[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Security Operations](https://www.paloaltonetworks.com/cyberpedia/security-operations?ts=markdown) 3. [EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr?ts=markdown) 4. [What Is Endpoint Detection and Response (EDR)?](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr?ts=markdown) Table of Contents * What Is Endpoint Detection and Response (EDR)? * [Understanding EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#understanding?ts=markdown) * [Key Benefits of EDR Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#key?ts=markdown) * [How EDR Works: A Detailed Breakdown](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#how?ts=markdown) * [Evolution of EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#evolution?ts=markdown) * [EDR Implementation Process](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#process?ts=markdown) * [Common Challenges and Solutions in EDR Adoption](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#common?ts=markdown) * [Advanced EDR Strategies and Optimization Techniques](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#advanced?ts=markdown) * [EDR and the Evolving Threat Landscape](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#landscape?ts=markdown) * [How to Evaluate an EDR Solution](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#solution?ts=markdown) * [EDR FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#faqs?ts=markdown) * [What Is Endpoint Detection and Response (EDR) Deployment?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment?ts=markdown) * [Understanding EDR Deployment](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment#understanding?ts=markdown) * [Key Benefits of Implementing EDR Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment#benefits?ts=markdown) * [EDR Preparation and Deployment Steps](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment#preparation?ts=markdown) * [Operational Considerations for EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment#operational?ts=markdown) * [Addressing Challenges in EDR Deployment](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment#challenges?ts=markdown) * [Maximizing the Value of Your EDR Deployment](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment#maximizing?ts=markdown) * [EDR Deployment FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment#faqs?ts=markdown) * [What is EDR-as-a-Service Managed Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-as-a-service-managed-security?ts=markdown) * [EDR: Definition and Importance](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-as-a-service-managed-security#edr?ts=markdown) * [How Does EDR Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-as-a-service-managed-security#how?ts=markdown) * [EDR Solutions in the Market](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-as-a-service-managed-security#solutions?ts=markdown) * [EDR-as-a-Service Managed Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-as-a-service-managed-security#faqs?ts=markdown) * [What Are Endpoint Detection and Response Tools?](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools?ts=markdown) * [Endpoint Detection and Response Overview](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#endpoint?ts=markdown) * [Control Points of EDR Tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#control?ts=markdown) * [EDR Critical Capabilities](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#critical?ts=markdown) * [Visibility and Efficiency EDR Feature Evaluation Checklists](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#visibility?ts=markdown) * [Endpoints Supported by EDR Tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#endpoints?ts=markdown) * [Benefits of EDR Tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#benefits?ts=markdown) * [Deployment of EDR Tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#deployment?ts=markdown) * [EDR Tools vs. EDR Services](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#tools?ts=markdown) * [EDR Use Cases](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#usecases?ts=markdown) * [EDR Tools FAQs](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools#faqs?ts=markdown) * [What is EDR vs. Antivirus?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus?ts=markdown) * [What is Antivirus?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus#what?ts=markdown) * [What is EDR?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus#edr?ts=markdown) * [Use Cases for Antivirus](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus#use?ts=markdown) * [Use Cases for EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus#cases?ts=markdown) * [How EDR Differs From MDR and XDR](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus#how?ts=markdown) * [EDR vs. Antivirus FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus#faqs?ts=markdown) * [How Does EDR Enhance Small Business Cybersecurity?](https://www.paloaltonetworks.com/cyberpedia/edr-for-small-business-cybersecurity?ts=markdown) * [What is EDR?](https://www.paloaltonetworks.com/cyberpedia/edr-for-small-business-cybersecurity#what?ts=markdown) * [EDR Benefits for Small Businesses](https://www.paloaltonetworks.com/cyberpedia/edr-for-small-business-cybersecurity#edr?ts=markdown) * [Traditional Antivirus vs EDR vs