[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Cloud Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security?ts=markdown) 3. [API Security](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security?ts=markdown) 4. [What Is Unrestricted Resource Consumption?](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption?ts=markdown) Table of Contents * [What Is API Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security?ts=markdown) * [API Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security#api?ts=markdown) * [Definition of an API](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security#definition?ts=markdown) * [Why API Security Is Important](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security#why?ts=markdown) * [Traditional Approach to Web Application Security](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security#traditional?ts=markdown) * [Anatomy of an API Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security#anatomy?ts=markdown) * [API Security Risks](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security#risks?ts=markdown) * [API Security for SOAP, REST and GraphQL](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security#graphql?ts=markdown) * [API Security Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security#best?ts=markdown) * [Cortex Cloud's API Security Solution](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security#prisma?ts=markdown) * [API Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security#faqs?ts=markdown) * [What Is API Endpoint Security](https://www.paloaltonetworks.com/cyberpedia/api-endpoint-security?ts=markdown) * [Threats Targeting Endpoints](https://www.paloaltonetworks.com/cyberpedia/api-endpoint-security#threats?ts=markdown) * [How to Secure API Endpoints](https://www.paloaltonetworks.com/cyberpedia/api-endpoint-security#secure?ts=markdown) * [Endpoint Protection Strategies](https://www.paloaltonetworks.com/cyberpedia/api-endpoint-security#endpoint?ts=markdown) * [Building Endpoint-Aware API Security Programs](https://www.paloaltonetworks.com/cyberpedia/api-endpoint-security#programs?ts=markdown) * [API Endpoint Security FAQs](https://www.paloaltonetworks.com/cyberpedia/api-endpoint-security#faqs?ts=markdown) * What Is Unrestricted Resource Consumption? * [API4:2023 - Unrestricted Resource Consumption Explained](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#api4?ts=markdown) * [Understanding Unrestricted Resource Consumption in API Security](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#understanding?ts=markdown) * [How Unrestricted Resource Consumption Manifests in Real-World APIs](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#how?ts=markdown) * [The Business Impact of Unrestricted Resource Consumption](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#consumption?ts=markdown) * [Identifying Unrestricted Resource Consumption in Your APIs](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#identifying?ts=markdown) * [Preventing Unrestricted Resource Consumption: Best Practices](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#preventing?ts=markdown) * [Unrestricted Resource Consumption FAQs](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#faqs?ts=markdown) * [API Security Monitoring](https://www.paloaltonetworks.com/cyberpedia/api-security-monitoring?ts=markdown) * [What to Monitor: Traffic, Sessions, Anomalies, Threats](https://www.paloaltonetworks.com/cyberpedia/api-security-monitoring#monitor?ts=markdown) * [Services and Tools for Monitoring APIs](https://www.paloaltonetworks.com/cyberpedia/api-security-monitoring#services?ts=markdown) * [Response Mechanisms: Threat Detection, Response, Remediation for APIs](https://www.paloaltonetworks.com/cyberpedia/api-security-monitoring#response?ts=markdown) * [Ensuring the Best API Security Posture with Monitoring and Continuous Improvement](https://www.paloaltonetworks.com/cyberpedia/api-security-monitoring#ensuring?ts=markdown) * [Building a Monitoring-Driven API Security Lifecycle](https://www.paloaltonetworks.com/cyberpedia/api-security-monitoring#building?ts=markdown) * [API Security Monitoring FAQs](https://www.paloaltonetworks.com/cyberpedia/api-security-monitoring#faqs?ts=markdown) * [What Is Broken Function Level Authorization?](https://www.paloaltonetworks.com/cyberpedia/broken-function-level-authorization?ts=markdown) * [API5:2023 - Broken Function Level Authorization Explained](https://www.paloaltonetworks.com/cyberpedia/broken-function-level-authorization#broken?ts=markdown) * [Understanding Broken Function Level Authorization in API Security](https://www.paloaltonetworks.com/cyberpedia/broken-function-level-authorization#understanding?ts=markdown) * [How Broken Function Level Authorization Manifests in Real-World APIs](https://www.paloaltonetworks.com/cyberpedia/broken-function-level-authorization#how?ts=markdown) * [The Business Impact of Broken Function Level Authorization](https://www.paloaltonetworks.com/cyberpedia/broken-function-level-authorization#business?ts=markdown) * [Identifying Broken Function Level Authorization