[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/ai-security?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Next-Gen Trust Security](https://www.paloaltonetworks.com/network-security/next-gen-trust-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Prisma Agent](https://www.paloaltonetworks.com/sase/prisma-agent?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) [Next-Generation Identity Security](https://www.paloaltonetworks.com/idira?ts=markdown) * [Privileged Access Management](https://www.paloaltonetworks.com/idira/human/privileged-access-management?ts=markdown) * [Identity and Access Management](https://www.paloaltonetworks.com/idira/human/identity-and-access-management?ts=markdown) * [Endpoint Privilege Manager](https://www.paloaltonetworks.com/idira/human/endpoint-privilege-manager?ts=markdown) * [Identity Governance](https://www.paloaltonetworks.com/idira/human/identity-governance?ts=markdown) * [Workforce Password Management](https://www.paloaltonetworks.com/idira/human/workforce-password-management?ts=markdown) * [Agentic Identities](https://www.paloaltonetworks.com/idira/agentic?ts=markdown) * [Secrets Management](https://www.paloaltonetworks.com/idira/machine/secrets-management?ts=markdown) * [Unified Secrets Governance](https://www.paloaltonetworks.com/idira/machine/unified-secrets-governance?ts=markdown) * [Application Credentials Delivery](https://www.paloaltonetworks.com/idira/machine/application-credentials-delivery?ts=markdown) * [Vendor Privileged Access](https://www.paloaltonetworks.com/idira/human/vendor-privileged-access?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-security-solution?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection and Response (CDR)](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection and Response (CDR)](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) Identity Security * [Human Identities](https://www.paloaltonetworks.com/idira/human?ts=markdown) * [Machine Identities](https://www.paloaltonetworks.com/idira/machine?ts=markdown) * [Agentic Identities](https://www.paloaltonetworks.com/idira/agentic?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * [Transportation](https://www.paloaltonetworks.com/industry/transportation-security?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Frontier AI Defense](https://www.paloaltonetworks.com/unit42/ai-advantage?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/certifications?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Introducing Idira, the next-generation identity security platform.](https://www.paloaltonetworks.com/idira?ts=markdown) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Observability Fundamentals](https://www.paloaltonetworks.com/cyberpedia/what-is-observability?ts=markdown) 3. [Observability vs. Monitoring](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences?ts=markdown) Table of contents * [What Is Observability? Core Signals, Benefits, and Use Cases](https://www.paloaltonetworks.com/cyberpedia/what-is-observability?ts=markdown) * [Why Observability Matters](https://www.paloaltonetworks.com/cyberpedia/what-is-observability#matters?ts=markdown) * [How Observability Works](https://www.paloaltonetworks.com/cyberpedia/what-is-observability#works?ts=markdown) * [The Core Signals of Observability](https://www.paloaltonetworks.com/cyberpedia/what-is-observability#core?ts=markdown) * [Benefits of Observability](https://www.paloaltonetworks.com/cyberpedia/what-is-observability#benefits?ts=markdown) * [Common Observability Use Cases](https://www.paloaltonetworks.com/cyberpedia/what-is-observability#usecase?ts=markdown) * [Observability vs. Security](https://www.paloaltonetworks.com/cyberpedia/what-is-observability#security?ts=markdown) * [Common Observability Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-observability#challenges?ts=markdown) * [What Makes a System Observable?](https://www.paloaltonetworks.com/cyberpedia/what-is-observability#observable?ts=markdown) * [Observability in Cloud Native Environments](https://www.paloaltonetworks.com/cyberpedia/what-is-observability#environments?ts=markdown) * [Observability FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-observability#page-anchor?ts=markdown) * Observability vs. Monitoring: Key Differences * [Observability vs. Monitoring Explained](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#explained?ts=markdown) * [Observability vs. Monitoring: Key Differences](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#differences?ts=markdown) * [Why Monitoring Alone Is No Longer Enough](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#why?ts=markdown) * [The Role of Telemetry in Observability](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#role?ts=markdown) * [Observability in Cloud Native and Kubernetes Environments](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#environments?ts=markdown) * [Observability and Security](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#security?ts=markdown) * [Observability for AI Systems](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#systems?ts=markdown) * [When to Use Monitoring](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#when?ts=markdown) * [When to Use Observability](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#use?ts=markdown) * [How Observability