[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Security Operations](https://www.paloaltonetworks.com/cyberpedia/security-operations?ts=markdown) 3. [Security Operations](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations?ts=markdown) 4. [What is SOC as a Service (SOCaaS)?](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service?ts=markdown) Table of Contents * [What Is Security Operations (SecOps)? Comprehensive Guide](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations?ts=markdown) * [Security Operations (SecOps) Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations#secops?ts=markdown) * [The Pillars of Modern SecOps: People, Process, and Technology](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations#pillars?ts=markdown) * [Example Scenario: Incident Response to a Malware Alert](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations#example?ts=markdown) * [Proactive Security Operations Examples](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations#proactive?ts=markdown) * [Technology: Core Tools for the SOC](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations#technology?ts=markdown) * [Core Components and Functions of the SOC](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations#core?ts=markdown) * [SecOps vs. DevOps vs. DevSecOps](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations#vs?ts=markdown) * [Security Operations FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations#faqs?ts=markdown) * [What Is a Security Operations Center (SOC)?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc?ts=markdown) * [SOC Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#soc?ts=markdown) * [SOC Roles and Responsibilities](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#roles?ts=markdown) * [Key SOC Functions and Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#key?ts=markdown) * [SOC Delivery Models](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#models?ts=markdown) * [How Does a MSSP Differ from a SOC?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#mssp-differ-from-soc?ts=markdown) * [Best Practices for Optimizing SOC Performance](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#best?ts=markdown) * [The Future SOC Solution](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#future?ts=markdown) * [Security Operations Center (SOC) FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#faqs?ts=markdown) * [How Do I Deploy SecOps Automation?](https://www.paloaltonetworks.com/cyberpedia/guide-to-deploying-secops-automation?ts=markdown) * [Preparing for SecOps Automation](https://www.paloaltonetworks.com/cyberpedia/guide-to-deploying-secops-automation#preparing?ts=markdown) * [Start Simple with High-Impact Tasks](https://www.paloaltonetworks.com/cyberpedia/guide-to-deploying-secops-automation#start?ts=markdown) * [Automation Benefits for Organizations of All Sizes](https://www.paloaltonetworks.com/cyberpedia/guide-to-deploying-secops-automation#automation?ts=markdown) * [Peer Review and Approval](https://www.paloaltonetworks.com/cyberpedia/guide-to-deploying-secops-automation#peer?ts=markdown) * [Secure a Champion for Automation](https://www.paloaltonetworks.com/cyberpedia/guide-to-deploying-secops-automation#secure?ts=markdown) * [Defining Automation Use Cases](https://www.paloaltonetworks.com/cyberpedia/guide-to-deploying-secops-automation#defining?ts=markdown) * [Example Use Cases: Phishing and Malware](https://www.paloaltonetworks.com/cyberpedia/guide-to-deploying-secops-automation#example?ts=markdown) * [Selecting the Right SOAR Platform](https://www.paloaltonetworks.com/cyberpedia/guide-to-deploying-secops-automation#selecting?ts=markdown) * [SOAR Deployment and Use Cases FAQs](https://www.paloaltonetworks.com/cyberpedia/guide-to-deploying-secops-automation#faqs?ts=markdown) * [Security Operations Center (SOC) Roles and Responsibilities](https://www.paloaltonetworks.com/cyberpedia/soc-roles-and-responsibilities?ts=markdown) * [The SOC Team: Roles and Responsibilities](https://www.paloaltonetworks.com/cyberpedia/soc-roles-and-responsibilities#the?ts=markdown) * [What Is the Role of a Security Operations Center (SOC)?](https://www.paloaltonetworks.com/cyberpedia/soc-roles-and-responsibilities#what?ts=markdown) * [What Are Best Practices for a Winning SOC Team?](https://www.paloaltonetworks.com/cyberpedia/soc-roles-and-responsibilities#best?ts=markdown) * [SOC Roles and Responsibilities FAQs](https://www.paloaltonetworks.com/cyberpedia/soc-roles-and-responsibilities#faqs?ts=markdown) * What is SOC as a Service (SOCaaS)? * [Which Cyber Threats are Monitored by SOCaaS?](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#which?ts=markdown) * [The Need Managed Security Services](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#need?ts=markdown) * [What are the Benefits of SOC as a Service (SOCaaS)?](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#what?ts=markdown) * [Factors