[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Threats](https://www.paloaltonetworks.com/cyberpedia/threat?ts=markdown) 3. [MDR](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response?ts=markdown) 4. [What is Managed Detection and Response (MDR)?](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response?ts=markdown) Table of Contents * What Is Managed Detection and Response (MDR)? * [How MDR Fills the Gaps from Traditional Services](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response#mdr?ts=markdown) * [The Framework of MDR Services](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response#services?ts=markdown) * [Types of Detection and Response Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response#types?ts=markdown) * [MDR vs. EDR vs. MSSPs](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response#edr?ts=markdown) * [Implementing MDR](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response#implement?ts=markdown) * [The Impact of MDR on Modern Cybersecurity Strategies](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response#impact?ts=markdown) * [Managed Detection and Response (MDR) FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response#faqs?ts=markdown) * [What is the Difference Between EDR vs MDR?](https://www.paloaltonetworks.com/cyberpedia/what-is-mdr-vs-edr?ts=markdown) * [What is the Difference Between MDR and EDR?](https://www.paloaltonetworks.com/cyberpedia/what-is-mdr-vs-edr#difference?ts=markdown) * [Benefits of EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-mdr-vs-edr#benefits-edr?ts=markdown) * [Benefits of MDR](https://www.paloaltonetworks.com/cyberpedia/what-is-mdr-vs-edr#benefits-mdr?ts=markdown) * [Should I Use EDR, MDR, or Both?](https://www.paloaltonetworks.com/cyberpedia/what-is-mdr-vs-edr#should?ts=markdown) * [What is Extended Detection and Response (XDR)?](https://www.paloaltonetworks.com/cyberpedia/what-is-mdr-vs-edr#xdr?ts=markdown) * [MDR vs. EDR FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-mdr-vs-edr#faqs?ts=markdown) * [What is MDR vs MSSP?](https://www.paloaltonetworks.com/cyberpedia/mdr-vs-mssp-the-key-differences?ts=markdown) * [Why Organizations Need MDR/MSSP](https://www.paloaltonetworks.com/cyberpedia/mdr-vs-mssp-the-key-differences#why?ts=markdown) * [Exploring Managed Detection and Response (MDR)](https://www.paloaltonetworks.com/cyberpedia/mdr-vs-mssp-the-key-differences#mdr?ts=markdown) * [Exploring Managed Security Service Providers (MSSP)](https://www.paloaltonetworks.com/cyberpedia/mdr-vs-mssp-the-key-differences#mssp?ts=markdown) * [Key Differences Between MDR vs MSSP](https://www.paloaltonetworks.com/cyberpedia/mdr-vs-mssp-the-key-differences#vs?ts=markdown) * [Assessing Your Needs: MDR or MSSP?](https://www.paloaltonetworks.com/cyberpedia/mdr-vs-mssp-the-key-differences#assessing?ts=markdown) * [MDR vs. MSSP FAQs](https://www.paloaltonetworks.com/cyberpedia/mdr-vs-mssp-the-key-differences#faqs?ts=markdown) * [What are Managed Detection and Response Services (MDR)?](https://www.paloaltonetworks.com/cyberpedia/managed-detection-and-response-services-mdr?ts=markdown) * [What is MDR?](https://www.paloaltonetworks.com/cyberpedia/managed-detection-and-response-services-mdr#mdr?ts=markdown) * [Categories of MDR Services](https://www.paloaltonetworks.com/cyberpedia/managed-detection-and-response-services-mdr#mdr-services?ts=markdown) * [Features Offered by MDR Service Providers](https://www.paloaltonetworks.com/cyberpedia/managed-detection-and-response-services-mdr#features?ts=markdown) * [Why are MDR Services Important?](https://www.paloaltonetworks.com/cyberpedia/managed-detection-and-response-services-mdr#why?ts=markdown) * [How MDR Services Work](https://www.paloaltonetworks.com/cyberpedia/managed-detection-and-response-services-mdr#how-mdr-services-work?ts=markdown) * [Do Smaller Businesses Need MDR Services?](https://www.paloaltonetworks.com/cyberpedia/managed-detection-and-response-services-mdr#do-smaller-businesses-need-mdr-services?ts=markdown) * [MDR Services FAQs](https://www.paloaltonetworks.com/cyberpedia/managed-detection-and-response-services-mdr#faq?ts=markdown) # What is Managed Detection and Response (MDR)? 5 min. read Table of Contents * * [How MDR Fills the Gaps from Traditional Services](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response#mdr?ts=markdown) * [The Framework of MDR Services](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response#services?ts=markdown) * [Types of Detection and Response Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response#types?ts=markdown) * [MDR vs. EDR vs. MSSPs](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response#edr?ts=markdown) * [Implementing MDR](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response#implement?ts=markdown) * [The Impact of MDR on Modern Cybersecurity Strategies](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response#impact?ts=markdown) * [Managed Detection and Response (MDR) FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response#faqs?ts=markdown) 