[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Cloud Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security?ts=markdown) 3. [Cloud Native](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native?ts=markdown) 4. [What Is Threat Modeling?](https://www.paloaltonetworks.com/cyberpedia/threat-modeling?ts=markdown) Table of Contents * [What Is Cloud Native?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native?ts=markdown) * [Cloud Native Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native#explained?ts=markdown) * [History of Cloud Native](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native#history?ts=markdown) * [What Are Cloud-Native Applications?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native#applications?ts=markdown) * [What Is Cloud-Native Architecture?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native#architecture?ts=markdown) * [What Is Cloud-Native Application Development?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native#development?ts=markdown) * [Benefits of Cloud-Native Application Development](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native#benefits?ts=markdown) * [What Is a Cloud-Native Stack?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native#stack?ts=markdown) * [Cloud-Native Security Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native#challenges?ts=markdown) * [Cloud-Native FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native#faqs?ts=markdown) * What Is Threat Modeling? * [Threat Modeling Explained](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#threat?ts=markdown) * [Threat Modeling Frameworks](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#frameworks?ts=markdown) * [Threat Modeling: Four Question Framework](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#modeling?ts=markdown) * [Benefits of Threat Modeling in Modern Enterprise Security](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#benefits?ts=markdown) * [Threat Modeling Tools](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#tools?ts=markdown) * [Threat Modeling FAQs](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#faqs?ts=markdown) * [What Are Microservices?](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices?ts=markdown) * [Microservices Explained](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices#explained?ts=markdown) * [From Service-Oriented Architecture to Microservices](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices#service?ts=markdown) * [Benefits of Microservices](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices#benefits?ts=markdown) * [When to Use Microservices](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices#when?ts=markdown) * [Building and Deploying Microservices-Based Apps](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices#deploying?ts=markdown) * [Microservices Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices#best?ts=markdown) * [Adopting Microservices](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices#adopting?ts=markdown) * [Securing Microservices](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices#securing?ts=markdown) * [Microservices FAQs](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices#faqs?ts=markdown) * [What Is Cloud-Native Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native-security?ts=markdown) * [Cloud-Native Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native-security#explained?ts=markdown) * [Cloud Native Goes Beyond Fixed Perimeters](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native-security#perimeters?ts=markdown) * [Diagnostic Difficulties](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native-security#diagnostic?ts=markdown) * [Accelerating DevOps Velocity](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native-security#velocity?ts=markdown) * [Key Elements of Cloud-Native Security](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native-security#key?ts=markdown) * [Cloud Native-Security Strategies](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native-security#strategies?ts=markdown) * [Cloud-Native Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native-security#faqs?ts=markdown) * [What Is CNAPP?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform?ts=markdown) * [CNAPP Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform#cnapp?ts=markdown) * [Key Components of a CNAPP](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform#key?ts=markdown) * [CNAPP Architecture and Functionality](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform#architecture?ts=markdown) * [CNAPP Implementation Strategies](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform#implementation?ts=markdown) * [CNAPP Benefits](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform#benefits?ts=markdown) * [The AI-Enhanced CNAPP](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform#enhanced?ts=markdown) * [What's Next for CNAPP?