and Monitoring Work Together](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#how?ts=markdown) * [Benefits of Observability](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#benefits?ts=markdown) * [Challenges of Observability](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#challenges?ts=markdown) * [How to Build an Observability Strategy](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#strategy?ts=markdown) * [Observability vs. Monitoring FAQ](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#faqs?ts=markdown) * [What Are SRE Fundamentals: SLA vs SLO vs SLI?](https://www.paloaltonetworks.com/cyberpedia/sre-fundamentals-sla-vs-slo-vs-sli?ts=markdown) * [SRE Fundamentals Explained](https://www.paloaltonetworks.com/cyberpedia/sre-fundamentals-sla-vs-slo-vs-sli#sre-fundamentals?ts=markdown) * [SLA vs. SLO vs. SLI: A Comparative Framework](https://www.paloaltonetworks.com/cyberpedia/sre-fundamentals-sla-vs-slo-vs-sli#sla-vs-slo?ts=markdown) * [Breaking Down the Components: SLI, SLO, and SLA](https://www.paloaltonetworks.com/cyberpedia/sre-fundamentals-sla-vs-slo-vs-sli#components?ts=markdown) * [The Strategic Role of Error Budgets in SRE](https://www.paloaltonetworks.com/cyberpedia/sre-fundamentals-sla-vs-slo-vs-sli#strategic-role?ts=markdown) * [Best Practices for Implementing SRE Metrics](https://www.paloaltonetworks.com/cyberpedia/sre-fundamentals-sla-vs-slo-vs-sli#best-practices?ts=markdown) * [SRE Fundamentals FAQs](https://www.paloaltonetworks.com/cyberpedia/sre-fundamentals-sla-vs-slo-vs-sli#faqs?ts=markdown) * [What Is Observability in AI Models?](https://www.paloaltonetworks.com/cyberpedia/observability-in-ai-models?ts=markdown) * [Observability Explained](https://www.paloaltonetworks.com/cyberpedia/observability-in-ai-models#explained?ts=markdown) * [Observability Data Types](https://www.paloaltonetworks.com/cyberpedia/observability-in-ai-models#types?ts=markdown) * [Observability Tools for Cloud Security](https://www.paloaltonetworks.com/cyberpedia/observability-in-ai-models#tools?ts=markdown) * [Observability FAQs](https://www.paloaltonetworks.com/cyberpedia/observability-in-ai-models#faqs?ts=markdown) * [What Is OpenTelemetry (OTel)?](https://www.paloaltonetworks.com/cyberpedia/what-is-open-telemetry?ts=markdown) * [OpenTelemetry Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-open-telemetry#openTelemetry-explained?ts=markdown) * [The Three Pillars of OTel Signals](https://www.paloaltonetworks.com/cyberpedia/what-is-open-telemetry#the-three-pillars-of-OTel-signals?ts=markdown) * [Strategic Benefits and Advantages](https://www.paloaltonetworks.com/cyberpedia/what-is-open-telemetry#strategic-benefits-and-advantages?ts=markdown) * [Implementation Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-open-telemetry#implementation-best-practices?ts=markdown) * [OpenTelemetry FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-open-telemetry#OpenTelemetry-faq?ts=markdown) * [What Is High Cardinality in Observability?](https://www.paloaltonetworks.com/cyberpedia/what-is-high-cardinality?ts=markdown) * [High Cardinality Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-high-cardinality#explained?ts=markdown) * [Why High Cardinality Matters in Observability](https://www.paloaltonetworks.com/cyberpedia/what-is-high-cardinality#observability?ts=markdown) * [Cardinality vs. Dimensionality](https://www.paloaltonetworks.com/cyberpedia/what-is-high-cardinality#cardinality?ts=markdown) * [How High Cardinality Happens](https://www.paloaltonetworks.com/cyberpedia/what-is-high-cardinality#happens?ts=markdown) * [The Impact of High Cardinality on Observability Systems](https://www.paloaltonetworks.com/cyberpedia/what-is-high-cardinality#impact?ts=markdown) * [Example: How Cardinality Multiplies](https://www.paloaltonetworks.com/cyberpedia/what-is-high-cardinality#multiplies?ts=markdown) * [How to Reduce High Cardinality](https://www.paloaltonetworks.com/cyberpedia/what-is-high-cardinality#reduce?ts=markdown) * [Metrics vs. Logs vs. Traces for High-Cardinality Data](https://www.paloaltonetworks.com/cyberpedia/what-is-high-cardinality#metrics?ts=markdown) * [Best Practices for Managing High Cardinality](https://www.paloaltonetworks.com/cyberpedia/what-is-high-cardinality#practices?ts=markdown) * [Why High Cardinality Is a Governance Problem](https://www.paloaltonetworks.com/cyberpedia/what-is-high-cardinality#governance?ts=markdown) * [FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-high-cardinality#faq?ts=markdown) # What Is the Difference Between Observability and Monitoring? 