[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/ai-security?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Next-Gen Trust Security](https://www.paloaltonetworks.com/network-security/next-gen-trust-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-security-solution?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection and Response (CDR)](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection and Response (CDR)](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.paloaltonetworks.com/deploybravely?ts=markdown) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Identity Security](https://www.paloaltonetworks.com/cyberpedia/identity-security?ts=markdown) 3. [Access Management](https://www.paloaltonetworks.com/cyberpedia/access-management?ts=markdown) 4. [Adaptive MFA](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa?ts=markdown) Table of contents * [What Is Access Management?](https://www.paloaltonetworks.com/cyberpedia/access-management?ts=markdown) * [Understanding Access Management](https://www.paloaltonetworks.com/cyberpedia/access-management#understanding?ts=markdown) * [What Are the Key Components of Access Management?](https://www.paloaltonetworks.com/cyberpedia/access-management#what?ts=markdown) * [Types of Access Management Solutions](https://www.paloaltonetworks.com/cyberpedia/access-management#types?ts=markdown) * [Implementing Access Management](https://www.paloaltonetworks.com/cyberpedia/access-management#implementing?ts=markdown) * [Access Management FAQs](https://www.paloaltonetworks.com/cyberpedia/access-management#faqs?ts=markdown) * [What Is Access Control?](https://www.paloaltonetworks.com/cyberpedia/access-control?ts=markdown) * [Access Control Explained](https://www.paloaltonetworks.com/cyberpedia/access-control#explained?ts=markdown) * [What Are Different Types of Access Control?](https://www.paloaltonetworks.com/cyberpedia/access-control#different?ts=markdown) * [Benefits of Effective Access Control Systems](https://www.paloaltonetworks.com/cyberpedia/access-control#benefits?ts=markdown) * [Access Control Use Cases](https://www.paloaltonetworks.com/cyberpedia/access-control#use-cases?ts=markdown) * [DSPM and Access Control](https://www.paloaltonetworks.com/cyberpedia/access-control#dspm?ts=markdown) * [Access Control FAQs](https://www.paloaltonetworks.com/cyberpedia/access-control#faqs?ts=markdown) * [What Is an Application Gateway? Layer 7 Balancing Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-an-app-gateway?ts=markdown) * [App Gateway Explained: Beyond Basic Load Balancing](https://www.paloaltonetworks.com/cyberpedia/what-is-an-app-gateway#gateway?ts=markdown) * [The Anatomy of a Request: Listener to Backend Pool](https://www.paloaltonetworks.com/cyberpedia/what-is-an-app-gateway#anatomy?ts=markdown) * [Key Benefits and Strategic Advantages](https://www.paloaltonetworks.com/cyberpedia/what-is-an-app-gateway#key?ts=markdown) * [Application Gateway vs. Traditional Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-an-app-gateway#application?ts=markdown) * [Why Gateways Support Zero Trust](https://www.paloaltonetworks.com/cyberpedia/what-is-an-app-gateway#why?ts=markdown) * [Implementation Challenges and Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-an-app-gateway#implementation?ts=markdown) * [Advanced Proactive Defense](https://www.paloaltonetworks.com/cyberpedia/what-is-an-app-gateway#advanced?ts=markdown) * [Application Gateway FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-an-app-gateway#faqs?ts=markdown) * [What Is User Behavior Analytics (UBA)?](https://www.paloaltonetworks.com/cyberpedia/what-is-user-behavior-analytics-uba?ts=markdown) * [User Behavior Analytics Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-user-behavior-analytics-uba#explained?ts=markdown) * [How UBA Works: The Data-to-Insight Flow](https://www.paloaltonetworks.com/cyberpedia/what-is-user-behavior-analytics-uba#uba?ts=markdown) * [Core UBA Data Sources](https://www.paloaltonetworks.com/cyberpedia/what-is-user-behavior-analytics-uba#sources?ts=markdown) * [UBA vs. UEBA: Understanding the Entity Difference](https://www.paloaltonetworks.com/cyberpedia/what-is-user-behavior-analytics-uba#difference?ts=markdown) * [Critical Use Cases for Modern Security Ops](https://www.paloaltonetworks.com/cyberpedia/what-is-user-behavior-analytics-uba#cases?ts=markdown) * [Top 3 Benefits of UBA Deployment](https://www.paloaltonetworks.com/cyberpedia/what-is-user-behavior-analytics-uba#benefits?ts=markdown) * [UBA-Enabled Adaptive Authentication](https://www.paloaltonetworks.com/cyberpedia/what-is-user-behavior-analytics-uba#authentication?ts=markdown) * [Zero Trust and Behavior Analytics Alignment](https://www.paloaltonetworks.com/cyberpedia/what-is-user-behavior-analytics-uba#trust?ts=markdown) * [User Behavior Analytics FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-user-behavior-analytics-uba#faqs?ts=markdown) * What Is Adaptive MFA? How Risk-Based Authentication Works * [How is Adaptive MFA Different from Traditional MFA?](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#mfa?ts=markdown) * [Why Is Adaptive MFA Important?](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#adaptive?ts=markdown) * [How Does Adaptive MFA Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#page-anchor?ts=markdown) * [Adaptive