[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/ai-security?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Next-Gen Trust Security](https://www.paloaltonetworks.com/network-security/next-gen-trust-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) [Next-Generation Identity Security](https://www.paloaltonetworks.com/idira?ts=markdown) * [Privileged Access Management](https://www.paloaltonetworks.com/idira/human/privileged-access-management?ts=markdown) * [Identity and Access Management](https://www.paloaltonetworks.com/idira/human/identity-and-access-management?ts=markdown) * [Endpoint Privilege Manager](https://www.paloaltonetworks.com/idira/human/endpoint-privilege-manager?ts=markdown) * [Identity Governance](https://www.paloaltonetworks.com/idira/human/identity-governance?ts=markdown) * [Workforce Password Management](https://www.paloaltonetworks.com/idira/human/workforce-password-management?ts=markdown) * [Agentic Identities](https://www.paloaltonetworks.com/idira/agentic?ts=markdown) * [Secrets Management](https://www.paloaltonetworks.com/idira/machine/secrets-management?ts=markdown) * [Unified Secrets Governance](https://www.paloaltonetworks.com/idira/machine/unified-secrets-governance?ts=markdown) * [Application Credentials Delivery](https://www.paloaltonetworks.com/idira/machine/application-credentials-delivery?ts=markdown) * [Vendor Privileged Access](https://www.paloaltonetworks.com/idira/human/vendor-privileged-access?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-security-solution?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection and Response (CDR)](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection and Response (CDR)](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) Identity Security * [Human Identities](https://www.paloaltonetworks.com/idira/human?ts=markdown) * [Machine Identities](https://www.paloaltonetworks.com/idira/machine?ts=markdown) * [Agentic Identities](https://www.paloaltonetworks.com/idira/agentic?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * [Transportation](https://www.paloaltonetworks.com/industry/transportation-security?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Frontier AI Defense](https://www.paloaltonetworks.com/unit42/ai-advantage?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/certifications?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Introducing Idira, the next-generation identity security platform.](https://www.paloaltonetworks.com/idira?ts=markdown) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Threats](https://www.paloaltonetworks.com/cyberpedia/threat?ts=markdown) 3. [Cyber Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack?ts=markdown) 4. [What Is a Man-in-the-Middle Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack?ts=markdown) Table of contents * [What Is a Cyber Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack?ts=markdown) * [Threat Overview: Cyber Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#threat?ts=markdown) * [Cyber Attack Types at a Glance](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#cyber?ts=markdown) * [Global Cyber Attack Trends](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#global?ts=markdown) * [Cyber Attack Taxonomy](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#taxonomy?ts=markdown) * [Threat-Actor Landscape](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#landscape?ts=markdown) * [Attack Lifecycle and Methodologies](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#methodologies?ts=markdown) * [Technical Deep Dives](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#technical?ts=markdown) * [Cyber Attack Case Studies](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#studies?ts=markdown) * [Tools, Platforms, and Infrastructure](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#tools?ts=markdown) * [The Effect of Cyber Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#effect?ts=markdown) * [Detection, Response, and Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#detection?ts=markdown) * [Emerging Cyber Attack Trends](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#trends?ts=markdown) * [Testing and Validation](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#testing?ts=markdown) * [Metrics and Continuous Improvement](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#metrics?ts=markdown) * [Cyber Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#faqs?ts=markdown) * What Is a Man-in-the-Middle (MITM) Attack? * [Man-in-the-Middle Attack Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack#explained?ts=markdown) * [How Does a Man-in-the-Middle Attack Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack#how?ts=markdown) * [Common Types of MitM Attack Vectors](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack#common?ts=markdown) * [The Evolving Threat: AI-Driven MitM Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack#evolving?ts=markdown) * [Detecting a Man-in-the-Middle Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack#detecting?ts=markdown) * [Best Practices for MITM Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack#best?ts=markdown) * [Man-in-the-Middle Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack#faqs?ts=markdown) * [What Are SMB Null Sessions? Risks, Detection \& Prevention](https://www.paloaltonetworks.com/cyberpedia/what-are-smb-null-sessions?ts=markdown) * [SMB Null Sessions Explained](https://www.paloaltonetworks.com/cyberpedia/what-are-smb-null-sessions#explained?ts=markdown) * [The Mechanics of Abuse: How Null Sessions Work](https://www.paloaltonetworks.com/cyberpedia/what-are-smb-null-sessions#mechanics?ts=markdown) * [Valid Use Cases for SMB Null Sessions](https://www.paloaltonetworks.com/cyberpedia/what-are-smb-null-sessions#valid?ts=markdown) * [Risks of SMB Null Sessions](https://www.paloaltonetworks.com/cyberpedia/what-are-smb-null-sessions#risks?ts=markdown) * [Proactive Detection of SMB Null Session Abuse](https://www.paloaltonetworks.com/cyberpedia/what-are-smb-null-sessions#proactive?ts=markdown) * [Remediation: How to Disable SMB Null