[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Security Operations](https://www.paloaltonetworks.com/cyberpedia/security-operations?ts=markdown) 3. [MITRE Att\&ck](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack?ts=markdown) 4. [What is the MITRE ATT\&CK Matrix?](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix?ts=markdown) Table of Contents * [What Is MITRE ATT\&CK Framework?](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack?ts=markdown) * [MITRE ATT\&CK Framework Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack#mitre?ts=markdown) * [Structuring Adversary Behavior by Tactic](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack#structuring?ts=markdown) * [MITRE ATT\&CK Tactics and Their Role in Security Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack#intelligence?ts=markdown) * [MITRE ATT\&CK Techniques](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack#techniques?ts=markdown) * [MITRE ATT\&CK Use Cases](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack#usecases?ts=markdown) * [Using the MITRE ATT\&CK Framework during a Live Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack#live?ts=markdown) * [Comparing MITRE ATT\&CK and the Cyber Kill Chain](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack#comparing?ts=markdown) * [Advancing Organizational Maturity with ATT\&CK](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack#advancing?ts=markdown) * [Toward a Behavioral Framework for Securing AI](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack#toward?ts=markdown) * [MITRE ATT\&CK Framework FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack#faqs?ts=markdown) * [How Do I Implement MITRE ATT\&CK Techniques?](https://www.paloaltonetworks.com/cyberpedia/how-to-implement-mitre-attack-techniques?ts=markdown) * [Key Elements of the MITRE ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/how-to-implement-mitre-attack-techniques#key-elements?ts=markdown) * [How to Implement MITRE ATT\&CK Techniques](https://www.paloaltonetworks.com/cyberpedia/how-to-implement-mitre-attack-techniques#implement?ts=markdown) * [How to Use MITRE ATT\&CK Techniques Effectively](https://www.paloaltonetworks.com/cyberpedia/how-to-implement-mitre-attack-techniques#how-to-use?ts=markdown) * [MITRE ATT\&CK Techniques Used Often by Cyber Attackers](https://www.paloaltonetworks.com/cyberpedia/how-to-implement-mitre-attack-techniques#techniques?ts=markdown) * [Implementing MITRE ATT\&CK Techniques FAQs](https://www.paloaltonetworks.com/cyberpedia/how-to-implement-mitre-attack-techniques#faq?ts=markdown) * What is the MITRE ATT\&CK Matrix? * [MITRE ATT\&CK Matrix Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#mitre?ts=markdown) * [Key Components of MITRE ATT\&CK: Tactics, Techniques, and Procedures](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#key?ts=markdown) * [Diverse MITRE ATT\&CK Matrices: Adapting to Specific Environments](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#diverse?ts=markdown) * [How Organizations Operationalize MITRE ATT\&CK](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#how?ts=markdown) * [Implementing and Maintaining a MITRE ATT\&CK Program](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#program?ts=markdown) * [Benefits of Leveraging the MITRE ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#benefits?ts=markdown) * [Common Challenges and Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#solutions?ts=markdown) * [MITRE ATT\&CK and the Cybersecurity Landscape](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#landscape?ts=markdown) * [MITRE ATT\&CK Matrix FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#faqs?ts=markdown) * [What Are MITRE ATT\&CK Techniques?](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-techniques?ts=markdown) * [MITRE ATT\&CK Techniques Explained](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-techniques#techniques?ts=markdown) * [The Anatomy of a MITRE ATT\&CK Technique](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-techniques#anatomy?ts=markdown) * [Understanding Common and Emerging ATT\&CK Techniques](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-techniques#common-techniques?ts=markdown) * [Detecting and Mitigating MITRE ATT\&CK Techniques](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-techniques#detecting?ts=markdown) * [Leveraging ATT\&CK Techniques for Enhanced Security Operations](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-techniques#leveraging?ts=markdown) * [The Future Evolution of ATT\&CK Techniques](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-techniques#future-evolution?ts=markdown) * [MITRE ATT\&CK