[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-security-solution?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.paloaltonetworks.com/deploybravely?ts=markdown) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Identity Security](https://www.paloaltonetworks.com/cyberpedia/identity-security?ts=markdown) 3. [Machine Identity Security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity?ts=markdown) 4. [What Is a Non-Human Identity (NHI)?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity?ts=markdown) Table of Contents * [Machine Identity Security: The Definitive Guide](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity-security-mis?ts=markdown) * [Machine Identity Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity-security-mis#machine?ts=markdown) * [Four Pillars of Machine Identity Architecture](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity-security-mis#four?ts=markdown) * [Machine Identity in the Attacker Workflow: Unit 42 Observations](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity-security-mis#observations?ts=markdown) * [Cloud Security Implications and Identity Sprawl](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity-security-mis#cloud?ts=markdown) * [Implementing a Machine Identity Security Program](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity-security-mis#program?ts=markdown) * [Machine Identity Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity-security-mis#faqs?ts=markdown) * [What Is Workload Identity? Securing Non-Human Identities](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity?ts=markdown) * [Workload Identity Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity#workload?ts=markdown) * [The Core Components of Workload Identity Architecture](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity#core?ts=markdown) * [Workload Identity in the Zero Trust Framework](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity#framework?ts=markdown) * [Disrupting the Attack Lifecycle with Workload Identity](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity#disrupting?ts=markdown) * [Workload Identity and the AI Agent Security Challenge](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity#challenge?ts=markdown) * [Workload Identity FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity#faqs?ts=markdown) * What Is a Non-Human Identity (NHI)? Machine Identity Security Explained * [Non-Human Identity Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#explained?ts=markdown) * [The Critical Distinction: Standing vs. Non-Standing Privileges](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#privileges?ts=markdown) * [Lateral Movement and Attacker Workflow](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#lateral?ts=markdown) * [Non-Human Identity and Zero Trust Alignment](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#alignment?ts=markdown) * [CIEM, IAM, and PAM Relationships in NHI Security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#security?ts=markdown) * [Strategic Management and Testing of NHIs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#strategic?ts=markdown) * [Non-Human Identity FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#faqs?ts=markdown) * [What Is a Machine Identity?](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity?ts=markdown) * [How Do Machine Identities Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#how?ts=markdown) * [Machine Identity Management (MIM) vs. Human IAM](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#vs?ts=markdown) * [Architecture Components and Identity Types](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#types?ts=markdown) * [Secrets Management vs. Machine Identity Management](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#secrets?ts=markdown) * [Lateral Movement and Attacker Workflow](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#workflow?ts=markdown) * [Cloud Security Implications and CIEM](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#ciem?ts=markdown) * [Implementation Steps for Machine Identity Security](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#implementation?ts=markdown) * [Machine Identity FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#faqs?ts=markdown) # What Is a Non-Human Identity (NHI)? 