[](https://www.paloaltonetworks.com/?ts=markdown)

* Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)
  ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [](https://www.paloaltonetworks.com/?ts=markdown)

* Products  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products  
  [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)
  
  * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)
  
  * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  
  * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)
  
  * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)
  
  * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  
  * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)
  
  * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)
  
  * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  
  * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)
  
  * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)
  
  * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)
  
  * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)
  
  * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)
  
  * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  
  * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)
  
  * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)
  
  * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)
  
  * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)
  
  * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)
  
  * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)
  
  * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)
  
  * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)
  
  * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)
  
  * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)  
    [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)
  
  * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)
  
  * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)
  
  * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)
  
  * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)
  
  * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)
  
  * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown)
  
  * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)
  
  * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown)
  
  * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)
  
  * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown)
  
  * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  
  * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* Solutions  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions  
  Secure AI by Design
  
  * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)  
    Network Security
  * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown)
  * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown)
  * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown)
  * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown)
  * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown)
  * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown)
  * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown)
  * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown)
  * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)  
    Cloud Security
  * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown)
  * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown)
  * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown)
  * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown)
  * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown)
  * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown)
  * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown)
  * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown)
  * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown)  
    Security Operations
  * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown)
  * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown)
  * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown)
  * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown)
  * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown)
  * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown)
  * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown)
  * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown)
  * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown)
  * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown)  
    Endpoint Security
  * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown)
  * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown)
  * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown)
  * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown)  
    [Industries](https://www.paloaltonetworks.com/industry?ts=markdown)
  * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown)
  * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown)
  * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown)
  * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown)
  * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown)

* Services  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services  
  [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)
  
  * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)
  
  * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown)
  
  * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown)
  
  * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown)
  
  * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown)
  
  * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown)
  
  * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown)
  
  * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown)
  
  * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown)
  
  * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown)
  
  * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown)
  
  * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown)
  
  * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown)
  
  * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown)
  
  * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)
  
  * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown)
  
  * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown)
  
  * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown)
  
  * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown)
  
  * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown)
  
  * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)
  
  * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown)
  
  * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown)
  
  * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown)
  
  * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown)  
    [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown)
  
  * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown)
  
  * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown)
  
  * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown)
  
  * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown)
  
  * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown)  
    [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg)  
    UNIT 42 RETAINER
    Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial.
    Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)

* Partners  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners  
  NextWave Partners
  
  * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown)
  * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown)
  * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown)
  * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown)
  * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown)
  * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown)
  * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown)
  * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown)  
    Take Action
  * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown)
  * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown)
  * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner)
  * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess)
  * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator)  
    [CYBERFORCE
    CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise.
    Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown)

* Company  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company  
  Palo Alto Networks
  
  * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
  * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown)
  * [Investor Relations](https://investors.paloaltonetworks.com)
  * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
  * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown)
  * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
  * [Military \& Veterans](https://jobs.paloaltonetworks.com/military)  
    [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown)
  * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown)
  * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown)
  * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown)
  * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown)
  * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown)
  * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
  * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown)  
    Careers
  * [Overview](https://jobs.paloaltonetworks.com/)
  * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/)  
    [A Newsweek Most Loved Workplace
    "Businesses that do right by their employees"
    Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown)

* More  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More  
  Resources
  
  * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
  * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/)
  * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
  * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
  * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
  * [Tech Insider](https://techinsider.paloaltonetworks.com/)
  * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/)
  * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/)
  * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown)
  * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown)
  * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown)
  * [Tech Docs](https://docs.paloaltonetworks.com/)
  * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown)
  * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/)
  * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown)  
    Connect
  * [LIVE community](https://live.paloaltonetworks.com/)
  * [Events](https://events.paloaltonetworks.com/)
  * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown)
  * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown)
  * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)  
    [Blog
    Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity
    Learn more](https://www.paloaltonetworks.com/blog/)

* Sign In  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)

* [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown)  
  Search  
  All

* [Tech Docs](https://docs.paloaltonetworks.com/search)  
  Close search modal
  [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com)  
  [](https://www.paloaltonetworks.com/?ts=markdown)

1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
2. [Threats](https://www.paloaltonetworks.com/cyberpedia/threat?ts=markdown)
3. [Cyberthreat Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti?ts=markdown)
4. [What Is Cyber Threat Intelligence (CTI)?](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti?ts=markdown)  
   Table of Contents

