[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Security Operations](https://www.paloaltonetworks.com/cyberpedia/security-operations?ts=markdown) 3. [Security Operations](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations?ts=markdown) 4. [What Is a Security Operations Center (SOC)?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc?ts=markdown) Table of Contents * [What Is Security Operations (SecOps)? Comprehensive Guide](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations?ts=markdown) * [Security Operations (SecOps) Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations#secops?ts=markdown) * [The Pillars of Modern SecOps: People, Process, and Technology](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations#pillars?ts=markdown) * [Example Scenario: Incident Response to a Malware Alert](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations#example?ts=markdown) * [Proactive Security Operations Examples](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations#proactive?ts=markdown) * [Technology: Core Tools for the SOC](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations#technology?ts=markdown) * [Core Components and Functions of the SOC](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations#core?ts=markdown) * [SecOps vs. DevOps vs. DevSecOps](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations#vs?ts=markdown) * [Security Operations FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations#faqs?ts=markdown) * What Is a Security Operations Center (SOC)? * [SOC Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#soc?ts=markdown) * [SOC Roles and Responsibilities](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#roles?ts=markdown) * [Key SOC Functions and Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#key?ts=markdown) * [SOC Delivery Models](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#models?ts=markdown) * [How Does a MSSP Differ from a SOC?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#mssp-differ-from-soc?ts=markdown) * [Best Practices for Optimizing SOC Performance](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#best?ts=markdown) * [The Future SOC Solution](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#future?ts=markdown) * [Security Operations Center (SOC) FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#faqs?ts=markdown) * [How Do I Deploy SecOps Automation?](https://www.paloaltonetworks.com/cyberpedia/guide-to-deploying-secops-automation?ts=markdown) * [Preparing for SecOps Automation](https://www.paloaltonetworks.com/cyberpedia/guide-to-deploying-secops-automation#preparing?ts=markdown) * [Start Simple with High-Impact Tasks](https://www.paloaltonetworks.com/cyberpedia/guide-to-deploying-secops-automation#start?ts=markdown) * [Automation Benefits for Organizations of All Sizes](https://www.paloaltonetworks.com/cyberpedia/guide-to-deploying-secops-automation#automation?ts=markdown) * [Peer Review and Approval](https://www.paloaltonetworks.com/cyberpedia/guide-to-deploying-secops-automation#peer?ts=markdown) * [Secure a Champion for Automation](https://www.paloaltonetworks.com/cyberpedia/guide-to-deploying-secops-automation#secure?ts=markdown) * [Defining Automation Use Cases](https://www.paloaltonetworks.com/cyberpedia/guide-to-deploying-secops-automation#defining?ts=markdown) * [Example Use Cases: Phishing and Malware](https://www.paloaltonetworks.com/cyberpedia/guide-to-deploying-secops-automation#example?ts=markdown) * [Selecting the Right SOAR Platform](https://www.paloaltonetworks.com/cyberpedia/guide-to-deploying-secops-automation#selecting?ts=markdown) * [SOAR Deployment and Use Cases FAQs](https://www.paloaltonetworks.com/cyberpedia/guide-to-deploying-secops-automation#faqs?ts=markdown) * [Security Operations Center (SOC) Roles and Responsibilities](https://www.paloaltonetworks.com/cyberpedia/soc-roles-and-responsibilities?ts=markdown) * [The SOC Team: Roles and Responsibilities](https://www.paloaltonetworks.com/cyberpedia/soc-roles-and-responsibilities#the?ts=markdown) * [What Is the Role of a Security Operations Center (SOC)?](https://www.paloaltonetworks.com/cyberpedia/soc-roles-and-responsibilities#what?ts=markdown) * [What Are Best Practices for a Winning SOC Team?](https://www.paloaltonetworks.com/cyberpedia/soc-roles-and-responsibilities#best?ts=markdown) * [SOC Roles and Responsibilities FAQs](https://www.paloaltonetworks.com/cyberpedia/soc-roles-and-responsibilities#faqs?ts=markdown) * [What is SOC as a Service (SOCaaS)?](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service?ts=markdown) * [Which Cyber Threats are Monitored by SOCaaS?](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#which?ts=markdown) * [The Need Managed Security Services](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#need?ts=markdown) * [What are the Benefits of SOC as a Service (SOCaaS)?](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#what?ts=markdown) * [Factors