1. How MDR Fills the Gaps from Traditional Services * * [How MDR Fills the Gaps from Traditional Services](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response#mdr?ts=markdown) * [The Framework of MDR Services](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response#services?ts=markdown) * [Types of Detection and Response Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response#types?ts=markdown) * [MDR vs. EDR vs. MSSPs](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response#edr?ts=markdown) * [Implementing MDR](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response#implement?ts=markdown) * [The Impact of MDR on Modern Cybersecurity Strategies](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response#impact?ts=markdown) * [Managed Detection and Response (MDR) FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response#faqs?ts=markdown) Managed detection and response (MDR) is a [cybersecurity](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-security?ts=markdown) service and a proactive approach that combines advanced technology and human expertise to monitor [endpoints](https://www.paloaltonetworks.com/cyberpedia/what-is-an-endpoint?ts=markdown), networks, and cloud environments 24/7. The goal focuses on detecting and responding to cyberthreats using a combination of expertise, processes, and advanced technology to reduce risk and enhance security operations. Key features include: * continuous monitoring * proactive threat hunting * guided response and remediation ## How MDR Fills the Gaps from Traditional Services [MDR services](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) have evolved significantly to keep pace with the changing cybersecurity landscape, integrating advanced technologies and techniques to provide comprehensive protection against sophisticated threats. Unlike traditional security services, MDR offers proactive threat hunting, rapid incident response, and round-the-clock monitoring to address the shortcomings of conventional security measures. Traditional cybersecurity services, like managed security service providers (MSSPs), typically focus on monitoring and alerting without actively engaging in response actions. They often leave the responsibility of incident response to the customer. MSSPs generally offer more passive, automated monitoring, which may not be sufficient to address sophisticated and rapidly evolving cyberthreats​. As a result, MDR has emerged as a comprehensive security offering that integrates advanced threat detection technologies, such as [extended detection and response](https://www.paloaltonetworks.com/cyberpedia/what-is-extended-detection-response-XDR?ts=markdown) (XDR), with human expertise. This combination allows for a more holistic and effective approach to identifying and mitigating cyberthreats, providing organizations with a heightened level of protection in the ever-evolving threat landscape. ## The Framework of MDR Services The MDR framework can be broken down into three main areas: core components of MDR, technology and tools powering MDR, and the role of the [security operations center](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc?ts=markdown) (SOC) in MDR. The framework of MDR services is built on a foundation of core components that work together to provide a comprehensive approach to cybersecurity. Advanced technologies and tools enhance the effectiveness of these services, while the SOC ensures that the organization is continuously protected from evolving threats. ### Core Components of Managed Detection and Response The core components of MDR services are crucial for establishing a strong and proactive cybersecurity posture. These components collaborate to offer a seamless and effective defense against cyberthreats. **Threat Hunting** [Threat hunting](https://www.paloaltonetworks.com/cyberpedia/threat-hunting?ts=markdown) is a proactive cybersecurity approach that involves actively and continuously searching for potential threats that may have bypassed traditional security measures. Instead of relying solely on automated systems, threat hunters leverage their expertise and knowledge to identify abnormal behavior and potential threats that have not been previously detected or classified. This hands-on approach enables organizations to uncover sophisticated and stealthy threats at an early stage, minimizing their potential impact on the organization's security posture. **Incident Response** [Incident response](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response?ts=markdown) is a comprehensive and structured methodology for addressing and managing the aftermath of security incidents. This process involves the rapid identification of threats, followed by swift containment, eradication, and recovery efforts to minimize the impact of the attack. The incident response team conducts in-depth analysis and collaborates with relevant stakeholders to ensure a coordinated and effective response. Additionally, measures are