[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Cloud Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security?ts=markdown) 3. [CI CD Security](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security?ts=markdown) 4. [What Is Insecure System Configuration?](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7?ts=markdown) Table of Contents * [What Is CI/CD Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security?ts=markdown) * [CI/CD Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security#security?ts=markdown) * [Why CI/CD Security Is Critical](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security#critical?ts=markdown) * [CI/CD Security Threats](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security#threats?ts=markdown) * [Securing the CI/CD Pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security#securing?ts=markdown) * [CI/CD Security Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security#practices?ts=markdown) * [CI/CD Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security#faqs?ts=markdown) * What Is Insecure System Configuration? * [CICD-SEC-7: Insecure System Configuration Explained](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#insecure?ts=markdown) * [Importance of Secure System Configuration in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#importance?ts=markdown) * [Preventing Insecure System Configuration in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#preventing?ts=markdown) * [Industry Standards for System Configuration Security](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#standards?ts=markdown) * [Insecure System Configuration FAQs](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#faqs?ts=markdown) * [What Is Shift Left Security?](https://www.paloaltonetworks.com/cyberpedia/shift-left-security?ts=markdown) * [Shift Left Security: A Developer-Centric Reality Check](https://www.paloaltonetworks.com/cyberpedia/shift-left-security#shift?ts=markdown) * [Core Principles of Shift Left Security](https://www.paloaltonetworks.com/cyberpedia/shift-left-security#core?ts=markdown) * [What Shift Left Looks Like in Practice](https://www.paloaltonetworks.com/cyberpedia/shift-left-security#practice?ts=markdown) * [What Secure Looks Like Now](https://www.paloaltonetworks.com/cyberpedia/shift-left-security#secure?ts=markdown) * [Shift Left Security FAQS](https://www.paloaltonetworks.com/cyberpedia/shift-left-security#faqs?ts=markdown) * [What Is DevOps?](https://www.paloaltonetworks.com/cyberpedia/what-is-devops?ts=markdown) * [DevOps Is Not](https://www.paloaltonetworks.com/cyberpedia/what-is-devops#devops?ts=markdown) * [DevOps Defined](https://www.paloaltonetworks.com/cyberpedia/what-is-devops#defined?ts=markdown) * [CI/CD Pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-devops#cicd?ts=markdown) * [DevOps and Security](https://www.paloaltonetworks.com/cyberpedia/what-is-devops#security?ts=markdown) * [DevOps FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-devops#faqs?ts=markdown) * [What Is Executive Order 14028?](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028?ts=markdown) * [What's the Purpose of EO 14028?](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028#what?ts=markdown) * [NIST's Responsibilities Under Executive Order 14028](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028#nist?ts=markdown) * [A Platform Approach to Securing Software Development](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028#platform?ts=markdown) * [Tracing Vulnerabilities Through SBOMs](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028#tracing?ts=markdown) * [Improving Software Supply Chain Security](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028#improving?ts=markdown) * [Federal EO 14028 FAQs](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028#faqs?ts=markdown) * [What Is Cloud Software Supply Chain Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-software-supply-chain-security?ts=markdown) * [What is DevSecOps?](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops?ts=markdown) * [What is DevSecOps?](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops#what?ts=markdown) * [DevSecOps vs DevOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops#devsecops?ts=markdown) * [Why DevSecOps Practices Are Important](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops#why?ts=markdown) * [Five Guidelines to DevSecOps Implementation](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops#five?ts=markdown) * [Finding the Best DevSecOps Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops#finding?ts=markdown) * [The Best of DevSecOps: Trends in Cloud Native Security Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops#the?ts=markdown) * [DevSecOps FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops#faqs?ts=markdown) * [What Is Insufficient Flow Control Mechanisms?](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1?ts=markdown) * [CICD-SEC-1: Insufficient Flow Control Mechanisms Explained](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1#insufficient-flow-control-mechanism?ts=markdown) * [Importance of Robust Flow Control Mechanisms