XDR](https://www.paloaltonetworks.com/cyberpedia/edr-for-small-business-cybersecurity#taditional?ts=markdown) * [EDR for Small Business FAQs](https://www.paloaltonetworks.com/cyberpedia/edr-for-small-business-cybersecurity#faqs?ts=markdown) * [How Does EDR Leverage Machine Learning?](https://www.paloaltonetworks.com/cyberpedia/how-edr-leverages-machine-learning?ts=markdown) * [How EDR and ML Work Together](https://www.paloaltonetworks.com/cyberpedia/how-edr-leverages-machine-learning#how?ts=markdown) * [How EDR Leverages Machine Learning](https://www.paloaltonetworks.com/cyberpedia/how-edr-leverages-machine-learning#learning?ts=markdown) * [Workflow Example of EDR and Machine Learning Integration](https://www.paloaltonetworks.com/cyberpedia/how-edr-leverages-machine-learning#workflow?ts=markdown) * [The Future of EDR: Predictions and Emerging Trends](https://www.paloaltonetworks.com/cyberpedia/how-edr-leverages-machine-learning#the?ts=markdown) * [How EDR Leverages Machine Learning FAQs](https://www.paloaltonetworks.com/cyberpedia/how-edr-leverages-machine-learning#faqs?ts=markdown) * [What Is Endpoint Detection and Response (EDR) Management?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management?ts=markdown) * [EDR Management Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#edr?ts=markdown) * [Key Capabilities of EDR Management](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#capabilities?ts=markdown) * [The Crucial Role of EDR Management in Modern Cybersecurity](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#crucial?ts=markdown) * [EDR Management Challenges and Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#solutions?ts=markdown) * [Best Practices for Effective EDR Management](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#best?ts=markdown) * [EDR vs. EPP: A Complementary Relationship](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#vs?ts=markdown) * [Integrating EDR Management with a Broader Security Ecosystem](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#integrating?ts=markdown) * [Case Study of a Successful EDR Implementation](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#implementation?ts=markdown) * [EDR Management FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-management#faqs?ts=markdown) * [What Is Endpoint Detection and Response (EDR) Compliance?](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr-compliance?ts=markdown) * [What is EDR?](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr-compliance#what?ts=markdown) * [Why EDR Compliance Is Important](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr-compliance#why?ts=markdown) * [Key Steps for EDR Compliance](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr-compliance#key?ts=markdown) * [EDR Non-Compliance Consequences](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr-compliance#consequences?ts=markdown) * [What to Look for in an EDR Compliance Solution](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr-compliance#solution?ts=markdown) * [EDR Compliance FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr-compliance#faqs?ts=markdown) * [What is the Difference Between EDR vs. SIEM?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-siem?ts=markdown) * [What is SIEM?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-siem#siem?ts=markdown) * [What is EDR?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-siem#edr?ts=markdown) * [A Detailed Comparison of EDR and SIEM](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-siem#compare?ts=markdown) * [SIEM vs SOAR](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-siem#siem-vs-soar?ts=markdown) * [SIEM vs EDR FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-siem#faq?ts=markdown) * [What is EDR vs. XDR?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-xdr?ts=markdown) * [EDR and XDR Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-xdr#what?ts=markdown) * [Importance of EDR and XDR in Cybersecurity](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-xdr#importance?ts=markdown) * [EDR vs. XDR: Key Differences](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-xdr#differences?ts=markdown) * [Which Is Better: EDR or XDR?](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-xdr#which?ts=markdown) * [EDR vs. XDR FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-xdr#faq?ts=markdown) # What Is Endpoint Detection and Response (EDR)? 5 min. read Table of Contents * * [Understanding EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#understanding?ts=markdown) * [Key Benefits of EDR Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#key?ts=markdown) * [How EDR Works: A Detailed Breakdown](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#how?ts=markdown) * [Evolution of EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#evolution?ts=markdown) * [EDR Implementation Process](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#process?ts=markdown) * [Common Challenges and Solutions in EDR Adoption](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#common?ts=markdown) * [Advanced EDR Strategies and Optimization Techniques](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#advanced?ts=markdown) * [EDR and the Evolving Threat Landscape](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#landscape?ts=markdown) * [How to Evaluate an EDR