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform#next?ts=markdown) * [Cloud-Native Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform#faqs?ts=markdown) * [What Is CSPM? | Cloud Security Posture Management Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management?ts=markdown) * [Cloud Security Posture Management Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management#cloud?ts=markdown) * [Why Is CSPM Important?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management#why?ts=markdown) * [How Does CSPM Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management#how?ts=markdown) * [The Evolution of CSPM](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management#the?ts=markdown) * [What Are Researchers Saying About CSPM?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management#what?ts=markdown) * [What Are the Benefits of CSPM?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management#benefits?ts=markdown) * [Cloud Security Posture Management (CSPM) FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management#faqs?ts=markdown) * [What Is Cloud Network Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-network-security?ts=markdown) * [Cloud Network Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-network-security#network-security?ts=markdown) * [Cloud Network Security](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-network-security#cns?ts=markdown) * [Kubernetes Network Security](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-network-security#kns?ts=markdown) * [Kubernetes Control Plane Security](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-network-security#control-plane-security?ts=markdown) * [Network Security Best Practices for Containers and Kubernetes](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-network-security#best-practice?ts=markdown) * [Cloud Network Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-network-security#faq?ts=markdown) * [CSP-Built Security Vs. Cloud-Agnostic Security](https://www.paloaltonetworks.com/cyberpedia/cloud-native-security-vs-3rd-party-security?ts=markdown) * [Cloud Security: The Technology Decision](https://www.paloaltonetworks.com/cyberpedia/cloud-native-security-vs-3rd-party-security#cloud?ts=markdown) * [Feature Set and Capabilities](https://www.paloaltonetworks.com/cyberpedia/cloud-native-security-vs-3rd-party-security#feature?ts=markdown) * [The Multicloud Challenge](https://www.paloaltonetworks.com/cyberpedia/cloud-native-security-vs-3rd-party-security#challenge?ts=markdown) * [Real-World Applications](https://www.paloaltonetworks.com/cyberpedia/cloud-native-security-vs-3rd-party-security#realworld?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/cyberpedia/cloud-native-security-vs-3rd-party-security#prisma-cloud?ts=markdown) * [Cloud-Native Security FAQs](https://www.paloaltonetworks.com/cyberpedia/cloud-native-security-vs-3rd-party-security#faqs?ts=markdown) * [What Is Microsegmentation?](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation?ts=markdown) * [Microsegmentation Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#micro?ts=markdown) * [Beyond Perimeter Security](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#beyond?ts=markdown) * [Network Segmentation Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#network?ts=markdown) * [How Microsegmentation Works](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#how?ts=markdown) * [Types of Microsegmentation](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#types?ts=markdown) * [Benefits of Microsegmentation](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#benefits?ts=markdown) * [Microsegmentation Use Cases](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#usecases?ts=markdown) * [Microsegmentation FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation#faqs?ts=markdown) * [Core Tenets of a Cloud Native Security Platform (CNSP)](https://www.paloaltonetworks.com/cyberpedia/core-tenets-of-a-cloud-native-security-platform?ts=markdown) * [What Is a Cloud Native Security Platform?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-security-platform?ts=markdown) * [What Does 'Cloud Native' Mean?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-security-platform#what?ts=markdown) * [The Beginnings of Cloud Native Security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-security-platform#beginning?ts=markdown) * [Enter Cloud Native Security Platforms](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-security-platform#enter?ts=markdown) * [CNSPs and the Future](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-security-platform#cnsp?ts=markdown) * [Cloud Native Security Platform FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-security-platform#faqs?ts=markdown) * [CSPM Tools: How to Evaluate and Select the Best Option](https://www.paloaltonetworks.com/cyberpedia/cspm-tools?ts=markdown) * [The Need for Cloud Security Posture Management Solutions](https://www.paloaltonetworks.com/cyberpedia/cspm-tools#need?ts=markdown) * [Components of CSPM Tools](https://www.paloaltonetworks.com/cyberpedia/cspm-tools#components?ts=markdown) * [How