[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Security Operations](https://www.paloaltonetworks.com/cyberpedia/security-operations?ts=markdown) 3. [EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr?ts=markdown) 4. [What Are Endpoint Detection and Response Tools?](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools?ts=markdown) Table of Contents * [What Is Endpoint Detection and Response (EDR)?](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr?ts=markdown) * [Understanding EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#understanding?ts=markdown) * [Key Benefits of EDR Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#key?ts=markdown) * [How EDR Works: A Detailed Breakdown](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#how?ts=markdown) * [Evolution of EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#evolution?ts=markdown) * [EDR Implementation Process](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#process?ts=markdown) * [Common Challenges and Solutions in EDR Adoption](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#common?ts=markdown) * [Advanced EDR Strategies and Optimization Techniques](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#advanced?ts=markdown) * [EDR and the Evolving Threat Landscape](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#landscape?ts=markdown) * [How to Evaluate an EDR Solution](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#solution?ts=markdown) * [EDR FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#faqs?ts=markdown) * [What Is Endpoint Detection and Response (EDR) Deployment?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment?ts=markdown) * [Understanding EDR Deployment](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment#understanding?ts=markdown) * [Key Benefits of Implementing EDR Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment#benefits?ts=markdown) * [EDR Preparation and Deployment Steps](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment#preparation?ts=markdown) * [Operational Considerations for EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment#operational?ts=markdown) * [Addressing Challenges in EDR Deployment](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment#challenges?ts=markdown) * [Maximizing the Value of Your EDR Deployment](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment#maximizing?ts=markdown) * [EDR Deployment FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment#faqs?ts=markdown) * [What is EDR-as-a-Service Managed Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-as-a-service-managed-security?ts=markdown) * [EDR: Definition and Importance](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-as-a-service-managed-security#edr?ts=markdown) * [How Does EDR Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-as-a-service-managed-security#how?ts=markdown) * [EDR Solutions in the Market](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-as-a-service-managed-security#solutions?ts=markdown) * [EDR-as-a-Service Managed Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-as-a-service-managed-security#faqs?ts=markdown) * What Are Endpoint Detection and Response Tools? * [Endpoint Detection and Response Overview](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#endpoint?ts=markdown) * [Control Points of EDR Tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#control?ts=markdown) * [EDR Critical Capabilities](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#critical?ts=markdown) * [Visibility and Efficiency EDR Feature Evaluation Checklists](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#visibility?ts=markdown) * [Endpoints Supported by EDR Tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#endpoints?ts=markdown) * [Benefits of EDR Tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#benefits?ts=markdown) * [Deployment of EDR Tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#deployment?ts=markdown) * [EDR Tools vs. EDR Services](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#tools?ts=markdown) * [EDR Use Cases](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#usecases?ts=markdown) * [EDR Tools FAQs](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#faqs?ts=markdown) * [What is EDR vs. Antivirus?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus?ts=markdown) * [What is Antivirus?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus#what?ts=markdown) * [What is EDR?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus#edr?ts=markdown) * [Use Cases for Antivirus](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus#use?ts=markdown) * [Use Cases for EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus#cases?ts=markdown) * [How EDR Differs From MDR and XDR](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus#how?ts=markdown) * [EDR vs. Antivirus FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus#faqs?ts=markdown) * [How Does EDR Enhance Small Business Cybersecurity?](https://www.paloaltonetworks.com/cyberpedia/edr-for-small-business-cybersecurity?ts=markdown) * [What is EDR?](https://www.paloaltonetworks.com/cyberpedia/edr-for-small-business-cybersecurity#what?ts=markdown) * [EDR Benefits for Small Businesses](https://www.paloaltonetworks.com/cyberpedia/edr-for-small-business-cybersecurity#edr?ts=markdown) * [Traditional Antivirus vs EDR vs XDR](https://www.paloaltonetworks.com/cyberpedia/edr-for-small-business-cybersecurity#taditional?ts=markdown) * [EDR for Small Business