Sessions](https://www.paloaltonetworks.com/cyberpedia/what-are-smb-null-sessions#remediation?ts=markdown) * [SMB Null Session FAQs](https://www.paloaltonetworks.com/cyberpedia/what-are-smb-null-sessions#faqs?ts=markdown) * [What Is a DDoS Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack?ts=markdown) * [Threat Overview](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#threat?ts=markdown) * [How Distributed Denial-of-Service Attacks Work](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#how?ts=markdown) * [DDoS in Multistage Attack Campaigns](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#ddos?ts=markdown) * [Real-World DDoS Incidents and Organizational Impact](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#impact?ts=markdown) * [DDoS Attack Detection Indicators](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#indicators?ts=markdown) * [DDoS Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#mitigation?ts=markdown) * [DDoS Response and Recovery](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#recovery?ts=markdown) * [Distributed Denial of Service FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#faqs?ts=markdown) * [Process Injection Explained: Techniques, Evasion, and Defense](https://www.paloaltonetworks.com/cyberpedia/what-is-process-injection?ts=markdown) * [Process Injection Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-process-injection#process?ts=markdown) * [Process Injection Step-by-Step.](https://www.paloaltonetworks.com/cyberpedia/what-is-process-injection#injection?ts=markdown) * [Advanced Process Injection and Evasion Techniques](https://www.paloaltonetworks.com/cyberpedia/what-is-process-injection#advanced?ts=markdown) * [Defending Against Process Injection](https://www.paloaltonetworks.com/cyberpedia/what-is-process-injection#defending?ts=markdown) * [FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-process-injection#faqs?ts=markdown) * [Dark Web Leak Sites: Key Insights for Security Decision Makers](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site?ts=markdown) * [Dark Web Leak Sites Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#dark?ts=markdown) * [Evolving Extortion Tactics](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#tactics?ts=markdown) * [The Role of Leak Sites in Ransomware Double Extortion](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#role?ts=markdown) * [Critical Risks Exposed by Data Leak Sites](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#critical?ts=markdown) * [Anatomy of a Dark Web Leak Site](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#anatomy?ts=markdown) * [Proactive Defense: How Organizations Can Mitigate Dark Web Leaks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#proactive?ts=markdown) * [Dark Web Leak Site FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#faqs?ts=markdown) * [What Is a Zero-Day Attack? Risks, Examples, and Prevention](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention?ts=markdown) * [Zero-Day Attacks Explained](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#explained?ts=markdown) * [Zero-Day Vulnerability vs. Zero-Day Attack vs. CVE](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#vs?ts=markdown) * [How Zero-Day Exploits Work](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#how?ts=markdown) * [Common Zero-Day Attack Vectors](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#common?ts=markdown) * [Why Zero-Day Attacks Are So Effective and Their Consequences](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#why?ts=markdown) * [How to Prevent and Mitigate Zero-Day Attacks](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#prevent?ts=markdown) * [The Role of AI in Zero-Day Defense](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#role?ts=markdown) * [Real-World Examples of Zero-Day Attacks](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#examples?ts=markdown) * [Zero-Day Attacks FAQs](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#faqs?ts=markdown) * [What Is Lateral Movement?](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement?ts=markdown) * [Why Attackers Use Lateral Movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#why?ts=markdown) * [How Do Lateral Movement Attacks Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#how?ts=markdown) * [Stages of a Lateral Movement Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#stages?ts=markdown) * [Techniques Used in Lateral Movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#technicques?ts=markdown) * [Detection Strategies for Lateral Movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#detection?ts=markdown) * [Tools to Prevent Lateral Movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#tools?ts=markdown) * [Best Practices for Defense](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#best?ts=markdown) * [Recent Trends in Lateral Movement Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#recent?ts=markdown) * [Industry-Specific Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#industry?ts=markdown) * [Compliance and Regulatory Requirements](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#compliance?ts=markdown) * [Financial Impact and ROI Considerations](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#financial?ts=markdown) * [Common Mistakes to Avoid](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#common?ts=markdown) * [Lateral Movement FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#faqs?ts=markdown) * [What is a Payload-Based Signature?