5 min. read Table of contents * * [Observability vs. Monitoring Explained](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#explained?ts=markdown) * [Observability vs. Monitoring: Key Differences](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#differences?ts=markdown) * [Why Monitoring Alone Is No Longer Enough](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#why?ts=markdown) * [The Role of Telemetry in Observability](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#role?ts=markdown) * [Observability in Cloud Native and Kubernetes Environments](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#environments?ts=markdown) * [Observability and Security](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#security?ts=markdown) * [Observability for AI Systems](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#systems?ts=markdown) * [When to Use Monitoring](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#when?ts=markdown) * [When to Use Observability](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#use?ts=markdown) * [How Observability and Monitoring Work Together](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#how?ts=markdown) * [Benefits of Observability](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#benefits?ts=markdown) * [Challenges of Observability](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#challenges?ts=markdown) * [How to Build an Observability Strategy](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#strategy?ts=markdown) * [Observability vs. Monitoring FAQ](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#faqs?ts=markdown) 1. Observability vs. Monitoring Explained * * [Observability vs. Monitoring Explained](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#explained?ts=markdown) * [Observability vs. Monitoring: Key Differences](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#differences?ts=markdown) * [Why Monitoring Alone Is No Longer Enough](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#why?ts=markdown) * [The Role of Telemetry in Observability](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#role?ts=markdown) * [Observability in Cloud Native and Kubernetes Environments](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#environments?ts=markdown) * [Observability and Security](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#security?ts=markdown) * [Observability for AI Systems](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#systems?ts=markdown) * [When to Use Monitoring](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#when?ts=markdown) * [When to Use Observability](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#use?ts=markdown) * [How Observability and Monitoring Work Together](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#how?ts=markdown) * [Benefits of Observability](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#benefits?ts=markdown) * [Challenges of Observability](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#challenges?ts=markdown) * [How to Build an Observability Strategy](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#strategy?ts=markdown) * [Observability vs. Monitoring FAQ](https://www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences#faqs?ts=markdown) Observability and monitoring both help teams understand system health, but they are not the same. Monitoring tracks known conditions using predefined metrics, dashboards, and alerts. Observability helps teams investigate unknown issues by analyzing telemetry data, such as metrics, logs, traces, and events, to understand why a system is behaving a certain way. Key Points * **Monitoring detects known issues**: It tracks predefined metrics, thresholds, dashboards, and alerts. \* **Observability explains unknown behavior**: It helps teams investigate why complex systems fail, slow down, or behave unexpectedly. \* **Monitoring is part of observability**: Monitoring shows what happened; observability helps explain why it happened. \* **Modern systems need deeper visibility**: Cloud native, Kubernetes, microservices, and AI environments create problems static dashboards can miss. \* **Observability connects operations and security**: Shared telemetry helps teams detect issues, investigate incidents, and remediate faster. ## Observability vs. Monitoring Explained Monitoring is the practice of collecting and displaying predefined system data. It tells teams when something crosses a known threshold, such as CPU usage, memory consumption, application latency, uptime, error rate, or service availability. Observability is the ability to understand a system's internal state based on the data it produces. Observability is understanding systems through signals generated by instrumentation, not simply monitoring or dashboards. **In practical terms, monitoring answers:** "Is something wrong?" **Observability answers:** "Why is something wrong, where did it originate, what else is affected, and how do we fix it?" That distinction matters because modern systems rarely fail in simple, predictable ways. A customer-facing application may depend on dozens or hundreds of services, APIs, containers, databases, queues, and third-party systems. A single latency spike may originate from a code change, a saturated service, a misconfigured Kubernetes deployment, a broken dependency, or unexpected AI workload behavior. Monitoring may show that latency increased. Observability helps teams trace the issue across the system and understand the root cause. ## Observability vs. Monitoring: Key Differences | Area | Monitoring | Observability | | **Primary purpose** | Detect known issues | Investigate known and unknown issues | | **Main question** | "Is the system working?" | "Why is the system behaving this way?" | | **Data approach** | Predefined metrics, dashboards, alerts | Metrics, logs, traces, events, topology, context, and high-cardinality data | | **Best for** | Availability, uptime, threshold-based alerting | Root cause analysis, distributed troubleshooting, system understanding | | **Users** | Operations, infrastructure, NOC, IT