* What Is Cyber Threat Intelligence (CTI)?
  * [What Data Is Considered Threat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#considered?ts=markdown)
  * [Sources of Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#sources?ts=markdown)
  * [Tools and Services in Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#tools?ts=markdown)
  * [Practical Implementation of Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#implementation?ts=markdown)
  * [The Threat Intelligence Lifecycle: An Overview](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#lifecycle?ts=markdown)
  * [Building an Effective Threat Intelligence Program](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#program?ts=markdown)
  * [Threat Intelligence FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#faq?ts=markdown)
* [Threat Intelligence Use Cases and Examples](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples?ts=markdown)
  * [What Are the 4 Types of Threat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#types?ts=markdown)
  * [Top 4 Use Cases for a Threat Intel Platform (TIP)](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#use-cases?ts=markdown)
  * [Specific Examples of Threat Intelligence Use Cases](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#examples?ts=markdown)
  * [MITRE ATT\&CK as a Threat Intelligence Use Case](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#mitre?ts=markdown)
  * [Threat Intelligence Use Cases FAQs](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#faq?ts=markdown)
* [What is the Threat Intelligence Lifecycle?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-threat-intelligence-life-cycle?ts=markdown)
  * [Why is the Threat Intelligence Lifecycle Important?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-threat-intelligence-life-cycle#why?ts=markdown)
  * [The 6 Stages of the Threat Intelligence Lifecycle](https://www.paloaltonetworks.com/cyberpedia/what-is-the-threat-intelligence-life-cycle#lifecycle?ts=markdown)
  * [Benefits of the Threat Intelligence Lifecycle Framework](https://www.paloaltonetworks.com/cyberpedia/what-is-the-threat-intelligence-life-cycle#benefits?ts=markdown)
  * [Threat Intelligence Lifecycle FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-threat-intelligence-life-cycle#faqs?ts=markdown)
* [What is a Threat Intelligence Platform (TIP)?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform?ts=markdown)
  * [The Value of a Threat Intelligence Platform](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#value?ts=markdown)
  * [How Threat Intelligence Works](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#intelligence?ts=markdown)
  * [Types and Examples of Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#examples?ts=markdown)
  * [Why Do Organizations Need a Threat Intelligence Platform (TIP)?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#organizations?ts=markdown)
  * [Key Characteristics of a Threat Intelligence Platform](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#characteristics?ts=markdown)
  * [Types of Threat Intelligence Data](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#threat?ts=markdown)
  * [Implementation of a Threat Intelligence Platform](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#platform?ts=markdown)
  * [Threat Intelligence Platforms FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#faqs?ts=markdown)
* [What Are Unknown Cyberthreats?](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats?ts=markdown)
  * [How Unknown Cyberthreats Are Redefining Cloud Security](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats#how?ts=markdown)
  * [Why Unknown Threats Matter](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats#why?ts=markdown)
  * [Types of Unknown Cyberthreats](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats#types?ts=markdown)
  * [Advanced Defense Strategies for Modern Threats](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats#advanced?ts=markdown)
  * [Resilient Cloud Security Starts with Visibility and Adaptation](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats#resilient?ts=markdown)
  * [Unknown Cyberthreats FAQs](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats#faqs?ts=markdown)
* [What Are Cyberthreat Intelligence Tools?](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools?ts=markdown)
  * [Types of Threat Intelligence Tools](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#types?ts=markdown)
  * [How Threat Intelligence Tools Work](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#tools?ts=markdown)
  * [Key Functions of Threat Intelligence Tools](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#key?ts=markdown)
  * [What is a Threat Intelligence Platform (TIP)?](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#platform?ts=markdown)
  * [Best Practices for Implementing Threat Intelligence Tools](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#practices?ts=markdown)
  * [Emerging Trends in Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#trends?ts=markdown)
  * [Threat Intelligence Tools FAQs](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#faqs?ts=markdown)
* [What are the Types of Cyberthreat Intelligence (CTI)?](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence?ts=markdown)
  * [What is Cyberthreat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence#cyberthreat?ts=markdown)
  * [What is Strategic Threat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence#strategic?ts=markdown)
  * [What is Tactical Threat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence#tactical?ts=markdown)
  * [What is Operational Threat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence#operational?ts=markdown)
  * [Application of Cyberthreat Intelligence](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence#application?ts=markdown)
  * [Challenges in Cyberthreat Intelligence](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence#challenges?ts=markdown)
* [Cyberthreat Intelligence FAQs](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence#faqs?ts=markdown)

# What Is Cyber Threat Intelligence (CTI)?

5 min. read  
Table of Contents

* * [What Data Is Considered Threat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#considered?ts=markdown)
  * [Sources of Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#sources?ts=markdown)
  * [Tools and Services in Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#tools?ts=markdown)
  * [Practical Implementation of Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#implementation?ts=markdown)
  * [The Threat Intelligence Lifecycle: An Overview](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#lifecycle?ts=markdown)
  * [Building an Effective Threat Intelligence Program](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#program?ts=markdown)
* [Threat Intelligence FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#faq?ts=markdown)