Solution](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#solution?ts=markdown) * [EDR FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#faqs?ts=markdown) 1. Understanding EDR * * [Understanding EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#understanding?ts=markdown) * [Key Benefits of EDR Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#key?ts=markdown) * [How EDR Works: A Detailed Breakdown](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#how?ts=markdown) * [Evolution of EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#evolution?ts=markdown) * [EDR Implementation Process](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#process?ts=markdown) * [Common Challenges and Solutions in EDR Adoption](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#common?ts=markdown) * [Advanced EDR Strategies and Optimization Techniques](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#advanced?ts=markdown) * [EDR and the Evolving Threat Landscape](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#landscape?ts=markdown) * [How to Evaluate an EDR Solution](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#solution?ts=markdown) * [EDR FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr#faqs?ts=markdown) EDR (Endpoint Detection and Response) is a cybersecurity solution that continuously monitors and records endpoint activity, such as laptops, desktops, servers, and mobile devices. It provides real-time visibility into threats, enabling rapid detection, investigation, and automated response capabilities to neutralize malicious activities before they compromise an organization's systems. Key Points * EDR continuously monitors endpoint activity, offering real-time visibility for rapid threat detection, investigation, and automated response. \* EDR solutions identify unusual behaviors and sophisticated attack patterns, including IoCs and TTPs linked to advanced threats. \* Successful EDR implementation needs careful planning, effective deployment, and continuous configuration to optimize performance and reduce false positives. \* Advanced EDR strategies encompass proactive threat hunting, SOAR/SIEM integration, and the utilization of AI/ML for enhanced detection and response. \* EDR provides deeper visibility, behavioral analytics, and comprehensive incident response, distinguishing it from traditional AV and EPP, while complementing SIEM with granular endpoint data. ![Real-World Example: How to Investigate \& Solve Cyber Attacks](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-edr/video-thumbnail-what-is-edr.jpg) *Real-World Example: How to Investigate \& Solve Cyber Attacks* close ![A digital infographic titled "EDR Operational Flow" that illustrates the four key stages of an Endpoint Detection and Response (EDR) system. The stages—Data Collection, Analysis \& Detection, Investigation, and Automated Response—are each represented by a circular icon with a label beneath. The icons are arranged in a circular flow and connected by burnt orange arrows, demonstrating the continuous lifecycle of EDR operations. The design features a clean, modern aesthetic with a light background and navy blue text for high readability.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/endpoint-detection-and-response-edr/edr-operational-flow-infographic.jpg "EDR Operational Flow Infographic") ***Figure 1:** The typical operational flow of an EDR system* ## Understanding EDR EDR solutions offer a proactive defense against evolving threats. They collect and analyze telemetry data from endpoints, including: * Process execution * File system changes * Network connections * User activities This continuous monitoring enables security teams to identify anomalous behaviors that may indicate a sophisticated attack, even those evading traditional signature-based defenses. The significance of EDR stems from its ability to provide deep visibility into what is happening at the [endpoint](https://www.paloaltonetworks.com/cyberpedia/what-is-an-endpoint?ts=markdown) level, which is often the initial point of compromise for many [cyber attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack?ts=markdown). By correlating events and applying behavioral analytics, EDR can detect subtle indicators of compromise (IoCs) and tactics, [techniques](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-techniques?ts=markdown), and procedures (TTPs) associated with [advanced persistent threats (APTs)](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt?ts=markdown) and zero-day exploits. This comprehensive approach empowers security professionals to understand the full scope of an attack, contain it swiftly, and effectively remediate its impact, thereby minimizing potential damage and downtime. ![A table listing essential EDR capabilities in one column and a brief description of what each capability offers in the adjacent column.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/endpoint-detection-and-response-edr/key-edr-capabilities.png "Key EDR Capabilities") ***Figure 2:** Essential capabilities of EDR solutions* ## Key Benefits of EDR Solutions EDR solutions provide significant advantages for enterprises looking to enhance their cybersecurity posture: 1. **Granular visibility into endpoint activities** helps security teams detect and respond to threats more efficiently than traditional security tools. 