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature?ts=markdown) * [Importance of Payload-Based Signatures](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature#important?ts=markdown) * [How Payload-Based Signatures Work](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature#how?ts=markdown) * [Advantages of Payload-Based Signatures](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature#advantages?ts=markdown) * [Use Cases of Payload-Based Signatures in Cybersecurity](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature#usecases?ts=markdown) * [Payload-Based Signatures FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature#faqs?ts=markdown) * [What is Spyware?](https://www.paloaltonetworks.com/cyberpedia/what-is-spyware?ts=markdown) * [Cybercrime: The Underground Economy](https://www.paloaltonetworks.com/cyberpedia/cybercrime-the-underground-economy?ts=markdown) * [Products](https://www.paloaltonetworks.com/cyberpedia/cybercrime-the-underground-economy#products?ts=markdown) * [Services](https://www.paloaltonetworks.com/cyberpedia/cybercrime-the-underground-economy#services?ts=markdown) * [Cybercrime FAQs](https://www.paloaltonetworks.com/cyberpedia/cybercrime-the-underground-economy#faqs?ts=markdown) * [What Is Cross-Site Scripting (XSS)?](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting?ts=markdown) * [XSS Explained](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#xss?ts=markdown) * [Evolution in Attack Complexity](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#evolution?ts=markdown) * [Anatomy of a Cross-Site Scripting Attack](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#anatomy?ts=markdown) * [Integration in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#integration?ts=markdown) * [Widespread Exposure in the Wild](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#widespread?ts=markdown) * [Cross-Site Scripting Detection and Indicators](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#indicators?ts=markdown) * [Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#mitigation?ts=markdown) * [Response and Recovery Post XSS Attack](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#response?ts=markdown) * [Strategic Cross-Site Scripting Risk Perspective](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#strategic?ts=markdown) * [Cross-Site Scripting FAQs](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#faqs?ts=markdown) * [What Is a Dictionary Attack?](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack?ts=markdown) * [Dictionary Attack Explained](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#dictionary?ts=markdown) * [How Dictionary Attacks Work](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#how?ts=markdown) * [Dictionary Attack in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#lifecycle?ts=markdown) * [Dictionary Attack in the Real World](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#examples?ts=markdown) * [Dictionary Attack Detection and Indicators](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#indicators?ts=markdown) * [Preventing and Mitigating Dictionary Attack](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#preventing?ts=markdown) * [Attack Response and Recovery](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#recovery?ts=markdown) * [Dictionary Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#faqs?ts=markdown) * [What Is a Credential-Based Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack?ts=markdown) * [Credential-Based Attack Overview](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack#credential?ts=markdown) * [How Credential-Based Attacks Work](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack#how?ts=markdown) * [Variations on Credential-Based Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack#variations?ts=markdown) * [Preventing Credential-Based Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack#preventing?ts=markdown) * [Credential-Based Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack#faqs?ts=markdown) * [What Is a Denial of Service (DoS) Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos?ts=markdown) * [How Denial-of-Service Attacks Work](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#how?ts=markdown) * [Denial-of-Service in Adversary Campaigns](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#denial?ts=markdown) * [Real-World Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#attacks?ts=markdown) * [Detection and Indicators of Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#detection?ts=markdown) * [Prevention and Mitigation of Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#prevention?ts=markdown) * [Response and Recovery from Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#response?ts=markdown) * [Operationalizing Denial-of-Service Defense](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#defense?ts=markdown) * [DoS Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#faqs?ts=markdown) * [What Is Hacktivism?](https://www.paloaltonetworks.com/cyberpedia/hacktivism?ts=markdown) * [Hacktivism Explained](https://www.paloaltonetworks.com/cyberpedia/hacktivism#explained?ts=markdown) * [Origins and Definitions](https://www.paloaltonetworks.com/cyberpedia/hacktivism#origins?ts=markdown) * [Forms and Methods](https://www.paloaltonetworks.com/cyberpedia/hacktivism#forms?ts=markdown) * [Related Practices](https://www.paloaltonetworks.com/cyberpedia/hacktivism#related?ts=markdown) * [Who Do Hacktivists Target?](https://www.paloaltonetworks.com/cyberpedia/hacktivism#who?ts=markdown) * [What Motivates Hacktivists?](https://www.paloaltonetworks.com/cyberpedia/hacktivism#what?ts=markdown) * [Is Hacktivism Ethical?](https://www.paloaltonetworks.com/cyberpedia/hacktivism#ethical?ts=markdown) * [Hacktivism FAQs](https://www.paloaltonetworks.com/cyberpedia/hacktivism#faqs?ts=markdown) * [What Is CSRF (Cross-Site Request Forgery)?](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery?ts=markdown) * [CSRF Explained](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#csrf?ts=markdown) * [How Cross-Site Request Forgery Works](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#how?ts=markdown) * [Where CSRF Fits in the Broader Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#where?ts=markdown) * [CSRF in Real-World Exploits](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#exploits?ts=markdown) * [Detecting CSRF Through Behavioral and Telemetry Signals](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#detecting?ts=markdown) * [Defending Against Cross-Site Request Forgery](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#defending?ts=markdown) * [Responding to a CSRF Incident](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#responding?ts=markdown) * [CSRF