in Your APIs](https://www.paloaltonetworks.com/cyberpedia/broken-function-level-authorization#identifying?ts=markdown) * [Preventing Broken Function Level Authorization: Best Practices](https://www.paloaltonetworks.com/cyberpedia/broken-function-level-authorization#preventing?ts=markdown) * [Broken Function Level Authorization FAQs](https://www.paloaltonetworks.com/cyberpedia/broken-function-level-authorization#faqs?ts=markdown) * [What Is Unrestricted Access to Sensitive Business Flows?](https://www.paloaltonetworks.com/cyberpedia/unrestricted-access-sensitive-business-flows?ts=markdown) * [API6:2023 - Unrestricted Access to Sensitive Business Flows Explained](https://www.paloaltonetworks.com/cyberpedia/unrestricted-access-sensitive-business-flows#explained?ts=markdown) * [Understanding Unrestricted Access to Sensitive Business Flows in API Security](https://www.paloaltonetworks.com/cyberpedia/unrestricted-access-sensitive-business-flows#understanding?ts=markdown) * [How Unrestricted Access to Sensitive Business Flows Manifests in Real-World APIs](https://www.paloaltonetworks.com/cyberpedia/unrestricted-access-sensitive-business-flows#how?ts=markdown) * [The Business Impact of Unrestricted Access to Sensitive Business Flows](https://www.paloaltonetworks.com/cyberpedia/unrestricted-access-sensitive-business-flows#flows?ts=markdown) * [Identifying Unrestricted Access to Sensitive Business Flows in Your APIs](https://www.paloaltonetworks.com/cyberpedia/unrestricted-access-sensitive-business-flows#identifying?ts=markdown) * [Preventing Unrestricted Access to Sensitive Business Flows: Best Practices](https://www.paloaltonetworks.com/cyberpedia/unrestricted-access-sensitive-business-flows#preventing?ts=markdown) * [Unrestricted Access to Sensitive Business Flows FAQs](https://www.paloaltonetworks.com/cyberpedia/unrestricted-access-sensitive-business-flows#faqs?ts=markdown) * [What Is Broken Object Property Level Authorization?](https://www.paloaltonetworks.com/cyberpedia/broken-object-property-level-authorization?ts=markdown) * [API3:2023 - Broken Object Property Level Authorization Explained](https://www.paloaltonetworks.com/cyberpedia/broken-object-property-level-authorization#explained?ts=markdown) * [Understanding Broken Object Property Level Authorization](https://www.paloaltonetworks.com/cyberpedia/broken-object-property-level-authorization#understanding?ts=markdown) * [How Broken Object Property Level Authorization Manifests in Real-World APIs](https://www.paloaltonetworks.com/cyberpedia/broken-object-property-level-authorization#how?ts=markdown) * [The Business Impact of Broken Object Property Level Authorization](https://www.paloaltonetworks.com/cyberpedia/broken-object-property-level-authorization#business?ts=markdown) * [Identifying Broken Object Property Level Authorization in Your APIs](https://www.paloaltonetworks.com/cyberpedia/broken-object-property-level-authorization#identifying?ts=markdown) * [Preventing Broken Object Property Level Authorization: Best Practices](https://www.paloaltonetworks.com/cyberpedia/broken-object-property-level-authorization#preventing?ts=markdown) * [Broken Object Property Level Authorization FAQs](https://www.paloaltonetworks.com/cyberpedia/broken-object-property-level-authorization#faqs?ts=markdown) * [Cloud API Security: Strategy for the DevOps Era](https://www.paloaltonetworks.com/cyberpedia/cloud-api-security-strategy?ts=markdown) * [The Role of API Keys and Secrets in Cloud APIs --- Risks and Misuses](https://www.paloaltonetworks.com/cyberpedia/cloud-api-security-strategy#role?ts=markdown) * [The Gateway Layer in Cloud APIs: Why a Web API Security Gateway Is Critical](https://www.paloaltonetworks.com/cyberpedia/cloud-api-security-strategy#gateway?ts=markdown) * [Monitoring and Protecting APIs in Real Time in Cloud/DevOps Contexts](https://www.paloaltonetworks.com/cyberpedia/cloud-api-security-strategy#monitoring?ts=markdown) * [Strategy Checklist: Best Practices for Cloud API Security in DevOps](https://www.paloaltonetworks.com/cyberpedia/cloud-api-security-strategy#strategy?ts=markdown) * [Conclusion: Bridging DevOps Velocity with Secure API Posture](https://www.paloaltonetworks.com/cyberpedia/cloud-api-security-strategy#conclusion?ts=markdown) * [Cloud API Security FAQs](https://www.paloaltonetworks.com/cyberpedia/cloud-api-security-strategy#faqs?ts=markdown) * [API Security Checklist for Modern Application Teams](https://www.paloaltonetworks.com/cyberpedia/api-security-checklist?ts=markdown) * [Discover and Classify All APIs](https://www.paloaltonetworks.com/cyberpedia/api-security-checklist#discover?ts=markdown) * [Apply Core API Security Controls](https://www.paloaltonetworks.com/cyberpedia/api-security-checklist#apply?ts=markdown) * [Protect API Data at Every Layer](https://www.paloaltonetworks.com/cyberpedia/api-security-checklist#protect?ts=markdown) * [Secure API Endpoints and Runtime Behavior](https://www.paloaltonetworks.com/cyberpedia/api-security-checklist#secure?ts=markdown) * [Continuously Monitor, Test, and Improve](https://www.paloaltonetworks.com/cyberpedia/api-security-checklist#monitor?ts=markdown) * [Building