FAQs](https://www.paloaltonetworks.com/cyberpedia/edr-for-small-business-cybersecurity#faqs?ts=markdown) * [How Does EDR Leverage Machine Learning?](https://www.paloaltonetworks.com/cyberpedia/how-edr-leverages-machine-learning?ts=markdown) * [How EDR and ML Work Together](https://www.paloaltonetworks.com/cyberpedia/how-edr-leverages-machine-learning#how?ts=markdown) * [How EDR Leverages Machine Learning](https://www.paloaltonetworks.com/cyberpedia/how-edr-leverages-machine-learning#learning?ts=markdown) * [Workflow Example of EDR and Machine Learning Integration](https://www.paloaltonetworks.com/cyberpedia/how-edr-leverages-machine-learning#workflow?ts=markdown) * [The Future of EDR: Predictions and Emerging Trends](https://www.paloaltonetworks.com/cyberpedia/how-edr-leverages-machine-learning#the?ts=markdown) * [How EDR Leverages Machine Learning FAQs](https://www.paloaltonetworks.com/cyberpedia/how-edr-leverages-machine-learning#faqs?ts=markdown) * [What Is Endpoint Detection and Response (EDR) Management?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management?ts=markdown) * [EDR Management Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#edr?ts=markdown) * [Key Capabilities of EDR Management](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#capabilities?ts=markdown) * [The Crucial Role of EDR Management in Modern Cybersecurity](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#crucial?ts=markdown) * [EDR Management Challenges and Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#solutions?ts=markdown) * [Best Practices for Effective EDR Management](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#best?ts=markdown) * [EDR vs. EPP: A Complementary Relationship](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#vs?ts=markdown) * [Integrating EDR Management with a Broader Security Ecosystem](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#integrating?ts=markdown) * [Case Study of a Successful EDR Implementation](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#implementation?ts=markdown) * [EDR Management FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#faqs?ts=markdown) * [What Is Endpoint Detection and Response (EDR) Compliance?](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr-compliance?ts=markdown) * [What is EDR?](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr-compliance#what?ts=markdown) * [Why EDR Compliance Is Important](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr-compliance#why?ts=markdown) * [Key Steps for EDR Compliance](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr-compliance#key?ts=markdown) * [EDR Non-Compliance Consequences](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr-compliance#consequences?ts=markdown) * [What to Look for in an EDR Compliance Solution](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr-compliance#solution?ts=markdown) * [EDR Compliance FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr-compliance#faqs?ts=markdown) * [What is the Difference Between EDR vs. SIEM?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-siem?ts=markdown) * [What is SIEM?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-siem#siem?ts=markdown) * [What is EDR?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-siem#edr?ts=markdown) * [A Detailed Comparison of EDR and SIEM](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-siem#compare?ts=markdown) * [SIEM vs SOAR](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-siem#siem-vs-soar?ts=markdown) * [SIEM vs EDR FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-siem#faq?ts=markdown) * [What is EDR vs. XDR?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-xdr?ts=markdown) * [EDR and XDR Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-xdr#what?ts=markdown) * [Importance of EDR and XDR in Cybersecurity](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-xdr#importance?ts=markdown) * [EDR vs. XDR: Key Differences](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-xdr#differences?ts=markdown) * [Which Is Better: EDR or XDR?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-xdr#which?ts=markdown) * [EDR vs. XDR FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-xdr#faq?ts=markdown) # What Are Endpoint Detection and Response Tools? 3 min. read Table of Contents * * [Endpoint Detection and Response Overview](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#endpoint?ts=markdown) * [Control Points of EDR Tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#control?ts=markdown) * [EDR Critical Capabilities](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#critical?ts=markdown) * [Visibility and Efficiency EDR Feature Evaluation Checklists](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#visibility?ts=markdown) * [Endpoints Supported by EDR Tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#endpoints?ts=markdown) * [Benefits of EDR Tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#benefits?ts=markdown) * [Deployment of EDR Tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#deployment?ts=markdown) * [EDR Tools vs. EDR Services](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#tools?ts=markdown) * [EDR Use Cases](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#usecases?ts=markdown) * [EDR Tools FAQs](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#faqs?ts=markdown) 1. Endpoint Detection and Response Overview * * [Endpoint Detection and Response Overview](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#endpoint?ts=markdown) * [Control Points