolidated platform deployment without managing multiple vendor relationships or complex tool integration projects. **Strength:** Deception technology deploys decoy assets across the network that attract lateral movement attempts, triggering high-confidence alerts when attackers interact with honeypot credentials or fake file shares. **What to validate:** * Dedicated analyst assignment model versus shared SOC coverage, and whether response authority meets production environment isolation requirements * Platform scalability and performance when protecting endpoint populations exceeding the initial deployment size by significant margins ## How to Choose the Best EDR Tool Selecting EDR platforms requires rigorous assessment across detection accuracy, operational integration complexity, and total cost of ownership, measured against measurable security improvements. ### Detection Capabilities \& Response Automation * Evaluate behavioral analytics maturity through proof-of-concept testing against living-off-the-land attacks using legitimate system tools like PowerShell and Windows Management Instrumentation * Request customer references demonstrating quantified reductions in mean time to detect and mean time to respond across similar infrastructure complexity * Test autonomous response workflows, including endpoint isolation, process termination, and file quarantine, to verify guardrails prevent production disruption * Assess alert correlation accuracy by reviewing how EDR software groups low-confidence signals into high-fidelity incidents versus flooding analysts with fragmented detections * Verify machine learning model training approaches and whether behavioral baselines adapt to your specific environment versus relying solely on vendor-supplied signatures ### Architecture \& Integration Strategy * Decide between converged XDR platforms unifying endpoint, network, cloud, and identity telemetry versus best-of-breed EDR tools requiring SIEM integration * Evaluate API quality and pre-built connectors for existing security infrastructure, including firewalls, email gateways, identity providers, and ticketing systems * Test query performance across telemetry volumes exceeding projected three-year growth to validate investigation speed during active incidents * Assess whether cloud-native architecture delivers the required scalability or if on-premises deployment meets data sovereignty and air-gapped environment requirements * Verify telemetry retention policies and whether hot storage duration supports threat hunting workflows without forcing analysts to wait for cold storage queries ### Operational Requirements \& Total Cost * Calculate total cost, including base licensing, required add-on modules, professional services dependencies, and analyst training investments acrossa three-year deployment * Evaluate deployment complexity through pilot programs, measuring time from agent installation to production-ready detection coverage across diverse operating systems * Test agent resource consumption on representative endpoint hardware, including legacy systems, virtual desktop infrastructure, and resource-constrained devices * Assess EDR vendor roadmap alignment with your infrastructure evolution, including container adoption, serverless computing, and multi-cloud expansion plans * Request detailed pricing scenarios covering endpoint growth, data retention increases, and additional feature modules to avoid unexpected cost escalation ### Vendor Evaluation \& Support Model * Verify geographic coverage for data centers and support operations, matching your global infrastructure distribution and compliance requirements * Evaluate managed detection and response service availability if 24/7 analyst coverage exceeds internal staffing capabilities or skill availability * Test vendor responsiveness through technical pre-sales engagement quality and customer reference discussions about ongoing support experience * Assess threat intelligence integration frequency and whether research teams publish actionable indicators covering adversary groups targeting your industry vertical * Review contractual terms for incident response escalation procedures and whether professional services teams deliver rapid deployment during active breach scenarios ## EDR Solutions and Tools FAQs ### What are the most effective EDR solutions? Effective EDR platforms combine behavioral analytics with machine learning to detect threats that bypass signature-based controls. Look for solutions offering autonomous response capabilities, low false positive rates through intelligent alert correlation, and comprehensive telemetry retention supporting forensic investigation. Top-tier EDR vendors demonstrate consistent performance in independent testing frameworks and offer flexible deployment models that match your infrastructure requirements and operational workflows. ### How long to deploy top-rated EDR solutions? Cloud-native EDR deployments typically complete within two to six weeks, depending on endpoint population size and environmental complexity. Agent installation is rapid across modern operating systems, but establishing behavioral baselines, tuning detection rules, and integrating with existing security infrastructure extend timelines. Organizations should allocate additional time for pilot testing, development of exclusion lists, and analyst training to achieve production-ready coverage without operational disruption. ### Which EDR platform integrates with SIEM tools? Most enterprise-grade EDR solutions provide API-based integration with leading [SIEM platforms](https://www.paloaltonetworks.com/cyberpedia/how-do-siem-tools-benefit-soc-teams?ts=markdown) through syslog forwarding, REST APIs, or native connectors. Converged XDR architectures offer tighter integration by processing endpoint telemetry alongside network, cloud, and identity data within unified data lakes. Evaluate bidirectional integration quality, verifying whether EDR platforms both send alerts to SIEM systems and receive enrichment data or orchestrated response commands back. ### How do segmentation policies work with EDR tools? EDR platforms enforce micro-segmentation through host-based firewall controls and application whitelisting at the endpoint level. Agents monitor lateral movement attempts by tracking network connections, process injections, and credential usage patterns that indicate adversary progression. Advanced EDR software coordinates with network segmentation controllers to dynamically isolate compromised endpoints while maintaining visibility into blocked communication attempts for investigation purposes. ### Which EDR tools deliver the fastest ROI? EDR solutions that deliver rapid ROI combine autonomous threat response, reduced analyst workload, accurate behavioral detection, minimized false-positive investigation time, and flexible pricing models aligned with organizational scale. Platforms that bundle MDR services accelerate value by providing immediate 24/7 coverage without requiring staffing investments. Measure ROI through quantifiable metrics, including reduced mean time to respond, prevented breach costs, and analyst productivity gains from automated investigation workflows. Related Content [The Forrester Wave^™^: Extended Detection And Response Platforms, Q2 2024 See why Cortex XDR received the distinction as a Leader in the latest Forrester Wave for EDR platforms](https://start.paloaltonetworks.com/2024-forrester-xdr-wave-leader?utm_source=google-jg-amer-cortex-socf-ends&utm_medium=paid_search&utm_campaign=google-cortex-edpxdr-amer-multi-lead_gen-en-brand&utm_content=7014u000001tUgTAAU&utm_term=cortex%20xdr&cq_plac=&cq_net=g&gad_source=1&gad_campaignid=21711491255&gbraid=0AAAAADHVeKnpwwa1-U4OCUHwunYXAFLNa&gclid=CjwKCAiA2PrMBhA4EiwAwpHyC850Zcq6xJ5Dy0QmmwYYbmj1PmTJwp7S_rwVwsw1W1zEPs_TTLu_qhoC53IQAvD_BwE) [Discover Cortex XDR See how Cortex XDR automatically fuses data from endpoints, networks, identities, and clouds to expose complex threats, ...](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=Best%20EDR%20Solutions%20%282026%29%3A%20Top%209%20Endpoint%20Detection%20%26%20Response%20Tools&body=Compare%209%20top%20EDR%20tools%20for%202026.%20See%20strengths%2C%20best-fit%2C%20key%20features%20%28AI%20detection%2C%20automated%20response%2C%20XDR%20integration%29%2C%20and%20a%20practical%20checklist%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/edr-solutions) Back to Top [Next](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr?ts=markdown) What Is Endpoint Detection and Response (EDR)? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/ai-security?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language