1. What Data Is Considered Threat Intelligence?

* * [What Data Is Considered Threat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#considered?ts=markdown)
  * [Sources of Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#sources?ts=markdown)
  * [Tools and Services in Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#tools?ts=markdown)
  * [Practical Implementation of Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#implementation?ts=markdown)
  * [The Threat Intelligence Lifecycle: An Overview](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#lifecycle?ts=markdown)
  * [Building an Effective Threat Intelligence Program](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#program?ts=markdown)
* [Threat Intelligence FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#faq?ts=markdown)  
  Cyber threat intelligence (CTI) is the process of collecting, analyzing, and applying data on cyber threats, adversaries, and attack methodologies to enhance an organization's security posture. It involves taking raw threat data from various sources and transforming it into actionable insights that enable organizations to anticipate, detect, and respond to cyber risks. Threat intelligence can be categorized into strategic intelligence, operational intelligence, and tactical intelligence, all of which offer strategic advantage against cybercriminals, nation-state actors, and [insider threats](https://www.paloaltonetworks.com/cyberpedia/insider-threat?ts=markdown). Properly informed and equipped, organizations can move beyond reactive defense and adopt a proactive security approach to mitigate risks before they materialize.

{#explained}

## Cyber Threat Intelligence Explained

In a world where virtually every industry, organization, and individual increasingly relies on digital systems, identifying and mitigating the risk of [cyberattacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack?ts=markdown) is a crucial proactive security measure.

Cyber threat intelligence (CTI) represents the information an organization gathers and analyzes about potential and ongoing threats to cybersecurity and infrastructure.

Threat intelligence gives chief information security officers (CISOs) and security teams valuable insights about potential cyberthreat actors' motivations and methods to help security teams anticipate threats, enhance cyber defense programs, improve [incident response](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response?ts=markdown), decrease cyber vulnerability, and reduce potential damages caused by cyberattacks.

{#why-it-matters}

## Threat Intelligence: Why It Matters

Cyber threat intelligence is an essential component of an organization's cyber resiliency, which includes "the ability to anticipate, withstand, recover from, and adapt" to threats, attacks, or compromises on systems, according to [NIST](<https://csrc.nist.gov/glossary/term/cyber_resiliency#:~:text=Definition(s)%3A,are%20enabled%20by%20cyber%20resources.>).

Threat Intelligence fuels [cybersecurity](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-security?ts=markdown) programs by providing powerful tactical information that organizations can use to better identify and respond to cyberattacks. The process of gathering this information also supports risk management by uncovering vulnerabilities in cybersecurity systems. Security teams are then able to allocate resources better to meet the most relevant cyber threats to their industry and protect valuable data, assets, and intellectual property.

{#benefits}

## The Benefits of Cyber Threat Intelligence

Threat intelligence is pivotal in enhancing an organization's cybersecurity posture, providing numerous benefits spanning proactive defense to informed decision-making. One of the most critical advantages is the enhancement of [incident response](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response?ts=markdown) capabilities. With relevant threat intelligence, incident response teams can detect, investigate, and mitigate security incidents more rapidly and effectively. Being informed about adversaries' TTPs ensures that response teams can tailor their strategies to the specific threats they face, leading to more efficient containment and recovery.

Experienced threat intelligence analyst can enhance cybersecurity and resiliency on several levels, including:

* **Establishing proactive cyber defense**: Contrary to traditional reactive cyber defense (responding to known threats), CTI empowers organizations to understand potential threat actors and anticipate potential attacks.
* **Improving risk management plan**: CTI provides actionable information about the motivations, means, and methods potential threat actors use. CISOs and SOCs can utilize these insights when evaluating risk profiles and allocating cybersecurity resources to maximize threat detection and protection.
* **Improving incident response**: In addition to supporting attack prevention, CTI provides insights that make an organization better prepared to respond to and recover from a cyberattack. A thorough understanding of the circumstances of a breach can dramatically reduce the impact of a breach.
* **Increasing employee awareness**: Organizations can utilize CTI to educate employees about cyber threats and establish security-focused operating procedures and training.

{#challenges}

## The Challenges of Cyber Threat Intelligence

Given the dynamic and complex nature of the cyber threat landscape, obtaining high-quality threat intelligence comes with several challenges, including:

* **Information overload**: In addition to collecting, processing, and analyzing immense volumes of data, CTI teams must differentiate between "normal" and "malicious" activity. Threats must also be evaluated to determine which information is most relevant to the organization's industry, size, and risk profile, among other factors.
* **Information updates**: The effectiveness of a threat intelligence program relies on the timeliness of the information being analyzed. Decisions made based on outdated CTI can impede an organization's threat detection and increase vulnerability to cyberattacks.
* **Data Relevance:** Not all threat intelligence is relevant to every organization. Determining which pieces of intelligence apply to a specific organization's context and infrastructure can be challenging.
* **Accuracy and False Positives:** Low-quality or inaccurate threat intelligence can lead to false positives, causing security teams to waste resources on non-existent threats or overlook actual threats.
* **Compliance:** CTI often involves [personally identifiable information (PII)](https://www.paloaltonetworks.com/cyberpedia/pii?ts=markdown). Organizations must ensure that all cyber threat intelligence systems are in compliance with any applicable data protection regulations.