as a Strategic Business Risk](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#risk?ts=markdown) * [Key Priorities for CSRF Defense and Resilience](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#key?ts=markdown) * [Cross-Site Request Forgery FAQs](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#faqs?ts=markdown) * [What Is Spear Phishing?](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing?ts=markdown) * [Spear Phishing Email Tactics](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#what?ts=markdown) * [How Does Spear Phishing Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#how?ts=markdown) * [Types of Spear Phishing Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#types?ts=markdown) * [Examples of Spear Phishing Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#examples?ts=markdown) * [How to Protect Yourself from Spear Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#protect?ts=markdown) * [If You Fall Victim to Spear Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#victim?ts=markdown) * [Spear Phishing FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#faq?ts=markdown) * [What Is Brute Force?](https://www.paloaltonetworks.com/cyberpedia/brute-force?ts=markdown) * [How Brute Force Functions as a Threat](https://www.paloaltonetworks.com/cyberpedia/brute-force#how?ts=markdown) * [How Brute Force Works in Practice](https://www.paloaltonetworks.com/cyberpedia/brute-force#practice?ts=markdown) * [Brute Force in Multistage Attack Campaigns](https://www.paloaltonetworks.com/cyberpedia/brute-force#brute?ts=markdown) * [Real-World Brute Force Campaigns and Outcomes](https://www.paloaltonetworks.com/cyberpedia/brute-force#outcomes?ts=markdown) * [Detection Patterns in Brute Force Attacks](https://www.paloaltonetworks.com/cyberpedia/brute-force#detection?ts=markdown) * [Practical Defense Against Brute Force Attacks](https://www.paloaltonetworks.com/cyberpedia/brute-force#defense?ts=markdown) * [Response and Recovery After a Brute Force Incident](https://www.paloaltonetworks.com/cyberpedia/brute-force#response?ts=markdown) * [Brute Force Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/brute-force#faqs?ts=markdown) * [What is a Command and Control Attack?](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained?ts=markdown) * [How a Command and Control Attack Works](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained#how?ts=markdown) * [Types of Command and Control Techniques](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained#types?ts=markdown) * [Devices Targeted by C\&C](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained#devices?ts=markdown) * [What Hackers Can Accomplish Through Command and Control](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained#what?ts=markdown) * [Command and Control FAQs](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained#faqs?ts=markdown) * [What Is an Advanced Persistent Threat?](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt?ts=markdown) * [Characteristics of Advanced Persistent Threats](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#characteristics?ts=markdown) * [What Techniques Are Used for APT Attacks?](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#techniques?ts=markdown) * [What Are the Stages of an APT Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#stages?ts=markdown) * [What Is the Defense Against APT?](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#defense?ts=markdown) * [Real-World Example of an APT Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#realworld?ts=markdown) * [Advanced Persistent Threat FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#faqs?ts=markdown) * [What is an Exploit Kit?](https://www.paloaltonetworks.com/cyberpedia/what-is-an-exploit-kit?ts=markdown) * [Landing Page](https://www.paloaltonetworks.com/cyberpedia/what-is-an-exploit-kit#landing?ts=markdown) * [Exploit](https://www.paloaltonetworks.com/cyberpedia/what-is-an-exploit-kit#exploit?ts=markdown) * [Payload](https://www.paloaltonetworks.com/cyberpedia/what-is-an-exploit-kit#payload?ts=markdown) * [What Is Credential Stuffing?](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing?ts=markdown) * [Credential Stuffing Explained](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#credential?ts=markdown) * [Automated Exploitation of Reused Credentials](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#automated?ts=markdown) * [Integration in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#integration?ts=markdown) * [Credential Stuffing Attacks in the Real World](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#stuffing?ts=markdown) * [Responding and Recovering from Credential Stuffing](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#responding?ts=markdown) * [Credential Stuffing FAQs](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#faqs?ts=markdown) * [What Is Smishing?](https://www.paloaltonetworks.com/cyberpedia/what-is-smishing?ts=markdown) * [How to Spot a Smishing Attempt](https://www.paloaltonetworks.com/cyberpedia/what-is-smishing#spot-smishing-attempt?ts=markdown) * [How to Avoid Being Smished](https://www.paloaltonetworks.com/cyberpedia/what-is-smishing#avoid-being-smished?ts=markdown) * [Smishing FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-smishing#faqs?ts=markdown) * [What is Social Engineering?](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering?ts=markdown) * [The Role of Human Psychology in Social Engineering](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#role?ts=markdown) * [How Has Social Engineering Evolved?](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#historical?ts=markdown) * [How Does Social Engineering Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#how?ts=markdown) * [Phishing vs Social Engineering](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#phishing?ts=markdown) * [What is BEC (Business Email Compromise)?](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#bec?ts=markdown) * [Notable Social Engineering Incidents](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#notable?ts=markdown) * [Social