to Select the Right CSPM Solution](https://www.paloaltonetworks.com/cyberpedia/cspm-tools#how?ts=markdown) * [Common Challenges in Implementing CSPM](https://www.paloaltonetworks.com/cyberpedia/cspm-tools#common?ts=markdown) * [Cloud Security Posture Management (CSPM) FAQs](https://www.paloaltonetworks.com/cyberpedia/cspm-tools#faqs?ts=markdown) * [What is Platform as a Service (PaaS)?](https://www.paloaltonetworks.com/cyberpedia/platform-as-a-service-paas?ts=markdown) * [Benefits and Security Implications](https://www.paloaltonetworks.com/cyberpedia/platform-as-a-service-paas#benefits?ts=markdown) * [Platform as a Service FAQs](https://www.paloaltonetworks.com/cyberpedia/platform-as-a-service-paas#faqs?ts=markdown) * [What Is Serverless Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-serverless-security?ts=markdown) # What Is Threat Modeling? 2 min. read [Download The CNAPP Buyer's Guide](https://start.paloaltonetworks.com/cnapp-buyers-guide.html) Table of Contents * * [Threat Modeling Explained](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#threat?ts=markdown) * [Threat Modeling Frameworks](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#frameworks?ts=markdown) * [Threat Modeling: Four Question Framework](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#modeling?ts=markdown) * [Benefits of Threat Modeling in Modern Enterprise Security](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#benefits?ts=markdown) * [Threat Modeling Tools](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#tools?ts=markdown) * [Threat Modeling FAQs](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#faqs?ts=markdown) 1. Threat Modeling Explained * * [Threat Modeling Explained](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#threat?ts=markdown) * [Threat Modeling Frameworks](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#frameworks?ts=markdown) * [Threat Modeling: Four Question Framework](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#modeling?ts=markdown) * [Benefits of Threat Modeling in Modern Enterprise Security](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#benefits?ts=markdown) * [Threat Modeling Tools](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#tools?ts=markdown) * [Threat Modeling FAQs](https://www.paloaltonetworks.com/cyberpedia/threat-modeling#faqs?ts=markdown) Threat modeling is the structured practice of identifying potential threats, attack vectors, and system vulnerabilities before an attacker does. It evaluates architectural decisions and prioritizes mitigations based on adversarial goals, system design, and business context. At its core, threat modeling is security design thinking, applied with rigor. ## Threat Modeling Explained Threat modeling is the structured process of identifying, analyzing, and prioritizing potential threats to a system before they manifest as real-world attacks. It begins with a deep understanding of the system architecture, user roles, data flows, and trust boundaries. Threat modeling then uses this context to anticipate how adversaries might exploit design weaknesses or misconfigurations. Unlike [vulnerability scanning](https://www.paloaltonetworks.com/cyberpedia/vulnerability-scanning?ts=markdown) or penetration testing, which typically assess deployed systems, threat modeling operates earlier in the lifecycle, at the design and development phases. Taking this proactive measure allows organizations to architect defenses upstream, reducing remediation costs and narrowing the attack surface before a single line of code runs in production. At its core, threat modeling answers four questions: * What are we building? * What can go wrong? * What are we going to do about it? * How well are we doing? These questions frame a repeatable discipline that integrates into secure software development practices, cloud architectures, and enterprise risk programs. Modern threat modeling has evolved well beyond manual whiteboard exercises. Today's landscape includes automated modeling for [cloud-native](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native?ts=markdown) environments, adversarial simulation based on real-world Tactics, Techniques, and Procedures (TTPs), and integration with [continuous integration/continuous deployment (CI/CD) pipelines](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security?ts=markdown). As threats scale in speed and sophistication, threat modeling remains one of the few ways to inject foresight into system design, translating complexity into actionable security strategy. ## Threat Modeling Frameworks The security community has developed a variety of frameworks to structure threat modeling efforts. Each approach reflects different assumptions about attacker behavior, organizational risk appetite, and system complexity. The choice of framework affects not only how threats are identified but how they are prioritized and mitigated. ### CIA Method The CIA triad --- confidentiality, integrity, and availability --- remains foundational. A CIA-based threat model classifies assets according to which of the three properties they must preserve. The framework supports system-level thinking by guiding defenders to identify threat actors, likely attack paths, and areas where business impact would be intolerable. It works well in regulated industries where specific controls map to each property. ### Attack Trees Attack trees decompose attacker goals into a branching structure of subgoals and tactics. Each leaf node represents a possible exploit path, while parent nodes depict logical relationships. Attack trees force clarity on how an adversary might accomplish specific objectives. They are well-suited to technical audiences and lend themselves to quantitative analysis, including cost-benefit modeling and risk scoring. ### PASTA The Process for Attack Simulation and Threat Analysis (PASTA) is a seven-stage methodology that aligns business objectives with technical threats through attacker emulation. It includes detailed modeling of system components, threat intelligence mapping, and scenario-driven risk analysis. PASTA is heavy but rigorous --- appropriate for mature security teams with the time and resources to simulate realistic attacker behaviors before design finalization. ### Trike Trike takes a risk management--centric approach. It begins with a requirements model to define acceptable risk then maps threats in a deterministic fashion to risk levels. Unlike STRIDE or PASTA, Trike produces an explicit risk model that drives the entire process. It's tightly coupled to access control and is particularly valuable in environments that require strict assurance of role-based permissions. ### VAST The Visual, Agile, and Simple Threat modeling framework scales across large development organizations. VAST offers two modeling tracks: one for application threats and another for operational threats. It integrates tightly with DevOps pipelines and emphasizes visibility and automation. Unlike STRIDE or PASTA, VAST reduces abstraction to keep engineers engaged and non-security teams aligned. Its visual modeling tools support continuous, scalable adoption. ### Persona Non Grata This adversary-centric approach focuses on attacker personas --- distinct profiles that reflect capabilities, objectives, and motivations. By modeling attacks from the point of view of a defined adversary, the method contextualizes likely attack vectors and countermeasures. Persona Non Grata brings threat modeling closer to red teaming and adversary simulation. It's particularly effective for organizations seeking to emulate [advanced persistent threat (APT) behaviors](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt?ts=markdown). ### LINDDUN LINDDUN is a privacy-focused threat modeling framework. It identifies threats through six categories: linkability, identifiability, non-repudiation, detectability, information disclosure, content unawareness, and noncompliance. LINDDUN complements security threat models by accounting for data protection and regulatory requirements. It maps threats to data flow diagrams and provides mitigation guidance aligned with privacy engineering practices. It's favored in industries subject to [GDPR](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance?ts=markdown), [HIPAA](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa?ts=markdown), or [CCPA](https://www.paloaltonetworks.com/cyberpedia/ccpa?ts=markdown) mandates. ### STRIDE Microsoft's STRIDE framework identifies six categories of threats: spoofing, tampering, repudiation, information disclosure, [denial of service](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos?ts=markdown), and elevation of privilege. It maps each category to violations of the CIA triad or related security properties. STRIDE scales across software, services, and platforms and integrates well into agile development processes. It remains one of the most broadly adopted methodologies due to its prescriptive nature and alignment with security control libraries. ## Threat Modeling: Four Question Framework The most effective threat modeling programs anchor themselves in a structured inquiry. Regardless of the methodology, nearly all modern approaches converge on four critical questions. These questions identify the attack surface, expose system weaknesses, guide countermeasures, and measure program maturity. ### What Are We Building? The process begins with scoping. Teams must define the system or feature under analysis with precision, including identifying components, data flows, external dependencies, authentication boundaries, and environmental context. A diagram alone is insufficient unless it clearly captures trust boundaries, control points, and protocols in use. Stakeholders often miss third-party services, API integrations, and [serverless](https://www.paloaltonetworks.com/cyberpedia/what-is-serverless-security?ts=markdown) functions that fall outside the primary codebase but introduce lateral risk. Cloud-native architectures complicate this