to Consider When Designing a SOC](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#factors?ts=markdown) * [Why a Managed SOC is Important](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#important?ts=markdown) * [Challenges of a Managed SOC](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#challenges?ts=markdown) * [SOC as a service FAQs](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#faqs?ts=markdown) * [How Do I Improve SOC Effectiveness?](https://www.paloaltonetworks.com/cyberpedia/how-do-i-improve-soc-effectiveness?ts=markdown) * [Top Priorities for Improving SOC Effectiveness](https://www.paloaltonetworks.com/cyberpedia/how-do-i-improve-soc-effectiveness#top?ts=markdown) * [Integrating Threat Intelligence to Enhance SOC Effectiveness](https://www.paloaltonetworks.com/cyberpedia/how-do-i-improve-soc-effectiveness#integrating?ts=markdown) * [Security Tools that Improve SOC Effectiveness](https://www.paloaltonetworks.com/cyberpedia/how-do-i-improve-soc-effectiveness#security?ts=markdown) * [How Reports and Dashboards Improve SOC Effectiveness](https://www.paloaltonetworks.com/cyberpedia/how-do-i-improve-soc-effectiveness#how?ts=markdown) * [Investing in Training and Development Programs](https://www.paloaltonetworks.com/cyberpedia/how-do-i-improve-soc-effectiveness#investing?ts=markdown) * [How to Improve SOC Effectiveness FAQs](https://www.paloaltonetworks.com/cyberpedia/how-do-i-improve-soc-effectiveness#faqs?ts=markdown) * [How AI-Driven SOC Solutions Transform Cybersecurity: Cortex XSIAM](https://www.paloaltonetworks.com/cyberpedia/revolutionizing-soc-operations-with-ai-soc-solutions?ts=markdown) * [How Cortex XSIAM 2.0 Revolutionizes Security Operations](https://www.paloaltonetworks.com/cyberpedia/revolutionizing-soc-operations-with-ai-soc-solutions#operations?ts=markdown) * [Cortex XSIAM Solutions and Advantages](https://www.paloaltonetworks.com/cyberpedia/revolutionizing-soc-operations-with-ai-soc-solutions#cortex-xsiam-solutions-and-advantages?ts=markdown) * [Addressing Critical Issues in Current SOC Solutions](https://www.paloaltonetworks.com/cyberpedia/revolutionizing-soc-operations-with-ai-soc-solutions#addressing-critical-issues?ts=markdown) * [How Cortex XSIAM Transforms the SOC](https://www.paloaltonetworks.com/cyberpedia/revolutionizing-soc-operations-with-ai-soc-solutions#how?ts=markdown) * [Distinctive Features of Cortex XSIAM](https://www.paloaltonetworks.com/cyberpedia/revolutionizing-soc-operations-with-ai-soc-solutions#features?ts=markdown) * [Comprehensive SOC Solutions: Single Platform Delivery Highlights](https://www.paloaltonetworks.com/cyberpedia/revolutionizing-soc-operations-with-ai-soc-solutions#highlights?ts=markdown) * [Integrated Capabilities: The XSIAM Solutions Delivery](https://www.paloaltonetworks.com/cyberpedia/revolutionizing-soc-operations-with-ai-soc-solutions#capabilities?ts=markdown) * [Ready to Transform Your Cybersecurity Landscape?](https://www.paloaltonetworks.com/cyberpedia/revolutionizing-soc-operations-with-ai-soc-solutions#cybersecurity-landscape?ts=markdown) # What is SOC as a Service (SOCaaS)? 5 min. read Table of Contents * * [Which Cyber Threats are Monitored by SOCaaS?](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#which?ts=markdown) * [The Need Managed Security Services](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#need?ts=markdown) * [What are the Benefits of SOC as a Service (SOCaaS)?](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#what?ts=markdown) * [Factors to Consider When Designing a SOC](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#factors?ts=markdown) * [Why a Managed SOC is Important](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#important?ts=markdown) * [Challenges of a Managed SOC](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#challenges?ts=markdown) * [SOC as a service FAQs](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#faqs?ts=markdown) 1. Which Cyber Threats are Monitored by SOCaaS? * * [Which Cyber Threats are Monitored by SOCaaS?](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#which?ts=markdown) * [The Need Managed Security Services](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#need?ts=markdown) * [What are the Benefits of SOC as a Service (SOCaaS)?](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#what?ts=markdown) * [Factors to Consider When Designing a SOC](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#factors?ts=markdown) * [Why a Managed SOC is Important](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#important?ts=markdown) * [Challenges of a Managed SOC](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#challenges?ts=markdown) * [SOC as a service FAQs](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#faqs?ts=markdown) Security operations center as a service (SOCaaS) is a cloud-based subscription model for managed threat detection and response that