{#types}

## Types of Cyber Threat Intelligence

Threat intelligence, essential for proactive cybersecurity, covers a broad range of information and analysis and can be categorized into several standard [types of threat intelligence](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence?ts=markdown) based on content and use cases. It can, however, be separated into three general categories, according to information type and application. Among the most prevalent are strategic, tactical, operational, and technical threat intelligence. A well-rounded CTI program will contain varying levels of each type to meet the organization's unique cybersecurity needs.

### Strategic Intelligence

Strategic threat intelligence (STI) comes from high-level analysis of broad cybersecurity trends and how they might affect an organization. It offers insights about threat actors' motives, capabilities, and targets, and helps executives and decision-makers outside of IT understand potential cyber threats. Typically less technical and incident-specific than other types of CTI, strategic threat intelligence is often used to formulate risk management strategies and programs to mitigate the impact of future cyberattacks.

### Tactical Intelligence

As the name implies, tactical threat intelligence (TTI) focuses on threat actors' tactics, techniques, and procedures (TTPs) and seeks to understand how a threat actor might attack an organization. Tactical threat intelligence also explores threat vulnerabilities using threat hunting, which proactively searches for initially undetected threats within an organization's network. TTI is more technical than STI and is typically used by IT or SOC teams to enhance cybersecurity measures or improve incident response plans.

### Operational Intelligence

More detailed, incident-specific, and immediate than STI and TTI, operational threat intelligence (OTI) is real-time data used to facilitate timely threat detection and incident response. CISOs, CIOs, and SOC members often utilize OTI to identify and thwart likely attacks.

## What Data Is Considered Threat Intelligence?

Threat intelligence encompasses a wide range of information to provide organizations with insights into past, current, and potential future cyber threats. The data considered a part of threat intelligence includes:

Indicators of Compromise (IoCs): Observable data points that indicate a potential breach or malicious activity. Examples include:

* IP addresses associated with malicious activity.
* URLs or domain names of phishing sites.
* [Malware](https://www.paloaltonetworks.com/cyberpedia/what-is-malware?ts=markdown) hashes or file signatures.
* Email addresses or subjects linked to phishing campaigns.

Tactics, Techniques, and Procedures (TTPs): Descriptive details on threat actors' operations, which can include:

* Specific methods used to gain initial access.
* Techniques for maintaining persistence.
* Ways they escalate privileges or [move laterally](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement?ts=markdown) within a network.

Security teams map TTPs to frameworks like [MITRE ATT\&CK](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack?ts=markdown) to build [threat models](https://www.paloaltonetworks.com/cyberpedia/threat-modeling?ts=markdown), improve detections, and enhance automated defenses. Tracking TTPs enables organizations to anticipate evolving adversary behavior and strengthen cloud security strategies.

Threat Actor Profiles: Information on groups or individuals responsible for cyberattacks, including:

* Their motivations (financial gain, espionage, activism, etc.).
* Capabilities and skill levels.
* Past campaigns or incidents attributed to them.

Vulnerability Information: Details about known weaknesses in software or hardware that can be exploited, such as:

* Vulnerability identifiers (e.g., [CVE numbers](https://www.armosec.io/glossary/common-vulnerabilities-and-exposures-cve/)).
* Affected systems or software.
* Potential impact and mitigation strategies.

Social Media and Dark Web Data: Information from online forums, social media platforms, or the dark web where threat actors might communicate, share tools, or sell stolen data.

## Sources of Threat Intelligence

Sources for threat intelligence are almost as varied as the cybersecurity landscape itself. The more common sources for CTI include:

* **Internal data**: information an organization gathers from its own data, network logs, incident responses, etc.
* **Open-source intelligence (OSINT)**: information from resources considered public domain.
* **Closed-source services**: information not available to the general public.
* **Information sharing and analysis centers (ISACs)**: business sector-specific organizations that collect, analyze, and share actionable threat information with member organizations.
* **Government advisories**: information released by agencies like the FBI (USA), the National Cyber Security Centre (UK), or the European Union Agency for Cybersecurity (ENISA).
* **Deep and dark web intelligence**: encrypted and anonymous information that provides information regarding cybercrime and activity, early warnings of impending attacks, and insights about cybercriminals' motives and methods.

### Leveraging External and Internal Threat Intelligence

CTI from internal and external sources offers different, yet equally important, insights regarding an organization's threat landscape.

Analysis of internal data creates "contextual CTI" that helps an organization identify and confirm the most relevant threats based on individual circumstances, business systems, products and services. Reviewing information from past incidents can reveal indicators of compromise (IOCs), detail the cause and effect of a breach, and provide opportunities to improve incident response plans. Internal CTI also creates a greater understanding of an organization's vulnerabilities, allowing CISOs and SOCs to develop more tailored and targeted cybersecurity measures.

