[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-security-solution?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.paloaltonetworks.com/deploybravely?ts=markdown) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Identity Security](https://www.paloaltonetworks.com/cyberpedia/identity-security?ts=markdown) 3. [Access Management](https://www.paloaltonetworks.com/cyberpedia/access-management?ts=markdown) 4. [What Is Active Directory (AD)?](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad?ts=markdown) Table of Contents * [What Is Access Management?](https://www.paloaltonetworks.com/cyberpedia/access-management?ts=markdown) * [Understanding Access Management](https://www.paloaltonetworks.com/cyberpedia/access-management#understanding?ts=markdown) * [What Are the Key Components of Access Management?](https://www.paloaltonetworks.com/cyberpedia/access-management#what?ts=markdown) * [Types of Access Management Solutions](https://www.paloaltonetworks.com/cyberpedia/access-management#types?ts=markdown) * [Implementing Access Management](https://www.paloaltonetworks.com/cyberpedia/access-management#implementing?ts=markdown) * [Access Management FAQs](https://www.paloaltonetworks.com/cyberpedia/access-management#faqs?ts=markdown) * [What Is Access Control?](https://www.paloaltonetworks.com/cyberpedia/access-control?ts=markdown) * [Access Control Explained](https://www.paloaltonetworks.com/cyberpedia/access-control#explained?ts=markdown) * [What Are Different Types of Access Control?](https://www.paloaltonetworks.com/cyberpedia/access-control#different?ts=markdown) * [Benefits of Effective Access Control Systems](https://www.paloaltonetworks.com/cyberpedia/access-control#benefits?ts=markdown) * [Access Control Use Cases](https://www.paloaltonetworks.com/cyberpedia/access-control#use-cases?ts=markdown) * [DSPM and Access Control](https://www.paloaltonetworks.com/cyberpedia/access-control#dspm?ts=markdown) * [Access Control FAQs](https://www.paloaltonetworks.com/cyberpedia/access-control#faqs?ts=markdown) * What Is Active Directory (AD)? * [How Active Directory Works](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad#how?ts=markdown) * [Why Active Directory Is a High-Value Target](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad#why?ts=markdown) * [Use Cases and Real-World Examples](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad#examples?ts=markdown) * [Active Directory Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad#best?ts=markdown) * [Active Directory FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad#faqs?ts=markdown) * [What Is Passwordless Authentication?](https://www.paloaltonetworks.com/cyberpedia/what-is-passwordless-authentication?ts=markdown) * [Passwordless Authentication Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-passwordless-authentication#explained?ts=markdown) * [The Problem With Passwords](https://www.paloaltonetworks.com/cyberpedia/what-is-passwordless-authentication#problem?ts=markdown) * [How Passwordless Authentication Works](https://www.paloaltonetworks.com/cyberpedia/what-is-passwordless-authentication#how?ts=markdown) * [How Passwordless Fits With SSO and MFA](https://www.paloaltonetworks.com/cyberpedia/what-is-passwordless-authentication#fits?ts=markdown) * [Passwordless Authentication Benefits](https://www.paloaltonetworks.com/cyberpedia/what-is-passwordless-authentication#benefits?ts=markdown) * [FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-passwordless-authentication#faqs?ts=markdown) * [What Is CIAM (Customer Identity and Access Management)?](https://www.paloaltonetworks.com/cyberpedia/what-is-ciam?ts=markdown) * [CIAM Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-ciam#ciam?ts=markdown) * [CIAM Architecture and Security Components](https://www.paloaltonetworks.com/cyberpedia/what-is-ciam#architecture?ts=markdown) * [CIAM Versus Traditional IAM for Workforce Users](https://www.paloaltonetworks.com/cyberpedia/what-is-ciam#users?ts=markdown) * [CIAM and the Zero Trust Security Model](https://www.paloaltonetworks.com/cyberpedia/what-is-ciam#model?ts=markdown) * [CIAM Implementation: Attacker Behavior and Mitigation](https://www.paloaltonetworks.com/cyberpedia/what-is-ciam#mitigation?ts=markdown) * [Customer Identity and Access Management (CIAM) FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-ciam#faqs?ts=markdown) * [Authentication and Authorization Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-authentication-and-authorization?ts=markdown) * [Authentication and Authorization Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-authentication-and-authorization#explained?ts=markdown) * [Differentiating Authentication from Authorization](https://www.paloaltonetworks.com/cyberpedia/what-is-authentication-and-authorization#authentication?ts=markdown) * [Authorization Models: RBAC, ABAC, and Policy