[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-security-solution?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.paloaltonetworks.com/deploybravely?ts=markdown) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Identity Security](https://www.paloaltonetworks.com/cyberpedia/identity-security?ts=markdown) 3. [Identity Governance and Administration](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga?ts=markdown) 4. [Identity Lifecycle Management](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management?ts=markdown) Table of Contents * [What Is Modern IGA? Identity Governance Guide](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga?ts=markdown) * [Modern IGA Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga#explained?ts=markdown) * [The Evolution of Identity Governance: From Legacy to Modern](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga#evolution?ts=markdown) * [Core Mechanisms: How Modern IGA Functions](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga#core?ts=markdown) * [Key Benefits for the Modern Security Stack](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga#key?ts=markdown) * [Addressing the Non-Human Identity (NHI) Challenge](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga#challenge?ts=markdown) * [Modern IGA Challenges and Practical Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga#solutions?ts=markdown) * [Modern IGA FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga#faqs?ts=markdown) * [What Is Identity Governance and Administration?](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga?ts=markdown) * [Identity Governance and Administration (IGA) Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#identity?ts=markdown) * [Core Pillars of Identity Governance and Administration](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#core?ts=markdown) * [Why IGA Is Critical for Modern Enterprises](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#why?ts=markdown) * [Business-Level Outcomes of IGA](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#business?ts=markdown) * [Implementation Steps for an IGA Program](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#implementation?ts=markdown) * [IGA and the Zero Trust Security Model](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#model?ts=markdown) * [Operational Challenges and Attack Containment Behavior](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#operaitonal?ts=markdown) * [Identity Governance and Administration (IGA) FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#faqs?ts=markdown) * What Is Identity Lifecycle Management? * [Identity Lifecycle Management Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#explained?ts=markdown) * [The Four Pillars of Identity Lifecycle Management](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#pillars?ts=markdown) * [Strategic Benefits: Why ILM Is a Cybersecurity Necessity](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#benefits?ts=markdown) * [Real-World Use Cases for Identity Lifecycle Management](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#use-cases?ts=markdown) * [Disrupting Attackers](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#disrupting-attackers?ts=markdown) * [Modernizing ILM: Just-in-Time Access and Non-Standing](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#modernizing-ilm?ts=markdown) * [Privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#privilege?ts=markdown) * [Critical Challenges and Solutions in Modern ILM Implementation](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#challenges?ts=markdown) * [ILM vs. IAM](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#ilm-vs-iam?ts=markdown) * [Identity Lifecycle Management FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#faqs?ts=markdown) * [What Is NIST SP 800-207? zero trust Architecture Framework](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207?ts=markdown) * [What Does NIST SP 800-207 Compliance Mean?](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#what?ts=markdown) * [Why NIST SP 800-207 Matters Today](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#why?ts=markdown) * [NIST Zero Trust Tenets](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#nist?ts=markdown) * [Zero Trust Architecture Components](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#components?ts=markdown) * [What Signals Inform A Trust Decision?](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#decision?ts=markdown) * [How Trust Decisions Typically Work](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#how?ts=markdown) * [Common Zero Trust Deployment Models](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#models?ts=markdown) * [Benefits And Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#benefits?ts=markdown) * [Practical Implementation Checklist](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#practical?ts=markdown) * [NIST SP 800-207 FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#faqs?ts=markdown) # What Is Identity Lifecycle Management? 