2. **Quickly identifying and containing threats** minimizes potential damage and reduces recovery time. 3. **Automated response capabilities within EDR platforms** reduce the manual effort required for remediation, allowing security analysts to focus on more complex investigations. 4. **Supports [proactive threat hunting](https://www.paloaltonetworks.com/cyberpedia/threat-hunting?ts=markdown)**, enabling organizations to identify and address hidden threats before they escalate into major incidents. ![A vertical infographic titled "Attack Kill Chain with EDR Interventions" illustrates five key stages of a cyber attack: Reconnaissance, Initial Access, Execution, Persistence, and Exfiltration. Each stage is represented by a bold red circular icon on the left, paired with a brief EDR intervention on the right.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/endpoint-detection-and-response-edr/attack-kill-chain-with-edr-interventions-infographic.png "Attack Kill Chain with EDR Interventions Infographic") ***Figure 3:** EDR tools intervene at various stages of a cyberattack kill chain* ## How EDR Works: A Detailed Breakdown EDR platforms operate by continuously monitoring endpoints and collecting vast amounts of data to detect and respond to threats. This intricate process involves several key stages, from data collection to automated response. Understanding these mechanisms is crucial for leveraging EDR effectively in a modern security environment. ### Data Collection and Telemetry EDR agents deployed on endpoints continuously gather telemetry data. This data includes process activity, file modifications, network connections, registry changes, and user actions. The rich dataset provides a comprehensive picture of endpoint behavior. This information is then sent to a centralized EDR platform for analysis. The sheer volume of data necessitates efficient collection and storage mechanisms to ensure real-time processing and historical lookup capabilities. ### Behavioral Analytics and Threat Detection Once collected, the telemetry data undergoes sophisticated analysis using behavioral analytics, [machine learning](https://www.paloaltonetworks.com/cyberpedia/machine-learning-ml?ts=markdown), and rule-based detection engines. These techniques help identify anomalies and patterns indicative of malicious activity. For example, an executable running from an unusual location or attempting to modify critical system files would trigger an alert. The system correlates events across multiple endpoints and over time, building a contextual understanding of potential threats. This helps in detecting sophisticated threats, such as zero-day exploits and advanced persistent threats. ### Investigation and Forensics When a suspicious activity is detected, EDR provides security analysts with the tools to investigate further. Analysts can drill down into specific events, view the chain of execution, and understand the scope and impact of an alert. This capability facilitates forensic analysis, enabling teams to determine the root cause of an incident and identify compromised systems. EDR platforms often include capabilities to reconstruct attack timelines, aiding in thorough post-incident review. ### Automated Response Capabilities EDR solutions integrate automated response actions to swiftly contain threats. These actions can include: * Isolating a compromised endpoint from the network * Terminating malicious processes * Quarantining suspicious files Automation helps reduce the dwell time of threats and prevents lateral movement within the network, minimizing the attack surface. While automation is powerful, human oversight remains crucial to ensure timely and appropriate responses and prevent disruptions to legitimate business operations. ![Graphic showing evolution of endpoint security progression moving left to right: antivirus, next-generation antivirus, endpoint security suite, endpoint detection and response, ending on extended detection and response.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/endpoint-detection-and-response-edr/endpoint-evolution-to-edr.png "Endpoint Evolution to EDR") ***Figure 4**: The evolution of endpoint security from simple antivirus to comprehensive extended detection and response solutions.* ## Evolution of EDR EDR emerged from the limitations of traditional antivirus solutions, which primarily focused on known threats. ### 2010 The concept gained traction in the early 2010s as cyber threats became more sophisticated and elusive. Early [EDR tools](https://www.paloaltonetworks.com/cyberpedia/what-are-endpoint-detection-and-response-tools?ts=markdown) provided basic monitoring and alerting capabilities, but they quickly evolved to include advanced analytics and machine learning. ### 2013 By 2013, EDR solutions began incorporating behavioral analysis to detect anomalies and potential threats in real time. This marked a significant shift from signature-based detection to a more proactive approach. The integration of threat intelligence feeds further enhanced EDR's capabilities, allowing for the identification of emerging threats before they can cause significant harm. As cyber attacks grew in complexity, EDR systems adapted by offering automated response features. These advancements enabled security teams to detect and swiftly mitigate threats, reducing the attacker's window of opportunity. Today, EDR