Resilience Through Systematic Execution](https://www.paloaltonetworks.com/cyberpedia/api-security-checklist#resilience?ts=markdown) * [API Security Checklist FAQs](https://www.paloaltonetworks.com/cyberpedia/api-security-checklist#faqs?ts=markdown) * [What Is Broken Authentication?](https://www.paloaltonetworks.com/cyberpedia/broken-authentication-api2?ts=markdown) * [API2:2023 - Broken Authentication Explained](https://www.paloaltonetworks.com/cyberpedia/broken-authentication-api2#API2-2023?ts=markdown) * [Understanding Broken Authentication in API Security](https://www.paloaltonetworks.com/cyberpedia/broken-authentication-api2#understanding?ts=markdown) * [How Broken Authentication Manifests in Real-World APIs](https://www.paloaltonetworks.com/cyberpedia/broken-authentication-api2#broken?ts=markdown) * [The Business Impact of Broken Authentication](https://www.paloaltonetworks.com/cyberpedia/broken-authentication-api2#business?ts=markdown) * [Identifying Broken Authentication in Your APIs](https://www.paloaltonetworks.com/cyberpedia/broken-authentication-api2#identifying?ts=markdown) * [Preventing Broken Authentication: Best Practices](https://www.paloaltonetworks.com/cyberpedia/broken-authentication-api2#preventing?ts=markdown) * [Broken Authentication FAQs](https://www.paloaltonetworks.com/cyberpedia/broken-authentication-api2#faqs?ts=markdown) # What Is Unrestricted Resource Consumption? 4 min. read Table of Contents * * [API4:2023 - Unrestricted Resource Consumption Explained](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#api4?ts=markdown) * [Understanding Unrestricted Resource Consumption in API Security](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#understanding?ts=markdown) * [How Unrestricted Resource Consumption Manifests in Real-World APIs](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#how?ts=markdown) * [The Business Impact of Unrestricted Resource Consumption](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#consumption?ts=markdown) * [Identifying Unrestricted Resource Consumption in Your APIs](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#identifying?ts=markdown) * [Preventing Unrestricted Resource Consumption: Best Practices](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#preventing?ts=markdown) * [Unrestricted Resource Consumption FAQs](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#faqs?ts=markdown) 1. API4:2023 - Unrestricted Resource Consumption Explained * * [API4:2023 - Unrestricted Resource Consumption Explained](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#api4?ts=markdown) * [Understanding Unrestricted Resource Consumption in API Security](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#understanding?ts=markdown) * [How Unrestricted Resource Consumption Manifests in Real-World APIs](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#how?ts=markdown) * [The Business Impact of Unrestricted Resource Consumption](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#consumption?ts=markdown) * [Identifying Unrestricted Resource Consumption in Your APIs](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#identifying?ts=markdown) * [Preventing Unrestricted Resource Consumption: Best Practices](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#preventing?ts=markdown) * [Unrestricted Resource Consumption FAQs](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#faqs?ts=markdown) Unrestricted resource consumption, ranked fourth on the OWASP API Security Risk list, occurs when an API fails to limit a client's consumption of system resources such as CPU, memory, storage, or network bandwidth. Attackers exploit this failure by sending high-volume requests or large payloads, leading to denial of service (DoS), degraded performance, and significant financial costs from increased cloud infrastructure or third-party service usage. ## API4:2023 - Unrestricted Resource Consumption Explained Attackers frequently exploit unrestricted resources as a distraction. By crashing a specific service or flooding logs with error messages, they can overwhelm a security team's attention, making it easier to slip through other more surgical attacks --- [data exfiltration](https://www.paloaltonetworks.com/cyberpedia/data-exfiltration?ts=markdown), for example. In cloud environments, infrastructure often scales automatically to meet demand. Without limits, exploitation will trigger the [cloud service provider](https://www.paloaltonetworks.com/cyberpedia/cloud-service-provider?ts=markdown) to spin up more resources, leading to a massive, unexpected bill in an attack rightly known as denial of wallet (DoW). ### Resource Consumption in API Architectures API resource usage rarely scales linearly with request volume. Execution paths diverge based on input, business logic, and downstream dependencies, which makes CPU consumption unpredictable. Memory pressure grows as services allocate transient objects, queues, and buffers during execution. Payload size, not request count, often dictates network cost, while storage absorbs uploads, logs, and