3 min. read [Explore Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) Table of Contents * * [Identity Lifecycle Management Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#explained?ts=markdown) * [The Four Pillars of Identity Lifecycle Management](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#pillars?ts=markdown) * [Strategic Benefits: Why ILM Is a Cybersecurity Necessity](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#benefits?ts=markdown) * [Real-World Use Cases for Identity Lifecycle Management](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#use-cases?ts=markdown) * [Disrupting Attackers](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#disrupting-attackers?ts=markdown) * [Modernizing ILM: Just-in-Time Access and Non-Standing](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#modernizing-ilm?ts=markdown) * [Privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#privilege?ts=markdown) * [Critical Challenges and Solutions in Modern ILM Implementation](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#challenges?ts=markdown) * [ILM vs. IAM](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#ilm-vs-iam?ts=markdown) * [Identity Lifecycle Management FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#faqs?ts=markdown) 1. Identity Lifecycle Management Explained * * [Identity Lifecycle Management Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#explained?ts=markdown) * [The Four Pillars of Identity Lifecycle Management](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#pillars?ts=markdown) * [Strategic Benefits: Why ILM Is a Cybersecurity Necessity](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#benefits?ts=markdown) * [Real-World Use Cases for Identity Lifecycle Management](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#use-cases?ts=markdown) * [Disrupting Attackers](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#disrupting-attackers?ts=markdown) * [Modernizing ILM: Just-in-Time Access and Non-Standing](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#modernizing-ilm?ts=markdown) * [Privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#privilege?ts=markdown) * [Critical Challenges and Solutions in Modern ILM Implementation](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#challenges?ts=markdown) * [ILM vs. IAM](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#ilm-vs-iam?ts=markdown) * [Identity Lifecycle Management FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#faqs?ts=markdown) Identity Lifecycle Management (ILM) is an automated framework for managing a digital identity and its associated entitlements from creation through retirement. It governs the entire identity journey, ensuring that all access rights are correctly provisioned, monitored, and revoked in accordance with organizational policies and Zero Trust principles. Effective ILM reduces the attack surface by minimizing excessive and standing privileges, which threat actors exploit to gain persistence and move laterally. It serves as a foundational component of a modern identity security strategy. Key Takeaways: * **Automation is central**: ILM automates provisioning and deprovisioning to eliminate manual errors and security gaps. \* **Four critical stages**: The identity journey consists of provisioning, access management, monitoring, and deprovisioning. \* **Mitigates lateral movement**: Promptly remove dormant or unnecessary access blocks to prevent attacker pathways across the network. \* **Supports Zero Trust**: It enforces the Principle of Least Privilege by dynamically managing entitlements. \* **Extends to machine identities**: ILM must manage both human users and non-human workload identities (APIs, services). \* **Prevents misconfiguration**: Automated controls reduce the chance of excessive entitlements, a key attack vector in cloud environments. ## Identity Lifecycle Management Explained Identity Lifecycle Management (ILM) is a policy-driven approach to managing an identity's access privileges throughout its tenure within an organization. It is not a single tool but a set of integrated processes and technologies designed to maintain [identity security](https://www.paloaltonetworks.com/cyberpedia/identity-security?ts=markdown) and compliance. The goal is to ensure the right identities have the right level of access to the right resources, at the right time, and for the right reason. This process must be consistent across on-premises, cloud, and hybrid environments. Manual identity management is prone to errors, which leads to security weaknesses. ILM's reliance on automation addresses these weaknesses, streamlining processes such as onboarding, role changes, and offboarding. By automating these processes, organizations can rapidly implement policy changes and ensure compliance with regulatory mandates, including [SOC 2](https://www.paloaltonetworks.com/cyberpedia/soc-2?ts=markdown), [HIPAA](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa?ts=markdown), and [GDPR](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance?ts=markdown). Integrating ILM with a broader Identity Security framework is essential to maintaining a strong security posture. ## The Four Pillars of Identity Lifecycle Management The identity lifecycle is segmented into four primary, interconnected phases. Each phase demands precise controls to prevent privilege creep and minimize the window of opportunity for attackers. These stages form a continuous loop that must be audited and verified continuously. The core stages of Identity Lifecycle Management include the following: ### Provisioning This initial phase establishes the identity and grants baseline access. It involves creating the user account, defining its initial role, and assigning the