implemented to prevent similar incidents from occurring in the future. A successful incident response plan not only minimizes the damage caused by the incident but also prioritizes the continuity of business operations. **Endpoint Detection** [Endpoint detection](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection?ts=markdown) is a critical cybersecurity measure that centers around the monitoring and protecting individual devices, including computers, mobile devices, and servers. Through continuous analysis of the activities and behaviors occurring on these endpoints, managed detection and response (MDR) services are able to identify and take action against potential security threats at the device level. This approach is essential because endpoints are frequently the main objectives for cyberattackers seeking unauthorized access to the network. **Threat Intelligence and Analysis** [Threat intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti?ts=markdown) involves collecting and analyzing information about current and emerging threats. This intelligence is used to inform the detection and response strategies, ensuring they are up-to-date and effective against the latest threats. Analysis of threat intelligence helps in understanding the tactics, techniques, and procedures (TTPs) used by attackers, enabling more effective defense mechanisms. Explore how MDR services can expand internal expertise, resources or technology to more effectively detect and respond to cybersecurity threats: [What are Managed Detection and Response (MDR) Services?](https://www.paloaltonetworks.com/cyberpedia/managed-detection-and-response-services-mdr?ts=markdown) ### Technology and Tools Powering MDR MDR services leverage a variety of advanced technologies and tools to enhance their effectiveness. These technologies provide the necessary capabilities for monitoring, detecting, and responding to threats in real time. **Endpoint Detection and Response (EDR)** [EDR solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr?ts=markdown) continuously monitor and analyze endpoint activities to detect suspicious behavior. EDR tools do the following: * Collect data from endpoints * Analyze it for signs of compromise * Provide detailed insights into the nature and extent of threats * Enable quick detection and response to attacks, minimizing potential damage **Security Information and Event Management (SIEM)** [SIEM systems](https://www.paloaltonetworks.com/cyberpedia/what-is-security-information-and-event-management-SIEM?ts=markdown) aggregate and analyze data from various sources across an organization's IT infrastructure. By correlating events and identifying patterns, SIEM solutions help in detecting anomalies and potential threats. They provide a centralized view of the security landscape, making it easier to manage and respond to incidents. **Next-Generation Antivirus (NGAV)** [NGAV](https://www.paloaltonetworks.com/cyberpedia/what-is-next-generation-anti-virus?ts=markdown) goes beyond traditional antivirus solutions by using advanced techniques such as machine learning and behavioral analysis to detect and block sophisticated threats. NGAV solutions are designed to identify unknown threats and zero-day exploits that traditional antivirus systems might miss, providing an additional layer of protection. **Extended Detection and Response (XDR)** [XDR](https://www.paloaltonetworks.com/cyberpedia/what-is-extended-detection-response-XDR?ts=markdown) integrates multiple security products into a cohesive system, providing a broader view of the threat landscape. By correlating data across endpoints, networks, and cloud environments, XDR enhances the ability to detect and respond to complex threats. This holistic approach improves the overall efficiency and effectiveness of threat detection and response efforts. ### The Role of Security Operations Center (SOC) in MDR The security operations center (SOC) is the heart of MDR services, acting as the command center for monitoring, detecting, and responding to security threats. The [SOC is staffed](https://www.paloaltonetworks.com/cyberpedia/soc-roles-and-responsibilities?ts=markdown) by skilled security analysts and incident responders who work around the clock to protect the organization's assets. The SOC utilizes advanced tools and technologies to continuously monitor the organization's IT environment, identify potential threats, and coordinate responses. By maintaining a vigilant watch over the network, the SOC ensures that any signs of compromise are quickly identified and addressed. The SOC also plays a crucial role in threat hunting, incident response, and integrating threat intelligence into the organization's security strategy. ## Types of Detection and Response Solutions ![Organizations can choose from several detection and response approaches, each with distinct capabilities and focus areas](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/detection-and-response-types.jpg "Organizations can choose from several detection and response