cached artifacts long after requests complete. External services add a separate cost vector through per-transaction billing from providers such as SendGrid, Jumio, or Stripe. Downstream amplification defines the real risk. A single GraphQL mutation can trigger dozens of database queries through resolver fan-out. Image ingestion endpoints frequently spawn multiple processing jobs to generate derivatives at different resolutions. Webhook delivery systems extend execution windows through retry logic and exponential backoff. Resource impact compounds as control flows branch. ### Vulnerability Surface in Cloud-Native Systems Elastic infrastructure conceals abusive consumption until financial thresholds are breached. Autoscaling introduces additional compute capacity automatically. Serverless functions execute without fixed limits. Object storage accepts unbounded uploads. Content delivery networks distribute responses globally, masking origin load patterns. Consumption-based pricing shifts the threat model. Attackers don't need to disrupt availability to cause damage. Sustained, legitimate-looking traffic that drives expensive execution paths achieves the same effect through billing exhaustion. ### Beyond Traditional Rate Limiting Request counting offers little protection against high-cost execution. Rate limits evaluate frequency within a time window while ignoring what each request triggers internally. An attacker can remain compliant with request thresholds while forcing paid API calls or heavy compute on every execution. Resource-aware controls evaluate cost, not volume. Enforcement thresholds account for downstream API charges, memory allocation, compute duration, and storage growth. GraphQL exposes the weakness clearly. One HTTP request containing hundreds of mutations bypasses rate limits while consuming significant memory and compute through batched execution. ### Dual Impact: Technical and Financial Unchecked resource consumption crashes services through memory exhaustion or CPU saturation. Concurrent attacks burn through monthly cloud budgets in hours. A forgotten development API key calling a production facial recognition service can generate six-figure bills before anyone notices. The vulnerability strikes infrastructure resilience and organizational solvency simultaneously. ## Understanding Unrestricted Resource Consumption in API Security Integral to [API security](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security?ts=markdown), API resource management requires visibility into what your infrastructure actually consumes during request processing. Limits must account for technical constraints and business economics across every resource dimension. ### Computational Resource Types CPU time determines how many concurrent requests your API can handle before response times degrade. A single bcrypt hash can consume roughly 100 milliseconds of processor time per authentication attempt, while image pipelines invoke vectorized operations for resizing and format conversion. [Machine learning](https://www.paloaltonetworks.com/cyberpedia/machine-learning-ml?ts=markdown) inference endpoints raise the stakes by loading large models into memory and executing tensor operations that monopolize cores. Each operation competes for processor cycles. Memory allocation patterns matter more than total RAM. A video transcoding job may reserve 4 GB of memory for the duration of processing, which means ten concurrent jobs exhaust 40 GB before accounting for overhead. Heap growth increases garbage collection frequency, and stop-the-world pauses degrade latency across unrelated requests. In long-running services, even modest leaks accumulate into systemic instability. Connection handling introduces another constraint. File descriptors govern how many simultaneous sockets, files, and outbound connections a process can maintain. Every database session, HTTP call, and upload consumes one. Linux systems often default to 1,024 descriptors per process, which proves inadequate for APIs that maintain persistent connections. A WebSocket service supporting 2,000 concurrent clients requires explicit tuning or risks rejecting traffic under normal load. Process limits cap parallelism at the operating system level. Application servers such as Gunicorn spawn worker processes based on CPU availability, while background systems like Celery fork processes to execute tasks. Once those limits are reached, job queues stall and request handling degrades into deadlock scenarios. ### Network and Storage Resources Bandwidth consumption multiplies when APIs serve media files or accept large uploads. A 50 MB video upload from 1000 concurrent users consumes 50 GB of ingress bandwidth. CDN egress bills accumulate when APIs serve downloadable content. [DDoS](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack?ts=markdown) protection services charge per gigabyte scrubbed. Cloud storage systems bill for capacity, requests, and data transfer. S3 charges per PUT request. Glacier retrieval carries per-GB fees and requires hours for access. Object storage costs appear