required entitlements. In modern cloud environments, this must also encompass [machine identity](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity?ts=markdown) provisioning for applications and services. A failure here can result in immediate security debt through excess entitlements or cloud [misconfigurations](https://www.paloaltonetworks.com/cyberpedia/security-misconfiguration-api8?ts=markdown). ### Access Management and Modification As an identity's role changes, its entitlements must instantly adapt. This phase ensures that access rights are continuously reviewed and updated in accordance with the [principle of least privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege?ts=markdown). Stagnant or standing privileges are a significant risk. The objective is to ensure that accounts maintain only the permissions absolutely required to perform current tasks. ### Monitoring and Auditing This requires continuous visibility into all identity activities and access requests. Security teams monitor for anomalous behavior, excessive login attempts, or unauthorized access attempts. Regular audits are mandated for compliance and to identify "ghost accounts" or dormant, over-privileged users. Tools leveraging [artificial intelligence](https://www.paloaltonetworks.com/cyberpedia/artificial-intelligence-ai?ts=markdown) are often employed here to detect subtle behavioral shifts. ### Deprovisioning This final stage is the systematic removal of an identity's access when an employee leaves the organization or a machine identity is retired. Prompt and complete deprovisioning is non-negotiable for security. If accounts are not immediately revoked across all systems, including third-party applications and cloud platforms, they become abandoned identities that are ripe for exploitation by threat actors. This final step is vital for a comprehensive zero trust architecture. ## Strategic Benefits: Why ILM Is a Cybersecurity Necessity Identity has become the new perimeter in a cloud-first world, making lifecycle management a top priority for C-suite executives and security leaders. Effective ILM balances the need for resilient security with the demand for seamless user experiences. ### Reducing the Attack Surface and Insider Risk By enforcing the principle of least privilege throughout the lifecycle, ILM significantly narrows the window of opportunity for attackers. Automated deprovisioning ensures that a terminated employee's credentials cannot be leveraged for an insider attack or by external threat actors. ### Accelerating Time-to-Productivity for Hybrid Workforces Manual provisioning often results in "productivity lag," where new hires wait days or weeks for necessary access. ILM removes this friction by automating the setup of virtual desktops, cloud applications, and VPN access. This efficiency is particularly vital for managing contractors and temporary workers who require rapid onboarding and offboarding. ### Achieving Continuous Compliance and Audit Readiness Regulators require proof that access is managed in accordance with documented policies. ILM systems provide a digital paper trail for every access change, from initial provisioning to final deletion. Automated reporting capabilities enable security teams to demonstrate compliance with SOC 2 or ISO 27001 standards without weeks of manual data collection. ## Real-World Use Cases for Identity Lifecycle Management Implementing ILM in an enterprise environment transforms abstract security policies into automated, reliable workflows. These real-world scenarios illustrate how organizations utilize ILM to solve specific business and security challenges. ### Managing High-Turnover Contractor Access Financial services and retail companies often rely on large cohorts of temporary contractors. Manually tracking the expiration dates for these hundreds of external identities is nearly impossible. ILM allows administrators to set "time-to-live" (TTL) attributes on contractor accounts. When a contractor's three-month project concludes, the system automatically triggers the deprovisioning workflow at midnight on the final day, ensuring no "ghost accounts" remain as entry points for attackers. ### Preventing Privilege Creep During Internal Promotions Consider a software developer who has been promoted to Engineering Director. In a manual lifecycle, they would gain access to financial reporting and strategic planning tools but likely retain their old access to production code repositories and sensitive SSH keys. An ILM system uses [role-based access control (RBAC)](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac?ts=markdown) to perform a "delta sync." It recognizes the role change, grants the new administrative permissions, and automatically strips the developer-level access that is no longer required for their new duties. ### Securing Non-Human Identities in CI/CD Pipelines Digital transformation has led to a surge in non-human identities, such as service accounts, bots, and API keys. These identities often have broad permissions and no clear human "owner." Leading organizations use ILM to manage the lifecycle of these machine identities by assigning ownership to specific DevOps teams and automating secret rotation. This ensures that if an API key is leaked, it has a limited lifespan and can be revoked instantly through a centralized identity plane. ### Incident Response and Emergency Offboarding In cases