in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1#importance?ts=markdown) * [Preventing Insufficiency in Flow Control Mechanisms](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1#preventing-insufficiency-in-flow-control-mechanism?ts=markdown) * [Best Practices to Ensure Sufficient Flow Control in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1#best-practices?ts=markdown) * [The Impact of New Technologies on Flow Control](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1#impact?ts=markdown) * [Insufficient Flow Control Mechanisms FAQs](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1#faq?ts=markdown) * [What Is Poisoned Pipeline Execution (PPE)?](https://www.paloaltonetworks.com/cyberpedia/poisoned-pipeline-execution-cicd-sec4?ts=markdown) * [CICD-SEC-4: Poisoned Pipeline Execution Explained](https://www.paloaltonetworks.com/cyberpedia/poisoned-pipeline-execution-cicd-sec4#pipeline?ts=markdown) * [Importance of Secure Pipeline Execution in CI/CD](https://www.paloaltonetworks.com/cyberpedia/poisoned-pipeline-execution-cicd-sec4#importance?ts=markdown) * [Preventing Poisoned Pipeline Execution](https://www.paloaltonetworks.com/cyberpedia/poisoned-pipeline-execution-cicd-sec4#poisoned?ts=markdown) * [Poisoned Pipeline Execution FAQs](https://www.paloaltonetworks.com/cyberpedia/poisoned-pipeline-execution-cicd-sec4#faqs?ts=markdown) * [What Is the CI/CD Pipeline?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security?ts=markdown) * [CI/CD Pipeline Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-pipeline?ts=markdown) * [How CI/CD Works: A Day in the Life of the Pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#how-ci-cd-works?ts=markdown) * [Stages of a CI/CD Pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#stages-of-a-ci-cd-pipeline?ts=markdown) * [Types of CI/CD Pipelines](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#types-of-ci-cd-pipelines?ts=markdown) * [CI/CD in the Cloud](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-in-the-cloud?ts=markdown) * [CI/CD Pipeline Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#best-practices?ts=markdown) * [CI/CD Pipeline KPIs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-pipeline-kpis?ts=markdown) * [CI/CD Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-tools?ts=markdown) * [Security in CI/CD](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#security-in-ci-cd?ts=markdown) * [CI/CD Trends on the Horizon](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-trends-on-the-horizon?ts=markdown) * [CI/CD Pipeline FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#faq?ts=markdown) * [What Is Ungoverned Usage of Third-Party Services?](https://www.paloaltonetworks.com/cyberpedia/ungoverned-usage-third-party-services-cicd-sec8?ts=markdown) * [CICD-SEC-8: Ungoverned Usage of Third-Party Services Explained](https://www.paloaltonetworks.com/cyberpedia/ungoverned-usage-third-party-services-cicd-sec8#ungoverned?ts=markdown) * [Importance of Governing Third-Party Services in CI/CD](https://www.paloaltonetworks.com/cyberpedia/ungoverned-usage-third-party-services-cicd-sec8#importance?ts=markdown) * [Preventing Ungoverned Usage of Third-Party Services](https://www.paloaltonetworks.com/cyberpedia/ungoverned-usage-third-party-services-cicd-sec8#preventing?ts=markdown) * [Industry Standards for Governing Third-Party Services](https://www.paloaltonetworks.com/cyberpedia/ungoverned-usage-third-party-services-cicd-sec8#industry?ts=markdown) * [Ungoverned Usage of Third-Party Services FAQs](https://www.paloaltonetworks.com/cyberpedia/ungoverned-usage-third-party-services-cicd-sec8#faqs?ts=markdown) * [What Is Insufficient Pipeline-Based Access Controls?](https://www.paloaltonetworks.com/cyberpedia/pipeline-based-access-controls-cicd-sec5?ts=markdown) * [CICD-SEC-5: Insufficient Pipeline-Based Access Controls Explained](https://www.paloaltonetworks.com/cyberpedia/pipeline-based-access-controls-cicd-sec5#insufficient?ts=markdown) * [Importance of Pipeline-Based Access Controls in CI/CD](https://www.paloaltonetworks.com/cyberpedia/pipeline-based-access-controls-cicd-sec5#importance?ts=markdown) * [Preventing Insufficiency in Pipeline-Based Access Controls](https://www.paloaltonetworks.com/cyberpedia/pipeline-based-access-controls-cicd-sec5#preventing?ts=markdown) * [Industry Standards for Pipeline-Based Access Controls](https://www.paloaltonetworks.com/cyberpedia/pipeline-based-access-controls-cicd-sec5#industry?ts=markdown) * [Insufficient Pipeline-Based Access Controls FAQs](https://www.paloaltonetworks.com/cyberpedia/pipeline-based-access-controls-cicd-sec5#faqs?ts=markdown) * [What Is Insufficient Logging and Visibility?](https://www.paloaltonetworks.com/cyberpedia/insufficient-logging-visibility-cicd-sec10?ts=markdown) * [CICD-SEC-10: Insufficient Logging and Visibility Explained](https://www.paloaltonetworks.com/cyberpedia/insufficient-logging-visibility-cicd-sec10#insufficient?ts=markdown) * [Importance of Sufficient Logging and Visibility in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insufficient-logging-visibility-cicd-sec10#importance?ts=markdown) * [Preventing Insufficiency