[](https://www.paloaltonetworks.com/?ts=markdown)

* Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)
  ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [](https://www.paloaltonetworks.com/?ts=markdown)

* Products  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products  
  [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)
  
  * [AI Security](https://www.paloaltonetworks.com/ai-security?ts=markdown)
  
  * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  
  * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)
  
  * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)
  
  * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  
  * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)
  
  * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)
  
  * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  
  * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)
  
  * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)
  
  * [Next-Gen Trust Security](https://www.paloaltonetworks.com/network-security/next-gen-trust-security?ts=markdown)
  
  * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown)
  
  * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)
  
  * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)
  
  * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  
  * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)
  
  * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)
  
  * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)
  
  * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)
  
  * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)
  
  * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)
  
  * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)
  
  * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)
  
  * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)
  
  * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)  
    [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)
  
  * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)
  
  * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)
  
  * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)
  
  * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)
  
  * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)
  
  * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown)
  
  * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)
  
  * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown)
  
  * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)
  
  * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown)
  
  * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  
  * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)  
    [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg)  
    Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown)

* Solutions  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions  
  Secure AI by Design
  
  * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)  
    Network Security
  * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown)
  * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown)
  * [OT Security](https://www.paloaltonetworks.com/network-security/ot-security-solution?ts=markdown)
  * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown)
  * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown)
  * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown)
  * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown)
  * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown)
  * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)  
    Cloud Security
  * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown)
  * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown)
  * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown)
  * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown)
  * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown)
  * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown)
  * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown)
  * [Cloud Detection and Response (CDR)](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown)
  * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown)  
    Security Operations
  * [Cloud Detection and Response (CDR)](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown)
  * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown)
  * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown)
  * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown)
  * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown)
  * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown)
  * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown)
  * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown)
  * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown)
  * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown)  
    Endpoint Security
  * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown)
  * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown)
  * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown)
  * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown)  
    [Industries](https://www.paloaltonetworks.com/industry?ts=markdown)
  * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown)
  * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown)
  * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown)
  * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown)
  * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown)  
    [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg)  
    Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown)

* Services  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services  
  [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)
  
  * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)
  
  * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown)
  
  * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown)
  
  * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown)
  
  * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown)
  
  * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown)
  
  * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown)
  
  * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown)
  
  * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown)
  
  * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown)
  
  * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown)
  
  * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown)
  
  * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown)
  
  * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown)
  
  * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)
  
  * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown)
  
  * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown)
  
  * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown)
  
  * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown)
  
  * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown)
  
  * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)
  
  * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown)
  
  * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown)
  
  * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown)
  
  * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown)  
    [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown)
  
  * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown)
  
  * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown)
  
  * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown)
  
  * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown)
  
  * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown)  
    [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg)  
    UNIT 42 RETAINER
    Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial.
    Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)

* Partners  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners  
  NextWave Partners
  
  * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown)
  * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown)
  * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown)
  * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown)
  * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown)
  * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown)
  * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown)  
    Take Action
  * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown)
  * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown)
  * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner)
  * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess)
  * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator)  
    [CYBERFORCE
    CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise.
    Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown)

* Company  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company  
  Palo Alto Networks
  
  * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
  * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown)
  * [Investor Relations](https://investors.paloaltonetworks.com)
  * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
  * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown)
  * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
  * [Military \& Veterans](https://jobs.paloaltonetworks.com/military)  
    [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown)
  * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown)
  * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown)
  * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown)
  * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown)
  * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown)
  * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
  * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown)  
    Careers
  * [Overview](https://jobs.paloaltonetworks.com/)
  * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/)  
    [A Newsweek Most Loved Workplace
    "Businesses that do right by their employees"
    Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown)

* More  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More  
  Resources
  
  * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
  * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/)
  * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
  * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
  * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
  * [Tech Insider](https://techinsider.paloaltonetworks.com/)
  * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/)
  * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/)
  * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown)
  * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown)
  * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown)
  * [Tech Docs](https://docs.paloaltonetworks.com/)
  * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown)
  * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/)
  * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown)  
    Connect
  * [LIVE community](https://live.paloaltonetworks.com/)
  * [Events](https://events.paloaltonetworks.com/)
  * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown)
  * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown)
  * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)  
    [Blog
    Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity
    Learn more](https://www.paloaltonetworks.com/blog/)

* Sign In  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)

* [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown)  
  Search  
  All

* [Tech Docs](https://docs.paloaltonetworks.com/search)  
  Close search modal
  [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.paloaltonetworks.com/deploybravely?ts=markdown)  
  [](https://www.paloaltonetworks.com/?ts=markdown)