3 min. read [Explore Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) Table of Contents * * [Non-Human Identity Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#explained?ts=markdown) * [The Critical Distinction: Standing vs. Non-Standing Privileges](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#privileges?ts=markdown) * [Lateral Movement and Attacker Workflow](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#lateral?ts=markdown) * [Non-Human Identity and Zero Trust Alignment](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#alignment?ts=markdown) * [CIEM, IAM, and PAM Relationships in NHI Security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#security?ts=markdown) * [Strategic Management and Testing of NHIs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#strategic?ts=markdown) * [Non-Human Identity FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#faqs?ts=markdown) 1. Non-Human Identity Explained * * [Non-Human Identity Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#explained?ts=markdown) * [The Critical Distinction: Standing vs. Non-Standing Privileges](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#privileges?ts=markdown) * [Lateral Movement and Attacker Workflow](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#lateral?ts=markdown) * [Non-Human Identity and Zero Trust Alignment](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#alignment?ts=markdown) * [CIEM, IAM, and PAM Relationships in NHI Security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#security?ts=markdown) * [Strategic Management and Testing of NHIs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#strategic?ts=markdown) * [Non-Human Identity FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#faqs?ts=markdown) A non-human identity (NHI) is a machine identity that software uses, rather than a person, to authenticate and gain access to various systems. These identities encompass a range of elements, such as service accounts, APIs, applications, containers, bots, and cloud workloads. Typically, NHIs are verified by secrets---such as tokens, keys, or certificates---which serve as proof of identity to other services. Key Takeaways: * **Digital Agents**: Non-human identities, like code, applications and machines, outnumber human users and represent a target for credential theft. \* **Verification Criticality**: Securing NHI requires continuous verification of every service account and machine identity connecting to the network or cloud environment. \* **Privilege Flow**: Attacker success relies on exploiting standing privileges or misconfigured access policies associated with non-human identities. \* **Unit 42 Insight** : Compromised NHIs are primary drivers for fast **lateral movement** in the cloud, transitioning from one service account or function to another. \* **Unique Management**: NHIs require unique lifecycle management, demanding secrets vaulting, rotation, and Just-in-Time (JIT) access policies. \* **Scope**: NHI is broader than traditional machine identity, covering every piece of code that needs to authenticate with another resource. ## Non-Human Identity Explained Non-human identities are the automated workforce of the modern technology stack. They power everything from [CI/CD pipelines](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security?ts=markdown) and [microservices](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices?ts=markdown) to serverless functions and automated data ingestion processes. Unlike human identities, which typically involve credentials such as usernames and passwords, NHIs use programmatic access. These include application secrets, JSON Web Tokens (JWTs), cloud [identity and access management (IAM)](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management?ts=markdown) roles, and secure shell (SSH) keys. The sheer volume and diversity of non-human identities make them a complex security challenge. According to Wendi Whitmore, the Chief Security Intelligence Officer at Palo Alto Networks, the [research shows.](https://www.paloaltonetworks.com/blog/2025/11/2026-predictions-for-autonomous-ai/?ts=markdown) "While attackers utilize AI to scale and accelerate threats across a hybrid workforce, where autonomous agents outnumber humans by 82:1, defenders must counter that speed with intelligent defense." Each NHI operates with a specific set of permissions and is often difficult to track, especially across multi-cloud and hybrid environments. Unmanaged NHIs can lead to unmonitored access, creating a massive security gap that attackers routinely target. ### Categorizing Non-Human Identities The NHI landscape can be broadly segmented into these major types. Securing each type requires a slightly different approach to credential management and access control. * **[Workload Identities](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity?ts=markdown)**: Identities granted to applications, containers, or microservices, often using cloud-native IAM roles or service accounts. They typically require access to databases, storage, or other APIs. However, modern approaches leverage open standards like SPIFFE to issue cryptographic identities, replacing static credentials with short-lived, verifiable tokens. * **Machine Identities**: Primarily certificates and keys used for device authentication, secure communication (TLS/SSL), and code signing. These are foundational for establishing trust between systems. * **Code-Based Secrets**: Hard-coded