Enforcement](https://www.paloaltonetworks.com/cyberpedia/what-is-authentication-and-authorization#models?ts=markdown) * [Lateral Movement and Attacker Workflow](https://www.paloaltonetworks.com/cyberpedia/what-is-authentication-and-authorization#workflow?ts=markdown) * [Cloud Security Implications for Authorization](https://www.paloaltonetworks.com/cyberpedia/what-is-authentication-and-authorization#cloud?ts=markdown) * [Zero Trust Alignment with Access Control](https://www.paloaltonetworks.com/cyberpedia/what-is-authentication-and-authorization#control?ts=markdown) * [Authentication and Authorization FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-authentication-and-authorization#faqs?ts=markdown) * [What Is Single Sign-On (SSO)?](https://www.paloaltonetworks.com/cyberpedia/what-is-single-sign-on?ts=markdown) * [Why Single Sign-On Matters](https://www.paloaltonetworks.com/cyberpedia/what-is-single-sign-on#why?ts=markdown) * [How Single Sign-On Works](https://www.paloaltonetworks.com/cyberpedia/what-is-single-sign-on#how?ts=markdown) * [SSO Features and Functions](https://www.paloaltonetworks.com/cyberpedia/what-is-single-sign-on#sso?ts=markdown) * [Business Benefits of Single Sign-On](https://www.paloaltonetworks.com/cyberpedia/what-is-single-sign-on#business?ts=markdown) * [Security Cautions and Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-single-sign-on#security?ts=markdown) * [SSO FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-single-sign-on#faqs?ts=markdown) * [What is BeyondCorp?](https://www.paloaltonetworks.com/cyberpedia/what-is-beyondcorp?ts=markdown) * [Why Organizations Use BeyondCorp](https://www.paloaltonetworks.com/cyberpedia/what-is-beyondcorp#why?ts=markdown) * [How BeyondCorp Works](https://www.paloaltonetworks.com/cyberpedia/what-is-beyondcorp#how?ts=markdown) * [How BeyondCorp Relates to Zero Trust](https://www.paloaltonetworks.com/cyberpedia/what-is-beyondcorp#relate?ts=markdown) * [What is the Evolution of Multifactor Authentication](https://www.paloaltonetworks.com/cyberpedia/what-is-the-evolution-of-multi-factor-authentication?ts=markdown) * [Drivers for the Evolution of MFA](https://www.paloaltonetworks.com/cyberpedia/what-is-the-evolution-of-multi-factor-authentication#drivers?ts=markdown) * [Brief History of Multi-Factor Authentication](https://www.paloaltonetworks.com/cyberpedia/what-is-the-evolution-of-multi-factor-authentication#brief?ts=markdown) * [The Future of Authentication](https://www.paloaltonetworks.com/cyberpedia/what-is-the-evolution-of-multi-factor-authentication#future?ts=markdown) * [Evolution of MFA FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-evolution-of-multi-factor-authentication#faqs?ts=markdown) * [What Is the Principle of Least Privilege?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege?ts=markdown) * [How does the principle of least privilege (PoLP) work?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege#how?ts=markdown) * [Why Is the Principle of Least Privilege Important?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege#why?ts=markdown) * [What Are the Benefits of the Principle of Least Privilege?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege#what?ts=markdown) * [How to Implement PoLP in your organization](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege#organization?ts=markdown) * [Get PoLP with ZTNA 2.0 on Prisma Access](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege#get?ts=markdown) * [Principle of Least Privilege Access FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege#faqs?ts=markdown) * [What Is Cloud Infrastructure Entitlement Management (CIEM)?](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem?ts=markdown) * [Why Is CIEM Important to Your Cloud Security Strategy?](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem#why?ts=markdown) * [What Are the Components of CIEM?](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem#what?ts=markdown) * [How Is CIEM Used?](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem#how?ts=markdown) * [How Does CIEM Improves Cloud Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem#security?ts=markdown) * [Key Security Benefits of CIEM](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem#key?ts=markdown) * [Discover CIEM | Prisma Cloud](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem#discover?ts=markdown) * [CIEM FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem#faqs?ts=markdown) * [What is Multifactor Authentication (MFA) Implementation?](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation?ts=markdown) * [Why MFA Implementation is Important](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation#why?ts=markdown) * [Planning Your MFA Implementation Strategy](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation#planning?ts=markdown) * [Step-by-Step Guide to Implementing MFA](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation#step?ts=markdown) * [Overcoming