1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
2. [Identity Security](https://www.paloaltonetworks.com/cyberpedia/identity-security?ts=markdown)
3. [Machine Identity Security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity?ts=markdown)
4. [TLS Handshake](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake?ts=markdown)  
   Table of Contents

* [Machine Identity Security: The Definitive Guide](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity-security-mis?ts=markdown)
  * [Machine Identity Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity-security-mis#machine?ts=markdown)
  * [Four Pillars of Machine Identity Architecture](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity-security-mis#four?ts=markdown)
  * [Machine Identity in the Attacker Workflow: Unit 42 Observations](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity-security-mis#observations?ts=markdown)
  * [Cloud Security Implications and Identity Sprawl](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity-security-mis#cloud?ts=markdown)
  * [Implementing a Machine Identity Security Program](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity-security-mis#program?ts=markdown)
  * [Machine Identity Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity-security-mis#faqs?ts=markdown)
* [What Is Workload Identity? Securing Non-Human Identities](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity?ts=markdown)
  * [Workload Identity Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity#workload?ts=markdown)
  * [The Core Components of Workload Identity Architecture](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity#core?ts=markdown)
  * [Workload Identity in the Zero Trust Framework](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity#framework?ts=markdown)
  * [Disrupting the Attack Lifecycle with Workload Identity](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity#disrupting?ts=markdown)
  * [Workload Identity and the AI Agent Security Challenge](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity#challenge?ts=markdown)
  * [Workload Identity FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity#faqs?ts=markdown)
* [What Is a Non-Human Identity (NHI)? Machine Identity Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity?ts=markdown)
  * [Non-Human Identity Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#explained?ts=markdown)
  * [The Critical Distinction: Standing vs. Non-Standing Privileges](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#privileges?ts=markdown)
  * [Lateral Movement and Attacker Workflow](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#lateral?ts=markdown)
  * [Non-Human Identity and Zero Trust Alignment](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#alignment?ts=markdown)
  * [CIEM, IAM, and PAM Relationships in NHI Security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#security?ts=markdown)
  * [Strategic Management and Testing of NHIs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#strategic?ts=markdown)
  * [Non-Human Identity FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#faqs?ts=markdown)
* [What Is TLS Certificate Renewal? Process, Risks \& Automation](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-renewal?ts=markdown)
  * [TLS Certificate Renewal: The Shift from Maintenance to Mission-Critical](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-renewal#certificate?ts=markdown)
  * [Why the 47-Day Mandate Redefines Renewal Strategy](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-renewal#mandate?ts=markdown)
  * [The Technical Lifecycle of a TLS Renewal](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-renewal#technical?ts=markdown)
  * [Critical Risks: The High Cost of Renewal Failure](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-renewal#critical?ts=markdown)
  * [Best Practices for Enterprise-Scale Renewal](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-renewal#best?ts=markdown)
  * [Overcoming Common Renewal Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-renewal#common?ts=markdown)
  * [TLS Certificate Renewal FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-renewal#faqs?ts=markdown)
* [What Is PKI? Public Key Infrastructure \& Authentication Guide](https://www.paloaltonetworks.com/cyberpedia/what-is-pki?ts=markdown)
  * [Key Data: Threats and Trends](https://www.paloaltonetworks.com/cyberpedia/what-is-pki#key?ts=markdown)
  * [Why PKI Matters for Modern Organizations](https://www.paloaltonetworks.com/cyberpedia/what-is-pki#why?ts=markdown)
  * [How PKI Works: The Asymmetric Model](https://www.paloaltonetworks.com/cyberpedia/what-is-pki#how?ts=markdown)
  * [Key Components of a PKI Framework](https://www.paloaltonetworks.com/cyberpedia/what-is-pki#key?ts=markdown)
  * [Common Risks and Implementation Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-pki#common?ts=markdown)
  * [PKI Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-pki#best?ts=markdown)
  * [PKI in a Zero Trust Architecture](https://www.paloaltonetworks.com/cyberpedia/what-is-pki#architecture?ts=markdown)
  * [Public Key Infrastructure (PKI) FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-pki#faqs?ts=markdown)
* What Is the TLS Handshake? Process, Steps, and Best Practices
  * [The Strategic Importance of the TLS Handshake](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#importance?ts=markdown)
  * [How the TLS Handshake Works: Step-by-Step](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#how?ts=markdown)
  * [TLS 1.2 vs. TLS 1.3: Evolution of Speed and Security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#vs?ts=markdown)
  * [The Role of Cipher Suites and Digital Certificates](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#role?ts=markdown)
  * [Identifying and Resolving TLS Handshake Failures](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#failures?ts=markdown)
  * [Advanced Security: TLS Fingerprinting and Threat Detection](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#advanced?ts=markdown)
  * [TLS Handshake Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#best?ts=markdown)
  * [TLS Handshake FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#faqs?ts=markdown)
* [What Is the TLS Certificate Lifecycle? Implementation Guide](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-lifecycle?ts=markdown)
  * [TLS Certificate Lifecycle Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-lifecycle#tls?ts=markdown)
  * [The 6 Core Stages of the TLS Certificate Lifecycle](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-lifecycle#core?ts=markdown)
  * [Why TLS Certificate Lifecycle Matters](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-lifecycle#why?ts=markdown)
  * [Key Causes of Certificate Failure](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-lifecycle#key?ts=markdown)
  * [Validation Checks: CRL and OCSP](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-lifecycle#validation?ts=markdown)