predictable until an attacker uploads terabytes of junk data or requests archived content repeatedly. ### Third-Party Service Economics External dependencies convert abusive behavior into immediate financial exposure. Communications, identity verification, geolocation, and payment services all operate on transaction-based pricing models. Twilio bills per message, SendGrid per email, Plaid per verification, and Stripe Connect takes a percentage of each transaction. Abuse rarely looks malicious at first. Automated password reset requests quietly drain SMS balances. A leaked API key invokes a geocoding service thousands of times per minute. Charges accrue faster than operational teams can respond, and invoices arrive long after the activity stops. In those scenarios, technical misuse becomes a budgeting incident before it ever triggers a security alert. ### Layered Protection Requirements Defense requires limits at every boundary. While application code validates input sizes before processing begins, [API gateways](https://www.paloaltonetworks.com/cyberpedia/what-is-api-gateway?ts=markdown) act as the first line of defense by enforcing request quotas per client. [Container orchestrators](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration?ts=markdown) cap memory and CPU per pod, and cloud [IAM](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management?ts=markdown) policies further restrict the services an instance can invoke. To catch what these technical controls might miss, automated spending alerts flag runaway costs. Relying on a single layer is a gamble, as attackers are adept at finding the gaps between them. For example, a gateway's rate limits are easily bypassed by GraphQL batching, which packs multiple queries into a single request. Similarly, malicious uploads can exhaust application memory even if the gateway performs basic size checks. Protection requires instrumenting every component that allocates resources so that no single vulnerability can bring down the system. ## How Unrestricted Resource Consumption Manifests in Real-World APIs Vulnerabilities emerge where APIs lack enforceable boundaries on resource allocation. Attackers probe for missing controls across computational, storage, and financial dimensions. ### Execution and Memory Boundaries APIs without execution timeouts allow requests to run indefinitely. A complex search query can, for example, scan millions of records. A report generation endpoint can process years of transaction data. Imagine the possibilities --- worker threads staying occupied, new requests queuing while resources drain. Memory allocation goes unchecked when APIs process user-controlled data without size validation. A JSON parser loads a 2 GB payload into memory. An XML parser expands a zip bomb. Image processing libraries allocate buffers based on declared dimensions rather than actual file size, causing the application to exhaust heap space and crash. ### System-Level Resource Exhaustion When file descriptor limits are reached, cascading failures begin. An API opens database connections for each request but never closes them. WebSocket endpoints maintain thousands of idle connections. During processing, uploaded files stay open. Eventually, the operating system refuses new connections, health checks fail, orchestrators restart the container, and the cycle repeats. Process spawning without limits creates fork bombs. For each task, background job processors spawn workers. When an attacker queues thousands of jobs, the system allocates processes until kernel limits trigger, hanging all applications on the host. ### Third-Party Service Exploitation Without spending controls, SMS verification flows become cost weapons. An attacker automates password reset requests across millions of accounts, triggering a Twilio API call at five cents for each one. Overnight attacks generate high and painful charges that finance teams discover only when monthly bills close. Email delivery services face similar abuse. Welcome email endpoints send through SendGrid at 0.3 cents per message. As attackers register fake accounts continuously, the email queue backlog grows and reputation scores drop when spam filters flag the volume. ### GraphQL Operation Stacking GraphQL's flexible query language enables attackers to pack hundreds of operations into a single request. Where an upload mutation runs once in legitimate traffic, an attacker sends 999 mutations in one HTTP POST. Traditional rate limiting sees one request while the server processes 999 image uploads, exhausting memory and killing the application. Nested queries amplify resource consumption similarly. A single query requests user data, which requests posts, which requests comments, which requests author details. At 50 levels of query depth, the database executes thousands of JOINs, climbing from 100 milliseconds to 30 seconds in response time. ### Storage and Bandwidth Cost Spikes When sizes exceed CDN limits, large file operations bypass caching. A video platform caches files under 15 GB. Requesting an 18 GB file repeatedly, an attacker forces each request