External CTI provides the insights needed to stay ahead of current and upcoming threat actors. From global TTPs to sector-specific intelligence from sources like ISACs and industry peer groups, external CTI increases threat awareness and improves an organization's ability to create a more powerful cybersecurity program.

### The Value of Intelligence-Driven Data in Threat Detection

A crucial element in any cyber threat detection and response program, intelligence-driven data fuels a proactive defense posture that helps organizations better understand their vulnerabilities, anticipate cyber threats, focus resources on the most significant threats, and develop an incident response plan that will minimize the impact of cyber attacks.

Intelligence-driven data can also provide a deeper understanding of risk management and compliance issues reducing potential financial and reputational damage resulting from a [data breach](https://www.paloaltonetworks.com/cyberpedia/data-breach?ts=markdown).

## Tools and Services in Threat Intelligence

You'll find a growing range of tools for generating cyber threat intelligence, each with unique forms and functions to fit an organization's cybersecurity needs.

Combining the functions of several tools and threat intelligence platforms creates the most complete and thorough threat detection and prevention program.

### An Overview of Threat Intelligence Tools and Their Functions

* **Threat Intelligence Platforms ([TIPs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform?ts=markdown))**: automatically collect, aggregate, and analyze external threat data.
* **[Security Information and Event Management (SIEM)](https://www.paloaltonetworks.com/cyberpedia/what-is-security-information-and-event-management-SIEM?ts=markdown) Systems**: collect and analyze internal threat data composed of system logs, event data, and other contextual sources.
* **Threat Intelligence Feeds**: provide real-time streams of information related to current or ongoing cyber threats, often focused on a particular area of interest (IP addresses, domains, malware signatures, etc.).
* **Sandboxing Tools**: provide controlled environments in which organizations can analyze or open potentially dangerous files or programs without risk to the organization's internal systems.
* **Open-Source Intelligence (OSINT) Tools**: gather data from public sources (social media, blogs, open discussion forums, etc.).
* **[Intrusion detection systems (IDS)](https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-detection-system-ids?ts=markdown):** monitor network traffic, identify threats, and provide intelligence for threat response.
* **[Intrusion prevention systems (IPS)](https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-prevention-system-ips?ts=markdown):** analyze threats, block attacks in real time, and enhance threat intelligence.
* **[Cloud Detection and Response (CDR)](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-detection-and-response-cdr?ts=markdown):** analyzes threats in the cloud environment, providing real-time intelligence and automated mitigation.

### Threat Intelligence Services: How They Enhance Cybersecurity

Threat intelligence services support organizations' cybersecurity efforts by providing CISOs and SOCs the tools to develop and optimize cyber threat analysis, prevention, and recovery programs. Effective CTI support increases overall threat awareness, enables proactive defense measures, enhances incident response plans, and improves decision-making and risk management.

### The Role of Incident Response in a Threat Intelligence Program

An [incident response plan (IRP)](https://www.paloaltonetworks.com/cyberpedia/incident-response-plan?ts=markdown) serves several purposes in a threat intelligence program. An IRP outlines how an organization will react to and recover from a cyber security incident. In addition to ensuring an organization's preparedness for a cyber attack, a well-planned IRP will provide various types of threat intelligence that can be used to improve future cybersecurity measures.  
![unit-42-approach-to-digital-forensics-incident-response](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/inelligence-driven-approach.png "unit-42-approach-to-digital-forensics-incident-response") ***Figure 1**: The continuous cyber threat intelligence cycle*

## Practical Implementation of Threat Intelligence

The practical implementation of cyber threat intelligence begins with defining clear objectives and gathering relevant data from a variety of internal and external sources. Once analyzed, the data can be used to generate actionable intelligence designed to integrate into the existing cybersecurity program.

### Integrating Threat Intelligence into Your Cybersecurity Strategy

Applying the insights from your CTI program to your overall cybersecurity strategy will enhance threat awareness, attack prevention, and incident response. It is important to note that this integration may require adapting existing processes, adjusting control measures, updating plans, or modifying user training programs.

### Threat Hunting: A Proactive Approach to Cybersecurity

Sophisticated hackers can infiltrate a network and remain undetected while searching for or collecting data, login credentials, or other [sensitive materials](https://www.paloaltonetworks.com/cyberpedia/sensitive-data?ts=markdown). Threat hunting is the practice of proactively searching for previously undetected cyber threats on an internal network. Threat hunting is crucial for eliminating [advanced persistent threats (APTs)](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt?ts=markdown).