  * [How Automation Improves TLS Certificate Lifecycle](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-lifecycle#how?ts=markdown)
  * [TLS Certificate Lifecycle and Zero Trust](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-lifecycle#tls?ts=markdown)
  * [TLS Certificate Lifecycle FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-lifecycle#faqs?ts=markdown)
* [What Is Certificate Management?](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-management?ts=markdown)
  * [Certificate Management Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-management#certificate?ts=markdown)
  * [Core Capabilities of Certificate Management](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-management#core?ts=markdown)
  * [Common Challenges: The "Red Flag" Checklist](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-management#challenges?ts=markdown)
  * [How Certificate Management Supports Zero Trust](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-management#how?ts=markdown)
  * [Implementation Roadmap: Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-management#implementation?ts=markdown)
  * [Certificate Management vs. TLS Certificate Lifecycle](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-management#certificate?ts=markdown)
  * [Certificate Management FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-management#faqs?ts=markdown)
* [What Is Cert-Manager? Kubernetes Certificate Management Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager?ts=markdown)
  * [cert-manager Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager#explained?ts=markdown)
  * [Core Components: Issuers and Certificates](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager#core?ts=markdown)
  * [1. Issuers and ClusterIssuers](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager#issuers?ts=markdown)
  * [2. Certificates](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager#certificates?ts=markdown)
  * [How cert-manager Automates Machine Identity](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager#how?ts=markdown)
  * [Common Compatible Cloud Platforms](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager#common?ts=markdown)
  * [Zero Trust and Kubernetes Security Alignment](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager#alignment?ts=markdown)
  * [Integrating cert-manager into DevSecOps Workflows](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager#workflows?ts=markdown)
  * [Benefits for DevSecOps Teams](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager#benefits?ts=markdown)
  * [cert-manager FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager#faqs?ts=markdown)
* [TLS/SSL Offloading: Definition \& Decision Checklist](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-ssl-offloading?ts=markdown)
  * [TLS/SSL Offloading Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-ssl-offloading#offloading?ts=markdown)
  * [SSL Termination vs. SSL Bridging](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-ssl-offloading#vs?ts=markdown)
  * [Key Differences in Workflow](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-ssl-offloading#key?ts=markdown)
  * [Unit 42 Perspective: Risks of Uninspected Traffic](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-ssl-offloading#unit42?ts=markdown)
  * [Benefits for Security and Infrastructure Teams](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-ssl-offloading#benefits?ts=markdown)
  * [CISO Decision Checklist: SSL Termination vs. SSL Bridging for Compliance](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-ssl-offloading#ciso?ts=markdown)
  * [Detailed CISO Decision Checklist](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-ssl-offloading#checklist?ts=markdown)
  * [Summary Recommendation for CISOs](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-ssl-offloading#summary?ts=markdown)
  * [TLS/SSL Offloading FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-ssl-offloading#faqs?ts=markdown)
* [What Is an X.509 Certificate? Definition, Standards, and Role](https://www.paloaltonetworks.com/cyberpedia/what-is-an-x509-certificate?ts=markdown)
  * [X.509 Certificates Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-an-x509-certificate#page-anchor?ts=markdown)
  * [The Anatomy Of An X.509 Certificate](https://www.paloaltonetworks.com/cyberpedia/what-is-an-x509-certificate#anatomy?ts=markdown)
  * [Important X.509 v3 Extensions](https://www.paloaltonetworks.com/cyberpedia/what-is-an-x509-certificate#page-anchor?ts=markdown)
  * [The X.509 Trust Hierarchy And Chain](https://www.paloaltonetworks.com/cyberpedia/what-is-an-x509-certificate#hierarchy?ts=markdown)
  * [Machine Identity And Management Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-an-x509-certificate#identity?ts=markdown)
  * [Risks Of Poor Certificate Management](https://www.paloaltonetworks.com/cyberpedia/what-is-an-x509-certificate#risks?ts=markdown)
  * [Zero Trust And X.509 Alignment](https://www.paloaltonetworks.com/cyberpedia/what-is-an-x509-certificate#alignment?ts=markdown)
  * [How Does X.509 Support Zero Trust?](https://www.paloaltonetworks.com/cyberpedia/what-is-an-x509-certificate#support?ts=markdown)
  * [X.509 Certificate FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-an-x509-certificate#page-anchor?ts=markdown)
* [What Is Certificate Validation? Guide to Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-validation?ts=markdown)
  * [Certificate Validation Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-validation#validation?ts=markdown)
  * [The Role of Certificate Authorities and the Chain of Trust](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-validation#role?ts=markdown)
  * [The Hierarchy of Trust](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-validation#trust?ts=markdown)
  * [The Sequence of the Validation Process](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-validation#process?ts=markdown)
  * [Types of Certificate Validation Levels](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-validation#levels?ts=markdown)
  * [Unit 42 Insights: The Risk of Identity Exposure](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-validation#insight?ts=markdown)
  * [Threat Behavior Observations](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-validation#behavior?ts=markdown)
  * [Troubleshooting Common Validation Failures](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-validation#troubleshoot?ts=markdown)
  * [Certificate Validation FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-validation#certificate?ts=markdown)
* [What Is Certificate Pinning? Benefits, Risks \& Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning?ts=markdown)
  * [Certificate Pinning Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#certificate?ts=markdown)
  * [How Certificate Pinning Works](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#how?ts=markdown)
  * [Listiche: Key Stages of a Pinning Failure](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#key?ts=markdown)
  * [Types of Certificate Pinning](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#types?ts=markdown)