Techniques FAQs](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-techniques#faqs?ts=markdown) * [How Has MITRE ATT\&CK Evolved?](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation?ts=markdown) * [Evolution of MITRE ATT\&CK Explained](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation#evolution?ts=markdown) * [The Historical Trajectory of MITRE ATT\&CK](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation#historical?ts=markdown) * [Why TTPs Matter: Shifting the Cybersecurity Paradigm](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation#why?ts=markdown) * [Key Milestones in ATT\&CK's Expansion and Refinement](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation#key?ts=markdown) * [Core Components and Their Evolving Definition](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation#core?ts=markdown) * [Why the Evolution Matters: Benefits for Cybersecurity Professionals](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation#professionals?ts=markdown) * [Addressing the Evolving Threat Landscape with ATT\&CK](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation#evolving?ts=markdown) * [Operationalizing the Framework: Practical Applications and Challenges](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation#challenges?ts=markdown) * [The Future of MITRE ATT\&CK](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation#future?ts=markdown) * [Evolution of MITRE ATT\&CK FAQs](https://www.paloaltonetworks.com/cyberpedia/evolution-of-mitre-attack-continuous-improvement-and-adaptation#faqs?ts=markdown) * [What Are MITRE ATT\&CK Use Cases?](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-use-cases?ts=markdown) * [How MITRE ATT\&CK Benefits Organizations](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-use-cases#how?ts=markdown) * [Key Components of the ATT\&CK Matrix](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-use-cases#key?ts=markdown) * [Main Use Cases for MITRE ATT\&CK](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-use-cases#main?ts=markdown) * [Real-World Applications of MITRE ATT\&CK](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-use-cases#real?ts=markdown) * [MITRE Att\&ck Use Cases FAQs](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-use-cases#faqs?ts=markdown) * [A CISO's Guide to MITRE ATT\&CK](https://www.paloaltonetworks.com/cyberpedia/a-cisos-guide-to-mitre-attack?ts=markdown) * [MITRE ATT\&CK Explained](https://www.paloaltonetworks.com/cyberpedia/a-cisos-guide-to-mitre-attack#mitre?ts=markdown) * [Benefits of MITRE ATT\&CK for CISOs](https://www.paloaltonetworks.com/cyberpedia/a-cisos-guide-to-mitre-attack#benefits?ts=markdown) * [How MITRE ATT\&CK Works for Cybersecurity Leaders](https://www.paloaltonetworks.com/cyberpedia/a-cisos-guide-to-mitre-attack#how?ts=markdown) * [Implementing MITRE ATT\&CK in Your Security Operations](https://www.paloaltonetworks.com/cyberpedia/a-cisos-guide-to-mitre-attack#operations?ts=markdown) * [Challenges and Best Practices for CISOs](https://www.paloaltonetworks.com/cyberpedia/a-cisos-guide-to-mitre-attack#challenges?ts=markdown) * [MITRE ATT\&CK for CISOs FAQs](https://www.paloaltonetworks.com/cyberpedia/a-cisos-guide-to-mitre-attack#faqs?ts=markdown) * [How Does MITRE ATT\&CK Apply to Different Technologies?](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-for-different-technologies?ts=markdown) * [Key Elements of the MITRE ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-for-different-technologies#key?ts=markdown) * [Technological Domains of the MITRE ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-for-different-technologies#technological?ts=markdown) * [MITRE ATT\&CK for Different Technologies FAQs](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-for-different-technologies#faqs?ts=markdown) * [What is the Difference Between MITRE ATT\&CK Sub-Techniques and Procedures?](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures?ts=markdown) * [Understanding the MITRE ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#understanding?ts=markdown) * [Exploring Sub-Techniques in the ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#sub-techniques?ts=markdown) * [Exploring Procedures in the ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#procedures?ts=markdown) * [The Role of Sub-Techniques in Cybersecurity Strategies](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#role?ts=markdown) * [Procedures as a Tool for Detailed Threat Analysis](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#tool?ts=markdown) * [Continuous Evolution: Staying Updated with ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#continuous?ts=markdown) * [MITRE ATT\&CK Sub-Techniques vs. Procedures FAQs](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures#faqs?ts=markdown) # What is the MITRE ATT\&CK Matrix? 