further by abstracting infrastructure behind orchestration layers, making it easy to overlook transient assets or ephemeral workloads. ### What Can Go Wrong? This question forces a shift from system designer to adversary. Teams use structured frameworks, such as STRIDE, attack trees, or kill-chain overlays, to identify threat events. Each event should tie to an attacker goal and exploit path, not a vague risk category. The analysis must include abuse cases, privilege escalation paths, misconfiguration scenarios, and indirect compromise routes. Realism is paramount. Threats that do not reflect current TTPs or attacker capabilities waste mitigation cycles. The best models ground their threat inventory in telemetry, threat intelligence, and prior incident patterns. ### What Are We Going to Do About It? Once threats are modeled, the next step is prioritization and control design. Not all threats require mitigation. Some are transferred, others accepted. Teams must weigh likelihood, impact, and detectability. Mitigations should align to the principle of[least privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access?ts=markdown), fail-safe defaults, secure-by-design architecture, and active monitoring. An effective mitigation plan includes security controls, architectural changes, testing requirements, and assurance measures. It also identifies residual risk and documents it for governance review. Integration with the development lifecycle at this stage is non-negotiable. Delay turns design flaws into production defects. ### How Well Are We Doing? The final question evaluates program health, considering factors such as coverage across applications and infrastructure, depth of threat analysis, effectiveness of mitigations, and stakeholder engagement. Maturity models such as BSIMM and OpenSAMM provide benchmarks, but meaningful assessment requires evidence: defects caught pre-deployment, security issues prevented by design, and lessons learned from real incidents reflected in updated models. Tooling plays a role, but it cannot replace human threat reasoning. The best programs embed feedback loops between threat modeling, code reviews, and red teaming. Security outcomes, not documentation, are the measure of success. ## Benefits of Threat Modeling in Modern Enterprise Security A modern threat model is not a checklist. It's a mechanism to interrogate assumptions, test defenses, and continuously evolve your organization's understanding of risk. Done right, it aligns security priorities with business objectives and exposes blind spots before adversaries can exploit them. ### Improves Security Architecture Design Threat modeling supports design-level security by surfacing architectural weaknesses before systems are built or deployed. Preemptive visibility enables engineers to choose stronger patterns, reduce attack surface, and apply compensating controls intelligently. ### Enhances Risk Management and Communication When threat modeling is embedded into the [development lifecycle](https://www.paloaltonetworks.com/cyberpedia/what-is-secure-software-development-lifecycle?ts=markdown), it creates structured documentation of assets, trust boundaries, attack vectors, and mitigations. These outputs help security leaders communicate risk in concrete, business-relevant terms, giving executives clarity on exposure and investment needs. ### Enables Prioritized Remediation By identifying attack paths and assigning severity to threats based on likelihood and impact, threat models enable teams to focus on the highest-value mitigations. Doing so prevents wasted effort on theoretical edge cases and guides the security budget to areas with real-world payoff. ### Drives Cross-Functional Alignment Threat modeling requires input from engineering, security, compliance, and business stakeholders. That collaboration fosters shared ownership and accelerates consensus. When a product team and a CISO can agree on what constitutes an acceptable risk, friction decreases and velocity improves. ### Supports Regulatory and Insurance Readiness Well-documented threat models satisfy evidence requirements for security certifications, audits, and cyber insurance underwriting. They demonstrate due diligence in risk identification and mitigation, reducing premiums and ensuring faster approvals. ### Improves Incident Response Preparedness Understanding likely attack vectors in advance allows [incident response](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response?ts=markdown) teams to prebuild detection logic, escalation flows, and response playbooks tailored to the organization's real threat landscape. Focused readiness reduces dwell time and limits blast radius when attacks do occur. ### Enables Continuous Security Maturity Threat modeling is not a one-time exercise. When done iteratively, it reveals how security postures evolve over time and how adversary techniques adapt in response. A consistent feedback loop fosters a proactive, learning-oriented security culture --- one capable of anticipating