Engineering Prevention](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#social?ts=markdown) * [Consequences of Social Engineering](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#consequences?ts=markdown) * [Social Engineering FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#faqs?ts=markdown) * [What Is a Honeypot?](https://www.paloaltonetworks.com/cyberpedia/honeypots?ts=markdown) * [Threat Overview: Honeypot](https://www.paloaltonetworks.com/cyberpedia/honeypots#threat?ts=markdown) * [Honeypot Exploitation and Manipulation Techniques](https://www.paloaltonetworks.com/cyberpedia/honeypots#honeypot?ts=markdown) * [Positioning Honeypots in the Adversary Kill Chain](https://www.paloaltonetworks.com/cyberpedia/honeypots#positioning?ts=markdown) * [Honeypots in Practice: Breaches, Deception, and Blowback](https://www.paloaltonetworks.com/cyberpedia/honeypots#blowback?ts=markdown) * [Detecting Honeypot Manipulation and Adversary Tactics](https://www.paloaltonetworks.com/cyberpedia/honeypots#tactics?ts=markdown) * [Safeguards Against Honeypot Abuse and Exposure](https://www.paloaltonetworks.com/cyberpedia/honeypots#safeguards?ts=markdown) * [Responding to Honeypot Exploitation or Compromise](https://www.paloaltonetworks.com/cyberpedia/honeypots#compromise?ts=markdown) * [Honeypot FAQs](https://www.paloaltonetworks.com/cyberpedia/honeypots#faqs?ts=markdown) * [What Is Password Spraying?](https://www.paloaltonetworks.com/cyberpedia/password-spraying?ts=markdown) * [Password Spraying Explained](https://www.paloaltonetworks.com/cyberpedia/password-spraying#password?ts=markdown) * [How Password Spraying Works](https://www.paloaltonetworks.com/cyberpedia/password-spraying#works?ts=markdown) * [Password Spraying in the Broader Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/password-spraying#attack?ts=markdown) * [Real-World Examples of Password Spraying Attacks](https://www.paloaltonetworks.com/cyberpedia/password-spraying#realworld?ts=markdown) * [Detection and Indicators](https://www.paloaltonetworks.com/cyberpedia/password-spraying#detection?ts=markdown) * [Preventing and Mitigating Password Spraying Attacks](https://www.paloaltonetworks.com/cyberpedia/password-spraying#mitigating?ts=markdown) * [Responding to Password Spraying](https://www.paloaltonetworks.com/cyberpedia/password-spraying#responding?ts=markdown) * [Password Spraying FAQs](https://www.paloaltonetworks.com/cyberpedia/password-spraying#faqs?ts=markdown) * [How to Break the Cyber Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle?ts=markdown) * [1. Reconnaissance:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#reconnaissance?ts=markdown) * [2. Weaponization and Delivery:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#weaponization?ts=markdown) * [3. Exploitation:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#exploitation?ts=markdown) * [4. Installation:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#installation?ts=markdown) * [5. Command and Control:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#command?ts=markdown) * [6. Actions on the Objective:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#actions?ts=markdown) * [Cyber Attack Lifecycle FAQs](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#faqs?ts=markdown) * [What Is Phishing?](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing?ts=markdown) * [Phishing Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#phishing?ts=markdown) * [The Evolution of Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#?ts=markdown) * [The Anatomy of a Phishing Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#anatomy?ts=markdown) * [Why Phishing Is Difficult to Detect](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#detect?ts=markdown) * [Types of Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#types?ts=markdown) * [Phishing Adversaries and Motives](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#motives?ts=markdown) * [The Psychology of Exploitation](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#psychology?ts=markdown) * [Lessons from Phishing Incidents](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#lessons?ts=markdown) * [Building a Modern Security Stack Against Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#building?ts=markdown) * [Building Organizational Immunity](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#immunity?ts=markdown) * [Phishing FAQ](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#faqs?ts=markdown) * [What Is a Rootkit?](https://www.paloaltonetworks.com/cyberpedia/rootkit?ts=markdown) * [Rootkit Classification and Technical Definition](https://www.paloaltonetworks.com/cyberpedia/rootkit#rootkit?ts=markdown) * [Types of Rootkits](https://www.paloaltonetworks.com/cyberpedia/rootkit#types?ts=markdown) * [Rootkit Installation and Execution Flow](https://www.paloaltonetworks.com/cyberpedia/rootkit#installation?ts=markdown) * [Integration in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/rootkit#integration?ts=markdown) * [Cyberattacks Involving Rootkits in the News](https://www.paloaltonetworks.com/cyberpedia/rootkit#cyberattacks?ts=markdown) * [Rootkit Detection and Indicators](https://www.paloaltonetworks.com/cyberpedia/rootkit#indicators?ts=markdown) * [Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/rootkit#prevention?ts=markdown) * [Responding to Rootkit-Related Attacks](https://www.paloaltonetworks.com/cyberpedia/rootkit#responding?ts=markdown) * [Rootkit FAQs](https://www.paloaltonetworks.com/cyberpedia/rootkit#faqs?ts=markdown) * [Browser Cryptocurrency Mining](https://www.paloaltonetworks.com/cyberpedia/threat-brief-browser-cryptocurrency-mining?ts=markdown) * [How It Works](https://www.paloaltonetworks.com/cyberpedia/threat-brief-browser-cryptocurrency-mining#works?ts=markdown) * [How to Defend Against It](https://www.paloaltonetworks.com/cyberpedia/threat-brief-browser-cryptocurrency-mining#defend?ts=markdown) * [Browser Cryptocurrency Mining FAQs](https://www.paloaltonetworks.com/cyberpedia/threat-brief-browser-cryptocurrency-mining#faqs?ts=markdown) * [What Is Pretexting?](https://www.paloaltonetworks.com/cyberpedia/pretexting?ts=markdown) * [Pretexting