5 min. read Table of Contents * * [MITRE ATT\&CK Matrix Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#mitre?ts=markdown) * [Key Components of MITRE ATT\&CK: Tactics, Techniques, and Procedures](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#key?ts=markdown) * [Diverse MITRE ATT\&CK Matrices: Adapting to Specific Environments](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#diverse?ts=markdown) * [How Organizations Operationalize MITRE ATT\&CK](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#how?ts=markdown) * [Implementing and Maintaining a MITRE ATT\&CK Program](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#program?ts=markdown) * [Benefits of Leveraging the MITRE ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#benefits?ts=markdown) * [Common Challenges and Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#solutions?ts=markdown) * [MITRE ATT\&CK and the Cybersecurity Landscape](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#landscape?ts=markdown) * [MITRE ATT\&CK Matrix FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#faqs?ts=markdown) 1. MITRE ATT\&CK Matrix Explained * * [MITRE ATT\&CK Matrix Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#mitre?ts=markdown) * [Key Components of MITRE ATT\&CK: Tactics, Techniques, and Procedures](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#key?ts=markdown) * [Diverse MITRE ATT\&CK Matrices: Adapting to Specific Environments](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#diverse?ts=markdown) * [How Organizations Operationalize MITRE ATT\&CK](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#how?ts=markdown) * [Implementing and Maintaining a MITRE ATT\&CK Program](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#program?ts=markdown) * [Benefits of Leveraging the MITRE ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#benefits?ts=markdown) * [Common Challenges and Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#solutions?ts=markdown) * [MITRE ATT\&CK and the Cybersecurity Landscape](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#landscape?ts=markdown) * [MITRE ATT\&CK Matrix FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix#faqs?ts=markdown) The MITRE ATT\&CK Matrix is a globally accessible knowledge base that categorizes adversary tactics and techniques based on real-world observations and experiences. It helps organizations understand how cyberattacks unfold---providing a common language for describing adversary behavior and supporting threat detection, response, and strategic planning. Built on actual incident data, the matrix is continuously updated, making it a living framework. Security teams use it to anticipate threats, identify gaps in coverage, and align defenses with known adversary behaviors. Key Points * **Behavioral Focus:** The MITRE ATT\&CK Matrix catalogs adversary tactics and techniques observed in real-world attacks. \* **Standardized Framework:** It provides a common language for discussing cyber threat behaviors, fostering better communication among cybersecurity professionals. \* **Enhanced Defenses:** Understanding ATT\&CK helps organizations proactively improve their detection capabilities and incident response strategies. \* **Strategic Application:** The matrix is valuable for red teaming, blue teaming, and purple teaming, aligning offensive and defensive security efforts. \* **Beyond Signatures:** ATT\&CK moves past traditional signature-based detection to focus on attacker methodologies and actions. ## MITRE ATT\&CK Matrix Explained The MITRE ATT\&CK Matrix provides a standardized lexicon for detailing adversary behavior, moving beyond simple malware signatures to focus on the actions attackers take during an intrusion. This framework is crucial for cybersecurity professionals as it enables more effective [threat intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-threat-intelligence?ts=markdown) sharing, improved defensive capabilities, and enhanced [incident response](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response?ts=markdown). It categorizes techniques by tactics---the "why" an adversary acts---and techniques---the "how" an adversary achieves a tactical goal. This structured approach enables organizations to anticipate, detect, and mitigate attacks by understanding the common paths and methods that adversaries employ. The significance of ATT\&CK lies in its practical application for red teaming, blue teaming, and purple teaming exercises, offering a common ground for offensive and defensive security operations to collaborate and strengthen an organization's security posture. ![Diagram: The MITRE ATT\&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework provides a comprehensive knowledge base of adversary tactics and techniques based on real-world observations. It helps organizations understand and defend against cyber threats by categorizing and describing the actions an attacker might take during a cyberattack.