credentials, API keys, tokens, or environment variables are often improperly embedded in application source code or configuration files. * **CI/CD Pipeline Accounts**: Service accounts used by automation servers like Jenkins or GitHub Actions to deploy code into production environments, often possessing highly privileged access. * **Application Accounts**: Dedicated service accounts created for specific applications to access the database, message queues, or external APIs. These accounts often accumulate standing privileges over time and are rarely audited after initial provisioning. ## The Critical Distinction: Standing vs. Non-Standing Privileges A fundamental security principle for non-human identities is the shift away from standing privileges. A standing privilege is permanent, constant access granted to an identity regardless of current need. This practice maximizes an account's risk exposure. Non-standing privileges, conversely, are granted only when necessary and are revoked immediately upon completion of the required task. This concept is often referred to as [Just-in-Time (JIT) access](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit?ts=markdown). Applying JIT to NHIs dramatically reduces the window of opportunity for attackers. | **Feature** | **Standing Privilege** | **Non-Standing (JIT) Privilege** | |--------------------|-------------------------------------------------------------------------|--------------------------------------------------------------------| | **Duration** | Permanent or Long-Lived | Temporary, Time-Bound Access | | **Risk Profile** | **High**: Credential exposure is constant, providing persistent access. | **Low**: Access is granted only upon request and verified need. | | **Primary Use** | Legacy systems, hard-coded service accounts. | Cloud functions, modern microservices, and Secrets Management. | | **Security Tenet** | Breaches often result in immediate lateral movement. | The breach is contained, and the attacker's access is short-lived. | **Table 1**: Standing Privilege vs Non-Standing (JIT) Privilege ### Why Standing Privileges Are Targeted Attackers actively search for non-human identities with standing privileges. A static, permanent API key or service account provides an attacker with a stable and often unnoticed backdoor. [Unit 42 threat intelligence](https://unit42.paloaltonetworks.com/2025-unit-42-global-incident-response-report-social-engineering-edition) observes that once an attacker gains initial access, one of the first actions is to enumerate local systems for these stored credentials. The successful theft of a long-lived cloud access key allows for sustained malicious activity, often manifesting as resource manipulation or data exfiltration. ## Lateral Movement and Attacker Workflow Non-human identities are the invisible targets that enable an attacker's transition from an initial foothold to a full-scale compromise of the environment. Attackers exploit the interdependencies among [cloud workloads](https://www.paloaltonetworks.com/cyberpedia/what-is-workload?ts=markdown)and microservices. A single, low-privilege service account within a container may be able to assume a more privileged role in another service. This technique is a common form of privilege escalation and [lateral movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement?ts=markdown). [Unit 42's analysis of cloud breaches](https://www.paloaltonetworks.com/resources/research/unit-42-cloud-threat-report-2h-2020#:~:text=As%20enterprises%20move%20more%20workloads,copy%20of%20the%20report%20today.?ts=markdown) shows that the typical attack lifecycle often hinges on exploiting misconfigured non-human identities. ### Non-Human Identity Exploitation Tactics 1. **Initial Compromise**: An externally facing workload (e.g., a vulnerable web application) is compromised, often via a known vulnerability or a simple cloud misconfiguration. 2. [**Credential Theft**](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack?ts=markdown): The attacker searches the compromised host's environment variables, configuration files, or local metadata for credentials associated with non-human entities (API keys, tokens, or IAM role assumption keys). This maps to MITRE ATT\&CK techniques: 1. [**T1552**](https://attack.mitre.org/techniques/T1552/): Unsecured Credentials (including T1552.001: Credentials In Files, and T1552.005: Cloud Instance Metadata API) 2. [**T1528**](https://d3fend.mitre.org/offensive-technique/attack/T1558/): Steal Application Access Token. 3. **Lateral Pivot**: Using the stolen credentials, the attacker impersonates the NHI to access other resources, such as a staging database or a CI/CD tool. This movement is often unmonitored because the actions appear to be routine account activity. 