MFA Use Cases \& Real-World Examples](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#page-anchor?ts=markdown) * [What are Common Risk Signals Used by Adaptive MFA?](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#risk?ts=markdown) * [How is Adaptive MFA Related to Zero Trust?](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#trust?ts=markdown) * [What are Some Examples of Adaptive MFA in Action?](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#action?ts=markdown) * [Adaptive MFA Transition Checklist](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#page-anchor?ts=markdown) * [Implementation Notes for SOC Leaders](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#page-anchor?ts=markdown) * [What Is Active Directory (AD)?](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad?ts=markdown) * [How Active Directory Works](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad#how?ts=markdown) * [Why Active Directory Is a High-Value Target](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad#why?ts=markdown) * [Use Cases and Real-World Examples](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad#examples?ts=markdown) * [Active Directory Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad#best?ts=markdown) * [Active Directory FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad#faqs?ts=markdown) * [What Is Passwordless Authentication?](https://www.paloaltonetworks.com/cyberpedia/what-is-passwordless-authentication?ts=markdown) * [Passwordless Authentication Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-passwordless-authentication#explained?ts=markdown) * [The Problem With Passwords](https://www.paloaltonetworks.com/cyberpedia/what-is-passwordless-authentication#problem?ts=markdown) * [How Passwordless Authentication Works](https://www.paloaltonetworks.com/cyberpedia/what-is-passwordless-authentication#how?ts=markdown) * [How Passwordless Fits With SSO and MFA](https://www.paloaltonetworks.com/cyberpedia/what-is-passwordless-authentication#fits?ts=markdown) * [Passwordless Authentication Benefits](https://www.paloaltonetworks.com/cyberpedia/what-is-passwordless-authentication#benefits?ts=markdown) * [FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-passwordless-authentication#faqs?ts=markdown) * [What Is CIAM (Customer Identity and Access Management)?](https://www.paloaltonetworks.com/cyberpedia/what-is-ciam?ts=markdown) * [CIAM Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-ciam#ciam?ts=markdown) * [CIAM Architecture and Security Components](https://www.paloaltonetworks.com/cyberpedia/what-is-ciam#architecture?ts=markdown) * [CIAM Versus Traditional IAM for Workforce Users](https://www.paloaltonetworks.com/cyberpedia/what-is-ciam#users?ts=markdown) * [CIAM and the Zero Trust Security Model](https://www.paloaltonetworks.com/cyberpedia/what-is-ciam#model?ts=markdown) * [CIAM Implementation: Attacker Behavior and Mitigation](https://www.paloaltonetworks.com/cyberpedia/what-is-ciam#mitigation?ts=markdown) * [Customer Identity and Access Management (CIAM) FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-ciam#faqs?ts=markdown) * [Authentication and Authorization Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-authentication-and-authorization?ts=markdown) * [Authentication and Authorization Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-authentication-and-authorization#explained?ts=markdown) * [Differentiating Authentication from Authorization](https://www.paloaltonetworks.com/cyberpedia/what-is-authentication-and-authorization#authentication?ts=markdown) * [Authorization Models: RBAC, ABAC, and Policy Enforcement](https://www.paloaltonetworks.com/cyberpedia/what-is-authentication-and-authorization#models?ts=markdown) * [Lateral Movement and Attacker Workflow](https://www.paloaltonetworks.com/cyberpedia/what-is-authentication-and-authorization#workflow?ts=markdown) * [Cloud Security Implications for Authorization](https://www.paloaltonetworks.com/cyberpedia/what-is-authentication-and-authorization#cloud?ts=markdown) * [Zero Trust Alignment with Access Control](https://www.paloaltonetworks.com/cyberpedia/what-is-authentication-and-authorization#control?ts=markdown) * [Authentication and Authorization FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-authentication-and-authorization#faqs?ts=markdown) * [What Is Single Sign-On (SSO)?](https://www.paloaltonetworks.com/cyberpedia/what-is-single-sign-on?ts=markdown) * [Why Single Sign-On Matters](https://www.paloaltonetworks.com/cyberpedia/what-is-single-sign-on#why?ts=markdown) * [How Single Sign-On Works](https://www.paloaltonetworks.com/cyberpedia/what-is-single-sign-on#how?ts=markdown) * [SSO Features and Functions](https://www.paloaltonetworks.com/cyberpedia/what-is-single-sign-on#sso?ts=markdown) * [Business Benefits of Single Sign-On](https://www.paloaltonetworks.com/cyberpedia/what-is-single-sign-on#business?ts=markdown) * [Security Cautions and Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-single-sign-on#security?ts=markdown) * [SSO FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-single-sign-on#faqs?ts=markdown) * [What is BeyondCorp?](https://www.paloaltonetworks.com/cyberpedia/what-is-beyondcorp?ts=markdown) * [Why Organizations Use