Explained](https://www.paloaltonetworks.com/cyberpedia/pretexting#pretexting?ts=markdown) * [Evolution of the Attack Technique](https://www.paloaltonetworks.com/cyberpedia/pretexting#evolution?ts=markdown) * [How Pretexting Works](https://www.paloaltonetworks.com/cyberpedia/pretexting#how?ts=markdown) * [Integration in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/pretexting#integration?ts=markdown) * [Real-World Examples](https://www.paloaltonetworks.com/cyberpedia/pretexting#examples?ts=markdown) * [Pretexting Detection Tactics in Live Environments](https://www.paloaltonetworks.com/cyberpedia/pretexting#detection?ts=markdown) * [Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/pretexting#mitigation?ts=markdown) * [Pretexting FAQs](https://www.paloaltonetworks.com/cyberpedia/pretexting#faqs?ts=markdown) * [What Is Cryptojacking?](https://www.paloaltonetworks.com/cyberpedia/cryptojacking?ts=markdown) * [Understanding Cryptojacking](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#understanding?ts=markdown) * [Types of Cryptojacking and Resource Abuse Attacks](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#types?ts=markdown) * [How Cryptojacking Works](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#how?ts=markdown) * [Cryptojacking in the Adversary Kill Chain](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#chain?ts=markdown) * [Real-World Cases of Cryptojacking](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#cases?ts=markdown) * [Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#prevention?ts=markdown) * [Response and Recovery](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#response?ts=markdown) * [Cryptojacking FAQs](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#faqs?ts=markdown) # What Is a Man-in-the-Middle Attack? 5 min. read [Close Your Identity Gaps](https://www.paloaltonetworks.com/idira/request-demo?ts=markdown) [Explore Idira](https://www.paloaltonetworks.com/idira?ts=markdown) Table of contents * * [Man-in-the-Middle Attack Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack#explained?ts=markdown) * [How Does a Man-in-the-Middle Attack Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack#how?ts=markdown) * [Common Types of MitM Attack Vectors](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack#common?ts=markdown) * [The Evolving Threat: AI-Driven MitM Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack#evolving?ts=markdown) * [Detecting a Man-in-the-Middle Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack#detecting?ts=markdown) * [Best Practices for MITM Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack#best?ts=markdown) * [Man-in-the-Middle Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack#faqs?ts=markdown) 1. Man-in-the-Middle Attack Explained * * [Man-in-the-Middle Attack Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack#explained?ts=markdown) * [How Does a Man-in-the-Middle Attack Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack#how?ts=markdown) * [Common Types of MitM Attack Vectors](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack#common?ts=markdown) * [The Evolving Threat: AI-Driven MitM Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack#evolving?ts=markdown) * [Detecting a Man-in-the-Middle Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack#detecting?ts=markdown) * [Best Practices for MITM Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack#best?ts=markdown) * [Man-in-the-Middle Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack#faqs?ts=markdown) A man-in-the-middle (MitM) attack is a form of cyber eavesdropping where a threat actor intercepts communication between two parties to steal or manipulate data. By positioning themselves between a user and a server, the attacker can silently capture credentials, financial details, or session tokens while appearing as a legitimate intermediary. Key Points * **Stealthy Interception**: MitM attacks occur when an unauthorized third party inserts themselves into a communication channel to monitor or alter data in transit. \* **Two-Phase Lifecycle**: Successful execution requires an interception phase to capture traffic and a decryption phase to read or modify the encrypted content. \* **Identity Exploitation**: Attackers frequently target session tokens and digital certificates to bypass multi-factor authentication and impersonate legitimate users. \* **Common Vectors**: Unsecured public Wi-Fi, DNS poisoning, and ARP spoofing remain the primary methods for establishing a foothold between victims. \* **Proactive Defense**: Implementing end-to-end encryption, strict certificate pinning, and zero-trust architecture significantly reduces the risk of successful interception. ![Infographic titled “Man-in-the-Middle (MITM) Attack” showing a user on the left, an attacker in the center, and a legitimate server on the right. Arrows illustrate how the user’s HTTP request is intercepted by the attacker, forwarded to the server, and then the server’s response is relayed back through the attacker to the user. The diagram explains that the attacker secretly sits between both parties to read, modify, or relay traffic, and notes that HTTPS, HSTS, and certificate validation help prevent MITM attacks.