4. **Resource Hijack** : The attacker uses the newfound access to deploy [malware](https://www.paloaltonetworks.com/cyberpedia/what-is-malware?ts=markdown), modify infrastructure as code, or exfiltrate high-value data. The breach transitions from a single point of failure to a full [network segmentation](https://www.paloaltonetworks.com/cyberpedia/what-is-network-segmentation?ts=markdown) bypass. Effective NHI security, tied to the [principle of least privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege?ts=markdown), disrupts this workflow. By ensuring that each NHI has only the exact permissions needed for its current function, the attacker's ability to pivot is severely limited. {#operational href=} ## Operational Challenges and Implementation Steps for NHI Managing non-human identities presents distinct operational challenges that extend beyond traditional human-centric identity and access management (IAM) programs. Automation is essential for managing the sheer scale of NHIs, especially in elastic cloud security environments. ### Operational Challenges in NHI Management * **Visibility and Inventory**: Organizations lack a comprehensive, centralized inventory of all non-human identities across multi-cloud and hybrid infrastructures, resulting in orphaned or forgotten accounts with excessive privileges. * **Secrets Sprawl**: Uncontrolled creation and storage of API keys and secrets in code repositories, local file systems, or collaboration tools, making rotation and auditing nearly impossible. * **Policy Granularity**: Defining fine-grained, least-privilege policies for applications with highly dynamic access requirements is functionally challenging for security teams. * **Rotation and Lifecycle**: The operational overhead of automatically rotating thousands of non-human credentials, without causing service outages, often results in static, long-lived secrets. ### Implementation Steps for NHI Security To successfully manage NHI, a systematic, automated approach focusing on vaulting and JIT access is required. 1. **Discover and Inventory All NHIs** : Use [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem?ts=markdown)and [Secrets Management](https://www.paloaltonetworks.com/cyberpedia/secrets-management?ts=markdown)tools to automatically discover every application, service, and [machine identity](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity?ts=markdown) across all environments. 2. **Vault All Secrets**: Centralize all non-human credentials into a secure, purpose-built vault that supports automated rotation and access control. Never store secrets directly in code or configuration files. 3. **Implement Just-in-Time Access**: Convert long-lived credentials into short-lived, ephemeral tokens. The NHI should request a secret/token from the vault only when it needs to access a resource. 4. **Define and Enforce Least Privilege**: Audit current NHI permissions and remove all standing privileges that are not actively required. Continuously monitor access policies for privilege creep. 5. **Audit and Monitor Continuously** : Integrate NHI access logs into a [SIEM](https://www.paloaltonetworks.com/cyberpedia/what-is-siem?ts=markdown)or [XDR](https://www.paloaltonetworks.com/cyberpedia/what-is-extended-detection-response-XDR?ts=markdown) platform to detect anomalous behavior, such as a service account accessing a resource outside its typical operating hours or geographic location. ## Non-Human Identity and Zero Trust Alignment Non-human identity is a foundational pillar of any successful [zero trust identity architecture](https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture?ts=markdown). The Zero Trust model requires that no identity, human or non-human, is trusted by default. Access must be verified for every resource request, regardless of whether the identity is inside or outside the defined network perimeter. ![This infographic illustrates the NHI Blast Radius, where compromised service accounts exploit standing privileges for lateral movement, contrasted against a five-step Zero Trust Cycle for non-human access. It demonstrates a continuous verification flow—from identity validation to JIT privilege revocation—to secure microservices within a midnight blue and orange brand palette.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-non-human-identity/nhi-and-the-zero-trust-cycle.webp "NHI and the Zero Trust Cycle") ***Figure 1**: NHI and the Zero Trust Cycle* For NHI, Zero Trust dictates continuous verification of the workload's identity and context. This goes beyond checking a static API key. * **Verify Identity**: Is the source container/machine/function what it claims to be? Use cryptographic verification and machine certificates. * **Verify Context**: What is the specific context of the request? Is the access being requested from the expected IP address, at the expected time, and for the expected resource? * **Verify Policy**: Does the request align with the defined, least-privilege policy for that particular non-human identity? By integrating NHI