to Consider When Designing a SOC](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#factors?ts=markdown) * [Why a Managed SOC is Important](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#important?ts=markdown) * [Challenges of a Managed SOC](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#challenges?ts=markdown) * [SOC as a service FAQs](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service#faqs?ts=markdown) * [How Do I Improve SOC Effectiveness?](https://www.paloaltonetworks.com/cyberpedia/how-do-i-improve-soc-effectiveness?ts=markdown) * [Top Priorities for Improving SOC Effectiveness](https://www.paloaltonetworks.com/cyberpedia/how-do-i-improve-soc-effectiveness#top?ts=markdown) * [Integrating Threat Intelligence to Enhance SOC Effectiveness](https://www.paloaltonetworks.com/cyberpedia/how-do-i-improve-soc-effectiveness#integrating?ts=markdown) * [Security Tools that Improve SOC Effectiveness](https://www.paloaltonetworks.com/cyberpedia/how-do-i-improve-soc-effectiveness#security?ts=markdown) * [How Reports and Dashboards Improve SOC Effectiveness](https://www.paloaltonetworks.com/cyberpedia/how-do-i-improve-soc-effectiveness#how?ts=markdown) * [Investing in Training and Development Programs](https://www.paloaltonetworks.com/cyberpedia/how-do-i-improve-soc-effectiveness#investing?ts=markdown) * [How to Improve SOC Effectiveness FAQs](https://www.paloaltonetworks.com/cyberpedia/how-do-i-improve-soc-effectiveness#faqs?ts=markdown) * [How AI-Driven SOC Solutions Transform Cybersecurity: Cortex XSIAM](https://www.paloaltonetworks.com/cyberpedia/revolutionizing-soc-operations-with-ai-soc-solutions?ts=markdown) * [How Cortex XSIAM 2.0 Revolutionizes Security Operations](https://www.paloaltonetworks.com/cyberpedia/revolutionizing-soc-operations-with-ai-soc-solutions#operations?ts=markdown) * [Cortex XSIAM Solutions and Advantages](https://www.paloaltonetworks.com/cyberpedia/revolutionizing-soc-operations-with-ai-soc-solutions#cortex-xsiam-solutions-and-advantages?ts=markdown) * [Addressing Critical Issues in Current SOC Solutions](https://www.paloaltonetworks.com/cyberpedia/revolutionizing-soc-operations-with-ai-soc-solutions#addressing-critical-issues?ts=markdown) * [How Cortex XSIAM Transforms the SOC](https://www.paloaltonetworks.com/cyberpedia/revolutionizing-soc-operations-with-ai-soc-solutions#how?ts=markdown) * [Distinctive Features of Cortex XSIAM](https://www.paloaltonetworks.com/cyberpedia/revolutionizing-soc-operations-with-ai-soc-solutions#features?ts=markdown) * [Comprehensive SOC Solutions: Single Platform Delivery Highlights](https://www.paloaltonetworks.com/cyberpedia/revolutionizing-soc-operations-with-ai-soc-solutions#highlights?ts=markdown) * [Integrated Capabilities: The XSIAM Solutions Delivery](https://www.paloaltonetworks.com/cyberpedia/revolutionizing-soc-operations-with-ai-soc-solutions#capabilities?ts=markdown) * [Ready to Transform Your Cybersecurity Landscape?](https://www.paloaltonetworks.com/cyberpedia/revolutionizing-soc-operations-with-ai-soc-solutions#cybersecurity-landscape?ts=markdown) # What Is a Security Operations Center (SOC)? 5 min. read Table of Contents * * [SOC Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#soc?ts=markdown) * [SOC Roles and Responsibilities](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#roles?ts=markdown) * [Key SOC Functions and Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#key?ts=markdown) * [SOC Delivery Models](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#models?ts=markdown) * [How Does a MSSP Differ from a SOC?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#mssp-differ-from-soc?ts=markdown) * [Best Practices for Optimizing SOC Performance](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#best?ts=markdown) * [The Future SOC Solution](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#future?ts=markdown) * [Security Operations Center (SOC) FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#faqs?ts=markdown) 1. SOC Challenges * * [SOC Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#soc?ts=markdown) * [SOC Roles and Responsibilities](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#roles?ts=markdown) * [Key SOC Functions and Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#key?ts=markdown) * [SOC Delivery Models](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#models?ts=markdown) * [How Does a MSSP Differ from a SOC?