includes best-in-class [SOC](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc?ts=markdown) solutions and capabilities to help fill in gaps on existing security teams. ## Which Cyber Threats are Monitored by SOCaaS? Like a traditional, on-premises SOC, SOCaaS includes 24/7 monitoring, threat detection, prevention and analysis of your attack surface, including internet traffic, corporate networks, desktops, servers, [endpoint](https://www.paloaltonetworks.com/cyberpedia/what-is-an-endpoint?ts=markdown) devices, databases, applications, cloud infrastructure, firewalls, threat intelligence, intrusion prevention, and [Security Information and Event Management (SIEM)](https://www.paloaltonetworks.com/cyberpedia/what-is-siem?ts=markdown) systems. Cyberthreats include [ransomware](https://www.paloaltonetworks.com/cyberpedia/what-is-ransomware?ts=markdown), [denial of service](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos?ts=markdown) (DoS), [distributed denial of service](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack?ts=markdown) (DDoS), [malware](https://www.paloaltonetworks.com/cyberpedia/what-is-malware?ts=markdown), [phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing?ts=markdown), [smishing](https://www.paloaltonetworks.com/cyberpedia/what-is-smishing?ts=markdown), insider threats, [credential theft](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack?ts=markdown), zero days and more. ## The Need Managed Security Services ![Why do organizations need managed services for security operations?](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/cyberpedia-cortex-SOC-as-a-service_1.png "Why do organizations need managed services for security operations?") In their research report, [SOC Modernization and the Role of XDR](https://www.paloaltonetworks.com/resources/research/esg-xdr-and-soc-modernization?ts=markdown) Enterprise Strategy Group found that more than half (55%) want security services so they can focus security personnel on strategic security initiatives. Others believe managed service providers can accomplish things that their organization simply cannot, with 52% believing service providers can provide better security operations than their organization can; 49% saying a managed service provider can augment their SOC team; and 42% admitting that their organization doesn't have adequate skills for security operations ![Why do organizations need managed services for security operations?](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/cyberpedia-cortex-SOC-as-a-service_2.png "Why do organizations need managed services for security operations?") Source: [SOC Modernization and the Role of XDR Enterprise Security Group (ESG)](https://www.paloaltonetworks.com/resources/research/esg-xdr-and-soc-modernization?ts=markdown) [](https://www.paloaltonetworks.com/resources/research/esg-xdr-and-soc-modernization?ts=markdown) [](https://www.paloaltonetworks.com/resources/research/esg-xdr-and-soc-modernization?ts=markdown) ## What are the Benefits of SOC as a Service (SOCaaS)? Outsourcing security operations and information security management provides a handful of benefits, including the following: * Cost reductions * Faster detection and more efficient remediation to help streamline security events * Access to best-of-breed security solutions * Reducing the burden on internal SecOps teams * Continuous monitoring * Speeding up detection/response to deliver high-confidence alerts and reduce alert fatigue * Minimizing turnover and reducing security analyst burnout; removing mundane tasks * Reduced complexity * Lower cyber risk * Enhanced business scalability and agility Conversely, issues from legacy SOC environments can include: * Lack of visibility and context * Increased complexity of investigations * Lack of interoperability of systems * Lack of automation and orchestration * Inability to collect, process and contextualize threat intelligence data. * Alert fatigue/noise from the high-volume, low-fidelity alerts of security controls Further key benefits of SOCaaS are outlined as follows: ### Continuous Protection Security analysts can monitor for alerts, events and indicators of compromise (IoCs). Integrate high-fidelity threat intelligence and actionable threat and impact reports. Learn from analytics and threat detection across all data sources to generate high-fidelity leads for threat hunting. ### Faster response times Faster response times help to reduce dwell time and improve both mean time to investigate (MTTI) and mean time to remediate (MTTR). ### Threat Prevention and Threat Hunting SOCaaS allows teams to proactively examine environments for attacker tactics, techniques and procedures (TTPs) to help identify new vulnerabilities that may exist in your infrastructure. ### Security Expertise and Coverage While SOCs come in many incarnations, they can consist of [roles and responsibilities](https://www.paloaltonetworks.com/cyberpedia/soc-roles-and-responsibilities?ts=markdown) to