security into the core [identity security](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-security?ts=markdown) controls, organizations ensure that every automated interaction adheres to the 'Never Trust, Always Verify' mantra. This provides an essential security layer for applications, microservices, and serverless functions that form the modern distributed perimeter. ## CIEM, IAM, and PAM Relationships in NHI Security Securing non-human identities is a joint effort that involves specialized tools for [Identity and Access Management (IAM)](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management?ts=markdown), Privileged Access Management (PAM), and Cloud Infrastructure Entitlement Management (CIEM). These tools must work together to provide a complete view of the NHI lifecycle. | **Solution Category** | **Primary Role in NHI Security** | **Key Focus Area** | |----------------------------|----------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------| | **IAM** | Defining the core identity, roles, and initial access policies (e.g., AWS IAM, Azure AD). | Identity Lifecycle and Core Authorization. | | **PAM/Secrets Management** | Securing, vaulting, and rotating the actual secrets (passwords, tokens, API keys) used by NHIs. | Credential Protection and JIT Access Provisioning. | | **CIEM** | Detecting and remediating excessive or unused entitlements and cloud misconfiguration, specifically in cloud environments. | Entitlements and Permission Governance. | **Table 2**: IAM, PAM and CIEM work together to provide a complete view of the NHI lifecycle. The relationship is hierarchical and cooperative. IAM provides the foundational identity. PAM handles the secrets and privileged credentials used by the identity. CIEM ensures that the entitlements granted to the identity (via IAM) are minimized and continuously enforced. This layered approach is mandatory for achieving optimal identity security across complex cloud and hybrid environments. For instance, [Cortex XSIAM](https://www.paloaltonetworks.com/cyberpedia/what-is-extended-security-intelligence-and-automation-management-xsiam?ts=markdown) utilizes data from all three domains to detect and shut down a live threat actor using a stolen NHI credential almost instantaneously. ## Strategic Management and Testing of NHIs As organizations scale, the complexity of managing non-human identities (NHIs) increases exponentially. To move beyond basic discovery, security teams must understand the specific forms these identities take, how to test their defenses through simulation, and how to manage their entire lifecycle from creation to decommissioning. ### Real-World Examples of NHIs Understanding what qualifies as an NHI is the first step toward securing them. Common examples include: * **Service Accounts**: Accounts used by an operating system to run background services or by a web server to access a database. * **OAuth Tokens**: Used by third-party integrations (e.g., a Slack bot accessing your Google Calendar). * **Build Agents**: Identities within CI/CD tools (like GitLab Runners) that require permission to push code to production. * **Serverless Functions**: AWS Lambda or Azure Functions that trigger automatically and need specific IAM roles to process data. * **RPA Bots**: Robotic Process Automation tools that "mimic" human UI actions to automate data entry across legacy systems. ### Breach Simulation Plan for NHIs Standard penetration testing often focuses on human entry points. A Non-Human Identity Breach Simulation specifically tests the resilience of machine-to-machine security. An effective simulation plan includes: 1. **Secret Discovery Phase**: Simulating an attacker scanning GitHub repositories, Docker images, or Wiki pages for "leaked" API keys or hard-coded secrets. 2. **The "Impersonation" Test**: Attempting to use a captured low-privilege token from one environment (e.g., Development) to access a higher-tier environment (e.g., Production). 3. **Lateral Movement Simulation**: Mimicking a compromised container to see if it can "sniff" the metadata service of the cloud provider to steal temporary security credentials. 4. **Blast Radius Assessment**: Measuring how many resources are accessible once an NHI is compromised. If a single API key can delete an entire S3 bucket, the simulation has identified a critical failure in the Principle of Least Privilege. ### NHI Identity Lifecycle Management (NHI-LM) Unlike human employees, who have a "Joiner-Mover-Leaver" process tied to HR, NHIs are often created ad hoc by developers. A comprehensive [Identity Lifecycle Management](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management?ts=markdown) framework for NHIs includes: * **Onboarding \& Registration**: Every NHI must have an assigned "Owner" (a human or team) and a defined purpose documented in a centralized registry. * **Automated Provisioning**: Use Infrastructure