BeyondCorp](https://www.paloaltonetworks.com/cyberpedia/what-is-beyondcorp#why?ts=markdown) * [How BeyondCorp Works](https://www.paloaltonetworks.com/cyberpedia/what-is-beyondcorp#how?ts=markdown) * [How BeyondCorp Relates to Zero Trust](https://www.paloaltonetworks.com/cyberpedia/what-is-beyondcorp#relate?ts=markdown) * [What is the Evolution of Multifactor Authentication](https://www.paloaltonetworks.com/cyberpedia/what-is-the-evolution-of-multi-factor-authentication?ts=markdown) * [Drivers for the Evolution of MFA](https://www.paloaltonetworks.com/cyberpedia/what-is-the-evolution-of-multi-factor-authentication#drivers?ts=markdown) * [Brief History of Multi-Factor Authentication](https://www.paloaltonetworks.com/cyberpedia/what-is-the-evolution-of-multi-factor-authentication#brief?ts=markdown) * [The Future of Authentication](https://www.paloaltonetworks.com/cyberpedia/what-is-the-evolution-of-multi-factor-authentication#future?ts=markdown) * [Evolution of MFA FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-evolution-of-multi-factor-authentication#faqs?ts=markdown) * [What Is the Principle of Least Privilege?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege?ts=markdown) * [How does the principle of least privilege (PoLP) work?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege#how?ts=markdown) * [Why Is the Principle of Least Privilege Important?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege#why?ts=markdown) * [What Are the Benefits of the Principle of Least Privilege?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege#what?ts=markdown) * [How to Implement PoLP in your organization](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege#organization?ts=markdown) * [Get PoLP with ZTNA 2.0 on Prisma Access](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege#get?ts=markdown) * [Principle of Least Privilege Access FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege#faqs?ts=markdown) * [What Is Cloud Infrastructure Entitlement Management (CIEM)?](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem?ts=markdown) * [Why Is CIEM Important to Your Cloud Security Strategy?](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem#why?ts=markdown) * [What Are the Components of CIEM?](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem#what?ts=markdown) * [How Is CIEM Used?](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem#how?ts=markdown) * [How Does CIEM Improves Cloud Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem#security?ts=markdown) * [Key Security Benefits of CIEM](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem#key?ts=markdown) * [Discover CIEM | Prisma Cloud](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem#discover?ts=markdown) * [CIEM FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem#faqs?ts=markdown) * [What is Multifactor Authentication (MFA) Implementation?](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation?ts=markdown) * [Why MFA Implementation is Important](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation#why?ts=markdown) * [Planning Your MFA Implementation Strategy](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation#planning?ts=markdown) * [Step-by-Step Guide to Implementing MFA](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation#step?ts=markdown) * [Overcoming Challenges in MFA Implementation](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation#overcoming?ts=markdown) * [Best Practices for Maintaining Effective MFA](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation#best?ts=markdown) * [Evaluating the Success of MFA Deployment](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation#evaluating?ts=markdown) * [MFA Implementation FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation#faqs?ts=markdown) * [What Is Identity and Access Management (IAM)?](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management?ts=markdown) * [What Is Identity and Access Management?](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#what?ts=markdown) * [Why Is IAM Important?](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#why?ts=markdown) * [IAM vs. PAM](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#iam-vs-pam?ts=markdown) * [Cloud IAM vs. On-Prem IAM](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#vs?ts=markdown) * [IAM Security](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#iam-security?ts=markdown) * [Identity and Access Management FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#faq?ts=markdown) # What Is Adaptive MFA and How Does It Work? 5 min. read [Secure Your Identities](https://www.paloaltonetworks.com/identity-security?ts=markdown) Table of contents * * [How is Adaptive MFA Different from Traditional MFA?](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#mfa?ts=markdown) * [Why Is Adaptive MFA Important?](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#adaptive?ts=markdown) * [How Does Adaptive MFA Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#page-anchor?ts=markdown) * [Adaptive MFA Use Cases \& Real-World Examples](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#page-anchor?ts=markdown) * [What are Common Risk Signals Used by Adaptive MFA?](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#risk?ts=markdown) * [How is Adaptive MFA Related to Zero