## The Threat Intelligence Lifecycle: An Overview

The threat intelligence lifecycle is an outline of the process by which CISOs develop and implement cyber threat intelligence programs. It is a framework for continuously transforming raw threat data into actionable threat intelligence that can then be utilized to identify and avoid threats to an organization's cybersecurity.  
![Cyber threat intel lifecycle](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-cti/cyber-threat-intel-lifecycle.png "Cyber threat intel lifecycle") ***Figure 2**: Operationalizing through CTA phases*

### Understanding the Stages of the Threat Intelligence Lifecycle

1. **Discovery**: discover threat intelligence data (indicators, adversary tactics, tools, etc.) from various sources, which can include internal investigations and sources, threat intel feeds, partnerships, other open-source threat intelligence (OSINT).
2. **Collection**: Once threat intelligence data is discovered, collect and store that data for additional processing and analysis.
3. **Processing**: clean up data to remove duplicates, inconsistencies, and irrelevant information. Then transform raw data into a format suitable for analysis, and enhance with additional context and metadata.
4. **Analysis**: conduct in-depth analysis of the processed data to identify patterns, trends, and potential threats, and employ various techniques to uncover hidden insights. Then evaluate the credibility and impact of identified threats.
5. **Action:** prepare and distribute actionable intelligence to relevant stakeholders, including incident response teams, the [SOCs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops?ts=markdown) teams, and executives. Ensure to tailor the information to the specific needs of different audiences so it's concise and clear.
6. **Feedback Loop**: capture feedback from key stakeholders on the effectiveness and relevance of the provided threat intelligence. Then continuously refine and improve the collection, processing, analysis and processes based on feedback and lessons learned.

This lifecycle ensures organizations maintain proactive defense postures by continuously adapting intelligence to on-premises and [cloud-native](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native?ts=markdown) attack vectors and adversary behaviors.

## Building an Effective Threat Intelligence Program

More than finding the right tools and searching for data, building an effective CTI program requires a strategy-driven plan, a team of specialists, well-organized processes, and an organization-wide commitment to continuous learning and improvement.

### Key Steps in Setting Up a Threat Intelligence Program

* Defining goals and objectives.
* Allocating resources and appropriately skilled staff.
* Implementing processes for relevant data collection.
* Developing methodologies for data analysis and intelligence generation.
* Integrating and utilizing intelligence in cybersecurity programs.
* Defining formats for disseminating intelligence.
* Gathering and reviewing feedback.
* Ensuring compliance and adherence to industry standards, regulations, and internal governance policies.  
  ![Unit 42 Threat Intel Lifecycle](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/unit-42-operationalizing-through-cti-programs.png "Unit 42 Threat Intel Lifecycle ") *Figure 3. Unit 42 CTI Program Phases*

### The Importance of Continuous Learning and Adaptation in Threat Intelligence

The cyber threat landscape continuously changes as threat actors become more knowledgeable and sophisticated. An effective CTI program can only remain effective if it is as dynamic as the threats it is designed to thwart. Learning from previous incidents and threat intelligence feedback allows organizations to continuously adapt and enhance the elements of a CTI program, keeping it as relevant and effective as possible.

## Threat Intelligence FAQs

### What are the emerging trends in threat intelligence?

Cyberthreat intelligence trends will vary by industry, geography, and threat types. There are, however, several general trends that affect businesses and organizations of all kinds.

* Cyberattacks are increasing and becoming more expensive.
* Cybercriminals are working together and becoming specialized.
* Botnets and automated malware deployment tools are becoming more sophisticated.
* Collaboration between state-sponsored actors and cybercriminals is on the rise.
* Organizations of all sizes are in danger, especially small-to-medium businesses (SMBs).

### What has the evolution of cyber threat intelligence included?

The emergence of the internet created an unprecedented level of information sharing and connection. As the digital landscape expanded, so did the need to protect individuals and organizations from the growing threat of cyberattacks.

Rapidly growing threats gave rise to early cyber protection protocols like IP and URL blacklists and cyberthreat blocking systems like antivirus programs and firewalls.

Cybercrime increased into the 2000s with notable cyberattacks like the "ILOVEYOU" worm that caused upwards of $15 billion in damages. Spam, botnets, and trojans became more prevalent, and the need for more powerful and proactive cybersecurity measures became more clear. It was the advent of advanced persistent threats (APTs), however, that ignited the cyberthreat intelligence movement. Businesses and governments alike created cyberthreat intelligence teams, while cybersecurity firms began helping organizations better anticipate and prevent cyberthreats.

Since 2010, cyberattackers have become more sophisticated and damaging. Complex hacks, malware, and ransomware attacks led to a shift in CTI that focused on threat actors' tactics, techniques, and procedures, now referred to as TTPs. These comprehensive analyses give organizations the insights and understanding needed to anticipate threats rather than simply reacting to them.

Modern cyberthreat intelligence is integral to any cybersecurity program, affecting resource allocation, threat analysis policies, and incident response plans.

### What is vulnerability intelligence?

Vulnerability intelligence involves analyzing and prioritizing security flaws based on exploitability, adversary targeting, and business impact. It integrates CVE data, proof-of-concept exploits, and dark web chatter to guide patching strategies. Cloud security teams rely on automated scanning, risk-based prioritization, and virtual patching to mitigate threats before weaponization.