  * [Listiche: Static vs. Dynamic Pinning](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#static?ts=markdown)
  * [Why Pinning Is Essential for Zero Trust](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#why?ts=markdown)
  * [Certificate Pinning vs. Standard SSL/TLS](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#certificate?ts=markdown)
  * [Benefits of Certificate Pinning](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#benefits?ts=markdown)
  * [Risks and Limitations of Certificate Pinning](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#risks?ts=markdown)
  * [When to Use Certificate Pinning](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#when?ts=markdown)
  * [When to Avoid Certificate Pinning](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#when?ts=markdown)
  * [Certificate Pinning Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#certificate?ts=markdown)
  * [Certificate Pinning and Machine Identity Security](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#identity?ts=markdown)
  * [FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#faqs?ts=markdown)
* [What is Cloud Workload Security? Protection \& Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-workload-security?ts=markdown)
  * [Cloud Workload Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-workload-security#cloud?ts=markdown)
  * [Why Cloud Workload Security Matters](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-workload-security#why?ts=markdown)
  * [Key Components of a Cloud Workload Security Strategy](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-workload-security#key?ts=markdown)
  * [Use Cases \& Real-World Examples](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-workload-security#use-cases?ts=markdown)
  * [Cloud Workload Security Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-workload-security#practices?ts=markdown)
  * [Benefits of Strong Cloud Workload Security](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-workload-security#practices?ts=markdown)
  * [Cloud Workload Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-workload-security#faqs?ts=markdown)
* [What Is ACME Protocol?](https://www.paloaltonetworks.com/cyberpedia/what-is-acme-protocol?ts=markdown)
  * [ACME Protocol Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-acme-protocol#dora?ts=markdown)
  * [How The ACME Protocol Works](https://www.paloaltonetworks.com/cyberpedia/what-is-acme-protocol#how?ts=markdown)
  * [ACME Across The Machine Identity Lifecycle](https://www.paloaltonetworks.com/cyberpedia/what-is-acme-protocol#across?ts=markdown)
  * [ACME Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-acme-protocol#challenges?ts=markdown)
  * [Why ACME Matters For Machine Identity Security](https://www.paloaltonetworks.com/cyberpedia/what-is-acme-protocol#why?ts=markdown)
  * [Implementation Patterns](https://www.paloaltonetworks.com/cyberpedia/what-is-acme-protocol#implementation?ts=markdown)
  * [Real World Evidence](https://www.paloaltonetworks.com/cyberpedia/what-is-acme-protocol#world?ts=markdown)
  * [Where ACME Secrets Leak In Real Life](https://www.paloaltonetworks.com/cyberpedia/what-is-acme-protocol#where?ts=markdown)
  * [ACME Protocol FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-acme-protocol#faq?ts=markdown)
* [What is SPIFFE? Universal Workload Identity Framework Guide](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe?ts=markdown)
  * [SPIFFE Explained: Solving the Workload Identity Problem](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#explained?ts=markdown)
  * [Core Components of the SPIFFE Standard](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#core?ts=markdown)
  * [The SPIFFE Workload API](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#workload?ts=markdown)
  * [Why Traditional Secret Management Fails in Cloud-Native Environments](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#why?ts=markdown)
  * [The Problem of "Secret Zero"](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#problem?ts=markdown)
  * [Vulnerabilities of Static Credentials and Long-Lived Tokens](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#tokens?ts=markdown)
  * [IP-Based Security vs. Identity-Based Security](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#vs?ts=markdown)
  * [How SPIFFE Implementation Works: The Attestation Process](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#how?ts=markdown)
  * [The Role of SPIRE as the Reference Implementation](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#role?ts=markdown)
  * [Critical Use Cases for Enterprise Security](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#critical?ts=markdown)
  * [SPIFFE FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#faqs?ts=markdown)
* [What Is an SSL Stripping Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack?ts=markdown)
  * [Why SSL Stripping Belongs in Identity Security](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack#why?ts=markdown)
  * [SSL Stripping Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack#sslstripping?ts=markdown)
  * [How SSL Stripping Works](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack#how?ts=markdown)
  * [Where SSL Stripping Happens](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack#where?ts=markdown)
  * [Signs of SSL Stripping](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack#where?ts=markdown)
  * [Identity-Focused Impact](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack#identity?ts=markdown)
  * [Machine Identity Security Impact](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack#machine?ts=markdown)
  * [How to Prevent SSL Stripping](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack#howto?ts=markdown)
  * [SSL Stripping Prevention Checklist](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack#checklist?ts=markdown)
  * [SSL Stripping FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack#faqs?ts=markdown)
* [What Is a Machine Identity?](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity?ts=markdown)
  * [How Do Machine Identities Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#how?ts=markdown)
  * [Machine Identity Management (MIM) vs. Human IAM](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#vs?ts=markdown)
  * [Architecture Components and Identity Types](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#types?ts=markdown)
  * [Secrets Management vs. Machine Identity Management](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#secrets?ts=markdown)
  * [Lateral Movement and Attacker Workflow](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#workflow?ts=markdown)
  * [Cloud Security Implications and CIEM](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#ciem?ts=markdown)
  * [Implementation Steps for Machine Identity Security](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#implementation?ts=markdown)
* [Machine Identity FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#faqs?ts=markdown)