Trust?](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#trust?ts=markdown) * [What are Some Examples of Adaptive MFA in Action?](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#action?ts=markdown) * [Adaptive MFA Transition Checklist](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#page-anchor?ts=markdown) * [Implementation Notes for SOC Leaders](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#page-anchor?ts=markdown) 1. How is Adaptive MFA Different from Traditional MFA? * * [How is Adaptive MFA Different from Traditional MFA?](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#mfa?ts=markdown) * [Why Is Adaptive MFA Important?](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#adaptive?ts=markdown) * [How Does Adaptive MFA Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#page-anchor?ts=markdown) * [Adaptive MFA Use Cases \& Real-World Examples](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#page-anchor?ts=markdown) * [What are Common Risk Signals Used by Adaptive MFA?](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#risk?ts=markdown) * [How is Adaptive MFA Related to Zero Trust?](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#trust?ts=markdown) * [What are Some Examples of Adaptive MFA in Action?](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#action?ts=markdown) * [Adaptive MFA Transition Checklist](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#page-anchor?ts=markdown) * [Implementation Notes for SOC Leaders](https://www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa#page-anchor?ts=markdown) Adaptive [multifactor authentication](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication?ts=markdown) (adaptive MFA), also known as risk-based authentication, is an approach to authentication that adjusts verification requirements based on the context of a login attempt or transaction. Rather than requiring the same authentication steps for every user in every scenario, adaptive MFA evaluates signals such as device posture, location, IP reputation, login behavior, and application sensitivity to determine the appropriate level of verification. This approach helps organizations strengthen [identity security](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-security?ts=markdown) while minimizing unnecessary friction for legitimate users. Low-risk access attempts may proceed with minimal interruption, while high-risk or anomalous activity can trigger additional verification or be blocked altogether. Key Points * **Contextual Analysis**: Systems evaluate signals such as geo-velocity, IP addresses, and time of day to assess risk. \* **Risk-Based Response**: The system automatically steps up authentication requirements for high-risk attempts or streamlines low-risk logins. \* **Reduced Friction**: Legitimate users receive fewer prompts, minimizing MFA fatigue and improving daily productivity. \* **AI Integration**: Modern solutions leverage machine learning to establish behavioral baselines and detect subtle anomalies in real time. \* **Zero Trust Alignment** : Adaptive MFA supports a [zero-trust architecture](https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture?ts=markdown) by continuously verifying identities in response to changing conditions. ## How is Adaptive MFA Different from Traditional MFA? Adaptive MFA is an authentication approach that uses risk analysis to determine whether a user should be granted access, asked for another factor, or blocked entirely. * **Traditional MFA** applies the same policy to everyone. * **Adaptive MFA adds a decision layer:** Is this login normal, or does it look suspicious? That makes it "adaptive." The system responds to context. A login from a managed laptop at a usual location during normal work hours may be considered low risk. A login from an unknown device, unusual geography, anonymizing network, or impossible-travel scenario may trigger step-up authentication, session limits, or outright denial. **[OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Multifactor_Authentication_Cheat_Sheet.html) describes this as authentication that dynamically adjusts its requirements based on the context of the login attempt.** ## Why Is Adaptive MFA Important? **Adaptive MFA matters because modern attacks do not politely stop at the password field.** Attackers use stolen credentials, session hijacking, MFA fatigue, adversary-in-the-middle phishing kits, token theft, and compromised devices. A flat authentication model creates two bad choices: either force everyone through constant prompts, or keep prompts light and accept more risk. **Adaptive MFA provides a middle path:** * **less friction for normal access** * **more scrutiny for suspicious access** * **stronger protection for sensitive resources** That makes it especially useful for remote work, [SaaS](https://www.paloaltonetworks.com/cyberpedia/what-is-saas?ts=markdown) access, privileged accounts, [third-party access](https://www.paloaltonetworks.com/cyberpedia/what-is-third-party-access?ts=markdown), and hybrid environments where users, devices, and networks are constantly changing. ![The Adaptive MFA Logic Flow](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/the-adaptive-mfa-logic-flow.png "The Adaptive MFA Logic Flow") *Figure 1: The Adaptive MFA Logic Flow* ## How Does Adaptive MFA