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#mssp-differ-from-soc?ts=markdown) * [Best Practices for Optimizing SOC Performance](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#best?ts=markdown) * [The Future SOC Solution](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#future?ts=markdown) * [Security Operations Center (SOC) FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc#faqs?ts=markdown) A security operations center (SOC) is a central team that oversees and manages an organization's security stance. This unit usually comprises security experts tasked with detecting, addressing, and reducing security threats. In essence, the SOC team ensures that the organization functions securely. The four primary functions of security operations are: * **Identify** -- Identify an alert as potentially malicious and open an incident. * **Investigate** -- Investigate the root cause and impact of the incident. * **Mitigate** -- Recommend mitigation options to isolate and remove a threat. * **Continuous Improvement** -- Constantly adapt to process, visibility, and technology to improve in real time as incidents occur. SOC teams often work around the clock, continuously safeguarding an organization's digital infrastructure and maintaining peace of mind for stakeholders. These security experts utilize advanced tools to analyze network traffic and identify suspicious activities, allowing for swift incident response. ![State of North Dakota Builds SOC Strategy Around Cortex](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/video-thumbnail-state-of-north-dakota-builds-soc-strategy-around-cortex.jpg) close ## SOC Challenges While well-funded threat actors are investing in new tools like [machine learning (ML)](https://www.paloaltonetworks.com/cyberpedia/machine-learning-ml?ts=markdown), [automation](https://www.paloaltonetworks.com/resources/ebooks/practical-guide-secops-automation?ts=markdown), and [artificial intelligence (AI)](https://www.paloaltonetworks.com/cyberpedia/artificial-intelligence-ai?ts=markdown), SOCs built around legacy security information and event management fail to provide a flexible and scalable solution that keeps pace with digital transformation, cloud initiatives, and advanced attack campaigns. Today's expanded enterprise attack surface generates much more security data, which is both more complex and siloed, than only a few years ago. Network, [endpoint](https://www.paloaltonetworks.com/cyberpedia/what-is-an-endpoint?ts=markdown), identity, and cloud data remain in separate systems. Endpoint telemetry is locked in an [endpoint detection and response (EDR) system](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr?ts=markdown), and cloud data is in a separate cloud security tool. As a result, SOC analysts must manually analyze data to triage alerts and take effective action. Alerts overload analysts, so threats are missed, and dwell times remain long. Security engineers struggle to integrate new data streams and create new detection rules and playbooks, while security architects integrate the latest new point product. The results are predictable: alert fatigue, slow investigations, and attackers who hide in networks for months. The modern way to scale an effective SOC is with automation, leveraging AI and ML as the foundation, and analysts working on a small set of high-risk incidents. Just as operating a self-driving vehicle no longer requires constant, hands-on control by the operator, an automation-led SOC handles the bulk of low-risk, repeated alerts, analysis tasks, and mitigations. This frees the analysts to work on urgent, high-impact incidents. At the same time, the underlying platform autopilots the SOC to safe outcomes, learning from each activity and offering information and practical recommendations to the SOC manager. ![Infographic showing five Security Operation Center roles with green circular icons. From left to right: SOC Manager (person with badge icon) - leaders who report to CISO with top-level responsibilities; Compliance Auditor (checklist icon) - standardizes processes and ensures protocol compliance; Incident Responder (fingerprint with magnifying glass icon) - reacts quickly to alerts; SOC Analyst (target with magnifying glass icon) - reviews past incidents and determines root causes; Threat Hunter (crosshairs with shield icon) - proactively tests networks to identify exploitable weaknesses.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/panw-soc-roles.png) ## SOC Roles and Responsibilities A SOC needs a well-structured team to handle the growing complexity of modern threats. The team collaborates with other departments or teams to share information about incidents with relevant stakeholders. Typically, SOC roles and responsibilities involve various skilled personnel working together to manage security incidents effectively. This team includes: * **SOC manager:** This person manages the SOC's day-to-day operations, including developing and implementing security policies and procedures and providing security awareness training to employees. * **Advanced security analyst:** Proactively hunts for threats and vulnerabilities in an organization's environment. This includes analyzing logs, network traffic, and other data sources to identify potential threats and vulnerabilities. * **Incident responder:** This person responds to security