# What Is the TLS Handshake?

3 min. read  
[Explore Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown)  
Table of Contents

* * [The Strategic Importance of the TLS Handshake](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#importance?ts=markdown)
  * [How the TLS Handshake Works: Step-by-Step](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#how?ts=markdown)
  * [TLS 1.2 vs. TLS 1.3: Evolution of Speed and Security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#vs?ts=markdown)
  * [The Role of Cipher Suites and Digital Certificates](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#role?ts=markdown)
  * [Identifying and Resolving TLS Handshake Failures](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#failures?ts=markdown)
  * [Advanced Security: TLS Fingerprinting and Threat Detection](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#advanced?ts=markdown)
  * [TLS Handshake Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#best?ts=markdown)
* [TLS Handshake FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#faqs?ts=markdown)

1. The Strategic Importance of the TLS Handshake

* * [The Strategic Importance of the TLS Handshake](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#importance?ts=markdown)
  * [How the TLS Handshake Works: Step-by-Step](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#how?ts=markdown)
  * [TLS 1.2 vs. TLS 1.3: Evolution of Speed and Security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#vs?ts=markdown)
  * [The Role of Cipher Suites and Digital Certificates](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#role?ts=markdown)
  * [Identifying and Resolving TLS Handshake Failures](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#failures?ts=markdown)
  * [Advanced Security: TLS Fingerprinting and Threat Detection](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#advanced?ts=markdown)
  * [TLS Handshake Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#best?ts=markdown)
* [TLS Handshake FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#faqs?ts=markdown)