of EDR Tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#control?ts=markdown) * [EDR Critical Capabilities](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#critical?ts=markdown) * [Visibility and Efficiency EDR Feature Evaluation Checklists](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#visibility?ts=markdown) * [Endpoints Supported by EDR Tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#endpoints?ts=markdown) * [Benefits of EDR Tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#benefits?ts=markdown) * [Deployment of EDR Tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#deployment?ts=markdown) * [EDR Tools vs. EDR Services](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#tools?ts=markdown) * [EDR Use Cases](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#usecases?ts=markdown) * [EDR Tools FAQs](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#faqs?ts=markdown) EDR (Endpoint Detection and Response) tools are comprehensive cybersecurity solutions designed to monitor, detect, and respond to cyber threats across all [endpoints](https://www.paloaltonetworks.com/cyberpedia/what-is-an-endpoint?ts=markdown) in an organization's network, including laptops, desktops, servers, mobile devices, and cloud workloads. These advanced security platforms provide real-time threat detection, automated [incident response](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response?ts=markdown), and behavioral analysis capabilities to identify suspicious activities, investigate potential security breaches, and neutralize threats before they can cause damage. Modern EDR solutions go beyond traditional antivirus software by offering continuous endpoint monitoring, [threat hunting](https://www.paloaltonetworks.com/cyberpedia/threat-hunting?ts=markdown)capabilities, forensic analysis, and integration with broader [security orchestration](https://www.paloaltonetworks.com/cyberpedia/what-is-orchestration-security?ts=markdown) platforms. They utilize [machine learning](https://www.paloaltonetworks.com/cyberpedia/machine-learning-ml?ts=markdown)algorithms, behavioral analytics, and [cyber threat intelligence (CTI)](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti?ts=markdown) feeds to detect [advanced persistent threats (APTs)](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt?ts=markdown), [ransomware](https://www.paloaltonetworks.com/cyberpedia/what-is-ransomware?ts=markdown), fileless malware, and zero-day exploits that often evade signature-based detection methods. With features like automated containment, remote remediation, and detailed attack timeline reconstruction, EDR tools have become essential components of enterprise [security operations centers (SOCs)](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc?ts=markdown) and are critical for maintaining robust endpoint security posture in today's evolving threat landscape. ## Endpoint Detection and Response Overview Security operations (SecOps) teams work diligently to protect their increasingly digital organizations. Various categories of security tools are designed to help businesses prevent as many adversaries as possible from entering systems and to detect and respond to those who manage to bypass their initial defenses. For SecOps teams, keeping up with advanced threats is not only more critical than ever but also more complex, as new technologies introduce new threat vectors. EDR is designed to identify potential cybersecurity threats, such as malware, ransomware, and intrusion attempts. When a threat is detected and a security incident is believed to have occurred or is about to occur, EDR tools send out alerts, triggering an incident response. An EDR solution typically integrates with other cybersecurity tools, such as [Security Information Event Management (SIEM)](https://www.paloaltonetworks.com/cyberpedia/what-is-siem?ts=markdown) or I [ntrusion Detection Systems (IDS)](https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-detection-system-ids?ts=markdown), to initiate the necessary actions to stop the event's spread and address any impact. Following containment of the event and neutralization of the threat, an investigation usually takes place to assess what happened, where the threat occurred, why it happened, what actions were taken to contain it, and how it can be identified and prevented in the future. ## Control Points of EDR Tools Modern cybersecurity strategies focus on securing four critical control points: endpoints, identities, applications, and data. The future of cybersecurity is centered around four main control points: endpoints, identities, applications, and data. Endpoints are crucial because they are the source of most activity and the most common target in an attack. Detecting malicious activity at the endpoints, where data is unencrypted, is essential. [Digital transformation](https://start.paloaltonetworks.com/3-requirements-for-secure-digital-transformation) requires increased connectivity between applications and business processes. The goal is to integrate trust into this "machine" of connected services to enhance business agility and provide a seamless experience for customers and partners. As applications become more independent from specific servers and networks, traditional network-centric security measures are becoming less effective. Security measures need to be applied at the application level, with Layer 7 taking precedence over Layer 3. Data is essential for digital transformation and is also a prime target