approaches, each with distinct capabilities and focus areas") Organizations can choose from several detection and response approaches, each with distinct capabilities and focus areas: **Endpoint Detection and Response (EDR)** focuses specifically on individual devices and endpoints. EDR solutions provide comprehensive data collection, sophisticated detection engines, and automated response capabilities at the device level. Key features include threat intelligence integration, detailed forensics, trace-back capabilities, and real-time alerts for endpoint activities. **Managed Detection and Response (MDR)** builds upon EDR by adding managed services and human expertise. MDR providers offer managed EDR capabilities, perimeter telemetry monitoring, comprehensive incident management and response, and fully contracted security services. This approach combines technology with expert security analysts who actively monitor and respond to threats. **Network Detection and Response (NDR)** specializes in monitoring internal network traffic and communications. NDR solutions excel at behavioral analysis of network patterns, implementing security controls at the network level, and detecting insider threats that may bypass endpoint protections. This approach provides visibility into lateral movement and network-based attacks. **Extended Detection and Response (XDR)** represents the most comprehensive approach, integrating multiple security layers into a unified platform. XDR solutions combine device controls, disk encryption, firewall management, and orchestration capabilities. They leverage machine learning to analyze both internal and external traffic, providing holistic visibility across the entire security infrastructure. Each approach addresses different aspects of cybersecurity, and many organizations implement multiple solutions or choose XDR for its integrated capabilities. ## MDR vs. EDR vs. MSSPs Understanding the distinctions between managed detection and response (MDR), endpoint detection and response (EDR), and managed security service providers (MSSPs) is crucial. Each of these services offers unique capabilities and benefits, addressing different aspects of an organization's security needs. By clearly differentiating between these services, organizations can make informed decisions about their security strategies. ### MDR Vs. EDR While both MDR and EDR play critical roles in cybersecurity, they differ in scope and focus. MDR provides a broader, more integrated approach to threat detection and response, encompassing the entire IT environment, including endpoints, networks, and cloud infrastructure. In contrast, EDR is specifically focused on [endpoint security](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-security?ts=markdown), offering deep visibility and protection for individual devices. MDR services often incorporate EDR capabilities as part of their overall strategy, providing a more comprehensive solution. EDR solutions provide visibility into endpoint activities and use advanced analytics to detect suspicious behavior. Key features of EDR include: * **Endpoint monitoring**: Continuous tracking of endpoint activities to identify signs of compromise. * **Behavioral analysis**: Analyzing endpoint behavior to detect anomalies and potential threats. * **Automated response**: Implementing automated actions to contain and remediate threats at the endpoint level. * **Forensics**: Providing detailed insights into the nature and extent of endpoint attacks for post-incident analysis. *Dig into the differences between MDR and EDR: [What is MDR vs EDR?](https://www.paloaltonetworks.com/cyberpedia/what-is-mdr-vs-edr?ts=markdown)* ### How MDR Services Extend Beyond Traditional MSSPs MSSPs offer a range of security services to help organizations manage their security infrastructure and operations. These services typically include firewall management, intrusion detection and prevention, [vulnerability assessments](https://www.paloaltonetworks.com/cyberpedia/vulnerability-management?ts=markdown), and security monitoring. MSSPs provide valuable support in managing and maintaining security technologies, but their primary focus is on operational efficiency rather than proactive threat detection and response. While MSSPs focus on managing and optimizing security technologies, MDR services prioritize threat detection and response, providing a more dynamic and proactive approach to cybersecurity. Organizations that require a higher level of threat detection and response capabilities will benefit from the comprehensive services offered by MDR. *Uncover the distinctions between MDR and MSSP by reading: [What is MDR vs MSSP?: Key Differences.](https://www.paloaltonetworks.com/cyberpedia/mdr-vs-mssp-the-key-differences?ts=markdown)* ### Integration of MDR With In-House Security Teams A collaborative approach for integrating MDR services with in-house security teams can significantly enhance an organization's overall security posture. By combining the proactive and comprehensive capabilities