in Logging and Visibility](https://www.paloaltonetworks.com/cyberpedia/insufficient-logging-visibility-cicd-sec10#preventing?ts=markdown) * [Industry Standards for Logging and Visibility in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insufficient-logging-visibility-cicd-sec10#standards?ts=markdown) * [Insufficient Logging and Visibility FAQs](https://www.paloaltonetworks.com/cyberpedia/insufficient-logging-visibility-cicd-sec10#faqs?ts=markdown) * [What Is Insufficient Credential Hygiene?](https://www.paloaltonetworks.com/cyberpedia/insufficient-credential-hygiene-cicd-sec6?ts=markdown) * [CICD-SEC-6: Insufficient Credential Hygiene Explained](https://www.paloaltonetworks.com/cyberpedia/insufficient-credential-hygiene-cicd-sec6#insufficient-credential-hygiene-explained?ts=markdown) * [Importance of Credential Hygiene in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insufficient-credential-hygiene-cicd-sec6#importance?ts=markdown) * [Preventing Insufficiency in Credential Hygiene](https://www.paloaltonetworks.com/cyberpedia/insufficient-credential-hygiene-cicd-sec6#preventing?ts=markdown) * [Industry Standards for Credential Hygiene in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insufficient-credential-hygiene-cicd-sec6#industry-standards?ts=markdown) * [Insufficient Credential Hygiene FAQs](https://www.paloaltonetworks.com/cyberpedia/insufficient-credential-hygiene-cicd-sec6#faq?ts=markdown) * [What Is Inadequate Identity and Access Management?](https://www.paloaltonetworks.com/cyberpedia/inadequate-iam-cicd-sec2?ts=markdown) * [CICD-SEC-2: Inadequate Identity and Access Management Explained](https://www.paloaltonetworks.com/cyberpedia/inadequate-iam-cicd-sec2#inadequate-identity?ts=markdown) * [Importance of Identity and Access Management in CI/CD](https://www.paloaltonetworks.com/cyberpedia/inadequate-iam-cicd-sec2#importance?ts=markdown) * [Preventing Inadequacy in Identity and Access Management](https://www.paloaltonetworks.com/cyberpedia/inadequate-iam-cicd-sec2#preventing-inadequacy?ts=markdown) * [Best Practices for IAM in CI/CD](https://www.paloaltonetworks.com/cyberpedia/inadequate-iam-cicd-sec2#best-practices?ts=markdown) * [Inadequate Identity and Access Management FAQs](https://www.paloaltonetworks.com/cyberpedia/inadequate-iam-cicd-sec2#faq?ts=markdown) * [What Is Improper Artifact Integrity Validation?](https://www.paloaltonetworks.com/cyberpedia/improper-artifact-integrity-validation-cicd-sec9?ts=markdown) * [CICD-SEC-9: Improper Artifact Integrity Validation Explained](https://www.paloaltonetworks.com/cyberpedia/improper-artifact-integrity-validation-cicd-sec9#artifact?ts=markdown) * [Importance of Artifact Integrity Validation in CI/CD](https://www.paloaltonetworks.com/cyberpedia/improper-artifact-integrity-validation-cicd-sec9#importance?ts=markdown) * [Preventing Improper Artifact Integrity Validation](https://www.paloaltonetworks.com/cyberpedia/improper-artifact-integrity-validation-cicd-sec9#improper?ts=markdown) * [Industry Practices to Promote Artifact Integrity in CI/CD](https://www.paloaltonetworks.com/cyberpedia/improper-artifact-integrity-validation-cicd-sec9#promote?ts=markdown) * [Improper Artifact Integrity Validation FAQs](https://www.paloaltonetworks.com/cyberpedia/improper-artifact-integrity-validation-cicd-sec9#faqs?ts=markdown) * [What Is Dependency Chain Abuse?](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3?ts=markdown) * [CICD-SEC-3: Dependency Chain Abuse Explained](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3#cicd-sec?ts=markdown) * [Importance of Secure Dependency Chains in CI/CD](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3#importance?ts=markdown) * [Identifying Signs of Dependency Chain Abuse](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3#identifying-signs?ts=markdown) * [Preventing Dependency Chain Abuse](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3#preventing?ts=markdown) * [Additional Practices for Dependency Chain Security](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3#additional-practices?ts=markdown) * [Dependency Chain Abuse FAQs](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3#faq?ts=markdown) * [Anatomy of a Cloud Supply Pipeline Attack](https://www.paloaltonetworks.com/cyberpedia/anatomy-ci-cd-pipeline-attack?ts=markdown) # What Is Insecure System Configuration? 5 min. read [AppSec's New Horizon: A Virtual Event](https://start.paloaltonetworks.com/appsecs-new-horizon-virtual-event.html) Table of Contents * * [CICD-SEC-7: Insecure System Configuration Explained](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#insecure?ts=markdown) * [Importance of Secure System Configuration in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#importance?ts=markdown) * [Preventing Insecure System Configuration in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#preventing?ts=markdown) * [Industry Standards for System Configuration Security](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#standards?ts=markdown) * [Insecure System Configuration FAQs](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#faqs?ts=markdown) 1. CICD-SEC-7: Insecure System