The TLS handshake is a strategic communication process that initiates a secure session between a client and a server. It uses asymmetric encryption to verify identities and exchange key material. This process establishes the symmetric encryption parameters required to protect data integrity and privacy across the network.  
Key Points

* 

**Secure Foundation**: Establishes a protected channel for data transmission over the internet.
\*

**Identity Verification**: Uses digital certificates to authenticate the server to the client.
\*

**Cipher Negotiation**: Determines the strongest mutually supported encryption algorithms for the session.
\*

**Key Exchange**: Generates unique session keys for symmetric encryption of the actual data.
\*

**Failure Prevention**: Improperly configured handshakes lead to application outages and security gaps.

The TLS handshake acts as the critical diplomatic mission for every secure connection on the internet. While users often interact with it through the green padlock icon in a browser, the process is a sophisticated technical exchange that balances security with performance. It begins immediately after the initial TCP connection is established, acting as a gateway that must be cleared before any [sensitive application data](/content/pan/en_us/cyberpedia/sensitive-data) can be transmitted.

This process serves three primary functions: parameter negotiation, authentication, and key establishment. The two parties must first agree on a common language, known as a cipher suite, which dictates the encryption and hashing algorithms for the duration of the session.

[Authentication](/content/pan/en_us/cyberpedia/what-is-authentication-and-authorization) follows, typically involving the server presenting a digital certificate to prove its identity to the client. This prevents attackers from redirecting traffic to a malicious site. Finally, the handshake facilitates the exchange of session keys. By using asymmetric cryptography to establish a symmetric key, the system gains the security of public-key infrastructure and the high-speed performance of symmetric encryption for the actual data transfer.

In a modern enterprise environment, the TLS handshake is more than just a connectivity step. It provides security teams with essential metadata used for traffic classification and [threat detection](/content/pan/en_us/cyberpedia/cloud-security-threats-detection-and-challenges). By analyzing handshake patterns, security practitioners can identify unauthorized applications or malicious tools that attempt to hide within encrypted streams.

## The Strategic Importance of the TLS Handshake

The TLS handshake is the primary mechanism for implementing [zero trust](/content/pan/en_us/cyberpedia/what-is-zero-trust) principles at the transport layer. It ensures that no connection is trusted by default, requiring cryptographic proof of identity before any data exchange occurs.

### Establishing Trust in a Perimeterless Environment

As organizations move away from traditional network perimeters, the handshake provides a portable security boundary. It allows a remote user to establish a secure connection to a cloud resource with the same level of confidence as a local connection. This trust is anchored in the validation of digital certificates against a list of trusted root authorities.

### Mitigating Man-in-the-Middle (MitM) and Replay Attacks

Handshakes utilize unique "nonces" or random numbers generated by both the client and the server to prevent replay attacks. Even if an attacker captures the handshake exchange, they cannot reuse the data to establish a new session. The authentication phase targets MitM attacks by verifying that the server possesses the private key for the certificate it presents and that the certificate was issued for the hostname the client is connecting to.

## How the TLS Handshake Works: Step-by-Step

The complexity of the handshake depends on the version of the protocol in use, but the fundamental logic remains consistent across iterations. It transitions from a public, unencrypted state to a private, encrypted state through a series of logical phases.  
![An infographic titled “How the TLS Handshake Works: Step-by-Step” explains the TLS handshake in three color-coded phases. The top section introduces the handshake as the process that moves a connection from an unencrypted state to a private, encrypted state. Phase 1, “The Hello Exchange,” shows a ClientHello and ServerHello side by side. The client sends supported TLS versions, cipher suites, and random bytes, and the server responds by choosing a TLS version and cipher suite so both sides agree on connection settings. Phase 2, “Server Authentication \& Key Exchange,” shows the server certificate and key exchange process. It references a pre-master secret for TLS 1.2 and a Diffie-Hellman key exchange for TLS 1.3, emphasizing that both sides establish a shared secret. Phase 3, “Finalizing the Secure Channel,” shows ChangeCipherSpec and encrypted Finished messages, ending with a secure session established.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-tls-handshake/how-the-tls-handshake-works-step-by-step.webp "An infographic titled “How the TLS Handshake Works: Step-by-Step” explains the TLS handshake in three color-coded phases. The top section introduces the handshake as the process that moves a connection from an unencrypted state to a private, encrypted state. Phase 1, “The Hello Exchange,” shows a ClientHello and ServerHello side by side. The client sends supported TLS versions, cipher suites, and random bytes, and the server responds by choosing a TLS version and cipher suite so both sides agree on connection settings. Phase 2, “Server Authentication & Key Exchange,” shows the server certificate and key exchange process. It references a pre-master secret for TLS 1.2 and a Diffie-Hellman key exchange for TLS 1.3, emphasizing that both sides establish a shared secret. Phase 3, “Finalizing the Secure Channel,” shows ChangeCipherSpec and encrypted Finished messages, ending with a secure session established.") ***Figure 1**: How the TLS Handshake Works*