of MDR with the contextual knowledge and operational expertise of the in-house team, organizations can achieve a more resilient and effective cybersecurity posture. This collaboration leverages the strengths of both the MDR provider and the internal team. Key Benefits of MDR integration include: * **Enhanced expertise**: MDR services bring specialized skills and knowledge that complement the capabilities of the in-house team. * **24/7 coverage**: MDR provides round-the-clock monitoring and response, ensuring continuous protection even when the in-house team is off-duty. * **Scalability**: MDR services can easily scale to meet the evolving security needs of the organization, providing additional resources and support as needed. * **Advanced threat detection**: MDR uses cutting-edge technology and threat intelligence to detect sophisticated threats that may be beyond the capabilities of the in-house team. Integration Strategies are as follows: * **Clear communication channels**: Establishing clear lines of communication between the MDR provider and the in-house team ensures seamless collaboration and quick response to threats. * **Defined roles and responsibilities**: Clearly defining the roles and responsibilities of both the MDR provider and the in-house team helps avoid duplication of efforts and ensures efficient resource use. * **Regular reporting and feedback**: Regular reporting and feedback from the MDR provider help the in-house team stay informed about the security landscape and improve their own practices. * **Joint incident response plans**: Developing joint incident response plans ensures that both the MDR provider and the in-house team can work together effectively during a security incident. ## Implementing MDR Implementing MDR involves careful consideration of various factors, a structured transition plan, and ongoing measurement of the MDR solution's effectiveness. It's important to outline the key considerations when choosing an MDR provider, the step-by-step process for transitioning to MDR services, and how to measure the effectiveness of the MDR solution. ### Key Considerations When Choosing an MDR Provider Choosing the right MDR provider is crucial to ensure that the service meets your organization's specific security needs. Here are the key factors to consider: **Expertise and Experience in Cybersecurity** When selecting a cybersecurity provider, it's important to consider their industry knowledge, certified professionals, and track record. Industry knowledge is crucial as different industries face unique security challenges, and a provider with relevant experience will be better equipped to address these challenges effectively. Look for providers with certified security professionals who hold credentials such as CISSP, CISM, and CEH. These certifications indicate expertise and demonstrate the necessary skills and knowledge to handle advanced threats. Additionally, assess the provider's track record in managing and responding to cyberthreats. Case studies, testimonials, and references can provide valuable insights into their performance and reliability, helping you make an informed decision. **Range and Depth of Security Services Offered** Your provider should offer a comprehensive range of services, including threat hunting, incident response, endpoint detection, and threat intelligence. A provider with a wide array of services can cover all aspects of security and provide comprehensive protection. Additionally, it is important to verify that the provider uses advanced technologies such as endpoint detection and response (EDR), security information and event management (SIEM), next-generation antivirus (NGAV), and extended detection and response (XDR). These advanced technologies significantly enhance threat detection and response capabilities. Moreover, the provider should be able to scale their services to match your organization's growth and evolving security needs, ensuring continuous and adaptable protection as your organization expands. **Customization and Flexibility in Security Solutions** Select a provider that offers customizable security solutions tailored to your organization's specific requirements, as one-size-fits-all solutions may not adequately address unique security challenges. Look for providers that offer flexible contract terms, allowing you to adjust services as needed. This flexibility ensures you can adapt to changing security landscapes without being locked into rigid agreements. The MDR solution should seamlessly integrate with your existing security infrastructure and tools, ensuring a smooth transition and maximizing the effectiveness of your security operations. ### Transitioning to MDR Services: Step-by-Step Process Transitioning to MDR services requires a structured approach to ensure a smooth and effective implementation. The process involves several key steps. **Step 1: Assess Current Security Posture** The first step is to assess your current security posture. Conduct a thorough gap analysis to identify areas