Challenges in MFA Implementation](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation#overcoming?ts=markdown) * [Best Practices for Maintaining Effective MFA](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation#best?ts=markdown) * [Evaluating the Success of MFA Deployment](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation#evaluating?ts=markdown) * [MFA Implementation FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation#faqs?ts=markdown) * [What Is Identity and Access Management (IAM)?](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management?ts=markdown) * [What Is Identity and Access Management?](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#what?ts=markdown) * [Why Is IAM Important?](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#why?ts=markdown) * [IAM vs. PAM](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#iam-vs-pam?ts=markdown) * [Cloud IAM vs. On-Prem IAM](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#vs?ts=markdown) * [IAM Security](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#iam-security?ts=markdown) * [Identity and Access Management FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#faq?ts=markdown) # What Is Active Directory (AD)? 4 min. read [Explore Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) Table of Contents * * [How Active Directory Works](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad#how?ts=markdown) * [Why Active Directory Is a High-Value Target](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad#why?ts=markdown) * [Use Cases and Real-World Examples](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad#examples?ts=markdown) * [Active Directory Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad#best?ts=markdown) * [Active Directory FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad#faqs?ts=markdown) 1. How Active Directory Works * * [How Active Directory Works](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad#how?ts=markdown) * [Why Active Directory Is a High-Value Target](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad#why?ts=markdown) * [Use Cases and Real-World Examples](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad#examples?ts=markdown) * [Active Directory Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad#best?ts=markdown) * [Active Directory FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad#faqs?ts=markdown) Active Directory (AD) is Microsoft's centralized database and [identity security](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-security?ts=markdown) management service used to manage users, computers, and permissions within a Windows domain network. It serves as the authoritative source of truth for [authentication and authorization](https://www.paloaltonetworks.com/cyberpedia/what-is-authentication-and-authorization?ts=markdown). AD ensures that the right individuals have secure access to the specific corporate resources they need to perform their roles. Key Points * **Centralized Administration**: Manage, create, and configure all user identities and network resources from a single, unified console. \* **Hierarchical Structure**: Organize objects into logical groups, including domains, trees, and forests for scalability. \* **Identity Security**: Authenticate users via Kerberos and LDAP to prevent unauthorized access to sensitive data. \* **Policy Enforcement**: Apply Group Policy Objects (GPOs) to maintain consistent security configurations across all endpoints. \* **Extensible Schema**: Customize the directory database to store specific organizational attributes and application data. ![A technical diagram showing the three-tier Active Directory security model. Tier 0 (Control Plane) is at the top, Tier 1 (Data Plane) is in the middle, and Tier 2 (User Plane) is at the bottom. Arrows demonstrate restricted credential flow to prevent lateral movement.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-active-directory-ad/active-directory-tiered-security-model.webp "A technical diagram showing the three-tier Active Directory security model. Tier 0 (Control Plane) is at the top, Tier 1 (Data Plane) is in the middle, and Tier 2 (User Plane) is at the bottom. Arrows demonstrate restricted credential flow to prevent lateral movement.") ***Figure 1**: Active Directory tiered security model, isolating administrative credentials (Tier 0) from standard endpoints to reduce credential exposure.