### Phase 1: The Hello Exchange

The process starts with the ClientHello message, where the client sends its supported TLS versions, a list of compatible cipher suites, and a string of random bytes. The server responds with a ServerHello, choosing the highest common protocol version and the strongest mutually supported cipher suite. This phase sets the ground rules for the entire session.

### Phase 2: Server Authentication and Key Exchange

Following the hello exchange, the server sends its digital certificate. If the client determines the certificate is valid, it proceeds to the key exchange. In older versions like TLS 1.2, the client might send a "Pre-Master Secret" encrypted with the server's public key. In TLS 1.3, this is replaced by a more secure Diffie-Hellman exchange where both parties contribute to the key generation without ever sending the key itself.

### Phase 3: Finalizing the Secure Channel

Both sides calculate the "master secret" and the resulting session keys. The client sends a ChangeCipherSpec message to indicate that subsequent data will be encrypted. Finally, both parties exchange finished messages, which are encrypted hashes of the entire handshake. If the hashes match, it proves that the handshake was not tampered with by a third party.

## TLS 1.2 vs. TLS 1.3: Evolution of Speed and Security

The transition from TLS 1.2 to TLS 1.3 represents the most significant leap in protocol security in a decade. While TLS 1.2 is still widely used, it suffers from legacy overhead and support for outdated, vulnerable cryptographic algorithms.

### Removing Legacy Vulnerabilities and Weak Ciphers

TLS 1.3 removed support for insecure features like RSA key transport and the SHA-1 hashing algorithm. By mandating perfect forward secrecy (PFS), TLS 1.3 ensures that even if a server's long-term private key is compromised in the future, past recorded sessions cannot be decrypted. This shift significantly reduces the [attack surface](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management?ts=markdown) available to sophisticated threat actors.

### Zero Round-Trip Time (0-RTT) Resumption for Performance

One of the most notable features of TLS 1.3 is 0-RTT mode. For clients that have connected to a server previously, the handshake can be bypassed for the first data packet. This eliminates the latency penalty traditionally associated with encrypted connections. 0-RTT data carries a known replay risk, so deployments typically restrict it to idempotent requests or disable it entirely in security-sensitive contexts.

|           Feature           |                 TLS 1.2                 |                TLS 1.3                |
|  **Handshake Round Trips**  |              2 Round Trips              |             1 Round Trip              |
| **Perfect Forward Secrecy** |                Optional                 |               Mandatory               |
|    **Supported Ciphers**    |      Includes weak/legacy ciphers       |      Only strong, modern ciphers      |
|    **0-RTT Resumption**     |              Not supported              |               Supported               |
|   **Encrypted Handshake**   | Handshake messages are mostly cleartext | Most handshake messages are encrypted |
|-----------------------------|-----------------------------------------|---------------------------------------|

## The Role of Cipher Suites and Digital Certificates

Cipher suites and certificates are the tools that make the handshake possible. A cipher suite is essentially a set of instructions that tells the devices which algorithms to use for key exchange, encryption, and message authentication.

### Understanding Asymmetric Cryptography and Public Keys

The handshake relies on asymmetric cryptography to solve the problem of sharing a secret key over an insecure medium. In legacy RSA key exchange, the client encrypted a secret with the server's public key. Modern TLS uses Diffie-Hellman key exchange, where both parties contribute to the shared secret without either side transmitting the key directly. Either approach allows the two parties to arrive at a shared session key.

### Certificate Authority (CA) Validation and Trust Chains

Security professionals must ensure that certificates are issued by reputable CAs. During the handshake, the client checks the certificate's digital signature against its built-in list of trusted roots. If the signature is valid and the certificate has not expired or been revoked (checked via CRL or OCSP), the connection proceeds.

## Identifying and Resolving TLS Handshake Failures

Handshake failures are common pain points for security administrators and network engineers. These errors generally indicate a fundamental mismatch in configuration or a potential security intervention.