include a SOC lead, incident responder, and Tier 1-3 security analyst(s). Additional specialized roles may include security engineers, vulnerability managers, threat hunters, forensic investigators and compliance auditors. ### Adherence to Compliance and Regulation Mandates Key SOC monitoring capabilities are integral to enterprise compliance, especially following regulations that require particular security monitoring functions and mechanisms, such as [GDPR](https://www.paloaltonetworks.com/cyberpedia/how-the-next-generation-security-platform-contributes-to-gdpr-compliance?ts=markdown) and [CCPA](https://www.paloaltonetworks.com/cyberpedia/ccpa?ts=markdown). Sectors such as healthcare, financial and retail have their own sets of compliance to proactively manage risk and navigate regulatory changes. These include [HIPAA](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa?ts=markdown), FINRA and [PCI](https://www.paloaltonetworks.com/cyberpedia/pci-dss?ts=markdown) to safeguard the integrity of data and personal information from compromise. ### Optimize Security Teams Beyond investing in security solutions and tools, the most important factor in any successful SOC will remain the human element. While [machine learning](https://www.paloaltonetworks.com/cyberpedia/machine-learning-ml?ts=markdown) and automation will undoubtedly improve overall outcomes like response times, accuracy and remediation --- especially for low-level, repetitive tasks --- attracting, training and retaining security personnel, including engineers, security analysts and architects, needs to be baked into any cohesive SOC transformation strategy. ## Factors to Consider When Designing a SOC There are numerous ways of designing and operating a SOC. In their paper, [Security Operations Center: A Systematic Study and Open Challenges](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9296846), Manfred Vielberth, Fabian Böh, Ines Fichtinger and Günther Pernul outline some factors that influence SOC operating models and various factors that can come into play when choosing to implement one. * **Company strategy:** The overall business and IT strategy should be consulted to determine which operating model fits best. A SOC strategy should be defined before selecting the respective operating mode. * **Industry sector:** The industry sector in which a company mainly operates largely influences the scope of the SOC required. * **Size:** The size of a company also has an impact on the decision since a small company might not be able to set up and run a SOC on its own or might not even require a rigorously defined SOC. * **Cost:** The costs of internally implementing and maintaining a SOC must be compared with the costs of outsourcing security operations. Initially, deploying an in-house SOC might be more expensive, but such an option might turn out to be more cost-effective in the long term. Costs of finding, hiring and training SOC staff constitute a significant factor, especially since they might increase due to growing skill shortages and increasing market demand. * **Time:** It takes a considerable amount of time to set up a SOC. Therefore, alignment with organizational plans and timelines is necessary. Additionally, the time to set up a SOC should be compared to the time needed for outsourcing it. * **Regulations:** Depending on the industry sector, different regulations must be considered. Some might enforce the implementation of an operational SOC; others might forbid the outsourcing of SOC operations altogether, or at least to specific providers who do not comply with the respective regulations. * **Privacy:** Privacy also falls under regulation and must be respected whenever dealing with personal data. * Availability: Availability requirements should be considered. Most of the time, the goal is to have a SOC operational 24/7, year-round. * **Management support:** Management support is of crucial importance when setting up a dedicated SOC. If management is not committed, and the benefits of a SOC are not communicated to upper management, the team might not get the resources needed. * **Integration:** The capabilities of an internal SOC need to be integrated with other IT departments, whereas, in an external SOC, the provider needs to be integrated to get all the data needed. * **Data loss concerns:** The SOC is most often a central place where a substantial amount of sensitive data is processed. Internal SOCs need to be highly secured, while an external SOC requires a trusted provider who can ensure that the data is secured against intellectual property theft as well as accidental loss. * **Expertise:** It takes time and money to build up expertise. The required skills for operating a SOC are not easy to find. Recruitment and retention of personnel is a crucial factor for internal SOCs. However, the necessary skills are already present for external