* ## How Active Directory Works Active Directory functions as the enterprise's identity control plane. It maintains the directory database of objects, such as users, groups, devices, and service accounts, and enables consistent [access control](https://www.paloaltonetworks.com/cyberpedia/access-control?ts=markdown) across the environment. ### Core Components * **Domain Controllers (DCs)**: Servers that host the AD database and process authentication requests. DCs are among the most sensitive assets in a Windows environment because compromise can enable broad control over identities, permissions, and trust relationships. * **Domains**: Logical partitions where objects share a common directory database and security policies. * **Trees**: Collections of domains that share a contiguous namespace and hierarchical relationship. * **Forests**: The highest-level AD boundary. Forests can contain multiple trees and domains that share a schema and trust relationships. * **Organizational Units (OUs)** : [Containers](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container?ts=markdown) used to group objects and apply policies or delegate administration in a controlled manner. ### How Active Directory Is Attacked Attackers rarely compromise Active Directory immediately. Instead, they typically follow a predictable sequence of steps to gain access, escalate privileges, and eventually take complete control of vital infrastructure. #### 1) Enumeration After gaining an initial foothold (often on a workstation), adversaries inventory the environment to identify high-value targets and misconfigurations. Common objectives include discovering: * Privileged groups (for example, Domain Admins) and those who belong to them * Domain trusts, OUs, GPOs, and administrative pathways * Service accounts and systems that run with elevated privileges This phase is about building a map of "who can access what" and locating the easiest route to privilege. #### 2) Privilege Escalation Next, attackers attempt to upgrade their access from a standard user to privileged roles. Common paths include: * **Abusing weak or overbroad permissions** (excessive rights, delegated admin gone wrong) * **Exploiting credential exposure on endpoints or servers** (cached credentials, local admin reuse) * **Targeting misconfigured service accounts or privileged access workflows** The goal is to obtain credentials or tokens that allow broader control across the domain. #### 3) Persistence Once privilege is gained, attackers establish durable access that survives password resets, endpoint reimaging, or partial remediation. Persistence in AD often involves: * Adding accounts to privileged groups * Modifying GPOs or logon scripts * Creating new service accounts or altering delegation settings * Establishing alternate authentication paths that are less visible to defenders At this stage, the attacker is optimizing for time and resilience, not speed. #### 4) Domain Controller Compromise The endgame is typically access to Tier 0 assets, especially domain controllers, because they enable domain-wide authority. With DC-level control, attackers can: * Manipulate authentication and authorization decisions * Create or modify accounts and group memberships at scale * Disable security controls, disrupt operations, and accelerate ransomware deployment * Access sensitive systems broadly through trusted identity paths This is why Tier 0 isolation, least privilege, and high-fidelity monitoring around privileged changes are non-negotiable controls in AD security. ### Authentication and Authorization in AD Active Directory authenticates users and systems primarily through Kerberos, then uses group membership and permissions to enforce authorization. Many environments also rely on LDAP for directory lookups and queries. NTLM may still be used for compatibility with legacy systems, but it is generally avoided due to its security limitations. ## Why Active Directory Is a High-Value Target Active Directory is frequently targeted because it concentrates identity and access control across the enterprise. Threat actors often pursue domain-wide control ("domain dominance") to: * Escalate privileges and impersonate administrators * Enumerate users, groups, and systems to identify high-value targets * [Move laterally](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement?ts=markdown) across the network * Disable defenses or disrupt operations * Deploy [ransomware](https://www.paloaltonetworks.com/cyberpedia/what-is-ransomware?ts=markdown) or enable large-scale data theft From a business perspective, AD represents a single point of systemic risk: misconfigurations, weak privilege boundaries, and [credential hygiene issues](https://www.paloaltonetworks.com/cyberpedia/insufficient-credential-hygiene-cicd-sec6?ts=markdown) can create enterprise-wide exposure. ## Use Cases and Real-World Examples [Unit 42 research](https://unit42.paloaltonetworks.com/unit42-threat-brief-credential-theft-keystone-shamoon-2-attacks) highlights that credential theft remains the "keystone" of modern [cyber attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack?ts=markdown). In the Shamoon 2 attacks, adversaries leveraged stolen AD credentials to spread Disttrack malware across thousands of systems. ### Centralized Identity and Access Management (IAM) Organizations use AD to