Work? Most adaptive MFA systems follow a similar workflow: | Phase | Process | Description | | Collect Context | Gather Signals | The authentication system collects real-time data about the request, including device posture, IP address, geolocation, browser details, login time, network reputation, and prior behavior. NIST cites IP addresses, geolocation, timing patterns, and browser metadata as key adaptive signals. | | Calculate Risk | Assign Risk Score | A rules engine, analytics engine, or machine learning model evaluates the gathered signals to assign a risk score to the session. NIST guidance highlights risk-engine-based MFA that invokes stronger authentication specifically for higher-risk transactions. | | Apply Policy | Determine Outcome | Based on the calculated risk score, the system executes a specific security response: allow access silently, require an additional factor, require a stronger factor, limit the session, or deny the attempt entirely. | | Update Trust | Continuous Reassessment | Mature implementations move beyond initial login. They continuously reassess trust as user behavior changes during the session, particularly when the user attempts to access sensitive applications, data, or privileged actions. | |-----------------|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| ## Adaptive MFA Use Cases \& Real-World Examples ### Securing the Remote Workforce Remote workers often access business applications from diverse environments. An employee working from a home office on a recognized device may only need a password. However, if that same employee attempts to log in from a public Wi-Fi network in a different country, the system triggers a step-up challenge. This might include a biometric scan or a hardware token. ### Critical Industry Access In healthcare, clinicians require rapid access to patient records while maintaining strict compliance. Adaptive MFA allows a nurse to sign in once at the start of a shift with full MFA. For the remainder of the shift, the system may only require a simple proximity badge tap for subsequent logins on that specific terminal. ### Unit 42 Research: Threat Actor Trends [Unit 42 research](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report?ts=markdown) indicates that identity weaknesses play a material role in nearly 90% of incident investigations. Attackers now use AI to accelerate credential harvesting and bypass traditional local controls. Adaptive MFA serves as a critical barrier by detecting impossible travel scenarios where a user appears to log in from two distant locations simultaneously. ## What are Adaptive MFA Best Practices? | Implementation Step | Key Technical Action | Operational Benefit | | Establish Baselines | Use AI/ML to profile normal user behavior over time. | Accurate anomaly detection. | | Define Risk Rules | Set specific policies for roles, locations, and sensitive assets. | Customized security posture. | | Integrate Threat Intel | Connect 3rd-party threat data to the authentication engine. | Proactive block lists. | | Continuous Monitoring | Evaluate risk throughout the active session, not just at login. | Stops token theft in real time. | |------------------------|-------------------------------------------------------------------|---------------------------------| ## What are Common Risk Signals Used by Adaptive MFA? **Adaptive MFA relies on the quality and relevance of the signals it evaluates.** Common categories include: **Device Signals:** * managed versus unmanaged device * known versus unknown device * device health or compliance status * suspicious browser or operating system changes **Network and Location Signals:** * source IP address * geolocation * impossible travel scenarios * use of VPNs, proxies, or anonymizers * network reputation **Behavioral Signals:** * unusual login times * abnormal request volume or cadence * deviations from typical user patterns * anomalous interaction behavior **Access and Transaction Signals:** * sensitivity of the requested application or data * role or privilege level of the user * attempts to perform administrative or high-risk actions * unusual transaction attributes ## How is Adaptive MFA Related to Zero Trust? **Adaptive MFA is closely aligned with [zero trust](https://www.paloaltonetworks.com/cyberpedia/what-is-zero-trust?ts=markdown) because both rely on continuous verification rather than inherited trust.** A zero trust approach verifies identity, device, context, and policy before granting access to resources. Adaptive MFA strengthens that model by making authentication responsive to risk instead of static. In practice, adaptive MFA often supports zero trust initiatives by helping organizations: * Verify users more intelligently * Reduce broad-standing access * Protect sensitive applications * Respond to anomalous behavior in real time It is not the whole zero trust model, but it is one of the most practical controls for enforcing it. ## What are Some Examples of Adaptive MFA in Action? Adaptive MFA applies authentication controls based on the context and risk of each access attempt. The examples below illustrate how it can reduce friction for routine activity while requiring stronger verification for suspicious, privileged, or high-risk access scenarios. | Example | Scenario | Risk Signals | Adaptive MFA