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-mitre-attack-matrix/mitre-attack-framework.jpg "MITRE ATT&CK Framework") **Figure 1**: Understanding the MITRE ATT\&CK Framework ## Key Components of MITRE ATT\&CK: Tactics, Techniques, and Procedures The MITRE ATT\&CK framework meticulously categorizes adversary behavior, providing a common language for understanding [cyber attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack?ts=markdown). This structured approach enables security teams to analyze and defend against threats more effectively. ### Adversary Tactics: The "Why" Adversary tactics represent the high-level adversarial goals during a cyber attack---the "why" an adversary acts. These columns of the ATT\&CK matrix outline the phases of an attack. * **Reconnaissance**: Collecting information to plan future operations. * **Resource Development**: Establishing resources to support operations. * **Initial Access**: Gaining first footholds in a network. * **Execution**: Running malicious code on a system. * **Persistence**: Maintaining a foothold across reboots or credential changes. * **Privilege Escalation**: Gaining higher-level permissions. * **Defense Evasion**: Avoiding detection by security controls. * **Credential Access** : [Stealing credentials](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack?ts=markdown) like usernames and passwords. * **Discovery**: Understanding the network environment. * [**Lateral Movement**](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement?ts=markdown): Moving through the network to gain control of additional systems. * **Collection**: Gathering data of interest from the target. * [**Command and Control (C2)**](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained?ts=markdown): Communicating with compromised systems. * [**Exfiltration**](https://www.paloaltonetworks.com/cyberpedia/data-exfiltration?ts=markdown): Stealing data out of the network. * **Impact**: Disrupting, corrupting, or destroying systems and data. ### Adversary Techniques: The "How" [MITRE ATT\&CK techniques](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-techniques?ts=markdown) describe the specific methods adversaries use to achieve a tactical objective---the "how." Each tactic comprises various techniques, detailing the actual actions an attacker takes. * Techniques often involve the misuse of legitimate system functions, known as "living off the land," making them harder to detect by traditional signature-based security tools. * Examples include Process Injection for defense evasion or Command and Scripting Interpreter for execution, as frequently observed in real-world attacks. ### Sub-techniques: Granular Detail Many techniques are further broken down into [sub-techniques](https://www.paloaltonetworks.com/cyberpedia/mitre-attack-sub-techniques-vs-procedures?ts=markdown), providing a more granular understanding of specific adversary behaviors. This level of detail enables more precise detection and mitigation strategies. * Sub-techniques enable organizations to fine-tune their defenses, taking into account diverse implementations of the same adversarial intent. * For instance, User Execution (T1204) under Initial Access can include sub-techniques like Malicious Link (T1204.001) or Malicious File (T1204.002). ![A diagram illustrating the four main MITRE ATT\&CK matrices: pre-att\&ck, enterprise att\&ck, mobile att\&ck, ICS att\&ck. In the center, a green circle with "MITRE ATT\&CK Matrices" is shown. Radiating from it are four rectangular panels, each describing a specific ATT\&CK matrix:](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/Cortex-Mitre-Attck-Matrix-diagrams.png "MITRE ATT&CK Matrices Overview") **Figure 2**: MITRE ATT\&CK Matrices ## Diverse MITRE ATT\&CK Matrices: Adapting to Specific Environments [MITRE ATT\&CK](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack?ts=markdown) extends beyond the general enterprise network, providing specialized matrices tailored to unique technology domains. These matrices ensure comprehensive coverage across varied operational environments. ### Enterprise Matrix The most extensive and widely recognized matrix, the Enterprise Matri, covers tactics and techniques