### Common Causes: Protocol Mismatches and Expired Certificates

A "TLS Handshake Failed" error often occurs when a client and server cannot agree on a protocol version. For example, if a modern browser requires TLS 1.2 or higher but a legacy server only supports TLS 1.0, the handshake will terminate. Expired or mismatched certificates are another frequent culprit, triggering browser warnings or blocking automated API calls.

### Troubleshooting Cipher Suite Incompatibilities

In highly secure environments, administrators may disable certain cipher suites to comply with regulatory standards like [PCI DSS](/content/pan/en_us/cyberpedia/pci-dss). If the client does not support the specific high-strength ciphers required by the server, the handshake will fail during the hello exchange. Utilizing tools like OpenSSL or packet captures can help identify exactly which stage of the negotiation is failing.

## Advanced Security: TLS Fingerprinting and Threat Detection

Thought leaders in cybersecurity now use the TLS handshake as a rich source of [threat intelligence](/content/pan/en_us/cyberpedia/what-is-cyberthreat-intelligence-cti). Because different applications and operating systems use different handshake parameters, they leave a unique "fingerprint."

### Using JA3/JA4 Fingerprints to Identify Malicious Traffic

Palo Alto Networks and Unit 42 researchers utilize JA3/S fingerprints to identify malware and command-and-control (C2) traffic. Malware often uses non-standard libraries to perform TLS handshakes, which creates a distinct signature. By monitoring these signatures, security teams can detect threats even when the payload remains encrypted and unreadable.

### Visibility Gaps: Managing Encrypted Threats with Decryption

As more traffic moves to TLS 1.3, traditional passive monitoring becomes less effective. Organizations may implement SSL/TLS decryption to inspect traffic for threats, though this approach has tradeoffs: it can break certificate pinning, raise privacy considerations, and create a high-value target in the inspection device. Alternatives like endpoint detection, identity-based controls, and handshake metadata analysis can provide visibility without full decryption.

## TLS Handshake Best Practices

|       Action Item       |              Technical Implementation              |              Business Value               |
| **Upgrade to TLS 1.3**  |  Disable legacy 1.0/1.1 protocols on all servers.  | Faster connections and stronger security. |
| **Manage Certificates** | Implement automated tracking for expiration dates. |   Prevents costly application outages.    |
| **Standardize Ciphers** |         Use AES-GCM or ChaCha20-Poly1305.          |     Ensures top-tier data protection.     |
|     **Verify SNI**      |    Correctly configure Server Name Indication.     | Supports multiple secure sites on one IP. |
|-------------------------|----------------------------------------------------|-------------------------------------------|

## TLS Handshake FAQs

### How long does a TLS handshake take?

A standard TLS 1.2 handshake takes approximately two round trips between the client and server, while TLS 1.3 reduces this to one. In terms of clock time, this usually happens in under 100 milliseconds, though network latency and server load can increase this duration.

### Can a TLS handshake be bypassed?

The handshake cannot be skipped for a new secure session. TLS 1.3's 0-RTT resumption allows a returning client to send data in the first flight, reusing key material from a previous session. The handshake still happens, but the user-visible latency is eliminated.

### What is the difference between a one-way and a two-way handshake?

In a one-way handshake, only the server provides a certificate to prove its identity. In a two-way handshake, also known as Mutual TLS (mTLS), both the client and the server must present certificates. mTLS is commonly used in B2B integrations and microservices architectures.

### Does a TLS handshake encrypt the data?

No, the handshake itself does not encrypt the actual application data (like your credit card number). Instead, it negotiates the keys and algorithms that will be used to encrypt that data immediately after the handshake is finished.

### Why does my browser say "TLS handshake failed"?

This error typically occurs due to a protocol version mismatch, an incorrect system clock on your device, or an intercepted connection. It can also happen if a firewall or security software blocks the specific cryptographic parameters being requested.  
![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20the%20TLS%20Handshake%3F%20Process%2C%20Steps%2C%20and%20Best%20Practices&body=Learn%20how%20the%20TLS%20handshake%20establishes%20secure%20connections.%20Discover%20the%20steps%20of%20the%20protocol%20and%20how%20to%20troubleshoot%20common%20handshake%20errors.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake)  
Back to Top  
[Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-pki?ts=markdown) What Is PKI? Public Key Infrastructure \& Authentication Guide  
[Next](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-lifecycle?ts=markdown) What Is the TLS Certificate Lifecycle? Implementation Guide  
{#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/ai-security?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language