to hit origin servers. At $0.09 per GB, AWS charges for bandwidth add up. ## The Business Impact of Unrestricted Resource Consumption While many security risks focus on stealing data, resource exhaustion attacks focus on breaking the service or its financial viability. ### Service Availability and Technical Cascades Memory exhaustion crashes application servers, draining database connection pools and causing load balancers to mark backends unhealthy. Autoscaling groups launch replacement instances, but new pods fail health checks immediately---the service enters a crash loop and revenue stops flowing. Through [microservice architectures](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices?ts=markdown), cascading failures propagate with devastating effect. When an overloaded authentication service returns 503 errors, downstream APIs retry aggressively with exponential backoff. These retry storms amplify the original problem, tripping circuit breakers across the platform. Recovery requires coordinated restarts and cache warming. ### Direct Financial Exposure Cloud infrastructure bills reflect actual consumption. By triggering SMS verifications through Twilio, an attacker generates charges immediately. When finance reviews statements, companies discover thousands of dollars in overnight spending or in monthly bills. AWS data transfer costs accumulate per gigabyte. An S3 bucket receiving automated uploads grows from 500 GB to 50 TB, compounding storage fees with retrieval charges. Third-party API dependencies carry per-transaction costs that scale linearly with abuse. Email delivery, payment processing, identity verification, and geolocation services are all billed per call. While rate limiting protects request counts, it doesn't cap spending when each request costs money. ### Operational Response Burden When resource attacks trigger alerts, incident response teams mobilize. Engineers debug crash loops at 3 AM. Security teams analyze traffic patterns. Finance investigates unexpected charges. Product teams communicate with affected customers. Across multiple departments, each incident burns staff hours. Service restoration requires coordinated effort---teams deploy emergency patches, infrastructure scales to handle legitimate backlog, customer support handles complaints, and executive leadership manages public communications. The operational cost exceeds direct infrastructure spending. ### Customer Trust Degradation Before outages occur, users experience slow response times. API calls time out, mobile apps show loading spinners indefinitely, and web dashboards freeze. Assuming the platform is unreliable, customers evaluate competitors while enterprise clients question SLAs. When performance problems persist, revenue churn accelerates. To disable rival services during peak demand, competitors weaponize resource attacks. Product launches fail and marketing campaigns drive traffic to unavailable systems. When availability metrics slip, market position erodes. ## Identifying Unrestricted Resource Consumption in Your APIs Detection requires systematic testing across request patterns, payload characteristics, and runtime behavior. To surface vulnerabilities before attackers exploit them, security teams need both active probing and passive monitoring. ### Request Pattern Validation Rate-limiting tests verify whether endpoints enforce request frequency controls. Send 1,000 requests per second against an authentication endpoint and measure how many succeed before throttling activates. Check whether limits apply per IP address, per user token, or globally, and examine HTTP 429 responses for proper Retry-After headers. GraphQL endpoints require operation-counting tests. Send a single HTTP request containing 500 mutation operations, and check whether the server processes all operations or enforces a batch limit. Query depth testing reveals nested query vulnerabilities---a user query requesting posts requesting comments requesting authors requesting posts creates infinite recursion when depth limits don't exist. Concurrent request flooding exposes thread pool exhaustion. Launch 10,000 simultaneous connections to a file upload endpoint and monitor how the application handles connection saturation. Look for graceful degradation versus complete failure while tracking file descriptor consumption through system monitoring tools. ### Payload Boundary Testing At multiple layers, file upload endpoints need size validation tests. Submit a 10 GB file to an endpoint advertising a 5 MB limit. Check whether the application is rejected at the API gateway, application layer, or storage layer. Some systems accept the upload before validating the size, consuming resources during transfer. Request body size tests expose JSON and XML parser vulnerabilities. Send a 100 MB JSON payload with deeply nested objects while monitoring memory consumption during parsing---some libraries load entire payloads before validating structure. Array length testing reveals whether APIs limit collection sizes. A product search accepting an array of 50,000 SKUs might execute 50,000 database