threats, not just reacting to them. ## Threat Modeling Tools Effective threat modeling at enterprise scale requires repeatable, automation-assisted processes. The right tools accelerate modeling, enforce consistency, and integrate with engineering workflows. Selection depends on organizational maturity, regulatory requirements, and development environment. ### Manual and Semi-Automated Tools Many teams start with diagram-centric tools that support structured modeling and documentation. * **Microsoft Threat Modeling Tool**: Based on STRIDE, it offers stencils for data flows, threat generation templates, and mitigation tracking. Suitable for teams already embedded in Microsoft ecosystems but limited in extensibility and modern CI/CD integration. * **OWASP Threat Dragon**: Open-source and platform-agnostic, this tool emphasizes collaborative threat modeling with clean visual interfaces. It supports export formats and allows in-browser modeling, but lacks enterprise-grade automation and integration hooks. * **draw.io and Lucidchart with custom templates** : These general-purpose diagramming tools can be adapted for threat modeling, especially in early or informal use cases. Their flexibility comes at the cost of traceability, threat libraries, and risk-scoring automation. ### Developer-Centric Modeling Tools Embedding threat modeling into code pipelines requires tools that integrate with version control and [DevOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devops?ts=markdown) platforms. * **IriusRisk**: A robust platform for scalable, model-driven security. It allows importing architecture diagrams, automatically generates threat models using industry-standard libraries (including CAPEC and CWE), and integrates with Jira, GitHub, and CI/CD pipelines. It supports role-based access, audit trails, and compliance mapping. * **Threagile** : A lightweight, YAML-based modeling tool that generates threat models from code-defined assets and data flows. Suited for [DevSecOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops?ts=markdown) teams favoring [infrastructure as code (IaC)](https://www.paloaltonetworks.com/cyberpedia/what-is-iac?ts=markdown), it offers PDF or HTML reports with mitigation recommendations. Requires architectural fluency and strong documentation discipline. * **PyTM** : A Python-based DSL for threat modeling that programmatically defines systems and automatically outputs diagrams and threats. Ideal for teams looking to codify modeling logic directly into development cycles but demands engineering investment and Python fluency. ### Automated Threat Enumeration and Analysis Tools Tools in this category leverage[artificial intelligence (AI)](https://www.paloaltonetworks.com/cyberpedia/artificial-intelligence-ai?ts=markdown)and [machine learning (ML)](https://www.paloaltonetworks.com/cyberpedia/machine-learning-ml?ts=markdown), threat intelligence feeds, or simulation engines to surface vulnerabilities and risk patterns dynamically. * **ThreatModeler**: Tailored for large enterprises, it features real-time threat libraries, asset inheritance logic, and cloud service mappings (e.g., AWS, Azure). Integrates directly with infrastructure scanning tools and ticketing platforms. Provides high-fidelity, audit-ready reports and supports compliance benchmarking. * **CAIRIS (Computer Aided Integration of Requirements and Information Security)** : Built for research and advanced modeling, CAIRIS maps usability, risk, and security concepts through persona-driven use cases. While powerful, it requires steep learning curves and is best suited to academic or heavily regulated environments. ### Selection Criteria for Enterprise Use Tool choice must reflect operational context, threat landscape complexity, and integration requirements. * **Scalability**: Can the tool support hundreds of assets and complex architectures across hybrid environments? * **Integration**: Does it plug into DevOps pipelines, asset inventories, ticketing systems, and governance dashboards? * **Automation Capabilities**: Can the tool suggest mitigations, import design data, or update models continuously based on environmental drift? * **Customizability**: Are libraries extensible? Can custom threat patterns, scoring schemes, and report formats be defined? * **Security and Compliance Mapping** : Does the platform align models with ISO 27001, NIST 800-53, [SOC 2](https://www.paloaltonetworks.com/cyberpedia/soc-2?ts=markdown), or industry-specific controls? Tools that fail to integrate will be bypassed. Tools that overburden engineers will be ignored. The right platform supports --- not slows --- modern security practices. ## Threat Modeling FAQs ### Why is threat modeling necessary? Threat modeling provides a structured approach to anticipating how systems will be attacked before adversaries reach them. It forces clarity on architecture, asset value, trust boundaries, and attacker capabilities. Without modeling, most security decisions are reactive, driven by compliance timelines or