Response | | Low-risk employee login | An employee signs in from a managed device at the office during normal business hours using a known browser. The login pattern matches prior behavior. | Managed device, known browser, familiar location, normal business hours, consistent behavior | Allows access with minimal friction | | Suspicious remote login | The same user attempts access from a new device in a different country two hours later. | New device, unusual location, impossible travel, abnormal access pattern | Requires a stronger second factor or blocks the request | | Privileged admin action | An administrator logs in successfully, then attempts to disable logging and create a new privileged account. | Privileged activity, sensitive system changes, elevated access request | Triggers step-up authentication before allowing the action | | Third-party access | A contractor accesses a sensitive application from an unmanaged device outside the approved maintenance window. | Unmanaged device, third-party user, sensitive application, access outside approved hours | Requires stronger verification and restricts session capabilities | |-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------|-------------------------------------------------------------------| ## Adaptive MFA Transition Checklist **This technical [MFA Implementation](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation?ts=markdown) checklist is designed for SOC leaders and Network Architects to transition from static MFA to an Adaptive, risk-based model.** | Phase | Critical Action Item | Technical Requirement | | Audit | Inventory existing MFA methods. | Identify all legacy hardware tokens and SMS-based systems. | | Audit | Map high-value assets. | Categorize applications by sensitivity and data risk levels. | | Design | Define baseline behavior. | Use AI to establish normal login hours and typical locations. | | Design | Establish risk thresholds. | Set clear "step-up" triggers for unknown IPs or new devices. | | Integration | Connect threat intelligence. | Feed Unit 42 or third-party threat data into the risk engine. | | Integration | Enable geo-velocity rules. | Configure alerts for "impossible travel" between login attempts. | | Deployment | Pilot with low-risk groups. | Test adaptive policies with a subset of users to tune accuracy. | | Deployment | Implement phishing resistance. | Prioritize FIDO2 or biometric factors for high-risk challenges. | | Monitoring | Monitor false positive rates. | Adjust the sensitivity if legitimate users frequently encounter challenges. | | Monitoring | Review session persistence. | Set re-authentication intervals based on role and device health. | |-------------|---------------------------------|-----------------------------------------------------------------------------| ## Implementation Notes for SOC Leaders * **Phasing**: Do not move the entire organization at once. Start with remote workers who frequently switch networks. * **Granularity**: Use fine-grained policies. An IT Administrator should always face stricter adaptive rules than a standard retail associate. * **Continuous Loop** : Use [machine learning](https://www.paloaltonetworks.com/cyberpedia/machine-learning-ml?ts=markdown) to refine your "normal" behavior profiles every 30 days. This accounts for seasonal travel or changes in office locations. ## Adaptive MFA FAQs ### What is the difference between traditional MFA and Adaptive MFA? Traditional MFA requires the same verification steps for every login, regardless of risk levels. Adaptive MFA uses context, such as location and device health, to dynamically adjust authentication requirements. ### How does Adaptive MFA improve user experience? It reduces the frequency of authentication prompts for legitimate users in low-risk environments. This lessens MFA fatigue and allows employees to work more efficiently. ### Can Adaptive MFA prevent phishing attacks? Yes, modern adaptive systems often include phishing-resistant authenticators. They can also detect when a user is attempting to authenticate on a suspicious or unrecognized site. ### What contextual factors does Adaptive MFA use? Common factors include source IP address, geo-location, device type, and login time. It also analyzes geo-velocity to spot impossible physical travel between login attempts. ### Why is Adaptive MFA important for Zero Trust? Zero Trust requires continuous verification of identity and security posture. Adaptive MFA provides the dynamic control needed to verify every request based on real-time risk. ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Adaptive%20MFA%3F%20How%20Risk-Based%20Authentication%20Works&body=Learn%20what%20adaptive%20MFA%20is%2C%20how%20it%20uses%20risk%20signals%20to%20step%20up%20authentication%2C%20and%20why%20it%20boosts%20security%20without%20adding%20friction%20to%20every%20login.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-adaptive-mfa) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-user-behavior-analytics-uba?ts=markdown) What Is User Behavior Analytics (UBA)? [Next](https://www.paloaltonetworks.com/cyberpedia/what-is-active-directory-ad?ts=markdown) What Is Active Directory (AD)? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/ai-security?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language