queries. ### Runtime Resource Monitoring Under load, memory profiling tools track allocation patterns. JVM heap dumps show which objects consume space, Go's pprof reveals goroutine leaks, and Python's memory\_profiler identifies retention issues. Given that gradual growth signals leaks, you'll want to compare memory usage between single requests and sustained load. CPU profiling identifies expensive operations. Flame graphs visualize where processors spend cycles. A password hashing operation consuming 200ms per request limits throughput to five requests per second per core, while image processing operations spike CPU when handling oversized uploads. ### Third-Party Service and Cost Tracking At integration points, API call tracking requires instrumentation. Log every Twilio, SendGrid, or Stripe invocation with request metadata, then aggregate calls per endpoint, per user, and per time window. Alert when volumes exceed historical baselines. Some organizations implement shadow billing, where internal systems predict costs before monthly invoices arrive. Cloud cost allocation tags help attribute spending to specific APIs or features. Security teams should tag S3 buckets by owning service, track Lambda invocation counts and duration, and monitor CloudFront data transfer per distribution. Note that spending spikes indicate abuse or misconfiguration. Tools like Locust and k6 simulate attack patterns through load testing. Configure scenarios that mirror real exploitation: sustained high-volume requests, burst traffic, or operation batching. Chaos engineering platforms like Gremlin inject resource constraints to test resilience. ## Preventing Unrestricted Resource Consumption: Best Practices Effective protection requires controls at every layer where resources are allocated. Defense starts with infrastructure constraints and extends through application logic to external service boundaries. ### Infrastructure Resource Boundaries Container orchestration platforms enforce hard limits on computational resources. Kubernetes resource requests and limits specify minimum and maximum CPU and memory per pod. A pod requesting 512 MB and limited to 1 GB, for example, gets throttled when exceeding the allocation. When memory limits are breached, OOMKilled events trigger. Before crashing services, CPU throttling degrades performance. From platform configurations, serverless functions inherit resource constraints. AWS Lambda allows memory allocation from 128 MB to 10 GB, with execution timeout caps ranging from one second to 15 minutes. Configure these values based on measured usage patterns: a thumbnail generation function needs 512 MB and 30 seconds, while an API proxy needs 256 MB and three seconds. Operating system limits control file descriptors and processes. Set ulimit values in container images or systemd units. A typical web application needs 4096 file descriptors, while database connection poolers need 16,384. Process limits depend on concurrency models. Set maxproc to twice your expected worker count. ### Application Layer Protections Beyond simple request counting, rate limiting requires a strategic approach. Implement token bucket algorithms that allow burst traffic while preventing sustained abuse---a 100-requests-per-minute limit with a burst of 20 handles legitimate spike patterns. Apply limits at multiple scopes. You might consider per IP for anonymous traffic, per user token for authenticated requests, and globally for system protection. GraphQL APIs need operation-based metering. Count mutations and queries separately from the HTTP request, rejecting requests containing more than 10 operations. Enforce query depth limits at five levels. Query complexity scoring assigns costs to each field, allowing you to reject queries exceeding 1000 complexity points. Before processing begins, payload validation must occur. Check Content-Length headers at the API gateway and reject requests exceeding documented limits immediately. To prevent memory exhaustion, streaming parsers process data incrementally. JSON streaming libraries like ijson or jackson-streaming parse without loading entire payloads. Every text field requires string length validation. Username fields accept 50 characters, description fields accept 2000 characters. When APIs accept arrays of identifiers for batch operations, limit arrays to 100 elements. Reject requests with 10,000 product IDs in a single bulk update. ### Pagination and Query Result Controls Server-side pagination prevents database and memory strain. Default page sizes to 25 or 50 records. Accept page size parameters up to 100 and reject requests asking for 10,000 records per page. Cursor-based pagination scales better than offset-based approaches for large datasets. Return a next page token rather than supporting arbitrary offset values. Database query timeouts prevent runaway operations. PostgreSQL statement\_timeout kills queries exceeding the configured duration. MySQL max\_execution\_time provides similar protection. Set timeouts to two or three times your p99 query latency. ### Third-Party Service Governance Spending