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/mitm-attack/mitm-attack.webp "Infographic titled “Man-in-the-Middle (MITM) Attack” showing a user on the left, an attacker in the center, and a legitimate server on the right. Arrows illustrate how the user’s HTTP request is intercepted by the attacker, forwarded to the server, and then the server’s response is relayed back through the attacker to the user. The diagram explains that the attacker secretly sits between both parties to read, modify, or relay traffic, and notes that HTTPS, HSTS, and certificate validation help prevent MITM attacks.") ## Man-in-the-Middle Attack Explained A man-in-the-middle attack functions as a digital game of "telephone" where the person in the middle is a malicious actor. This individual intercepts messages from the sender, potentially alters them, and then passes them to the recipient. Neither party realizes the communication has been compromised. In a corporate environment, this typically involves an attacker sitting between a professional's web browser and a SaaS application or internal database. The primary objective is often the theft of sensitive information, such as login credentials, credit card numbers, or proprietary business data. However, modern MitM attacks have evolved. According to the [Unit 42 2026 Global Incident Response Report](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report?ts=markdown), identity has become the most reliable path to attacker success, with identity weaknesses playing a role in nearly 90% of investigations. Attackers now use MitM techniques to "log in" using stolen session tokens, effectively bypassing traditional security perimeters. This shift from simple data theft to sophisticated identity hijacking allows threat actors to move laterally through a network with high speed and persistence. ## How Does a Man-in-the-Middle Attack Work? The mechanics of a MitM attack rely on tricking a device into routing traffic through the attacker's hardware or software. This process generally unfolds in two distinct stages. ### The Interception Phase In the first phase, the attacker must find a way to divert network traffic before it reaches its intended destination. This is often achieved through an evil twin attack, where a malicious actor sets up a fraudulent Wi-Fi hotspot that appears legitimate. Once a user connects, the attacker has full visibility into all unencrypted data moving through that connection. ### The Decryption and Manipulation Phase After interception, the attacker must often overcome encryption to read or modify the data. Techniques like [SSL stripping](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack?ts=markdown) are used to downgrade a secure HTTPS connection to an unencrypted HTTP version. This allows the attacker to view sensitive information in plain text. In more advanced scenarios, the attacker presents a certificate that the victim's browser trusts, either through a compromised CA, a rogue root CA installed on the device, or a self-signed certificate the user clicks through. This allows the attacker to decrypt, inspect, and re-encrypt traffic before forwarding it. ## Common Types of MitM Attack Vectors Attackers employ various protocols and vulnerabilities to insert themselves into the data stream. Understanding these vectors is essential for building a comprehensive defense. | Attack Type | Protocol Targeted | Primary Method | | **ARP Spoofing** | Address Resolution Protocol | Linking an attacker's MAC address with a legitimate IP address on a local network. | | **DNS Spoofing** | Domain Name System | Corrupting a [DNS](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dns-attack?ts=markdown) cache to redirect users to a fraudulent website. | | **Session Hijacking** | HTTP / Cookies | Stealing active session tokens to gain unauthorized access to an authenticated account. | | **[SSL Stripping](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack?ts=markdown)** | HTTPS | Forcing a browser to communicate over an unencrypted channel. | |--------------------------------------------------------------------------------------------------------------|-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------| ### ARP and DNS Spoofing ARP spoofing is a localized attack where a threat actor sends falsified ARP messages over a local area network. This links the attacker's MAC address with the IP address of a legitimate server or gateway. As a result, traffic intended for that IP is sent to the attacker instead. Similarly, [DNS hijacking](https://www.paloaltonetworks.com/cyberpedia/what-is-dns-hijacking?ts=markdown) involves redirecting a user's request for a website to an attacker-controlled IP by tampering with the domain name resolution process. ### Session Hijacking and Token Theft As organizations implement multi-factor authentication (MFA), attackers have shifted toward session hijacking. Instead of stealing passwords, they steal the session cookie or token generated after a successful login. This allows them to bypass the authentication process entirely and act as the legitimate user. ## The Evolving Threat: AI-Driven MitM Attacks Modern threat actors are leveraging artificial intelligence to automate the selection of targets and the manipulation of data. This has dramatically increased the speed and scale of interception campaigns. ### Accelerated Attack Velocity Automation allows attackers to monitor thousands of concurrent connections and instantly identify high-value packets, such as those containing financial transactions or administrative credentials. [Unit 42](https://www.paloaltonetworks.com/blog/2026/02/unit-42-global-ir-report/?ts=markdown) has observed that the speed of data exfiltration has increased significantly, with some attackers moving from initial access to data theft in under a few hours. ### Bypassing MFA with Automated Token Harvesting AI tools can now orchestrate sophisticated phishing sites that act as transparent proxies. When a user enters their credentials and MFA code into a fake site, the AI-driven backend passes these to the real service in real time. The attacker captures the resulting session token, providing them with persistent access even if the user changes their password later. ## Detecting a Man-in-the-Middle Attack While designed to be invisible, certain network anomalies and browser behaviors can signal an ongoing interception. Security professionals should monitor for these indicators. * **Certificate Warnings**: Unexpected browser alerts regarding invalid or untrusted SSL/TLS certificates often indicate an attempted interception. * **Connection Downgrades**: A sudden shift from HTTPS to HTTP for a site that typically uses encryption is a classic sign of SSL stripping. * **Unusual Latency**: The additional hop through an attacker's proxy can cause noticeable delays in page loading or application response times. * **Network Spikes**: Significant increases in ARP traffic or unusual DNS resolution patterns may indicate spoofing