of involuntary termination or a suspected [insider threat](https://www.paloaltonetworks.com/cyberpedia/insider-threat?ts=markdown), speed is the most critical factor. Manual offboarding can take hours as an admin logs into dozens of separate SaaS applications to disable accounts. A mature ILM implementation allows for "one-click deactivation." A single signal from the HRIS or a security orchestration tool triggers the simultaneous global revocation of all active sessions, [multifactor authentication (MFA)](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication?ts=markdown) tokens, and cloud credentials across the entire enterprise ecosystem. ## Disrupting Attackers Effective Identity Lifecycle Management is a direct countermeasure to several key steps in the attacker's workflow. The [Unit 42 threat research](https://unit42.paloaltonetworks.com/unit42-incident-response-report-2024-threat-guide/) team consistently observes that compromised credentials and excess entitlements are central to initial access and subsequent privilege escalation. Organizations must move beyond basic account creation and deletion to address threat behaviors. ### Common ILM Failures and Unit 42 Observations (Listicle 1) #### Excess Entitlements Mismanaged provisioning often grants default admin or overly broad permissions. Unit 42 data shows attackers immediately leverage these standing entitlements for initial reconnaissance and foothold establishment, bypassing time-consuming privilege-escalation attempts. #### Dormant Identities Accounts that are technically disabled but still hold active session tokens or unrevoked access keys become high-value targets. Attackers acquire these through credential theft and use them for stealthy lateral movement because the accounts' behavior is already baseline-deviant (i.e., inactive). #### Machine Identity Exposure Non-human identities (such as service accounts or API keys) are often provisioned with excessive permissions and rarely deprovisioned. When these tokens are leaked or stolen, they provide an unmonitored path for attackers to pivot across cloud environments, bypassing traditional user-based controls. A strong [cloud security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security?ts=markdown) framework requires treating machine identities with the same level of scrutiny as human identities. **Securing the Identity Lifecycle: Mapping Risks and Remedies** ## Modernizing ILM: Just-in-Time Access and Non-Standing | Attacker Goal | ILM Failure Point | Mitigation Strategy | | Initial Access/Recon | Over-provisioning (Standing Privilege) | Enforce Just-in-Time (JIT) and Least Privilege | | Lateral Movement | Lack of Continuous Monitoring/Audit | Implement continuous entitlement review | | Persistence | Failed Deprovisioning (Ghost Account) | Automated, multi-system revocation across all platforms | |----------------------|----------------------------------------|---------------------------------------------------------| Table 1: The critical intersection between Identity Lifecycle Management (ILM) vulnerabilities and common cyberattack stages ## Privilege The traditional "grant and keep" approach to privilege is inconsistent with modern security models. Modern ILM principles emphasize transient, or non-standing, privileges. This approach aligns directly with the zero trust philosophy by continuously verifying access and granting it only when absolutely necessary. ### Principles of Modern ILM 1. **[Just-in-Time (JIT) Access](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit?ts=markdown)**: Access is granted for a specific task within a limited time window and is automatically revoked. This eliminates standing privileges that attackers can exploit at any moment. JIT ensures the identity's exposure is measured in minutes, not months. 2. **Continuous Entitlement Verification**: The system automatically reviews an identity's active permissions against its required function at regular, short intervals. If the function or role changes, entitlements are adjusted immediately. This directly combats privilege creep. 3. **[Identity Governance and Administration (IGA) Integration](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga?ts=markdown)**: A modern ILM solution is not siloed. It integrates governance workflows (certification, policy enforcement) to provide a unified view of entitlements across the enterprise. **Comparing Privilege Models: Standing vs. Just-in-Time Access** | Privilege Model | Description | Security Posture | | Standing Privilege | Access is granted indefinitely (e.g., an admin account maintains full rights 24/7). | High risk. Provides an attacker with a persistent path for escalation. | | Non-Standing Privilege | Access is granted only upon request and automatically expires after a brief, defined period (JIT). | Low risk. Dramatically limits the window of opportunity for misuse or compromise. | | Persistence | Failed Deprovisioning (Ghost Account) | Automated, multi-system revocation across all platforms | |------------------------|----------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------| Table 2: Just-in-Time (JIT) strategies reduce an organization's permanent attack surface. ## Critical Challenges and Solutions in Modern ILM Implementation Implementing ILM in a complex enterprise environment often reveals hidden technical and procedural hurdles. Overcoming these requires a combination