stands as a cornerstone of modern cybersecurity strategies. ## EDR Implementation Process Deploying an EDR solution effectively requires careful planning and execution to integrate it seamlessly into an existing security infrastructure. A structured approach ensures maximum benefit and minimizes potential disruptions. From initial preparation to ongoing configuration, each step plays a vital role in optimizing EDR performance. ### Planning and Preparation Before deploying EDR, organizations must: * Define their security objectives * Assess their current endpoint landscape * Identify all endpoints and understand their operating systems * Determine network architecture A clear understanding of these factors helps in selecting the right EDR solution and preparing the environment for agent deployment. Establishing clear [roles and responsibilities](https://www.paloaltonetworks.com/cyberpedia/soc-roles-and-responsibilities?ts=markdown) for the security team is also crucial. ### Deployment Strategies EDR agents can be deployed using various methods, including group policy, software deployment tools, or manual installation. The chosen strategy depends on the organization's size, infrastructure, and existing management tools. A phased rollout is often recommended to monitor performance and address any issues before a full-scale deployment. Ensuring agents are installed correctly and communicate effectively with the central EDR platform is paramount. ### Configuration and Tuning After deployment, configuring and tuning the EDR solution is essential to optimize its performance and minimize false positives. This involves setting up detection rules, defining response actions, and integrating with other security tools, such as [SIEMs](https://www.paloaltonetworks.com/cyberpedia/what-is-siem?ts=markdown). Continuous monitoring of alerts and fine-tuning policies based on observed threats helps refine the EDR's accuracy. Regular reviews of security policies ensure they align with evolving threat landscapes and organizational needs. ## Common Challenges and Solutions in EDR Adoption Implementing an EDR solution, while beneficial, can present several challenges for organizations. Addressing these common hurdles proactively ensures a smoother adoption process and maximizes the return on investment. From managing alert volumes to integrating with existing systems, understanding these obstacles and their solutions is key to successful [EDR deployment](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment?ts=markdown). ### Alert Fatigue One of the most significant challenges in EDR adoption is alert fatigue, where security analysts are overwhelmed by the sheer volume of alerts generated by the system. Many of these alerts might be benign or low-priority, leading to missed critical threats. To combat this, organizations should fine-tune their EDR policies, prioritize alerts based on severity and context, and leverage automation to handle low-fidelity events. Integrating EDR with a Security Information and Event Management (SIEM) system can help correlate alerts and reduce noise. ### Integration Complexities Integrating EDR with existing security tools, such as [firewalls](https://www.paloaltonetworks.com/cyberpedia/what-is-a-firewall?ts=markdown), [intrusion detection systems](https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-detection-system-ids?ts=markdown), and identity management solutions, can be a complex process. Incompatible [APIs](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security?ts=markdown), data format discrepancies, and a lack of standardized communication protocols often hinder seamless integration. Addressing this requires choosing EDR solutions with open APIs and resilient integration capabilities. Custom scripting or middleware might be necessary to bridge gaps between disparate systems. ### Resource Constraints Implementing and managing an EDR solution demands skilled personnel and significant resources. Many organizations, especially smaller ones, struggle with a shortage of cybersecurity experts capable of operating and optimizing EDR platforms. Outsourcing EDR management to a [Managed Detection and Response (MDR)](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response?ts=markdown) provider can alleviate resource constraints. Additionally, investing in training for internal teams ensures they possess the necessary skills to leverage the EDR effectively. ## Advanced EDR Strategies and Optimization Techniques Moving beyond basic EDR deployment, organizations can adopt advanced strategies to maximize their investment and enhance their threat detection and response capabilities. These techniques leverage the full potential of EDR to provide deeper insights and proactive security measures. ![Most attacks can be prevented with the right tools. This image shows that less than 1% of targeted attacks require analysis over time and across layers with ML.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/endpoint-detection-and-response-edr/why-do-we-need-endpoint-detection-and-response.png "Attacks Prevented with EDR and Other Security Tools") ***Figure 5**: Most attacks can be prevented with the right tools. Less than 1% of targeted attacks require analysis over time and across layers with ML.