used against Windows, macOS, Linux, cloud (AWS, GCP, Azure, Office 365, Azure AD, SaaS), and network infrastructure. * This matrix details threat actors, their objectives, and the detection and prevention methods applicable to these diverse platforms. ### Mobile Matrix Dedicated to mobile platforms, the Mobile Matrix focuses on threats and attack vectors specific to Android and iOS devices. It includes tactics and techniques for gaining unauthorized access, exploiting vulnerabilities, and other mobile-centric attacks. * The Mobile Matrix also incorporates techniques related to "Network Effects" and "Remote Service Effects," addressing actions an adversary can take without direct device access. ### Industrial Control Systems (ICS) Matrix The [ICS](https://www.paloaltonetworks.com/cyberpedia/what-is-ics-security?ts=markdown) Matrix addresses the unique cybersecurity challenges of industrial control systems, including [SCADA systems](https://www.paloaltonetworks.com/cyberpedia/ot-vs-ics-vs-scada-security?ts=markdown) and other [operational technology (OT)](https://www.paloaltonetworks.com/cyberpedia/what-is-ot-security?ts=markdown). It outlines adversary tactics and techniques aimed at disrupting, damaging, or controlling industrial processes. * This matrix is crucial for organizations operating critical infrastructure, offering insights into attacks that can have significant physical consequences. ### PRE-ATT\&CK Matrix While often discussed separately from the post-compromise ATT\&CK matrices, PRE-ATT\&CK focuses on adversary actions taken before an attack, specifically during the reconnaissance and resource development phases. * It helps organizations identify early signs of targeting and understand the information attackers might gather to plan their operations. ## How Organizations Operationalize MITRE ATT\&CK The MITRE ATT\&CK framework is not merely a reference document; it is a practical tool that empowers cybersecurity teams to enhance their defensive posture and proactive [threat management](https://www.paloaltonetworks.com/cyberpedia/threat-and-vulnerability-management?ts=markdown). ### Enhancing Threat Intelligence ATT\&CK provides context to threat intelligence by mapping observed adversary behaviors to specific tactics and techniques. This enables organizations to understand not only what happened, but also how and why. * By correlating threat intelligence with ATT\&CK, security teams can build relevant [threat models](https://www.paloaltonetworks.com/cyberpedia/threat-modeling?ts=markdown) based on real-world campaigns, moving beyond static [indicators of compromise (IOCs)](https://www.paloaltonetworks.com/cyberpedia/indicators-of-compromise-iocs?ts=markdown). * Understanding the TTPs of known threat actors helps predict likely next actions in an attack chain. ### Improving Threat Detection and Hunting [Security operations centers (SOCs)](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc?ts=markdown) leverage ATT\&CK to develop and refine their detection capabilities. By mapping existing security controls and logs to ATT\&CK techniques, organizations can identify gaps in coverage. * **Gap Analysis**: Organizations assess their current visibility and detection capabilities against the ATT\&CK matrix to pinpoint areas where they are vulnerable. This enables a prioritized approach to improving defenses. * **Behavioral Detections**: Instead of relying solely on signatures, ATT\&CK encourages building detections based on adversary behaviors, which are more resilient to changes in malware variants. For instance, detecting the execution of common scripting interpreters (cmd.exe, PowerShell) when observed in unusual contexts. * [**Threat Hunting**](https://www.paloaltonetworks.com/cyberpedia/threat-hunting?ts=markdown): Security analysts use ATT\&CK to proactively search for evidence of adversary activity that might have bypassed existing controls. This involves hypothesis-driven searches based on specific techniques. ### Assessing Security Posture and Tooling ATT\&CK serves as a benchmark for evaluating the effectiveness of security tools and controls. Organizations can map the capabilities of their security solutions (e.g., [EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr?ts=markdown), [SIEM](https://www.paloaltonetworks.com/cyberpedia/what-is-siem?ts=markdown), firewalls) against the matrix to identify overlaps and deficiencies. * **Control Validation**: Regularly validating that security controls can detect or prevent specific ATT\&CK techniques helps ensure their efficacy. * **Security Investments**: ATT\&CK guides strategic security investments by highlighting areas where new technologies