for cyberattacks. Protecting data access is an ongoing challenge, and implementing security measures that travel with the data can significantly enhance the integrity of digital transformation activities. ## EDR Critical Capabilities EDR equips security professionals with modern forensic tools for endpoints, providing telemetry to uncover hard-to-find [malware](https://www.paloaltonetworks.com/cyberpedia/what-is-malware?ts=markdown). Additionally, the "response" capability enables security professionals to take action, such as quarantining a file or disconnecting an endpoint from the network. Expectations for EDR focus on two primary attributes: visibility and efficacy, along with people efficiency. Of course, visibility and efficacy are self-explanatory. EDR needs to be able to detect and block malicious activity that EPP is not expected to detect and block. Almost by definition, EDR must leverage data outside of the endpoint. ### Visibility and Efficacy Context matters. For example, [PowerShell scripts](https://unit42.paloaltonetworks.com/vice-society-ransomware-powershell/) are useful for managing endpoints, and running such a script is not necessarily malicious. Seeing a lone script run on an endpoint does not necessarily indicate malicious activity. However, if a PowerShell script was launched from a Word document that was previously attached to an email from an external sender, the context changes. Similarly, if an executable sends a beacon to a location from a known questionable IP range before encrypting a file, the context is important. Understanding what happened before a file landed on an endpoint and what happened after is crucial. For example, knowing that an executable was unpacked on a networked printer or internet-connected fax machine before finding its way onto a laptop via an unknown lateral movement can provide context that may indicate a file's potential maliciousness. Today, having a broad perspective is crucial. "Seeing" can be measured in degrees; more visibility is better, and understanding context has never been more important. ### People Efficiency People are our most valuable assets, and security experts are hard to come by. This scarcity has real implications, as security teams cannot respond to every alert. Instead, they focus on addressing the maximum number of alerts within their allotted time. There are informal or formal rules that guide the investigation and remediation processes. For instance, a company's security policy might dictate that the security team prioritize the highest severity alerts, giving the best effort to Level 4 alerts. The attack plan is typically prioritized, meaning that some alerts receive immediate response while others may not be addressed at all. As a result, the efficiency and ease of use of EDR tools directly impact their value. Analytics that correlate multiple alerts help filter out noise and enable automation of Level 1 analyst work. Guided search and automated intelligence tools allow Level 1 analysts to free up time by not having to triage alerts, thereby reducing the workload for Level 2 analysts. Therefore, people and time become the new return on investment (ROI) metrics for EDR tools. ## Visibility and Efficiency EDR Feature Evaluation Checklists For EDR to add value in the modern era, EDR tools must do the following: * Find threats that cannot be detected by using telemetry on the endpoint alone * Provide forensics information that will illuminate how adversaries got past the other layers of security before they were stopped by EPP Both use cases have a similar implication: The data that fuels EDR needs to come from more than just the endpoint. Telemetry needs to come from the network, cloud, and other security measures. Following is a table of attributes that should be considered in evaluating the visibility and efficiency of an EDR Tool. Each feature should be scored with a numerical weight (for example, troubling (1) to excellent (4). ### Visibility and Efficacy EDR Features Evaluation ### ![Table of EDR Visibility and Efficacy Features for Evaluation](https://lh7-us.googleusercontent.com/docsz/AD_4nXeA3pY7h-ZcRd4SM7yjJGi5kC8vNkodt1bNVpxvilzXOB1gK_IF37xR17geHIAlSpuIwtj2_PxhJfMQwFjitWiif8PCrlqPFo_VGDW_LDxmdx1iqKjzlpyg8xbxdfHpbzWfm-tAF6oN91hltHEZE5SRjTFS?key=Bgi4h65GcdjUJggcYrSoFg "Visibility and Efficacy EDR Feature Evaluation") For People Efficiency Features, the same rating system applies---troubling (1) to excellent (4). Once again, the emphasis is on maximizing people's ROI. ### EDR People Efficiency Features Evaluation ### ![](https://lh7-us.googleusercontent.com/docsz/AD_4nXcXiGmk_aJYy_4KoYPpeXj_DaeM5_JPx6nXPzQMLucDNNKi5wxZwIj7Ry1uzAOWP9yqnr2mvGdXUMGlk-eP9ALpIb3oEY29k2zYG1YMhfH6hA071jByOKLe7T189hInxe8WYadPw9BIILde_pRd8L_WZiqm?key=Bgi4h65GcdjUJggcYrSoFg "EDR People Efficiency Features Evaulation") ### Optional Features that Enhance EDR Success The following features aid the success of EDR solutions: * Cloud-based sandbox for deep inspection and second opinion analysis * Lightweight agent to minimize impact * Single agent for both EPP and EDR * Hardening such as application control or other features that reduce the attack surface * Ability to collect data from and quickly share intelligence with network and cloud protection technologies * Support for Windows, MacOS, and Linux operating systems ## Endpoints Supported by EDR Tools Defining an endpoint to assess the role of EDR tools is more challenging today than ever. Not only are more endpoints installed, but the variety