for improvement by evaluating your existing security tools, processes, and capabilities. Perform a risk assessment to understand your organization's specific threat landscape and prioritize areas needing immediate attention. **Step 2: Define Clear Objectives** Next, define clear objectives for what you want to achieve with MDR services, such as improved threat detection, faster incident response, or an enhanced overall security posture. Outline your specific requirements for the MDR provider, including the range of services, technologies, and integration needs. **Step 3: Select the Right Provider** Evaluate and shortlist potential providers based on key considerations such as expertise, service range, and flexibility. Conduct interviews, request proposals, and perform due diligence. If possible, run a proof of concept (PoC) to test the provider's capabilities and ensure they meet your requirements. **Step 4: Develop Implementation Plan** Develop a detailed implementation plan that outlines the steps, timelines, and resources needed for the transition. Define roles and responsibilities for both your internal team and the MDR provider, and establish a communication strategy to keep all stakeholders informed throughout the transition process. **Step 5: Execute** Execute the transition by working with the MDR provider to onboard their services, including integrating their technologies with your existing infrastructure. Provide training for your internal team to ensure they understand how to work with the MDR provider and utilize the new tools effectively. **Step 6: Continuously Monitor** Finally, continuously monitor the MDR services to ensure they are performing as expected. Review reports and metrics provided by the MDR provider regularly and work with them to optimize the services and address any issues or gaps. ### Measuring the Effectiveness of Your MDR Solution Measuring the effectiveness of your MDR solution is essential to ensure it delivers the desired security outcomes. Here are key metrics and methods to evaluate the performance of your MDR services: **Detection and Response Metrics** * Mean Time to Detect (MTTD): Measure the average time taken to detect a threat. Shorter MTTD indicates more effective threat detection capabilities. * Mean Time to Respond (MTTR): Measure the average time taken to respond to and mitigate a threat. Faster MTTR demonstrates efficient incident response processes. **Threat Intelligence and Analysis Metrics** * False Positive Rate: Track the number of false positives generated by the MDR solution. A lower false positive rate indicates more accurate threat detection. * Threat Coverage: Evaluate the range and types of threats detected by the MDR solution. Comprehensive threat coverage ensures robust protection against various attack vectors. **Incident Response Metrics** * Incident Resolution Time: Measure the time taken to fully resolve security incidents. Quick resolution times minimize the impact on business operations. * Post-Incident Analysis: Conduct post-incident analyses to assess the effectiveness of the response and identify areas for improvement. **Customer Satisfaction Metrics** * Feedback and Surveys: Collect feedback from internal stakeholders to gauge their satisfaction with the MDR services. Surveys and interviews can provide valuable insights into the effectiveness and areas for improvement. * Service Level Agreements (SLAs): Review the MDR provider's adherence to SLAs and their performance against agreed-upon metrics. **Continuous Improvement** * Regular Reviews: Schedule regular reviews with the MDR provider to discuss performance, address issues, and explore opportunities for improvement. * Adaptation to New Threats: Ensure the MDR provider continuously updates their technologies and strategies to adapt to new and emerging threats. ## The Impact of MDR on Modern Cybersecurity Strategies MDR services are now essential in modern cybersecurity strategies. They offer a proactive and comprehensive approach to threat detection and response. By integrating advanced technologies with human expertise, MDR significantly enhances an organization's security posture. MDR improves security by using continuous monitoring and advanced analytics to identify and mitigate threats before they cause harm. Tools like EDR, SIEM, and XDR continuously scan for anomalies, while expert threat hunters actively search for hidden threats. This proactive approach minimizes damage and disruption. Additionally, MDR excels in incident response by ensuring efficient threat handling, stakeholder communication, forensic analysis, and post-incident reviews. Threat intelligence is crucial in shaping security strategies by providing insights into current and emerging threats. MDR providers integrate real-time threat data from various sources to inform their detection and response strategies, enabling organizations to prioritize efforts based on the most relevant threats. This intelligence helps create resilient and adaptive security policies, ensuring