of data hygiene and advanced tooling. ### Solving the Data Hygiene Crisis ILM is only as effective as the data it consumes. If the HRIS contains inaccurate job titles or duplicate entries, the automated workflows will provision incorrect access. Organizations must implement data cleansing processes and strict naming conventions before turning on full automation to avoid widespread access errors. ### Managing Non-Human Identities The explosion of automation has led to a surge in [non-human identities](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity?ts=markdown), such as service accounts, bots, and [IoT devices](https://www.paloaltonetworks.com/cyberpedia/how-to-secure-iot-devices-in-the-enterprise?ts=markdown). These identities often lack a clear "manager" and can persist indefinitely if not managed through a formal lifecycle. Extending ILM to non-human entities involves assigning ownership and setting expiration dates for their credentials. ## ILM vs. IAM ILM and IAM are related but distinct cybersecurity concepts. ILM is a specific component that focuses solely on the identity journey (creation, change, destruction). IAM is the broader domain encompassing all policies, processes, and technologies used to manage digital identities and control their access to resources. Identity Security is the overarching strategy that integrates both. ### How ILM Fits into the Broader IAM Framework 1. **[IAM](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management?ts=markdown) (The Umbrella)**: Defines who can access what resources and how. It includes authentication (verifying the user) and authorization (what the user can do). 2. **ILM (The Process)**: Focuses on when and for how long to create, maintain, and delete identities. It ensures the integrity of the IAM system's identity. 3. **Privileged Access Management (PAM)**: A specific subset of IAM/ILM that strictly controls highly sensitive, non-human, and administrative accounts, which are the primary targets for privilege escalation. 4. **[CIEM](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem?ts=markdown) (Cloud Infrastructure Entitlement Management)**: An evolution of ILM and PAM that specifically addresses the complex, often excessive, entitlements of cloud identities and resources, directly solving the cloud misconfiguration challenges observed by Unit 42. ## Identity Lifecycle Management FAQs ### How does ILM align with a Zero Trust architecture? It provides the foundation. ILM enforces Zero Trust principles by ensuring that all identities operate under the Principle of Least Privilege. By automating the removal of standing access and implementing continuous monitoring, ILM upholds the "never trust, always verify" tenet required for Zero Trust to be effective. ### Does ILM cover machine identities? Yes, it must. A modern ILM framework is incomplete if it only manages human users. Machine identities---such as API keys, service accounts, and workloads---now vastly outnumber human users and must be included in all ILM stages, especially provisioning and continuous entitlement review, to prevent critical security flaws. ### What is privilege creep, and how does ILM prevent it? The accumulation of unnecessary access. Privilege creep occurs when an identity accumulates entitlements from previous roles without revocation, creating a persistent security risk. ILM prevents this through automated, policy-driven access modification and continuous auditing, ensuring outdated permissions are removed at every stage. ### Why is deprovisioning the most critical stage for security? It closes the attack path. Failed deprovisioning leaves behind abandoned, over-privileged accounts that are easily exploited by external attackers or malicious insiders. Immediate, complete, and automated deprovisioning---not just account disabling---is necessary to remove these high-risk vectors and maintain security integrity. Related Content [The Five A's of Enterprise IAM Learn the essential framework for a holistic identity management strategy.](https://www.paloaltonetworks.com/resources/whitepapers/building-the-zero-trust-enterprise?ts=markdown) [ZTNA 2.0: The New Standard for Secure Access Discover how ZTNA 2.0 provides continuous identity verification throughout the lifecycle of a session.](https://www.paloaltonetworks.com/sase/ztna?ts=markdown) [Securing the "Agentic" AI Workforce Explore how to manage the lifecycle of non-human identities with the same rigor as human users.](https://www.paloaltonetworks.com/company/press/2025/palo-alto-networks-announces-agreement-to-acquire-cyberark--the-identity-security-leader) [Architecting the Zero Trust Enterprise Get the technical guide on integrating identity into a broader Zero Trust architecture.](https://www.paloaltonetworks.com/zero-trust?ts=markdown) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Identity%20Lifecycle%20Management%3F&body=Learn%20the%204%20stages%20of%20Identity%20Lifecycle%20Management%20%28ILM%29%20and%20how%20a%20modern%20Zero%20Trust%20approach%20mitigates%20critical%20risks%20like%20lateral%20movement%20and%20credential%20theft.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga?ts=markdown) What Is Identity Governance and Administration? [Next](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207?ts=markdown) What Is NIST SP 800-207? zero trust Architecture Framework {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language