activity. * **URL Anomalies**: Adversary-in-the-Middle (AitM) phishing attacks often use lookalike domains (typosquats, homographs, or unfamiliar TLDs). Carefully inspect the URL in the address bar, especially for authentication flows. ## Best Practices for MITM Prevention and Mitigation Securing the modern workspace requires a multi-layered approach that eliminates implicit trust and secures data at rest and in transit. ### Implementing Zero Trust Architecture A [zero trust](https://www.paloaltonetworks.com/cyberpedia/what-is-zero-trust?ts=markdown) framework operates on the principle of "never trust, always verify." By requiring continuous [authentication and authorization](https://www.paloaltonetworks.com/cyberpedia/what-is-authentication-and-authorization?ts=markdown) for every access request, organizations can prevent attackers from using intercepted credentials to move laterally. ### End-to-End Encryption and Certificate Pinning Organizations should enforce strong end-to-end encryption for all internal and external communications. [Certificate pinning](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning?ts=markdown) can enhance security by restricting an application to specific certificates or keys, making forged certificate attacks harder. Pinning has operational tradeoffs and is most appropriate for mobile apps and machine-to-machine communication, where the trust relationship is tightly controlled. ### Network Segmentation and Secure Browsing Segmenting the network limits the "blast radius" of an ARP spoofing or [lateral movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement?ts=markdown) attack. Additionally, deploying secure web gateways can prevent users from accessing malicious or unencrypted sites where MitM attacks are most likely to occur. ## Man-in-the-Middle Attack FAQs ### How do I know if my Wi-Fi is being intercepted? Look for "invalid certificate" warnings in your browser and check if high-profile websites (like your bank) are loading over HTTP instead of HTTPS. Using a reputable VPN can help encrypt your traffic on public networks. ### Can a VPN prevent man-in-the-middle attacks? A VPN encrypts traffic between your device and the VPN provider, protecting against local network attacks like rogue Wi-Fi. It doesn't protect against attacks past the VPN exit point, or against compromise of the VPN provider itself. VPNs reduce MitM risk on untrusted networks but don't eliminate it. ### What is the difference between MitM and sniffing? Sniffing is a passive activity where an attacker simply listens to traffic. A man-in-the-middle attack is active, as the attacker intercepts and potentially modifies the traffic before it reaches its destination. ### Is MFA effective against MitM attacks? Standard MFA helps but isn't foolproof. Adversary-in-the-middle proxies can capture push notifications, SMS codes, and TOTP tokens in real-time. FIDO2 security keys provide stronger protection because they bind authentication to the legitimate origin domain, so a phishing site at a lookalike URL can't relay the credentials. ### What is SSL stripping? SSL stripping is a technique where an attacker downgrades a victim's connection from a secure HTTPS site to an unencrypted HTTP version, allowing the attacker to read the data in plain text. Related content [Understand Zero Trust Learn how Zero Trust helps verify users, devices, and applications before granting access.](https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture?ts=markdown) [Secure Access With SASE See how SASE helps protect users, applications, and data across distributed environments.](https://www.paloaltonetworks.com/cyberpedia/what-is-sase?ts=markdown) [Strengthen Identity Security See how Idira helps protect human, machine, and AI agent identities across the enterprise.](https://www.paloaltonetworks.com/idira?ts=markdown) [Protect Workforce Passwords Learn how workforce password management helps reduce credential risk and identity-based attacks.](https://www.paloaltonetworks.com/idira/workforce-password-management?ts=markdown) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20a%20Man-in-the-Middle%20%28MITM%29%20Attack%3F&body=Learn%20what%20a%20man-in-the-middle%20attack%20is%2C%20how%20MITM%20attacks%20intercept%20data%2C%20and%20how%20encryption%2C%20identity%20security%2C%20and%20Zero%20Trust%20help%20reduce%20risk.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-a-man-in-the-middle-mitm-attack) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack?ts=markdown) What Is a Cyber Attack? [Next](https://www.paloaltonetworks.com/cyberpedia/what-are-smb-null-sessions?ts=markdown) What Are SMB Null Sessions? Risks, Detection \& Prevention {#footer} Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/ai-security?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Next-Generation Identity Security](https://www.paloaltonetworks.com/idira?ts=markdown) * [Privileged Access Management](https://www.paloaltonetworks.com/idira/human/privileged-access-management?ts=markdown) * [Identity and Access Management](https://www.paloaltonetworks.com/idira/human/identity-and-access-management?ts=markdown) * [Endpoint Privilege Manager](https://www.paloaltonetworks.com/idira/human/endpoint-privilege-manager?ts=markdown) * [Identity Governance](https://www.paloaltonetworks.com/idira/human/identity-governance?ts=markdown) * [Workforce Password Management](https://www.paloaltonetworks.com/idira/human/workforce-password-management?ts=markdown) * [Agentic Identities](https://www.paloaltonetworks.com/idira/agentic?ts=markdown) * [Secrets Management](https://www.paloaltonetworks.com/idira/machine/secrets-management?ts=markdown) * [Unified Secrets Governance](https://www.paloaltonetworks.com/idira/machine/unified-secrets-governance?ts=markdown) * [Application Credentials Delivery](https://www.paloaltonetworks.com/idira/machine/application-credentials-delivery?ts=markdown) * [Vendor Privileged Access](https://www.paloaltonetworks.com/idira/human/vendor-privileged-access?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![Palo Alto Networks Logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language