teams | SRE, DevOps, platform engineering, developers, security, operations | | **Environment fit** | Traditional infrastructure and predictable systems | Cloud native, microservices, Kubernetes, AI, distributed environments | | **Alert model** | Static thresholds and known failure patterns | Contextual analysis and dynamic investigation | | **Outcome** | Detect and escalate | Diagnose, understand, prioritize, and remediate | |---------------------|----------------------------------------------------|-----------------------------------------------------------------------------| ## Why Monitoring Alone Is No Longer Enough Traditional monitoring was built for more predictable environments. Teams defined the conditions they cared about, created dashboards, and configured alerts for known failure states. That model still works for basic infrastructure health. The problem is that modern systems are more dynamic. Cloud native applications change constantly. Containers spin up and down. Microservices communicate across distributed environments. Kubernetes clusters generate high-cardinality telemetry. AI workloads introduce new performance, cost, latency, accuracy, and reliability challenges. In these environments, teams cannot always predict every failure mode in advance. Monitoring tools are typically built to oversee and enhance infrastructure and application performance, while observability is more deeply tied to the DevOps lifecycle and troubleshooting in cloud native environments. The reality is: if teams only monitor what they already know to watch, they stay blind to the problems they have not yet imagined. This is where observability comes into play. ## The Role of Telemetry in Observability [Telemetry](https://www.paloaltonetworks.com/cyberpedia/what-is-open-telemetry?ts=markdown) is the data emitted by systems, applications, infrastructure, and services. Observability depends on this telemetry to help teams understand behavior across distributed environments. Common telemetry types include: | Telemetry Type | What It Shows | Why It Matters | | **Metrics** | Numeric measurements over time | Tracks trends, thresholds, service health, and performance | | **Logs** | Time-stamped records of events | Provides detailed context about application and system behavior | | **Traces** | End-to-end request paths | Shows how requests move across services and where delays occur | | **Events** | Discrete system or user actions | Helps correlate changes, deployments, failures, and incidents | | **Profiles** | Resource usage at code or process level | Supports deep performance optimization | |----------------|-----------------------------------------|-----------------------------------------------------------------| The traditional "three pillars" of observability are metrics, logs, and traces. However, modern observability often requires more than those three signals. Teams also need context, correlation, topology, service ownership, high-cardinality data, and cost controls. More data does not automatically create better observability. The goal is not to collect everything. The goal is to collect useful telemetry that helps teams answer better questions faster. ## Observability in Cloud Native and Kubernetes Environments Cloud native environments create visibility challenges that traditional monitoring struggles to solve. Applications are distributed across containers, services, nodes, regions, and APIs. The infrastructure is constantly changing, which makes static dashboards and fixed thresholds less effective. In [Kubernetes](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes?ts=markdown) environments, observability helps teams understand: * Which service introduced latency * Which pod, node, or container is failing * Whether a deployment caused a regression * How resource limits affect application performance * Which dependencies are contributing to errors * Whether traffic patterns are normal or abnormal * How infrastructure changes affect user experience This is why observability is not just an operations function. It supports platform engineering, software development, site reliability engineering, [incident response](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response?ts=markdown), and increasingly, [security operations](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations?ts=markdown). ## Observability and Security Observability and security are increasingly connected because both depend on high-quality, real-time data. Security teams need visibility into applications, infrastructure, identities, workloads, APIs, and data flows. Operations teams need visibility into performance, reliability, dependencies, and system behavior. In modern environments, these questions often overlap. For example, an unusual performance spike may be caused by a normal usage increase, a misconfiguration, a broken deployment, or malicious activity. Without strong observability, teams may struggle to determine which one is true. Observability can help security and operations teams understand: * Whether a performance anomaly may indicate malicious activity * Which systems are affected during an incident * How a failure or attack moves across distributed systems * Whether a workload, API, or identity is behaving abnormally * Which remediation steps should be prioritized * How business-critical services are affected Telemetry is not just operational data. It can also provide security-relevant context. ## Observability for AI Systems AI applications introduce new observability requirements. Traditional metrics like uptime, latency, and error rate still matter, but AI systems require additional visibility into model behavior and application outcomes. AI observability may include tracking: * Model performance * Inference latency * Token usage * GPU utilization * Data quality * Retrieval performance * Hallucination risk * Drift * Bias * Agent behavior * User feedback * Cost per request AI systems can behave unpredictably because they depend on models, prompts, data pipelines, vector databases, retrieval systems, APIs, and user inputs. Monitoring may show that an AI application is online. Observability helps teams understand whether it is accurate, reliable, secure, cost-efficient, and behaving as intended. As organizations adopt AI applications and agentic workflows, observability becomes essential for reliability, governance, and security. ## When to Use Monitoring Monitoring is still necessary. No serious observability strategy replaces monitoring. That would be like throwing away the smoke alarm because you bought a smarter fire investigation system. Use monitoring to: * Track uptime and availability * Alert on known failure conditions * Measure service-level indicators * Watch infrastructure health * Track performance baselines * Detect threshold breaches * Escalate incidents quickly * Support compliance and reporting requirements Monitoring is most effective when teams already know what conditions matter and what thresholds require action. ## When to Use Observability Use observability when systems are too complex, dynamic, or distributed for predefined dashboards alone. Observability is especially important for: * [Microservices](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices?ts=markdown) * Kubernetes * [Cloud native](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native?ts=markdown) applications * AI applications * Distributed systems * High-scale SaaS platforms * Multi-cloud environments * [DevOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devops?ts=markdown) and SRE workflows * Root cause analysis * Incident response * Performance optimization * Security investigation Observability is most valuable when teams need to ask new questions without rebuilding dashboards or creating new metrics every time something breaks. ## How Observability and Monitoring Work Together Monitoring and observability should not be treated as opposing strategies. Monitoring is a subset of a broader observability practice. The goal is faster understanding and better action. A mature approach looks like this: | Step | Capability | Example | | **1. Detect** | Monitoring alert identifies an issue | Error rate exceeds threshold | | **2. Investigate** | Observability tools correlate telemetry | Trace shows failures tied to one service | | **3. Diagnose** | Teams identify root cause | Recent deployment caused timeout errors | | **4. Prioritize** | Teams assess blast radius and business impact | Checkout service affects revenue | | **5. Remediate** | Teams fix or automate response | Roll back deployment or adjust configuration | | **6. Learn** | Teams improve future detection | Add SLO, refine alert, update runbook | |--------------------|-----------------------------------------------|----------------------------------------------| ## Benefits of Observability A strong observability strategy helps organizations: * Reduce mean time to detect (MTtD) * Reduce mean time to repair ([MTTR](https://www.paloaltonetworks.com/cyberpedia/mean-time-to-repair-mttr?ts=markdown)) * Improve application reliability * Accelerate root cause analysis * [Reduce alert fatigue](https://www.paloaltonetworks.com/cyberpedia/how-to-reduce-security-alert-fatigue?ts=markdown) * Manage telemetry cost and volume * Improve developer productivity * Support [SRE fundamentals](https://www.paloaltonetworks.com/cyberpedia/sre-fundamentals-sla-vs-slo-vs-sli?ts=markdown) and DevOps practices * Strengthen security investigation * Improve customer experience * Increase resilience across cloud native systems * Support AI and agentic application visibility For CISOs and technology leaders, observability also supports risk reduction. Systems that cannot be understood cannot be reliably secured, governed, or remediated. ## Challenges of Observability Observability can become expensive and noisy when organizations collect everything without strategy. More telemetry does not automatically mean better visibility. Rather than simply "collecting more data," the answer is to collect the right data, preserve context, control cost, and make telemetry actionable. Common challenges include: | Challenge | Description | | **Telemetry volume** | Cloud native and AI systems generate massive amounts of data | | **Cost control** | Ingesting, storing, and querying telemetry can become expensive | | **Tool sprawl** | Teams may use disconnected monitoring, logging, tracing, and security tools | | **Alert fatigue** | Too many low-value alerts slow down incident response | | **Data context** | Telemetry without business, service, or security context is hard to act on | | **High cardinality** | Dynamic labels, services, users, and containers can overwhelm legacy systems | | **Skills gaps** | Teams need the right processes and expertise to use observability effectively | |----------------------|-------------------------------------------------------------------------------| ## How to Build an Observability Strategy Organizations should approach observability as both a technical capability and an operating model. Key steps include: 1. **Define critical services**: Identify the applications, workloads, APIs, and systems that matter most to customers and business operations. 