alignment with the current threat environment. MDR services tackle alert fatigue by filtering and prioritizing alerts, allowing security teams to focus on genuine threats. Advanced machine learning algorithms and behavioral analysis reduce false positives, streamlining the incident response process. This leads to faster and more effective threat mitigation, minimizing the impact of cyberattacks, enhancing overall security, and ensuring business continuity. ## Managed Detection and Response (MDR) FAQs ### What are the key benefits of implementing endpoint detection and response (EDR) in an organization? Implementing EDR offers several key benefits, including real-time monitoring and visibility into endpoint activities, which helps in early detection of malicious behavior. EDR solutions provide detailed forensic data that aids in understanding the scope and impact of a security incident. Additionally, EDR tools often include automated response capabilities that can contain and mitigate threats quickly, reducing the potential damage. EDR also enhances compliance with regulatory requirements by providing detailed logs and reports of endpoint activities. ### How does EDR integrate with other security tools and systems in an organization? EDR solutions are designed to integrate seamlessly with other security tools and systems, such as security information and event management (SIEM) systems, firewalls, and antivirus software. This integration allows for a unified security approach, where data from EDR can be correlated with information from other sources to provide a comprehensive view of the security landscape. EDR tools can send alerts and logs to SIEM systems for centralized analysis and reporting, enhancing overall threat detection and incident response capabilities. This interoperability ensures that all security measures work together cohesively to protect the organization. ### What are some common challenges organizations face when deploying EDR solutions, and how can they overcome them? Some common challenges in deploying EDR solutions include managing the volume of data generated by endpoints, ensuring proper configuration and tuning of the EDR tools, and addressing the need for skilled personnel to analyze and respond to threats. Organizations can overcome these challenges by: * Implementing Data Management Strategies: Using data filtering and prioritization techniques to manage and make sense of the large volumes of data. * Proper Configuration: Working with EDR vendors to ensure tools are properly configured and tailored to the specific needs of the organization. * Training and Hiring: Investing in training for existing staff or hiring skilled cybersecurity professionals to effectively manage and utilize EDR solutions. * Automating Responses: Leveraging the automated response features of EDR tools to handle routine threats, freeing up human resources for more complex incidents. By addressing these challenges proactively, organizations can maximize the effectiveness of their EDR deployments and improve their overall security posture. Related content [Boyne Resorts achieves game-changing SOC improvements with Cortex XSIAM and Unit 42 MDR Boyne Resorts had a legacy SIEM that overloaded its security team with false positives while making it difficult and expensive to integrate data sources. See their results after im...](https://www.paloaltonetworks.com/customers/boyne-resorts-achieves-game-changing-soc-improvements-with-cortex-xsiam-and-unit-42-mdr?ts=markdown) [Unit 42^®^ Managed Detection and Response (MDR) Service Unit 42 Managed Detection and Response service helps you monitor security events and proactively detect and respond to threats to minimize their impact.](https://www.paloaltonetworks.com/resources/datasheets/unit42-managed-detection-and-response?ts=markdown) [Unit 42 MDR Whitepaper : Supercharge your Defenses With the Unit 42 Managed Detection and Response service, Unit 42 experts work for you to detect and respond to cyberattacks 24/7, so your team can focus on what matters most.](https://www.paloaltonetworks.com/resources/whitepapers/supercharge-your-defenses?ts=markdown) [Beyond the Hunt YouTube series Learn from Palo Alto Networks Unit 42 threat hunters in this cybersecurity podcast, 'Beyond the Hunt.' We update you on threats and vulnerabilities, threat-hunting tactics, and str...](https://www.youtube.com/playlist?list=PLaKGTLgARHpOO5mA1B2uShj6_TWscb2cA) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Managed%20Detection%20and%20Response%20%28MDR%29%3F&body=Discover%20how%20managed%20detection%20and%20response%20%28MDR%29%20combines%2024%2F7%20monitoring%20with%20expert%20threat%20identification%20and%20rapid%20response%20capabilities%20to%20safeguard%20your%20business.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-managed-detection-and-response) Back to Top [Next](https://www.paloaltonetworks.com/cyberpedia/what-is-mdr-vs-edr?ts=markdown) What is the Difference Between EDR vs MDR? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language