or enhancements are most needed to address critical adversarial techniques. ### Facilitating Red Teaming and Blue Teaming Exercises ATT\&CK provides a common framework for offensive (red team) and defensive (blue team) security exercises. Red teams can utilize ATT\&CK to emulate specific adversary behaviors, while blue teams can leverage it to test and enhance their detection and response capabilities. * **Purple Teaming**: The framework enables effective purple teaming, where red and blue teams collaborate to share insights and improve overall security effectiveness, ensuring that defensive measures are validated against realistic attack scenarios. ### Streamlining Incident Response and Reporting During incident response, mapping observed adversary actions to ATT\&CK techniques helps responders understand the scope of an attack, predict next steps, and develop effective containment and eradication strategies. * **Standardized Reporting**: ATT\&CK provides a standardized vocabulary for reporting on incidents, making it easier to communicate threat information within an organization and with external partners. * **Remediation Efforts**: By understanding the specific techniques used, remediation efforts can be precisely targeted to undo the attacker's actions and prevent recurrence. **Mapping Security Controls to ATT\&CK Techniques** |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | **Security Control** | **Primary MITRE ATT\&CK Tactics Covered** | **Example ATT\&CK Techniques** | **Palo Alto Networks Solution Alignment** | | **Endpoint Detection and Response (EDR)** | Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Impact | Process Injection, Scheduled Task/Job, Brute Force, Obfuscated Files or Information, Credential Dumping, Network Share Discovery, Remote Services, Data Staged, Data Encrypted for Impact | Cortex XDR: Provides broad coverage across 121 out of 136 techniques, with automated detection and prevention of endpoint threats, including advanced ransomware and macOS/Linux attacks. | | [**Next-Generation Firewall (NGFW)**](https://www.paloaltonetworks.com/cyberpedia/what-is-a-next-generation-firewall-ngfw?ts=markdown) | Initial Access, Command and Control, Exfiltration, Defense Evasion | Phishing, Exploit Public-Facing Application, Standard Application Layer Protocol, Data Compressed, Encrypted Traffic, Port Scan | Palo Alto Networks Next-Gen Firewalls (PAN-OS): Prevent initial intrusions, detect and block malicious command and control communications, and prevent data exfiltration by inspecting traffic at various layers. | | **Security Information and Event Management (SIEM) / Security Operations Platform** | All Tactics (through correlation and analysis) | Tactic-level and Technique-level Detections (aggregates data from various sources) | Cortex XSOAR / Cortex XSIAM: Ingests and correlates data from various sources, including endpoint, network, and cloud, mapping events to ATT\&CK techniques for comprehensive visibility, automated threat correlation, and accelerated incident response. | | **[Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management?ts=markdown) / [Cloud Workload Protection (CWPP)](https://www.paloaltonetworks.com/cyberpedia/what-is-cwpp-cloud-workload-protection-platform?ts=markdown)** | Initial Access, Persistence, Privilege Escalation, Defense Evasion, Discovery, Exfiltration, Impact (Cloud-specific) | Cloud API Attacks, Exploitation for Privilege Escalation, Impair Defenses, Instance Metadata API, Data from Cloud Storage, Resource Hijacking | Prisma Cloud: Offers real-time cloud security, identifying tactics and techniques per MITRE ATT\&CK's Cloud Matrix, including network anomaly detection (e.g., port scans), user and entity behavior analytics (UEBA), and threat intelligence-based detections for cloud-native applications and infrastructure. | | **[Identity and Access Management (IAM](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management?ts=markdown))** | Initial Access, Persistence, Privilege Escalation, Credential Access, Defense Evasion | Valid Accounts, Account Manipulation, Brute Force, Steal or Forge Kerberos Tickets | Palo Alto Networks Identity-based Security (e.g., integration with directory services): Enforces granular access controls, detects anomalous login behaviors, and prevents credential misuse. | **Table 1**: Mapping Security Controls ## Implementing and Maintaining a MITRE ATT\&CK Program Successfully integrating MITRE ATT\&CK into an organization's cybersecurity operations requires a structured approach and continuous effort. ### Step-by-Step Implementation Organizations can adopt a phased approach to implementing ATT\&CK, focusing on gradual improvements and building maturity over time. 1. **Understand Your Environment**: Begin by documenting your critical assets, network architecture, and existing security controls. 