incidents, including identifying the source, determining the scope, and assessing the impact. * **Security engineer/architect:** Designs and implements security solutions to protect an organization's environment. This includes network security solutions like firewalls, intrusion detection systems, and antivirus software. * **Security investigator:** Responsible for investigating security incidents and determining the incident's root cause. This includes analyzing logs, network traffic, and other data sources to identify the source of the incident. The SOC splits tasks to promote specialization and flexibility. By grouping staff according to their skills, SOCs can respond quickly to incidents, investigate thoroughly, and identify new threats. This arrangement boosts efficiency, allowing for faster decision-making and stronger security measures that align with the organization's cybersecurity strategy. Learn more about [SOC Roles and Responsibilities](https://www.paloaltonetworks.com/cyberpedia/soc-roles-and-responsibilities?ts=markdown), the key to your security operations success. ![SOC Functions](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/panw-soc-functions.png) ## Key SOC Functions and Tools A SOC acts as the command center for cybersecurity operations, with a range of critical functions designed to detect, respond to, and prevent cyber threats. By leveraging the latest tools, technologies, and techniques, a SOC ensures that the organization remains secure and resilient against evolving threats. Here are its key functions and tools utilized for each: ### 24/7 Monitoring * **Overview**: Security Operation Centers (SOCs) work 24/7 to monitor an organization's network and systems for unusual activity or threats. Their main goal is to detect incidents and reduce response time quickly. * **Details** : This constant monitoring includes checking logs, traffic patterns, and data from firewalls, Intrusion Detection Systems (IDS), and endpoint security tools. Analysts search for signs of [malware](https://www.paloaltonetworks.com/cyberpedia/what-is-malware?ts=markdown), unauthorized access, or security breaches. * **Tools Used** : The primary tools include [Security Information and Event Management (SIEM)](https://www.paloaltonetworks.com/cyberpedia/what-is-siem?ts=markdown) systems, [Intrusion Detection](https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-detection-system-ids?ts=markdown) and [Prevention Systems](https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-prevention-system-ips?ts=markdown) (IDS/IPS), and [Endpoint Detection and Response (EDR) tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools?ts=markdown). #### SIEM Solutions in a SOC [Security Information and Event Management (SIEM) solutions](https://www.paloaltonetworks.com/cyberpedia/siem-solutions-in-soc?ts=markdown) are a type of security solution that helps businesses monitor and analyze their security data in real time. SIEM solutions collect data from multiple sources, including network devices, applications, and user activity, and use analytics to detect potential threats. SIEM solutions allow businesses to respond quickly to security incidents and take corrective action. For many SOCs, this is the core monitoring, detection, and response technology utilized to monitor and aggregate alerts and telemetry from software and hardware on the network and analyze the data for potential threats. ### Incident Detection and Response * **Overview**: When a security issue is detected, the SOC quickly assesses its seriousness, finds out where it came from, and takes steps to limit the damage. * **Details** : Incident response teams use established procedures to tackle threats like viruses, [ransomware](https://www.paloaltonetworks.com/cyberpedia/what-is-ransomware?ts=markdown), service outages, and [data breaches](https://www.paloaltonetworks.com/cyberpedia/data-breach?ts=markdown). The first action is to contain the threat by isolating affected systems and stopping its spread. After that, the SOC works to fix the problem to restore normal operations and prevent it from happening again. * **Tools Used** : Tools like SIEM help with event tracking and alerting, while automation tools like [SOAR](https://www.paloaltonetworks.com/cyberpedia/what-is-soar?ts=markdown) assist in managing incidents. ### Threat Intelligence * **Overview** : [Threat intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti?ts=markdown) collects and analyzes information about possible security threats to enhance protection. * **Details**: SOCs gather intelligence from various sources, including public and paid services and industry collaborations. This information can include current attack methods and strategies attackers use, helping SOCs find weaknesses and defend against new threats. * **Tools Used**: Various platforms, information feeds, and machine learning techniques to analyze and prioritize