Configuration Explained * * [CICD-SEC-7: Insecure System Configuration Explained](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#insecure?ts=markdown) * [Importance of Secure System Configuration in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#importance?ts=markdown) * [Preventing Insecure System Configuration in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#preventing?ts=markdown) * [Industry Standards for System Configuration Security](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#standards?ts=markdown) * [Insecure System Configuration FAQs](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#faqs?ts=markdown) Insecure system configuration is an OWASP Top 10 CI/CD security risk. It arises when CI/CD systems deploy with suboptimal or default configurations. It can include unnecessary open ports, default credentials, unpatched systems, poorly segregated networks, or disabled security features. These vulnerabilities can expose the system to unauthorized access and increase the propagation of malware and the potential for malicious code injection into the deployment process, ultimately leading to data breaches and disruption to business operations. Insecure configurations can also lead to the misuse of legitimate CI/CD processes, enabling attackers to manipulate workflows and gain access to production environments. ## CICD-SEC-7: Insecure System Configuration Explained Insecure system configuration represents a significant security risk. It arises from deficiencies in the security settings, configuration, and hardening of various systems across the pipeline, such as source code management (SCM), CI systems, and artifact repositories. These vulnerabilities often serve as easy targets for attackers seeking to expand their reach within the environment. Multiple systems from a variety of vendors make up CI/CD environments. To enhance [CI/CD security](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security?ts=markdown), it's essential to concentrate not only on the code and artifacts flowing through the pipeline but also on the stance and resilience of each individual system. Similar to data storage and processing systems, CI/CD systems involve numerous security settings and configurations at the application, network, and infrastructure levels. These settings play a significant role in determining the security posture of the CI/CD environments and their susceptibility to potential breaches. Attackers hunt for CI/CD vulnerabilities and misconfigurations to exploit. Potential hardening flaws include: * Systems running outdated versions * Systems with overly permissive network access controls * Self-hosted systems with administrative permissions on the underlying OS * Poor credential hygiene ### System Configuration Defined System configuration refers to the process of setting up systems and services, defining how they interact, and establishing the rules governing their operation. This includes setting up hardware, installing and configuring software, and establishing network connections. Because the configuration process can significantly impact the functionality, performance, and security of a system, getting it right --- and maintaining its optimal status --- is vitally important. ### Components of Secure System Configuration A secure configuration involves correctly setting system parameters, managing access controls, and implementing security measures for the systems that underpin the [CI/CD pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security?ts=markdown). Such configurations mitigate the risk of unauthorized access and prevent the exploitation of vulnerabilities in the systems that form the backbone of the development environment. Complexity in the CI/CD environment stems from the CI/CD environment, in that system configuration extends beyond individual systems to the interconnections between tools, services, and platforms used in the pipeline. Not surprisingly, the primary component of effective and secure system configuration is strict configuration management. ### How CICD-SEC-7 Happens The root cause of insecure system configurations often points to human error, lack of proper procedures, or inadequate understanding of security requirements. It can result from something as simple as leaving default settings unchanged, permitting excessive permissions, or neglecting to update and patch systems. **A Hypothetical Situation** The attacker scans the target network, a tech company specializing in artificial intelligence, and discovers an exposed Jenkins server configured with default settings. Employing readily available tools and an API call, they proceed to mine the Jenkins server metadata for potential information about the underlying system. A goldmine of information floods their screen --- data about plugins, jobs, system configurations, and more. Among this trove of details, one string of information stands out. AWS keys. They were being used by Jenkins for deploying applications on AWS and weren't adequately secured. The keys are for an administrator account, granting potentially unrestricted access to the company's AWS environment. Using the