post-incident forensics. Proactive threat modeling inserts strategic foresight into the development and operational lifecycle, anchoring security investments in real-world adversary behaviors rather than theoretical coverage checklists. ### What are the benefits of threat modeling? Threat modeling improves system design, prioritizes high-value mitigations, and accelerates secure delivery. It helps teams align security actions with business goals by exposing the highest-risk paths to compromise. When institutionalized, threat modeling reduces time to remediation, lowers total cost of control, and produces artifacts valuable for audits, insurance assessments, and board reporting. It also cultivates shared understanding across security, engineering, and leadership functions. ### Does threat modeling require special software? No, but specialized software enables scale, traceability, and integration. Small teams can begin with whiteboarding or simple diagramming tools, but mature programs benefit from platforms that automate threat generation, integrate with CI/CD pipelines, link to [vulnerability scanners](https://www.paloaltonetworks.com/cyberpedia/vulnerability-scanning?ts=markdown), and map to frameworks such as [NIST](https://www.paloaltonetworks.com/cyberpedia/nist?ts=markdown) or \[MITRE ATT\&CK\](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack#:~:text=MITRE%20ATT%26CK%20(Adversarial%20Tactics%2C%20Techniques,improve%20detection%20and%20prevention%20strategies.?ts=markdown). Tools like IriusRisk, ThreatModeler, and Threagile accelerate consistency and allow models to evolve with systems over time. ### What is involved in the threat modeling process? A complete threat modeling process defines what is being modeled, maps trust boundaries, identifies assets and actors, surfaces threats using structured frameworks, and documents mitigations. Common frameworks include STRIDE, PASTA, and LINDDUN. The process should include security architects, developers, and product owners. Threats are prioritized based on impact and exploitability and then matched with practical countermeasures. The model is a living artifact, reviewed regularly and updated as systems change. ### How do I measure the effectiveness of threat modeling? Effectiveness is measured by how often threat models influence design decisions, reduce remediation costs, or prevent incidents. Quantitative metrics include number of mitigated high-severity threats per model, reduction in post-deployment vulnerabilities, time-to-model completion, and alignment with compliance control objectives. Qualitatively, effective threat modeling drives earlier security engagement, improves cross-team alignment, and results in higher-quality incident response plans tied to modeled threats. ### Is threat modeling available as a service? Yes. Several cybersecurity consultancies and platform vendors offer threat modeling as a service (TMaaS). These services provide expert facilitators, reusable libraries, and structured deliverables. TMaaS is valuable for organizations lacking in-house expertise or those launching secure-by-design initiatives under tight timelines. Services may be project-based or subscription-driven, and often include tooling, playbook development, and training. Quality varies; effective providers tailor models to real system architectures, not generic templates. Related Content [Cloud Detection and Response Buyer's Guide Cloud detection and response (CDR) solutions stop attacks in their tracks. Understand must-have features and important questions to ask when evaluating solutions.](https://www.paloaltonetworks.com/resources/guides/cloud-detection-and-response-cdr-buyers-guide?ts=markdown) [The Essentials of Cloud Detection and Response (CDR) CDR is an emerging toolset designed to prevent cloud attacks, surface real-time threats, and automate response across your multi-cloud environment.](https://www.paloaltonetworks.com/resources/whitepapers/cdr-essentials?ts=markdown) [State of Cloud-Native Security Report Over 3,000 cloud security and DevOps professionals identify their challenges, how they handle them and what they've learned in the process.](https://www.paloaltonetworks.com/state-of-cloud-native-security?ts=markdown) [Cortex Cloud Workload Protection Cortex Cloud combines runtime protection with vulnerability management and compliance to secure any cloud-native workload across build, deploy and run.](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Threat%20Modeling%3F&body=Threat%20modeling%20identifies%20security%20threats%20before%20attacks%20happen.%20Learn%20how%20it%20works%2C%20why%20it%20matters%2C%20and%20which%20frameworks%20and%20tools%20help%20build%20safer%20systems.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/threat-modeling) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native?ts=markdown) What Is Cloud Native? [Next](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices?ts=markdown) What Are Microservices? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language