SOC providers. Especially in the context of SOCs, having an insight into different companies might give SOC providers a knowledge advantage. However, companies should be aware that outsourcing reduces in-house knowledge. ## Why a Managed SOC is Important Similar to on-premises and hybrid SOCs, managed SOCs come in different types. Like their counterparts, they can monitor an organization's threat landscape, including their IT network, devices, applications, endpoints (attack surface) and data for known and evolving vulnerabilities, threats and risks. Managed SOC services typically come in two models: * Managed Security Services Providers (MSSPs) that operate SOCs in the cloud and use automated processes * [Managed Detection and Response (MDR)](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response?ts=markdown) that relies more on direct human involvement which exceeds basic prevention to enable proactive and advanced activities like threat hunting. Choosing a managed SOC option can help reduce the complexity of managing and maintaining an internal SOC, especially for small-to-midsize enterprises. The same is true for finding professional security staff to build and run a SOC that meets the ever-increasing IT security requirements and mandates. Hiring external security experts allows organizations to immediately scale their coverage and bolster their security posture with access to threat monitoring and research databases, which can result in a better return on investment (ROI) than a homegrown SOC. With threat actors embracing their own forms of digital transformation and taking advantage of automation, organizations need security operations that can keep pace. Managed security providers can offer uninterrupted coverage and guaranteed service via service level agreements (SLAs) that define the scope and delivery of services, including required software updates and patches as they become available or countermeasures against a new threat are ready to implement. ## Challenges of a Managed SOC While outsourcing security operations has numerous benefits, challenges and limitations may exist, which is why it's critical to conduct your due diligence when comparing services, solutions and SLAs. ### Onboarding Managed SOC providers typically rely on their own security stack. As such, these solutions must be configured and deployed within a customer's environment before the provider can start providing services. The transition during the onboarding process can be time-consuming and may result in potential risk exposure during this vulnerable phase. ### Sharing of Critical Data An organization's SOC-as-a-service provider needs access to gather insights into an organization's network to identify and respond to potential threats. To achieve this, the organization needs to send large amounts of sensitive data and intelligence to its service provider. Yet, releasing control of potentially sensitive information can make enterprise [data security](https://www.paloaltonetworks.com/cyberpedia/what-is-data-security?ts=markdown) and risk management more challenging, exposing vulnerabilities during this phase. ### Storing data Outside the Organization Storing sensitive threat data and analysis externally poses a potential risk of both data leaks and data loss if the SOC's cyber defenses are compromised or if you part ways with the service provider. While you can usually keep track of threat alerts in-house, most of the data is processed outside the perimeter, which limits your ability to store and analyze extended historical data about detected threats and possible [data breaches](https://www.paloaltonetworks.com/cyberpedia/data-breach?ts=markdown). ### Cost of Log Delivery SOC-as-a-service providers commonly operate their cybersecurity solutions on-site using data feeds and network taps from their customers' networks. This means that log files and other alert data are generated and stored on the provider's network and systems. Gaining access to full-log data from a managed SOC provider can be expensive for an organization. ### No Dedicated IT Security Team The roles, responsibilities and scope can differ between organizations, creating a disconnect if applying a one-size-fits-all approach vs. forming a team that is well-versed in the nuanced, unique environments and infrastructure of each client. An external SOC team may not offer customization of services as some may be shared among multiple customers, which can negatively impact efficiencies. ### Limited Knowledge of the Organization's Specific Business In servicing multiple customers and sharing SOC resources, managed SOC providers may miss possible gaps in an environment, not fully understanding an organization's business processes and procedures to protect them properly. ### Regulatory and Compliance Considerations The regulatory landscape is rapidly growing more complex, and organizations need to put into place security controls