keys to infiltrate the company's AWS infrastructure, the attacker enters the heart of the organization's system. They locate an S3 bucket housing proprietary AI models, and with admin-level access from the stolen AWS keys, they swiftly download the models and exit without triggering an alarm. The attacker then decides to exploit this system further. Aware that the Jenkins server has write permissions to the GitHub repositories, they plant a malicious code snippet into the main application source code that creates a backdoor into the application. In the next deployment cycle, the company unknowingly pushes the application into production. Now armed with a persistent backdoor, the attacker can pilfer data, manipulate system controls, and plant additional malware --- all under the radar of the company's security systems. ## Importance of Secure System Configuration in CI/CD A misconfiguration at any juncture in the engineering environment could expose the entire pipeline to potential threats. An attacker leveraging the misconfiguration could obtain unauthorized access to the CI/CD system --- or worse, compromise the system and access the underlying OS. The attacker might manipulate legitimate CI/CD flows, obtain sensitive tokens, and potentially access production environments. In some scenarios, configuration flaws may allow an attacker to move laterally within the environment and outside the context of CI/CD systems. ### Risks Associated with Insecure System Configuration DevOps teams with an understanding of the risks associated with insecure system configuration are equipped to design less vulnerable systems, take responsibility for the security of the systems they design, and mitigate risks when they arise. **Case Study 1: PHP Shifts to GitHub Following Security Incident and Potential User Database Leak** In April 2021, the PHP community faced a security incident involving git.php.net. Initially suspected as a server compromise, the investigation revealed that malicious commits were made using HTTPS and password-based authentication, bypassing the Gitolite infrastructure. The master.php.net user database may have leaked, prompting a system migration to main.php.net and a password reset for all php.net users. Git.php.net and svn.php.net were made read-only, and PHP's primary repository was moved to GitHub, enhancing security and streamlining the development workflow. **Case Study 2: Webmin Overhauls Security Measures Following Malicious Code Insertion Incident** In August 2019, Webmin, a web-based system configuration tool, suffered a security breach when malicious code was inserted into its source code. The breach, which was not an accidental bug, allowed remote command execution. The malicious code was introduced via a compromised development build server. Upon discovery, Webmin responded by updating the build process to use only checked-in code from GitHub, rotating all accessible secrets and auditing all GitHub commits over the past year for similar vulnerabilities. **Case Study 3: Nissan North America's Source Code Exposed Online Due to Misconfigured Git Server** In a significant security lapse, Nissan North America's source code for mobile apps and internal tools leaked online due to a misconfigured Git server. The server, left exposed with default username and password 'admin/admin', was discovered by Swiss-based software engineer Tillie Kottmann. The repository contained code for various Nissan apps, diagnostics tools, dealer portals, marketing tools, and more. Nissan confirmed the incident, secured the affected system and asserted that no personal data was accessible. **Case Study 4: New York State's IT Department Exposes Internal Code Repository Online** An internal code repository used by New York State's IT department was inadvertently exposed online, making it accessible to anyone. The GitLab server, discovered by cybersecurity company SpiderSilk, contained projects with secret keys and passwords for state government systems. The server was configured to allow anyone to create a user account and log in. The server was first detected online on March 18, and it was taken offline after the exposure was reported. The server was reportedly a test box set up by a vendor and has since been decommissioned. ## Preventing Insecure System Configuration in CI/CD Though misconfiguration can provide an entry point for attackers, leading to significant security breaches, secure system configuration remains overlooked in many development processes. Insider recommendations from the authors of the [OWASP Top 10 CI/CD Security Risks](https://owasp.org/www-project-top-10-ci-cd-security-risks/) list can put your systems in good standing: * Keep an inventory of systems and versions in use, mapping each system to a designated owner. Regularly check these components for known vulnerabilities. When a security patch becomes available, update the vulnerable component. If no patch is available for the vulnerable component, consider removing the component or system. Alternatively, minimize the potential impact of exploiting the vulnerability by limiting the system's access or its ability to perform sensitive