as Code (IaC) to ensure NHIs are created with specific, pre-approved permissions rather than manual, broad-access setups. * **Continuous Governance (The "Mover" Phase)**: As an application evolves, its NHI permissions often "creep." Periodic automated reviews must prune unused permissions or update credentials when the application architecture changes. * **Decommissioning (The "Leaver" Phase)**: This is the most common gap. When a project is retired or a microservice is deleted, the associated secrets and service accounts must be systematically revoked. "Orphaned" NHIs are among the highest risks in cloud environments. ## Non-Human Identity FAQs ### How does Non-Human Identity management differ from NHI startups' primary objective in their products? While NHI Management is the broader discipline of governing service accounts, API keys, and machine credentials, NHI Startups focus on solving the specific "visibility and sprawl" crisis that traditional tools, such as Secrets Managers or legacy IAM, fail to address. The primary difference lies in the scope of the problem versus the architecture of the solution. While traditional NHI management focuses on the secure storage and rotation of machine credentials, NHI startups prioritize visibility and risk orchestration by mapping the context, ownership, and permissions of those secrets across the entire environment. ### What is the difference between Non-Human Identity and Machine Identity? Non-Human Identity is the broader category that covers any identity not associated with a human user, including service accounts, application credentials, and API keys. Machine Identity is a subset of NHI that refers specifically to the cryptographic identities, such as TLS/SSL certificates and SSH keys, used by physical or virtual machines to authenticate themselves. ### Why are non-human identities a greater security risk than human identities? NHIs are more numerous, often possess unmonitored standing privileges, and are frequently overlooked in standard identity governance programs. When compromised, they are used by automated attacker scripts to perform high-speed lateral movement and resource manipulation without triggering typical human-centric security alerts. ### How does Non-Human Identity relate to application security (AppSec)? NHI security is a core component of AppSec. It addresses the protection of secrets and credentials used by applications. Failing to properly manage NHIs means that even a perfectly coded application can be exploited if its associated API key is stolen or if its workload identity has excessive entitlements. ### Can an attacker use a Non-Human Identity for financial fraud? Yes. A compromised non-human identity, particularly one associated with a CI/CD pipeline or a serverless function with access to billing or production environments, can be used to provision unauthorized cloud resources, deploy crypto-mining malware, or access sensitive financial data for exfiltration or manipulation. ### What is the "blast radius" of a compromised Non-Human Identity? The blast radius is the extent of the damage an attacker can inflict after compromising an NHI. If the NHI has standing, highly permissive access across multiple cloud accounts, the blast radius is massive. If JIT and least privilege are enforced, the blast radius is confined to a single, short-lived task. Related Content [Datasheet: Conquer Cloud Identity Chaos with CIEM Learn how to manage identity risk and gain crucial context with CIEM.](https://www.paloaltonetworks.com/resources/datasheets/cortex-cloud-ciem?ts=markdown) [Case Study: The MCP Wake-Up Call Discover how SaaS SSPM detects and remediates risky non-human integrations](https://live.paloaltonetworks.com/t5/community-blogs/the-mcp-wake-up-call-why-non-human-identities-must-be-on-your/ba-p/1232795) [Interactive Demo: Identity Threat Detection and Response (ITDR) Take a tour of the Cortex platform; Hunt for non-human identities using behavioral analytics.](https://www.paloaltonetworks.com/cortex/cortex-xdr-request-demo?ts=markdown) [Explore the Automation Playbook on NHI Remediation Learn how to use Cortex XSOAR in this technical guide for SecOps teams.](https://xsoar.pan.dev/docs/reference/playbooks/cloud-credentials-rotation---generic) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20a%20Non-Human%20Identity%20%28NHI%29%3F%20Machine%20Identity%20Security%20Explained&body=Non-human%20identities%20%28NHI%29%20like%20API%20keys%20and%20service%20accounts%20are%20top%20targets%20for%20lateral%20movement.%20Use%20Zero%20Trust%20and%20Secrets%20Management%20to%20secure%20your%20NHIs.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity?ts=markdown) What Is Workload Identity? Securing Non-Human Identities [Next](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity?ts=markdown) What Is a Machine Identity? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language