and policies to achieve and demonstrate compliance. While a managed SOC provider may offer support for regulatory compliance, the use of a third-party provider may complicate compliance requirements, requiring trust in a service provider to fulfill their compliance-related duties. ### Limited Options to Customize Services An external SOC rarely offers complete customization of the services offered as they are shared among multiple customers. The limited customization options can result in reduced efficiency across the organization's departments and the inability to properly protect certain endpoints, networks and other parts of the security infrastructure. Overall, a dedicated SOC that provides organizations with multiple benefits, including continuous network monitoring, centralized visibility, reduced cybersecurity costs, and better collaboration means you can't go wrong. Cybercriminals will never take a break, and neither should you. For an overview of a Security Operation Center (SOC), read [What is a SOC?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc?ts=markdown) ## SOC as a service FAQs ### How does SOC as a Service (SOCaaS) work? SOC as a Service (SOCaaS) is a subscription-based offering where a third-party provider manages and monitors an organization's security operations center (SOC). It continuously monitors security events, threat detection, incident response, and reporting. SOCaaS leverages advanced tools, technologies, and expertise to identify and mitigate potential security threats in real time, often providing 24/7 coverage. ### What are the benefits of using SOC as a Service? The benefits of SOC as a Service include reduced costs compared to maintaining an in-house SOC, access to specialized cybersecurity expertise and advanced technologies, faster threat detection and response, and the ability to scale security operations as needed. It also allows organizations to focus on their core business activities while ensuring comprehensive cybersecurity coverage. ### How does SOC as a Service differ from traditional SOC? Unlike a traditional SOC, which is managed internally by the organization, SOC as a Service is outsourced to a third-party provider. This approach eliminates the need for significant infrastructure, staffing, and technology investments. SOCaaS providers offer flexible and scalable solutions, advanced threat intelligence, and continuous monitoring, typically at a lower cost and faster deployment times than a traditional SOC. ### What types of organizations can benefit from SOC as a Service? Organizations of all sizes can benefit from SOC as a Service, particularly small to medium-sized enterprises (SMEs) that lack the resources to build and maintain their own SOC. It is also ideal for companies with limited cybersecurity expertise, those looking to augment their security team, or organizations requiring 24/7 monitoring and rapid response capabilities. ### What should organizations consider when choosing a SOC as a Service provider? When choosing a SOC as a Service provider, organizations should consider factors such as the provider's experience and reputation, the range of services offered, the level of threat detection and response capabilities, integration with existing security tools, compliance with industry standards, and transparency in reporting and communication. Additionally, they should assess the provider's ability to scale services according to their specific needs. Related Content [What Is Managed Detection and Response (MDR)? MDR services powered by Cortex XDR \& Unit 42^®^](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response?ts=markdown) [Managed the Detection and Response page MDR built on Cortex XDR offers superior detection and response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) [MDR Buyers Toolkit Your guide for choosing Managed Detection and Response services](https://www.paloaltonetworks.com/resources/datasheets/mdr-buyers-toolkit?ts=markdown) [Unit 42 Strikes Oil in MITRE Engenuity Managed Services Evaluation MITRE Engenuity's first-ever ATT\&CK^®^ Evaluations for managed services.](https://www.paloaltonetworks.com/blog/2022/11/unit-42-mitre-managedservices-2022/?ts=markdown) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20is%20SOC%20as%20a%20Service%20%28SOCaaS%29%3F&body=Enhance%20security%20with%20SOC%20as%20a%20Service.%20Learn%20how%20outsourced%20Security%20Operations%20Centers%20provide%20real-time%20threat%20detection%2C%20monitoring%2C%20and%20incident%20response.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/soc-as-a-service) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/soc-roles-and-responsibilities?ts=markdown) Security Operations Center (SOC) Roles and Responsibilities [Next](https://www.paloaltonetworks.com/cyberpedia/how-do-i-improve-soc-effectiveness?ts=markdown) How Do I Improve SOC Effectiveness? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language