threats. ### Event Correlation * **Overview**: Event correlation connects different security events and incidents to uncover patterns or signs of a more significant attack. * **Details**: A single security event (e.g., a failed login attempt) might seem insignificant in isolation, but multiple events across different systems or times might point to a coordinated attack (e.g., credential stuffing leading to a breach). By correlating data from various security tools, SOC teams can identify complex, hidden attacks that might otherwise go unnoticed. * **Tools Used**: SIEM systems are key here, as they aggregate data from various sources and apply correlation rules to identify potential threats. ### Forensic Analysis * **Overview** : [Forensic analysis](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) is conducted after an incident to understand what happened, how it happened, and the impact. * **Details**: The SOC investigates the attack by analyzing affected systems, reviewing logs, recovering deleted data, and sometimes even reversing malware. The goal is to build a timeline of the attack, identify exploited vulnerabilities, and understand the attacker's methods. The findings help improve future defenses and provide information for legal or regulatory reporting. * **Tools Used**: Forensic analysis tools include disk/data capture tools, file viewing tools, network and database forensics tools, and specialized analysis tools for file, registry, web, Email, and mobile device analysis, combined with SIEM and system logs. ### Compliance Management * **Overview**: Many organizations must adhere to industry standards and regulatory frameworks to maintain their cybersecurity posture. The SOC plays a crucial role in ensuring compliance with these requirements. * **Details** : SOCs ensure the organization complies with regulations like [GDPR](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance?ts=markdown), [HIPAA](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa?ts=markdown), [PCI-DSS](https://www.paloaltonetworks.com/cyberpedia/pci-dss?ts=markdown), and others. This includes maintaining the required security controls, conducting regular audits, and generating reports for external auditors or regulators. Non-compliance can lead to fines, legal issues, and loss of customer trust. * **Tools Used**: Compliance management software, SIEM systems, and reporting tools. ### Vulnerability Management * **Overview** : [Vulnerability management](https://www.paloaltonetworks.com/cyberpedia/vulnerability-management?ts=markdown) is identifying, classifying, and remediating vulnerabilities in systems, software, and hardware. * **Details** : This includes conducting regular [vulnerability scans](https://www.paloaltonetworks.com/cyberpedia/vulnerability-scanning?ts=markdown), reviewing patch management practices, and addressing weaknesses before attackers can exploit them. Vulnerability management also involves prioritizing risks based on severity, exploitability, and potential impact on the business. * **Tools Used** : vulnerability scanners (e.g., Nessus, Qualys), patch management solutions, and [risk assessment](https://www.paloaltonetworks.com/cyberpedia/how-to-assess-risk-in-the-cloud?ts=markdown) frameworks. ### Proactive Threat Hunting * **Overview** : Unlike traditional monitoring, which responds to alerts, [threat hunting](https://www.paloaltonetworks.com/cyberpedia/threat-hunting?ts=markdown) is a proactive approach to seek out hidden threats within the network before they cause harm. * **Details** : Threat hunters look for indicators of compromise (IOCs) that haven't yet triggered alerts. This includes searching for early signs of attack (like abnormal system access patterns or unusual data traffic). Threat hunters often use behavioral analytics and machine learning to identify anomalies and discover sophisticated threats like [advanced persistent threats (APTs)](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt?ts=markdown). * **Tools Used**: Threat-hunting platforms, endpoint detection tools, and threat intelligence feeds. ### Collaboration and Coordination * **Overview**: The SOC doesn't operate in isolation; it coordinates with other departments and may collaborate with external agencies or other SOCs. * **Details**: SOC teams work closely with IT, legal, compliance, and executive teams to ensure a holistic approach to cybersecurity. For example, IT teams may help isolate affected systems, legal teams handle breach notifications, and management teams make strategic decisions. External collaboration might involve working with law enforcement or industry-sharing groups during an investigation. * **Tools Used**: Communication and incident management platforms (e.g., Slack, Microsoft Teams, and case management tools). Explore how SIEM tools empower SOC teams: [How Do SIEM Tools Benefit SOC Teams?](https://www.paloaltonetworks.com/cyberpedia/how-do-siem-tools-benefit-soc-teams?ts=markdown), and[What