onboard users, assign access based on roles, and enforce consistent policies across departments and locations. The directory-based model supports secure access to shared file systems, internal applications, and Windows-based infrastructure. ### Delegated Administration at Scale AD's hierarchical structure enables organizations to delegate tasks, such as password resets or workstation management, without granting broad privileges. This improves operational efficiency while reducing the risk of overprivileged accounts. ### Adversary Behavior and Common Intrusion Patterns Credential theft remains a primary driver of modern intrusions. Once an attacker gains initial access to a single endpoint, they frequently leverage AD to map the environment, identify privileged accounts, and plan paths for privilege escalation and lateral movement. In high-impact incidents, stolen AD credentials have been used to propagate [malware](https://www.paloaltonetworks.com/cyberpedia/what-is-malware?ts=markdown) across large environments. In the [Shamoon 2 attacks](https://unit42.paloaltonetworks.com/unit42-shamoon-2-return-disttrack-wiper/), adversaries leveraged compromised credentials to spread the Disttrack wiper at scale. In many enterprise intrusions, valid credentials provide a low-friction path to privilege escalation and persistent access, making AD hardening and monitoring a top priority. ## Active Directory Best Practices The goal is simple: reduce privilege, reduce exposure, and detect abuse fast. Here's a practical baseline: | Category | Implementation Step | Business Impact | | **Access Control** | Enforce the [Principle of Least Privilege (PoLP)](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege?ts=markdown) with role-based groups | Limits the blast radius of compromised accounts | | **Privileged Security** | Separate admin accounts (no "one account does everything") | Reduces credential theft impact and lateral movement paths | | **Authentication** | Require [MFA](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication?ts=markdown) for admins (and strong auth for privileged actions) | Neutralizes password-only compromise for high-risk roles | | **Admin Model** | Use a Tiered Administrative Model (Tier 0/1/2) | Prevents high-value credentials from touching low-trust systems | | **Hardening** | Lock down DCs (limit logons, restrict tools, reduce services) | Protects the most sensitive infrastructure in the domain | | **Monitoring** | Audit privileged group changes, DC logons, replication events | Improves detection of privilege escalation and persistence | | **Account Hygiene** | Remove stale accounts; rotate/service-account credentials | Shrinks the attack surface and reduces "forgotten access" risk | | **GPO Governance** | Control who can create/edit/link GPOs; monitor changes | Prevents policy tampering and mass configuration abuse | | **Recovery Readiness** | Maintain tested backups + documented AD recovery process | Cuts downtime and speeds recovery after compromise | |-------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------| ## Active Directory FAQs ### What is the difference between a domain, a tree, and a forest? A domain is a single collection of objects that share a single database. A tree is a group of domains with a common root name. A forest is the highest-level security boundary that contains multiple trees that share a schema. ### How does Active Directory authenticate users? AD primarily uses the Kerberos protocol for secure authentication. It also supports LDAP for directory queries and NTLM for legacy system compatibility. ### What is an Organizational Unit (OU)? An OU is a container within a domain that groups users, groups, and computers. It allows administrators to apply specific policies and delegate control to sub-administrators. ### Why is Active Directory a frequent target for hackers? AD holds the "keys to the kingdom." If an attacker compromises a Domain Controller, they can create new accounts, change permissions, and access any data on the network. ### How do on-premises AD and Entra ID (Azure AD) work together? Organizations use tools like Microsoft Entra Connect to synchronize identities between local AD and the cloud. This enables hybrid identity management and consistent access across all platforms. ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Active%20Directory%20%28AD%29%3F&body=Learn%20how%20Active%20Directory%20%28AD%29%2C%20Microsoft%E2%80%99s%20core%20identity%20service%2C%20manages%20users%2C%20resources%2C%20and%20security%20to%20protect%20enterprises%20from%20modern%20cyberattacks.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/access-control?ts=markdown) What Is Access Control? [Next](https://www.paloaltonetworks.com/cyberpedia/what-is-passwordless-authentication?ts=markdown) What Is Passwordless Authentication? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language