### How does cyber threat intelligence and vulnerability management differ?

Cyber threat intelligence focuses on external information about potential threats and how they operate, and [vulnerability management](https://www.paloaltonetworks.com/cyberpedia/what-Is-vulnerability-management?ts=markdown) concentrates on internal weaknesses and how they can be addressed. Both are essential in tandem to ensure a robust and resilient cybersecurity posture.

### What is operational threat intelligence?

Operational threat intelligence provides real-time, actionable insights into active cyber threats targeting an organization. It includes details on adversary TTPs, attack campaigns, and emerging vulnerabilities. Operational CTI enables SOCs, incident response teams, and DevSecOps engineers to anticipate and mitigate threats by implementing targeted detections, blocking malicious infrastructure, and enhancing automated defenses.

Unlike strategic intelligence, operational CTI focuses on immediate, short-term risks, often delivered through TIPs, security telemetry, and adversary tracking feeds.

### What is strategic threat intelligence?

Strategic threat intelligence provides a high-level analysis of cyber threats, focusing on long-term risks, geopolitical motivations, and adversary intent. It helps executives, CISOs, and security architects make informed decisions about security investments, risk management, and regulatory compliance.

### What are indicators of attack?

Indicators of attack (IOAs) identify adversary intent and behavior during an attack, focusing on TTPs rather than static artifacts like IOCs. They include patterns such as privilege escalation attempts, lateral movement, and unusual API calls in cloud environments. Security teams leverage IOAs to build behavioral-based detections and improve automated threat prevention in cloud-native and zero-trust architectures.

### What is cyber deception?

Cyber deception uses honeypots, decoy credentials, and fake attack surfaces to mislead adversaries and detect intrusions early. In cloud environments, deception techniques include deploying fake Kubernetes nodes, honey tokens in storage, and monitored API keys. This approach slows attackers, triggers high-fidelity alerts, and enhances threat hunting.

### What is cyber threat modeling?

Cyber threat modeling identifies attack paths, weaknesses, and adversary TTPs specific to an organization's cloud architecture. It maps threats to frameworks like MITRE ATT\&CK, STRIDE, or DREAD to assess impact and likelihood. Security teams use threat modeling to prioritize mitigations, enforce least privilege, and strengthen cloud-native defenses.

### What is threat hunting?

Threat hunting is a proactive security practice that involves actively searching for undetected threats within an organization's environment. It focuses on identifying adversary behavior, analyzing TTPs, and detecting anomalies that evade traditional security tools. Hunters leverage threat intelligence, behavioral analytics, and hypothesis-driven investigation techniques to find stealthy threats such as APT lateral movement, cloud misconfigurations, and insider threats.

### What is MITRE ATT\&CK?

MITRE ATT\&CK is a globally recognized framework that classifies adversary TTPs across different attack stages. It provides a structured way to analyze real-world cyber threats, enabling security teams to detect, prevent, and respond to attacks. ATT\&CK matrices cover enterprise, cloud, mobile, and industrial control systems, offering mapped techniques for reconnaissance, privilege escalation, and lateral movement. DevSecOps teams use ATT\&CK to improve security monitoring, automate detections, and enhance red team exercises for cloud-native environments.

### What is the cyber kill chain?

The cyber kill chain is a model developed by Lockheed Martin that maps an attack's lifecycle in seven stages:

* Reconnaissance
* Weaponization
* Delivery
* Exploitation
* Installation
* Command \& Control
* Actions on Objectives

The cyber kill chain helps security teams detect and disrupt adversary campaigns early. While useful, the kill chain has limitations against modern threats like cloud-native attacks and APTs, which require frameworks like MITRE ATT\&CK for more granular threat analysis.

### What is intrusion detection?

Intrusion detection involves monitoring networks and systems for malicious activity using signature-based (known attack patterns) and behavioral-based (anomaly detection) techniques.

Intrusion detection systems (IDS) analyze logs, traffic, and system behavior to identify unauthorized access, malware infections, and policy violations. In cloud environments, intrusion detection extends to workload security, API monitoring, and identity-based anomaly detection. Advanced detection integrates AI and threat intelligence to detect evasive threats in real time.

### What is anomaly detection?

Anomaly detection identifies deviations from normal system behavior that may indicate a cyberattack. Unlike signature-based detection, which relies on known threats, anomaly detection uses statistical models, machine learning, and baselines to detect unknown threats. It is critical in cloud security for identifying lateral movement, privilege abuse, and unauthorized API activity. Security teams integrate anomaly detection with XDR and SIEM platforms to enhance threat visibility and mitigate advanced attacks.

### What is behavioral analysis?

Behavioral analysis focuses on detecting cyber threats by analyzing patterns of user, system, and network behavior. Unlike static indicators, it identifies anomalies such as unusual login locations, privilege escalations, and unexpected cloud API calls. AI-driven behavioral analytics enable real-time threat detection, reducing reliance on predefined IOCs.