is a SIEM Solution in a SOC?](https://www.paloaltonetworks.com/cyberpedia/siem-solutions-in-soc?ts=markdown) ## SOC Delivery Models Key factors, including the business's needs, global presence, access to resources, and funding, usually drive security operations. These factors can influence whether a business chooses in-house or outsourced security operations. ### In-House, Next-Generation SOC An in-house, next-generation SOC keeps the knowledge and control of the environment within the business, provides flexibility in alerting, automates repetitive tasks, utilizes AI with ML to prioritize and generate high-value alerts, and applies continuous improvement. It can require a considerable investment upfront and will require all 84 elements of security to be implemented. ### SOC as a Service Outsourced security operations, or [SOC as a service](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service?ts=markdown), provide access to experts, advanced technology, mature processes, and quick implementation. However, they still require in-house resources to carry out remediation activities and can reduce the number of custom processes that can be implemented. SOC-as-a-service also requires detailed service-level agreements (SLAs) and consistent monitoring and testing of the SLAs to ensure quality. This setup may also cause concerns around compliance at different global locations, gaps in visibility, and a lack of internal knowledge. Find out more about the subscription-based [SOC-as-a-service](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service?ts=markdown) delivery model. ### Hybrid Solution Many organizations choose a hybrid solution with some functions outsourced, such as using level-one analysts to identify priorities. This solution provides access to subject matter experts that may not be present in-house and can provide flexibility and scalability. It requires stringent communication agreements and tight processes around escalations so that external and internal staff have the flexibility and ability to respond quickly to incidents. ## How Does a MSSP Differ from a SOC? A managed security service provider (MSSP) is a third-party vendor that provides security services to multiple clients. It may offer SOC-like functions, but its primary role is service delivery versus organizational integration. ![A managed security service provider (MSSP) is a third-party vendor that provides security services to multiple clients. It may offer SOC-like functions, but its primary role is service delivery versus organizational integration.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/mssp-differ-soc.jpg "A managed security service provider (MSSP) is a third-party vendor that provides security services to multiple clients. It may offer SOC-like functions, but its primary role is service delivery versus organizational integration.") ### Operational Control Organizations retain full control over their SOC. They dictate staffing, tooling, data handling, workflows, and escalation paths. SOC teams often embed deeply within the broader IT or security organization. An MSSP operates externally and follows contract-defined workflows. Customers may receive dashboards or reports, but they don't manage day-to-day operations. Response decisions often require customer approval unless explicitly defined in the SLA. ### Scope of Service SOC teams handle a broad range of activities across detection, response, threat hunting, and incident analysis. They typically ingest telemetry from across the IT stack --- network, endpoint, cloud, identity, and more. MSSPs often focus on predefined services: perimeter monitoring, log aggregation, alerting, and basic triage. Some provide more advanced offerings like [managed detection and response (MDR)](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response?ts=markdown), but many stop short of full-spectrum investigation and threat hunting. ### Visibility and Context SOC teams operate within the organization's environment. They have direct access to telemetry, asset inventories, and user data. This context improves triage accuracy and speeds up investigations. MSSPs rely on what the client provides --- usually limited to log forwarding or third-party integrations. Without full context, they may miss attack paths or escalate false positives more frequently. ### Responsiveness Internal SOCs can respond to threats immediately. Analysts interact directly with infrastructure, security tools, and leadership. MSSPs follow escalation protocols. Response times may depend on SLA tiers or ticket-based workflows. Delays in communication or approval can slow containment. ### Customization and Integration SOCs integrate with internal development, cloud, and IT teams. They tailor detection logic and workflows to match the organization's environment and risk profile. MSSPs tend to standardize service