caps are often supported by external service providers. Twilio allows monthly budget limits per API credential, while Stripe Dashboard configures fraud prevention rules that limit transaction volumes. During initial integration, configure these controls and request per-transaction approval for amounts exceeding thresholds. For unlimited services, billing alerts catch runaway costs. AWS Budgets triggers notifications when costs exceed forecasts, while CloudWatch alarms monitor specific service spending. Configure alerts at 50%, 80%, and 100% of expected monthly spend, routing notifications to both engineering and finance teams. Expensive actions require operation-specific throttling. Password reset endpoints allow three attempts per email address per hour, OTP validation permits five attempts per session, and biometric verification calls rate limit to one per user per minute. Using Redis-backed counters or database tracking, implement these controls at the application layer. ## Unrestricted Resource Consumption FAQs ### What is economic denial of sustainability (EDoS)? EDoS attacks exploit cloud billing models by forcing victims to pay for attacker-generated resource consumption. Unlike traditional DoS that crashes systems, EDoS keeps services running while accumulating charges through bandwidth consumption, compute usage, or third-party API calls. Attackers drain budgets rather than availability, making financial exhaustion the primary weapon. ### What is the circuit breaker pattern? Circuit breakers prevent cascading failures by monitoring downstream service health and stopping requests when failure thresholds are breached. After detecting repeated errors, the circuit opens and immediately rejects calls without attempting them. Systems enter a half-open state periodically to test recovery. Circuit breakers protect caller resources when dependencies fail. ### What are backpressure mechanisms? Backpressure controls how fast producers send data to consumers who can't keep pace. When queues fill or buffers overflow, backpressure signals slow down upstream components. Implementations include blocking producers, dropping messages, or returning explicit flow control responses. Reactive systems use backpressure to prevent memory exhaustion under load spikes. ### What is bulkhead isolation? Bulkhead isolation partitions resources so failures in one component don't drain capacity from others. Connection pools separate by service dependency. Thread pools dedicate capacity to specific endpoints. Memory allocations segregate by tenant. When one bulkhead fills, other operations continue functioning. The pattern limits blast radius during resource exhaustion attacks. ### What is adaptive rate limiting? Adaptive rate limiting adjusts thresholds dynamically based on system health and traffic patterns. Limits tighten when CPU or memory pressure rises. Thresholds relax during low-utilization periods. Machine learning models detect anomalous request patterns and modify quotas automatically. Adaptive systems respond to attacks faster than static configurations allow. ### What is concurrency limiting? Concurrency limiting caps simultaneous active operations rather than request frequency. A service processes 50 concurrent requests regardless of arrival rate. Additional requests queue or reject immediately. Semaphores, connection pools, and worker thread counts enforce concurrency bounds. Limiting concurrency prevents resource exhaustion from parallel operations that individually pass rate limits. Related Content [Secure Your Application Programming Interfaces (APIs) API security is critical for application protection. Gain complete visibility, protect against threats, and eliminate blind spots with our tipsheet.](https://www.paloaltonetworks.com/resources/datasheets/tip-sheet-secure-your-apis?ts=markdown) [Securing the API Attack Surface In partnership with the ESG research team, we surveyed IT, cybersecurity and application development professionals to uncover the latest trends in API security.](https://www.paloaltonetworks.com/resources/research/api-security-statistics-report?ts=markdown) [API Security API security involves real-time protection against OWASP Top 10 attacks, DoS, and bot attacks, including SQL injection and cross-site scripting.](https://www.paloaltonetworks.com/cortex/cloud/api-security?ts=markdown) [Web Application and API Security | WAAS Discover Cortex Cloud's WAAS module and automatically detect and protect your microservices-based web applications and APIs.](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Unrestricted%20Resource%20Consumption%3F&body=Unrestricted%20resource%20consumption%20attacks%20exploit%20APIs%20to%20drain%20cloud%20budgets%20and%20crash%20systems.%20Learn%20detection%20techniques%20and%20implement%20multi-layer%20defense.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/api-endpoint-security?ts=markdown) What Is API Endpoint Security [Next](https://www.paloaltonetworks.com/cyberpedia/api-security-monitoring?ts=markdown) API Security Monitoring {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language