* ### Proactive Threat Hunting While EDR excels at automated detection, proactive threat hunting enables security teams to search for undetected threats within their environment actively. This involves leveraging EDR data to identify suspicious patterns, anomalies, or indicators of compromise that may have bypassed automated defenses. Threat hunters hypothesize potential attack scenarios and use EDR's investigative capabilities to validate or refute them. This human-driven approach uncovers sophisticated, stealthy attacks that automated systems might miss. ### Integration with SOAR and SIEM Integrating EDR with [Security Orchestration, Automation, and Response (SOAR)](https://www.paloaltonetworks.com/cyberpedia/what-is-soar?ts=markdown) platforms and Security Information and Event Management (SIEM) systems creates a powerful, unified security ecosystem. SIEM aggregates logs and alerts from various sources, providing a centralized view of security events. SOAR automates repetitive tasks and orchestrates complex [incident response](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response?ts=markdown) workflows. This integration enables the automated enrichment of EDR alerts with contextual data from SIEM and triggers automated response actions by SOAR based on EDR detections, streamlining the entire incident lifecycle. ### Leveraging AI and Machine Learning in EDR [Artificial intelligence (AI)](https://www.paloaltonetworks.com/cyberpedia/artificial-intelligence-ai?ts=markdown) and machine learning (ML) are becoming increasingly vital in optimizing EDR effectiveness. AI/ML algorithms can analyze vast datasets of endpoint telemetry to identify subtle patterns of malicious behavior that human analysts or rule-based systems might overlook. This includes detecting polymorphic [malware](https://www.paloaltonetworks.com/cyberpedia/what-is-malware?ts=markdown),[fileless attacks](https://www.paloaltonetworks.com/cyberpedia/what-are-fileless-malware-attacks?ts=markdown), and sophisticated [social engineering](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering?ts=markdown) attempts. Leveraging AI/ML enhances detection accuracy, reduces false positives, and continuously adapts to new threats, thereby improving the EDR's ability to stay ahead of adversaries. ## EDR and the Evolving Threat Landscape The cybersecurity threat landscape constantly evolves, with adversaries employing increasingly sophisticated tactics. EDR plays a pivotal role in countering these emerging threats and adapts to new challenges. The impact of artificial intelligence further reshapes how incidents are responded to and reported. ### Emerging Threats and EDR's Role As cybercriminals adopt advanced techniques, traditional signature-based security solutions often prove inadequate. EDR's behavioral analysis capabilities are critical for detecting these emerging threats. By monitoring process execution, network connections, and system calls for unusual patterns, EDR can identify malicious activity even when no known signature exists. Its continuous monitoring and forensic capabilities also help in understanding the scope and impact of novel attacks, aiding in rapid containment and remediation. ### Impact of AI on Incident Response and Reporting Artificial intelligence has a significant impact on incident response and reporting processes. AI-powered EDR solutions can automatically analyze vast amounts of data, identifying anomalies and prioritizing alerts with greater accuracy and speed than human analysts alone. This accelerates threat detection and reduces response times. AI also assists in automating routine tasks, such as initial alert triage and data enrichment, freeing up security teams to focus on complex investigations. Furthermore, AI can aid in generating more comprehensive and insightful incident reports by correlating disparate data points and highlighting critical attack details, improving post-incident analysis and future prevention strategies. ![Infographic compares Endpoint Detection and Response (EDR), Traditional Antivirus (AV), and Endpoint Protection Platforms (EPP) across four key security capabilities: Signature-Based Detection, Behavioral Analysis, Forensics, and Response.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/endpoint-detection-and-response-edr/edr-vs-traditional-av-vs-epp-comparison-infographic.jpg "EDR vs. Traditional AV vs. EPP Comparison Infographic") ***Figure 6:** EDR vs Traditional AV vs. EPP* ## Comparison of EDR with Other Security Solutions Understanding how EDR complements or differs from other common security solutions is crucial for building a layered defense strategy. While some functionalities may overlap, each technology addresses specific aspects of [endpoint security](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-security?ts=markdown). A comprehensive approach often involves integrating these solutions for maximum protection. ### [EDR vs. Antivirus (AV)](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-antivirus?ts=markdown) Traditional antivirus (AV) primarily focuses on preventing known malware infections by using signature-based detection and heuristic analysis. It excels at blocking common viruses, worms, and Trojans. EDR, conversely, goes beyond prevention by continuously monitoring endpoint activity and detecting more sophisticated, unknown threats that might bypass AV. EDR provides visibility into post-compromise activity, allowing for detection, investigation, and