2. **Establish service-level objectives**: Define reliability targets using SLIs, SLOs, and error budgets. 3. **Instrument applications and infrastructure**: Collect telemetry from applications, services, containers, cloud infrastructure, APIs, and AI systems. 4. **Correlate telemetry sources**: Connect metrics, logs, traces, events, profiles, and security signals so teams can investigate across domains. 5. **Prioritize high-value data**: Avoid collecting everything by default. Focus on telemetry that helps teams detect, diagnose, and remediate meaningful issues. 6. **Control telemetry cost**: Use filtering, aggregation, sampling, routing, and retention policies to manage high-volume data. 7. **Connect observability and security**: Align operational visibility with security investigation, threat detection, and incident response. 8. **Automate remediation where appropriate**: Use AI and automation to accelerate response while maintaining governance, human oversight, and control. ## Observability vs. Monitoring FAQ ### Is observability the same as monitoring? No. Monitoring tracks predefined metrics, dashboards, and alerts. Observability helps teams understand system behavior by analyzing telemetry data and investigating unknown problems. ### Is monitoring still needed if an organization has observability? Yes. Monitoring remains essential for detecting known issues. Observability expands monitoring by helping teams diagnose and understand complex or unexpected problems. ### What are the three pillars of observability? The traditional three pillars are metrics, logs, and traces. However, modern observability also depends on events, profiles, topology, service context, cost controls, and high-cardinality analysis. ### Why is observability important for cloud native systems? Cloud native systems are distributed, dynamic, and constantly changing. Observability helps teams understand service dependencies, trace requests, diagnose failures, and manage performance across complex environments. ### How does observability support cybersecurity? Observability provides real-time operational context that can help security teams identify anomalies, understand system behavior, assess blast radius, and prioritize remediation during incidents. ### Why does observability matter for AI? AI applications introduce new visibility challenges, including model performance, inference latency, token usage, data quality, agent behavior, GPU utilization, and drift. Observability helps teams understand and manage these systems in production. ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=Observability%20vs.%20Monitoring%3A%20Key%20Differences&body=Learn%20the%20difference%20between%20observability%20and%20monitoring%2C%20how%20each%20supports%20system%20reliability%2C%20and%20why%20modern%20cloud%20and%20AI%20environments%20require%20both.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/observability-vs-monitoring-key-differences) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-observability?ts=markdown) What Is Observability? Core Signals, Benefits, and Use Cases [Next](https://www.paloaltonetworks.com/cyberpedia/sre-fundamentals-sla-vs-slo-vs-sli?ts=markdown) What Are SRE Fundamentals: SLA vs SLO vs SLI? {#footer} Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/ai-security?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Next-Generation Identity Security](https://www.paloaltonetworks.com/idira?ts=markdown) * [Privileged Access Management](https://www.paloaltonetworks.com/idira/human/privileged-access-management?ts=markdown) * [Identity and Access Management](https://www.paloaltonetworks.com/idira/human/identity-and-access-management?ts=markdown) * [Endpoint Privilege Manager](https://www.paloaltonetworks.com/idira/human/endpoint-privilege-manager?ts=markdown) * [Identity Governance](https://www.paloaltonetworks.com/idira/human/identity-governance?ts=markdown) * [Workforce Password Management](https://www.paloaltonetworks.com/idira/human/workforce-password-management?ts=markdown) * [Agentic Identities](https://www.paloaltonetworks.com/idira/agentic?ts=markdown) * [Secrets Management](https://www.paloaltonetworks.com/idira/machine/secrets-management?ts=markdown) * [Unified Secrets Governance](https://www.paloaltonetworks.com/idira/machine/unified-secrets-governance?ts=markdown) * [Application Credentials Delivery](https://www.paloaltonetworks.com/idira/machine/application-credentials-delivery?ts=markdown) * [Vendor Privileged Access](https://www.paloaltonetworks.com/idira/human/vendor-privileged-access?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/certifications?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![Palo Alto Networks Logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language