operations. * Ensure network access to the systems aligns with the [principle of least privilege access](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access?ts=markdown). * Set up a process to periodically review all system configurations. Focus your review on settings that could affect the system's security posture. Ensure optimal settings. * Grant [permissions to the pipeline execution nodes](https://www.paloaltonetworks.com/cyberpedia/poisoned-pipeline-execution-cicd-sec4?ts=markdown) based on the principle of least privilege. A common misconfiguration in this context involves granting debug permissions on execution nodes to engineers. Many organizations allow this, but it's crucial to consider that any user with access to the execution node in debug mode could expose all secrets while they're loaded into memory. They could also use the node's identity, effectively granting elevated permissions to any engineer with this permission. ## Industry Standards for System Configuration Security Several industry standards outline best practices for system configuration security. The Center for Internet Security (CIS) provides comprehensive benchmarks for secure configuration, while the National Institute of Standards and Technology (NIST) also publishes guidelines for configuring systems for security. ### Encrypting Your Secrets Secrets such as passwords, API keys, and database credentials should be encrypted at rest and in transit. [Never store secrets in your code or configuration files](https://www.paloaltonetworks.com/cyberpedia/insufficient-credential-hygiene-cicd-sec6?ts=markdown). Use a secrets management tool like HashiCorp Vault or AWS Secrets Manager. These tools keep secrets encrypted and control access to them, helping to prevent your organizations' credentials from landing in the wrong hands. ### Logging and Monitoring Your Systems A key part of maintaining secure system configuration involves establishing clear policies and routinely monitoring for compliance. It's important to log all activity so you can detect suspicious activity and quickly respond to security incidents. You should also monitor your system for signs of attack, such as unusual traffic patterns or failed login attempts. ### Patching Vulnerabilities Ensure you have a comprehensive vulnerability identification and patching system in place. Systematically identify vulnerabilities and prioritize remediation. In instances when vulnerabilities can't be patched, use alternative mitigations, such as removing admin rights. Remember, keeping your systems up to date means regularly applying patches and updates to your servers, applications, and CI/CD tools. ### Eliminating Unnecessary Accounts and Privileges Enforce least privilege by removing unnecessary accounts (such as orphaned accounts and unused accounts). This is one of the most powerful security practices for reducing your attack surface. Ensure that every component of your system --- including users, processes, and services --- has only the minimum privileges necessary to perform its function. Doing so will limit damage in the event of a compromised component. ### Erecting Network Roadblocks Dividing your network into smaller, isolated segments will limit lateral movement if an attacker gains access to your network. Use firewalls and access control lists (ACLs) to control traffic between segments. Encrypt traffic, block unused or unneeded open network ports, and disable or remove unnecessary protocols and services. Regularly audit your firewall rules. ### Securing Your Build Servers Your build servers are responsible for compiling and packaging your code, so they're a prime target for attackers. Make sure that your build servers are properly hardened with up-to-date security patches and strong passwords. And remember that securing your build environment means isolating it from your production environment. ### Auditing Your Existing Systems Regular audits and reviews help ensure that system configurations remain secure over time. Carry out a comprehensive audit of your existing technology. Use penetration testing, vulnerability scanning, configuration management, and other security auditing tools to find flaws in the system and prioritize fixes. Conduct system assessments against resources using industry standards from NIST, Microsoft, CIS, DISA, etc. ### Using Tools to Help Secure System Configuration Many tools exist to help manage and secure system configuration. Configuration management tools such as Ansible, Chef, or Puppet allow for automated configuration and consistent application across environments. For cloud-based systems, cloud-native services like AWS Config, Azure Policy, and Google Cloud Security Command Center can aid in maintaining secure configuration. ## Insecure System Configuration FAQs ### What is configuration management (CM)? Configuration management is a systems engineering process for establishing and maintaining consistency of a product's performance, functional, and physical attributes with its requirements, design, and operational information throughout its life. ### What is systems hardening? Systems hardening is a methodical process