response to active attacks, whereas AV often stops at blocking initial infection attemts. ### EDR vs. Endpoint Protection Platforms (EPP) [Endpoint Protection Platforms (EPP)](https://www.paloaltonetworks.com/cyberpedia/what-is-an-endpoint-protection-platform-epp?ts=markdown) represent a broader suit of security controls, often including antivirus, firewall, device control, and sometimes basic EDR capabilities. EPP aims to prevent a wide range of threats. While EPP offers a foundational layer of protection, EDR provides deeper visibility, advanced behavioral analytics, and more granular investigative and response capabilities. EDR is designed to detect and respond to advanced threats, such as fileless attacks or [insider threats](https://www.paloaltonetworks.com/cyberpedia/insider-threat?ts=markdown), that may evade the preventative measures of an EPP. EPP focuses on preventing incidents, while EDR focuses on detecting and responding to those that slip through. ### [EDR vs. SIEM](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-vs-siem?ts=markdown) SIEM systems aggregate and analyze log data from various security devices and applications across an entire IT infrastructure. SIEM provides a centralized view of security events, helping with compliance reporting and broad threat correlation. EDR, however, specializes in deep, granular visibility and activity monitoring at the endpoint level. While SIEM collects logs from EDR, EDR itself provides the detailed forensic data and immediate response capabilities for endpoint-specific incidents. SIEM provides a broad view, while EDR offers a thorough examination of endpoint activities. ## EDR and Small Business Cybersecurity [EDR enhances small business cybersecurity](https://www.paloaltonetworks.com/cyberpedia/edr-for-small-business-cybersecurity?ts=markdown) by providing automated, proactive, and comprehensive protection against cyber threats, ensuring business continuity and regulatory compliance. Small businesses can benefit from EDR in the following ways: * **Proactive Threat Detection**: EDR continuously monitors endpoints (like laptops, smartphones, or servers) for suspicious activity, detecting potential threats before they can cause significant damage. * **Rapid Incident Response**: When EDR detects a threat, it can automatically isolate the compromised device, preventing the attack from spreading to other network parts. * **Comprehensive Visibility**: EDR solutions provide visibility into all devices and activities within a network, helping small businesses track user behavior, identify vulnerabilities, and understand the scope of threats, making it easier to prevent future attacks. * **Automated Threat Remediation**: EDR tools often have automation capabilities that enable them to detect threats and automatically respond to and neutralize them, reducing the burden on small business IT staff. * **Data Protection and Compliance**: EDR helps small businesses comply with data protection regulations by ensuring that sensitive data remains secure. It also provides detailed logs and reports that can be used for audits and compliance verification. * **Cost Efficiency**: For small businesses, EDR's affordability compared to the potential cost of a cyber breach makes it an effective and budget-friendly cybersecurity solution. ## How to Evaluate an EDR Solution Selecting the right EDR solution fortifies your organization's security posture, safeguarding sensitive data and ensuring operational continuity. However, the evaluation process can seem daunting with a myriad of EDR solutions available on the market. The goal is to make an informed decision that best aligns with an organization's needs and security requirements. By understanding what to look for in terms of features, performance, integration capabilities, and support, you can select an EDR solution that meets compliance standards and enhances your incident response strategies and overall cybersecurity resilience. ### Broad Visibility and ML-based Attack Detection Rich data is the foundation for EDR. Look for [endpoint detection](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection?ts=markdown) and response tools that collect comprehensive data and provide enterprise-wide visibility. Ideal solutions offer extensive machine learning and analytics techniques to detect advanced threats in real-time. Consider independent tests, such as the [MITRE ATT\&CK Evaluation,](https://www.paloaltonetworks.com/cortex/cortex-xdr/mitre?ts=markdown) to assess the breadth and accuracy of detection coverage. ### Simplified Investigations Select security tools that offer a comprehensive view of incidents, including detailed investigative information, to minimize response times. They should simplify investigations by automatically revealing the root cause, sequence of events, and threat intelligence details of alerts from any source. Customizable incident scoring allows you to focus on the events that matter most. By grouping alerts into security incidents, you can reduce the number of individual events to investigate by 98%, speeding incident response. ### Coordinated Response Across Enforcement Points Flexible response options, including script execution, direct access to endpoints, host restore, and "search and destroy," enable you to eliminate threats and recover from attacks quickly. Tight integration