of those endpoints is far more complex and challenging to spot and manage. All endpoints are connected in some way to a network, to the internet, or to each other. Traditional endpoint configurations include computers such as desktops, notebooks, and servers. In recent years, however, endpoints have been broadened in their applications and definitions, including smartphones and tablets. More recently, endpoints have been broadened to include the Internet of Things (IoT), sensors, and intelligent everyday electronics like office equipment or appliances. Endpoints also include a wide range of specialty devices that are computer-driven or computer-controlled and connected to a network. These include digital signage, kiosks, wearable computers, and vehicle-mounted computers. ## Benefits of EDR Tools EDR tools provide endpoint systems and an organization's entire IT infrastructure with end-to-end detection, protection, response, and remediation. They cover a wide range of use cases (see the "EDR use cases" section below) and are typically implemented fairly easily and quickly by experienced security teams and knowledgeable IT professionals. Specific benefits of EDR tools include: * Continuous monitoring * Integration with threat intelligence services * Threat hunting * Behavioral analysis * Contextual analysis * Report generation for management and compliance requirements * Event triage and validation * Automated alerts and incident response ## Deployment of EDR Tools EDR tools can be implemented in several ways. They are often deployed as software products on endpoint hardware and monitored continuously. They can also be implemented as managed services, outsourced to a managed software service provider (MSSP) that offers managed detection and response (MDR) over the cloud. EDR tools may also be deployed hybrid, using both on-premises-installed tools and outsourced/cloud-based tools for different parts of the solution. In those cases, the full range of EDR tools are linked in a platform configuration, using both hardware and software to build a common foundation for all EDR tools. ## EDR Tools vs. EDR Services The terminology used to describe the technologies that enable EDR can be confusing because they often overlap. Systems, solutions, tools, services, and products are all used to describe how EDR is acquired, implemented, and utilized, but they are not interchangeable. #### To clarify, let's distinguish between EDR tools and EDR services. EDR tools are software products or applications that are installed on individual endpoint systems. They can also be deployed on an organization's physical or virtual network to support, manage, and control endpoint cybersecurity. These tools provide continuous monitoring, collect endpoint data, perform data analytics, trigger incident response, and share forensic details after an event. On the other hand, [EDR services](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-as-a-service-managed-security?ts=markdown) offer similar capabilities but are provided as a managed service by an external provider. This is typically done by an experienced third-party service provider, often referred to as a managed security service provider (MSSP). These MSSPs often include EDR services as part of a broader range of security services, known as Managed Detection and Response (MDR). These service providers offer a wide range of capabilities similar to EDR tools but as an outsourced service. ## EDR Use Cases One of the most important and attractive qualities of EDR is its ability to be applied across a wide---and growing---number of use cases. As the number, complexity, and diversity of endpoints continue to expand, so does the potential for use cases for EDR. EDR is used in a wide range of use cases because it requires a number of the same capabilities, including advanced threat detection, continuous monitoring, incident response, end-to-end visibility, alert triage and validation, and reporting. Specific use cases include: * **Malware Detection and Prevention**: Identify and block various types of malware, whether they are known or unknown (zero-day threats). * **Behavioral Analysis**: Monitor the behavior of applications and processes on endpoints, as well as spot deviations from standard behavior patterns. * [**Cloud Security**](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security?ts=markdown): Extend endpoint security coverage to cloud-based endpoints and resources, including containers, serverless environments, and virtual machines, ensuring consistent security coverage in hybrid and multi-cloud environments. * **Zero-Day Threat Detection**: Identify new vulnerabilities and threats for which no patches or signatures are available. * **[AI](https://www.paloaltonetworks.com/cyberpedia/ai-security?ts=markdown)/ML-Powered Attack Detection**: Detect sophisticated attacks that leverage artificial intelligence or machine learning techniques to evade traditional security measures. * Incident Response: Provide real-time visibility into endpoint activities, helping security teams to identify and respond to events rapidly. * [**Threat Hunting**](https://www.paloaltonetworks.com/cyberpedia/threat-hunting?ts=markdown): Proactively searching for known and unknown threats within the organization's endpoints and networks. * **[IoT](https://www.paloaltonetworks.com/cyberpedia/what-is-iot-security?ts=markdown)and [OT Device Security](https://www.paloaltonetworks.com/cyberpedia/what-is-ot-security?ts=markdown)**: Protect Internet of Things (IoT) devices and operational technology (OT) systems, including industrial control systems and edge computing devices, helping organizations secure a broader range of endpoints---many of which come from the factory with limited, "light" cybersecurity defenses. * **Remote Work Security**: Secure distributed workforces and BYOD (Bring Your Own Device) scenarios, providing consistent protection regardless of endpoint location or ownership. * **Supply Chain Security**: Monitor for compromised software updates, third-party components, or vendor-related threats that could infiltrate the organization through trusted channels. * **[Insider Threat](https://www.paloaltonetworks.com/cyberpedia/insider-threat?ts=markdown)Detection**: EDR tools review user behavior and access patterns to spot insider threats, which may be either malicious or unintentional. * **File Integrity Management**: Unanticipated or unauthorized file changes may indicate potential attacks leading to file tampering. * **Forensic Investigation**: Security analysts use endpoint data to trace the source of attack, understand its root cause and gather information that could indicate how to stop and block it. * **Endpoint Patch Management**: Many attacks succeed simply because users fail to keep their endpoints properly up-to-date on the latest security tools. * **Compliance/Auditing**: Audit trails, security event logs, and reports demonstrating compliance with various regulations are essential parts of EDR capabilities. ## EDR Tools FAQs ### What is the role of cloud computing in using EDR tools? Many leading EDR tools providers, including Palo Alto Networks, offer a cloud-based set of EDR tools to take advantage of the many benefits of a cloud architecture. Cloud computing's infinite scalability, rapid deployment, and cost efficiency are desirable qualities to organizations looking to deploy a cloud-based EDR toolkit. Cloud-based EDR tools offer such specific benefits as centralized management, automated updates and patch management, large-scale data aggregation and data analytics, shared threat intelligence, dynamic storage and processing bandwidth, and reliable disaster recovery and redundancy. ### What is proactive EDR? Proactive EDR anticipates potential endpoint problems rather than simply reacting when they do happen. The critical requirements of a proactive EDR toolkit include advanced threat protection, superior detection capabilities, simplified investigation and response, simplified deployment and management, and industry validation and independent testing. ### What are the differences between EDR and Extended Detection and Response (XDR)? XDR is similar to EDR in that it secures endpoints against cyberthreats by using continuous monitoring and analytics to spot, identify, block, and, if necessary, remediate the attack's impact. The difference, however, is that XDR tools and services extend their coverage beyond endpoints also to include all aspects of an organization's digital infrastructure, including hardware, software, cloud gateways, and web services. ### What are the differences between EDR and antivirus? The most significant difference between these two forms of endpoint protection is that antivirus defends endpoints primarily against known threats with a threat signature. At the same time, EDR also defends against new and emerging endpoint threats. This happens because EDR tools are usually integrated with threat intelligence services that identify emerging threats. EDR tools also provide a more comprehensive array of endpoint protection capabilities, including analytics, incident response, reporting, and integration with other security tools. Antivirus software often comes pre-installed on personal computers but often needs to be included from the factory for other types of endpoint devices. Related Content [What is EDR vs. Antivirus Discover the key differences between EDR and Antivirus. Learn how each protects your system and which solution is best for your cybersecurity needs.](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus?ts=markdown) [Cortex Endpoint Detection and Response A strong endpoint security strategy starts with best-in-class endpoint prevention, but the most sophisticated attacks need robust detection and response to stop breaches.](https://www.paloaltonetworks.com/cortex/endpoint-detection-and-response?ts=markdown) [Choosing the Right Endpoint Security Watch this on-demand webinar with real-world attacks and exploits to discover where endpoint security market is headed, and how to avoid pitfalls when choosing a security solution.](https://www.paloaltonetworks.com/resources/webcasts/choosing-the-right-endpoint-security?ts=markdown) [Essential Endpoint Security Buyer's Guide Learn 10 questions to help guide you in your endpoint decision-making process.](https://www.paloaltonetworks.com/resources/guides/essential-endpoint-buyers-guide?ts=markdown) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Are%20Endpoint%20Detection%20and%20Response%20Tools%3F&body=Understand%20how%20Endpoint%20Detection%20and%20Response%20%28EDR%29%20tools%20differentiate%20from%20traditional%20protections%2C%20offering%20advanced%20threat%20hunting%20and%20incident%20response.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-as-a-service-managed-security?ts=markdown) What is EDR-as-a-Service Managed Security? [Next](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus?ts=markdown) What is EDR vs. Antivirus? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language