### What are zero-day vulnerabilities?

Zero-day vulnerabilities are software flaws unknown to vendors, leaving them unpatched and exploitable. Attackers leverage them for initial access, privilege escalation, or remote code execution. In cloud environments, zero-days in APIs, hypervisors, and container runtimes pose critical risks. Security teams rely on threat intelligence, virtual patching, and exploit mitigation techniques to reduce exposure before vendors release official fixes.

### What are exploit kits?

Exploit kits are automated attack frameworks that deliver payloads by exploiting browser, plugin, or OS vulnerabilities. Hosted on malicious or compromised websites, they scan visitors for unpatched software and deploy malware. Modern exploit kits target cloud-based endpoints, leveraging drive-by downloads and phishing lures. Defenses include browser isolation, runtime exploit prevention, and continuous patching to eliminate attack surfaces.

### What are malware families?

Malware families classify related variants based on shared code, behavior, or delivery mechanisms. Examples include ransomware (LockBit, Conti), banking trojans (TrickBot, Dridex), and cloud-specific threats (Denonia). Tracking malware families helps security teams anticipate tactics, detect mutations, and deploy proactive defenses like behavioral analysis and AI-driven threat detection.

### What are botnets?

Botnets are networks of compromised devices controlled by attackers for DDoS, spam campaigns, credential stuffing, or cryptojacking. Modern botnets exploit cloud instances, IoT devices, and containerized workloads. They use decentralized command and control (C2) methods like peer-to-peer (P2P) or blockchain to evade takedowns. Defenses include anomaly-based detection, network segmentation, and automated threat intelligence feeds.

### What is command and control infrastructure?

Command and control (C2) infrastructure allows attackers to remotely manage compromised systems, exfiltrate data, and deploy malware. C2 servers use encrypted channels, domain fronting, or cloud-based relay services to evade detection. Defenses include DNS filtering, network anomaly detection, and threat intelligence correlation to identify and disrupt C2 communications.

### What are advanced persistent threats?

Advanced persistent threats (APTs) are stealthy, continuous cyberattacks conducted by well-funded adversaries, often state-sponsored or financially motivated. APTs aim to maintain long-term access to compromised networks, exfiltrate data, and disrupt operations. They use sophisticated TTPs such as zero-day exploits, credential theft, and lateral movement. Unlike opportunistic attacks, APTs conduct targeted reconnaissance, adapt to defenses, and persist within cloud and hybrid infrastructures, making them difficult to detect and mitigate without advanced threat intelligence and behavioral analytics.

### What are APT groups?

APT groups are organized threat actors---often state-sponsored, criminal syndicates, or hacktivists---that conduct prolonged, sophisticated cyber operations. Groups like APT29 (Russia), APT41 (China), and Lazarus Group (North Korea) employ advanced malware, supply chain attacks, and cloud exploitation techniques. These groups use persistent footholds, leveraging stolen credentials and living-off-the-land (LOTL) techniques to evade detection.

Security teams track APTs using TTPs mapped to MITRE ATT\&CK to strengthen defenses against cloud-based espionage, intellectual property theft, and geopolitical cyber threats.

### What are nation-state threats?

Nation-state threats originate from government-backed cyber operations that target critical infrastructure, enterprises, and political entities for espionage, disruption, or influence campaigns. These attacks leverage zero-day vulnerabilities, advanced malware, and AI-driven cyber tactics to evade detection. Common targets include cloud service providers, financial institutions, and defense contractors.
Related Content  
[Threat Intelligence Platform
A threat intelligence platform (TIP) is a technology solution that collects, aggregates, and organizes threat intel data from multiple sources and formats.](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform?ts=markdown)  
[Cortex XSOAR Threat Intelligence Management
Take full control of your threat feeds by automating and orchestrating a number of security tasks, including managing and operationalizing threat intelligence](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)  
[Transform Your Security Strategy
Learn how focusing on the core threats faced by your organization can help you refresh your approach to security and boost your resilience against attackers.](https://www.paloaltonetworks.com/resources/ebooks/unit42-transform-your-security-strategy?ts=markdown)  
[2023 Unit 42^®^ Ransomware and Extortion Report
Discover how attackers are using extortion tactics beyond ransomware to coerce targets to pay more and how APTs are using ransomware to cover their tracks.](https://start.paloaltonetworks.com/2023-unit42-ransomware-extortion-report)  
![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Cyber%20Threat%20Intelligence%20%28CTI%29%3F&body=Enhance%20security%20with%20Cyber%20Threat%20Intelligence%20%28CTI%29.%20Learn%20how%20CTI%20helps%20organizations%20detect%20cyber%20threats%2C%20assess%20risks%2C%20and%20defend%20proactively.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti)  
Back to Top  
[Next](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples?ts=markdown) Threat Intelligence Use Cases and Examples  
{#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2025 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language