with [security orchestration, automation, and response (SOAR)](https://www.paloaltonetworks.com/cyberpedia/what-is-soar?ts=markdown) tools enables you to automate playbooks and extend responses to hundreds of security and IT tools. EDR solutions can even restore damaged files and registry settings if [ransomware](https://www.paloaltonetworks.com/cyberpedia/ransomware-common-attack-methods?ts=markdown) encrypts endpoint data. ### Ironclad Endpoint Threat Prevention The best EDR security includes antivirus and [endpoint security](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-security?ts=markdown) capabilities to block every stage of an attack. Evaluate whether endpoint security solutions can block exploits by technique, block malware files using machine learning, and stop malicious behavior. With effective endpoint threat prevention, you can shut down the most evasive attacks. ### Endpoint Protection Suite Capabilities to Reduce Attack Surface Ideally, EDR tools should block attacks and ransomware, [preventing data loss](https://www.paloaltonetworks.com/cyberpedia/what-is-data-loss-prevention-dlp?ts=markdown) and unauthorized access with features such as host firewall, device control, and disk encryption. Look for an EDR tool that provides granular control over USB access and firewall policies. ### A Single, Lightweight Agent Instead of installing bulky agents that continually [scan your endpoints](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-scanning?ts=markdown) for attack signatures, opt for one end-to-end agent for endpoint threat prevention and EDR. ### Cloud-Delivered Security Cloud-based management and deployment streamline operations and eliminate burdensome on-premises servers. They also quickly scale to handle more users and data. ### Optional Managed Services EDR solutions should offer managed threat hunting and MDR to provide 24x7 monitoring, threat hunting, and triage. [MDR services](https://www.paloaltonetworks.com/cyberpedia/managed-detection-and-response-services-mdr?ts=markdown) can be provided through managed detection and response partners. ## EDR FAQs ### What types of threats can EDR detect that traditional antivirus misses? sophisticated threats, such as fileless malware, zero-day exploits, advanced persistent threats (APTs), and insider threats, which often bypass traditional antivirus solutions by not relying on known signatures. ### How does EDR help with compliance and auditing? EDR's continuous monitoring and data retention capabilities provide detailed logs of endpoint activities, which are invaluable for demonstrating compliance with regulatory requirements and facilitating security audits by offering a clear record of security events and responses. ### Is EDR suitable for small and medium-sized businesses (SMBs)? Yes, EDR is increasingly suitable for SMBs, especially with the rise of Managed Detection and Response (MDR) services that allow smaller organizations to access EDR capabilities without needing extensive in-house security teams. ### What is the difference between EDR and XDR? While EDR focuses specifically on endpoint data, [Extended Detection and Response (XDR)](https://www.paloaltonetworks.com/cyberpedia/what-is-xdr?ts=markdown) expands its scope to integrate and analyze data from multiple security layers, including network, cloud, email, and identity, providing a more comprehensive view of threats across the entire attack surface. ### How does EDR integrate with a Security Operations Center (SOC)? EDR solutions are fundamental to a modern Security Operations Center (SOC), providing critical endpoint telemetry and actionable alerts that feed into SIEM systems for broader correlation, and enabling SOC analysts to conduct in-depth investigations and initiate rapid response actions directly from the EDR platform. Related Content [What is an Endpoint Security Solution? Endpoint security solutions comprise hardware, software, and processes that safeguard corporate and employee-owned devices from cybersecurity threats. These solutions protect these...](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-security?ts=markdown) [Cortex XDR Simplify SecOps with one platform for detection and response across all data.](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) [SOC Transformation Infographic This infographic provides a quick glance at key capabilities of the Cortex portfolio, where our machine-led, human-empowered platform enables better security outcomes.](https://www.paloaltonetworks.com/resources/infographics/soc-transformation-infographic?ts=markdown) [2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms. See how Cortex has revolutionized endpoint security by pioneering the extended detection and response (XDR) categor...](https://start.paloaltonetworks.com/gartner-epp-mq) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Endpoint%20Detection%20and%20Response%20%28EDR%29%3F&body=Discover%20how%20EDR%20detects%20and%20responds%20to%20threats%20on%20endpoints%2C%20and%20how%20this%20platform%20has%20evolved%20into%20XDR%20%28Extended%20Detection%20and%20Response%29.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr) Back to Top [Next](https://www.paloaltonetworks.com/cyberpedia/what-is-edr-deployment?ts=markdown) What Is Endpoint Detection and Response (EDR) Deployment? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language