delivery across customers. Custom detections or integrations may cost extra or fall outside their scope. ## Best Practices for Optimizing SOC Performance You should follow several best practices to make your Security Operations Center (SOC) run like a well-oiled machine. These practices help streamline operations, enhance team efficiency, and improve your organization's security posture. ### 1. Leverage Automation and AI Integrating automation and artificial intelligence (AI) into SOC workflows can significantly improve incident detection and response times. Machine learning algorithms can sift through massive data sets to spot patterns and anomalies, helping your team respond faster and more accurately---without being bogged down by manual analysis. ### 2. Encourage Collaboration and Information Sharing Effective collaboration is the foundation of excellent SOC performance. Fostering communication within the organization and with external partners can improve situational awareness, enabling quicker and more accurate responses to incidents. ### 3. Update Security Policies Regularly Cyber threats are constantly evolving, and so should your security policies. Make it a priority to regularly update procedures and protocols to keep pace with new challenges. Continuous learning and training for SOC staff will ensure they're equipped to handle the latest threats. ### 4. Align with Security Frameworks Align your SOC practices with widely recognized security frameworks like the [NIST Cybersecurity Framework](https://www.paloaltonetworks.com/cyberpedia/nist?ts=markdown) or ISO/IEC 27001. This ensures your operations are part of a comprehensive, holistic security strategy that covers risk management, governance, and compliance. ## The Future SOC Solution With the expansion of attacker capabilities, adversaries have begun incorporating their ML and AI technologies to enhance their arsenal of attacks. This includes leveraging ML algorithms for sophisticated phishing campaigns and employing AI-driven techniques for effective end-user [social engineering](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering?ts=markdown). Defenders must adapt and counter these emerging threats as attackers evolve and refine. In response, the defender's strategy is shifting toward leveraging generative AI, which empowers SOCs to detect, analyze, and mitigate cyberthreats proactively. By harnessing the capabilities of generative AI, defenders can stay one step ahead of adversaries and strengthen their overall cybersecurity posture. ### Generative AI Generative AI is about to revolutionize the SOC, ushering in a new era of cybersecurity capabilities and transforming how organizations defend against threats. With its ability to analyze vast amounts of data, detect patterns, and make informed decisions, generative AI will empower SOC teams to stay one step ahead of cybercriminals and proactively protect critical assets. AI algorithms excel at analyzing large volumes of data in real time. By continuously monitoring network logs, system activities, and user behaviors, AI can swiftly identify suspicious patterns and indicators of potential threats. This enables SOC analysts to proactively detect and respond to emerging threats, minimizing the risk of security breaches. Generative AI will serve as a dedicated assistant to analysts, working together to swiftly identify, thoroughly investigate, and effectively mitigate security threats. With its advanced capabilities, generative AI provides valuable insights, automates time-consuming tasks, and assists analysts in making informed decisions, bolstering the overall effectiveness and efficiency of security operations. Generative AI will innovate how cyberattack victims are supported by providing personalized responses that assist them in navigating the remediation process and gaining valuable lessons for future resilience. Imagine every end user having their own cybersecurity expert to review suspicious emails and provide a customized response to their concerns. Modern security operations will reduce or eliminate repetitive activities in the SOC and contain: * ML-curated alerts to identify attackers in the weeds. * Correlation of low-confidence alerts to produce high-confidence alerting. * Documented roles and responsibilities to clearly define who owns each element of security operations. * Continuous improvement is applied to every incident. * Processes designed to ease the adoption of automation while accommodating manual response activities. * Consistent protection across the network, cloud, and endpoints. * Automated threat prevention for updates to security controls in minutes, not days. Learn how to stay ahead of the increasingly complex threat landscape: [How AI-Driven SOC Solutions Transform Cybersecurity.](https://www.paloaltonetworks.com/cyberpedia/revolutionizing-soc-operations-with-ai-soc-solutions?ts=markdown) ### Palo Alto