of auditing, identifying, closing, and controlling potential security vulnerabilities throughout an organization. By applying a set of guidelines and tools to minimize vulnerabilities, hardening eliminates unnecessary functions, configurations, and services. The process can include configuring system settings securely, applying patches and updates promptly, limiting the number of system administrators and users, and setting up strong authentication protocols. The idea behind systems hardening is to fortify security by narrowing the system's attack surface. ### What are systems hardening standards? Systems hardening standards are guidelines and best practices designed to secure systems against threats. Often developed by cybersecurity organizations or industry groups, hardening standards provide a framework for configuring a system to minimize its attack surface. Examples of hardening standards include the Center for Internet Security (CIS) Benchmarks, which provides well-defined, unbiased, and consensus-based industry best practices to help organizations assess and improve their security. Other standards include the Security Technical Implementation Guides (STIGs) from the Defense Information Systems Agency (DISA) and the hardening guidelines from the National Institute of Standards and Technology (NIST). These standards cover a wide range of systems, including operating systems, network devices, and cloud environments, and are regularly updated to address emerging threats and vulnerabilities. ### What is infrastructure as code (IaC)? Infrastructure as code is the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. ### What is a Dockerfile? A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image. Using Docker build users can create an automated build that executes several command-line instructions in succession. ### What is a Kubernetes deployment? A Kubernetes Deployment is a resource object in Kubernetes that provides declarative updates for pods and ReplicaSets. Engineers describe a desired state in a deployment, and the Deployment Controller changes the actual state to the desired state at a controlled rate. ### What is a Helm Chart? Helm is a package manager for Kubernetes that allows developers and operators to more easily package, configure, and deploy applications and services onto Kubernetes clusters. A Helm chart is a collection of files that describe a related set of Kubernetes resources. ### What is a buildpack? Buildpacks are a modular and language-agnostic way to turn your application's source code into an OCI image. A buildpack inspects your code to determine what to include in the OCI image. ### What is a configuration drift? Configuration drift happens when a system "drifts" or changes from its intended configuration. It can happen when manual changes are made to systems, or when updates or installations are performed without using a configuration management tool. ### What is a YAML file? YAML (YAML Ain't Markup Language) is a human-readable data serialization language. It is commonly used for configuration files and in applications where data is being stored or transmitted. ### What is a JSON file? JSON (JavaScript Object Notation) is a lightweight data-interchange format that is easy for humans to read and write and easy for machines to parse and generate. It is often used for transmitting data in web applications. Related Content [ASPM Buyer's Guide Gain a comprehensive framework for evaluating and choosing an ASPM solution that shifts your AppSec strategy from reactive to proactive.](https://start.paloaltonetworks.com/application-security-posture-management-buyers-guide.html) [Accelerate Secure Development with Prevention-First Application Security Posture Management (ASPM) Learn how Cortex Cloud's ASPM centralizes and correlates findings from disparate security scanning tools with complete context across code, application infrastructure, and cloud ru...](https://www.paloaltonetworks.com/resources/datasheets/application-security-posture-management-solution-brief?ts=markdown) [Introducing Cortex Cloud ASPM Cortex Cloud ASPM gives security and engineering teams the control to prevent exploitable risk early and respond with full context across the software lifecycle.](https://www.paloaltonetworks.com/blog/cloud-security/introducing-aspm-cortex-cloud/?ts=markdown) [AppSec's New Horizon Join this virtual event to get a practical, prevention-first blueprint --- backed by new Unit 42 research --- to modernize your AppSec strategy.](https://start.paloaltonetworks.com/appsecs-new-horizon-virtual-event.html) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Insecure%20System%20Configuration%3F&body=Insecure%20system%20configuration%20is%20an%20OWASP%20risk%20that%20arises%20when%20CI%2FCD%20systems%20deploy%20with%20suboptimal%20or%20default%20configurations%20that%20open%20CI%2FCD%20systems%20to%20attack.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security?ts=markdown) What Is CI/CD Security? [Next](https://www.paloaltonetworks.com/cyberpedia/shift-left-security?ts=markdown) What Is Shift Left Security? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language