Networks Approach to Establishing a SOC At Palo Alto Networks, our SOC story is highly optimized. We actively broke away from the traditional four-tier SOC approach, ranging from Tier 1 analysts who monitor, prioritize, and investigate SIEM alerts to Tier 4 SOC managers responsible for recruitment, security strategy, and reporting to management. Taking more of a hybrid approach, the Palo Alto Networks SOC team follows this general philosophy: * Staff the SOC, so 80% of staff have previous SOC experience. * Cross-train the SOC team in all domains, including alert triage, incident response, threat hunting, and automation. * Provide a well-funded annual training budget for all analysts. Our rationale is that we can: * Maintain a nimble team that can pivot between responsibilities (and tiers) * Support business continuity * Provide a more engaging atmosphere and reduce staff burnout * Promote an environment of continuous learning * Provide greater coverage with less staff by relying on the right technology to get the job done * Maintain a work/life balance while giving SOC engineers a feeling of positive control of their destinies ## Security Operations Center (SOC) FAQs ### What is the difference between a SOC and a NOC (Network Operations Center)? While a SOC focuses on cybersecurity and threat management, a NOC deals with the general health and performance of an organization's network and systems. ### How does a SOC help with compliance? A SOC helps organizations comply with industry standards and regulations by monitoring systems for potential breaches and ensuring appropriate security measures are in place. ### What is the role of a SOC during a cyber attack? During a cyber attack, the SOC is responsible for detecting the breach, analyzing the attack, coordinating the response, and minimizing any damage to the organization. ### Can small businesses benefit from a SOC? Yes, even small businesses can benefit from a SOC by ensuring continuous monitoring and rapid response to security threats, helping them stay protected without building a large internal security team. ### What are the key components of a SOC? The key components of a SOC include people (security analysts and incident responders), processes (security protocols and procedures), and technology (tools like SIEM, IDS/IPS, and firewalls). ### What is a SOC's role in threat intelligence? A security operations center gathers and analyzes threat intelligence to prevent potential cyberattacks. This information is used to improve detection, response strategies, and overall security posture. ### How does a SOC manage vulnerabilities? A security operations center monitors systems and applications for vulnerabilities, prioritizes them based on risk, and works with other teams to patch or mitigate them before they can be exploited. ### What is a SOC maturity model? A SOC maturity model helps organizations assess the effectiveness of their SOC by evaluating factors such as technology, processes, and the team's expertise. It guides improvements over time. ### How does a SOC collaborate with other departments? A SOC works closely with IT, network, compliance teams and executive leadership to ensure alignment on security policies, incident response, and ongoing threat management. Related content [What is SOC as a Service? Learn more about this cloud-based subscription model for managed threat detection and response.](https://www.paloaltonetworks.com/cyberpedia/soc-as-a-service?ts=markdown) [Transform Your SecOps with a Unified Platform Transform SecOps with Cortex, A SecOps platform that harnesses the power of Precision AI.](https://www.paloaltonetworks.com/cortex?ts=markdown) [Unit 42 SOC Assessment Align Your Unique Threat Profile and Recommended Best Practices to Improve the Threat Detection and Response Capabilities of Your SOC](https://www.paloaltonetworks.com/resources/datasheets/unit-42-soc-assessment?ts=markdown) [Five Essential Steps to SOC Transformation This guide presents five practical solutions and tangible benefits for security teams undertaking SOC transformation to overcome key challenges that hinder SOC efficiency](https://www.paloaltonetworks.com/resources/guides/5-steps-xsiam-soc-transformation-guide?ts=markdown) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20a%20Security%20Operations%20Center%20%28SOC%29%3F&body=Learn%20what%20a%20Security%20Operations%20Center%20%28SOC%29%20is%2C%20its%20role%20in%20cybersecurity%2C%20and%20how%20it%20helps%20protect%20organizations%20from%20threats%20and%20cyberattacks.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-a-soc) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations?ts=markdown) What Is Security Operations (SecOps)? Comprehensive Guide [Next](https://www.paloaltonetworks.com/cyberpedia/guide-to-deploying-secops-automation?ts=markdown) How Do I Deploy SecOps Automation? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language