2. **Assess Your Threat Landscape** : Identify the most relevant threat actors and their common TTPs that are likely to target your industry or organization. [Palo Alto Networks' Unit 42 reports](https://www.paloaltonetworks.in/resources/research/unit-42-incident-response-report), for example, often detail threat actor TTPs, which can be mapped to ATT\&CK techniques. 3. **Map Current Capabilities**: Use the ATT\&CK matrix to map your existing security tools, detection rules, and incident response procedures to the techniques they cover. This provides a baseline understanding of your current defensive posture. 4. **Identify and Prioritize Gaps**: Based on the mapping, pinpoint critical techniques that are not adequately covered by current controls. Prioritize these gaps based on their likelihood of being exploited and their potential impact. 5. **Develop an Implementation Roadmap**: Create a plan to address identified gaps, which may involve deploying new security tools, developing custom detection rules, or enhancing existing processes. 6. **Leverage Available Resources**: Utilize tools like MITRE ATT\&CK Navigator to visualize and manage ATT\&CK mappings, and consult community resources for best practices and shared detections. ### Continuous Improvement and Updates The threat landscape is constantly evolving, and so is the MITRE ATT\&CK framework. Regular updates by MITRE incorporate new adversarial behaviors and refinements. * Organizations must continuously update their ATT\&CK mappings and detection strategies to reflect the latest framework versions and emerging threats. * Staying informed about new adversary TTPs, often detailed in threat intelligence reports, is crucial for maintaining an effective ATT\&CK program. ## Benefits of Leveraging the MITRE ATT\&CK Framework Adopting the MITRE ATT\&CK framework provides significant advantages for organizations seeking to enhance their cybersecurity defenses and cultivate a more proactive security posture. * **Common Language**: Provides a standardized vocabulary for describing adversary behavior, enhancing communication among security teams and stakeholders. * **Threat-Informed Defense**: Shifts focus from merely blocking known signatures to understanding and defending against actual adversary tactics and techniques. * **Improved Detection**: Enables the development of more comprehensive and behavior-based detection rules, reducing reliance on easily bypassed indicators. * **Prioritized Investments**: Helps organizations make informed decisions about where to invest security resources by highlighting critical gaps and the most prevalent attack techniques. * **Enhanced Collaboration**: Fosters better collaboration between red teams, blue teams, and purple teams, leading to more realistic security testing and validated defenses. * **Proactive Security**: Supports a proactive approach to cybersecurity, allowing organizations to anticipate attacks and build resilience rather than reacting solely to incidents. ## Common Challenges and Solutions While the MITRE ATT\&CK Matrix offers immense value, organizations often encounter challenges during its implementation and ongoing use. These can range from a lack of internal expertise to difficulties integrating ATT\&CK into existing security workflows. Understanding these common hurdles and their corresponding solutions can help organizations navigate the adoption process more smoothly and achieve a more mature ATT\&CK-driven security program. It's about adapting the framework to specific organizational needs and resources. |------------------------------------|-----------------------------------------------------------------------------| | **Challenge** | **Solution** | | **Overwhelmed by Complexity** | Start small; focus on relevant tactics using tools like ATT\&CK Navigator | | **Lack of Integration with Tools** | Prioritize platforms with native ATT\&CK support (e.g., Palo Alto Networks) | | **Skill Gaps in Staff** | Invest in training, certifications, and expert guidance | | **Difficulty Measuring ROI** | Define KPIs (coverage, detection, response time) and run simulations | **Table 2**: MITRE ATT\&CK Matrix Common Challenges and Solutions. ### Overwhelmed by Scale and Complexity The sheer size and detail of the MITRE ATT\&CK Matrix can be daunting for organizations new to the framework. With hundreds of techniques and sub-techniques, it's easy to feel overwhelmed and unsure where to begin. This complexity can hinder initial adoption and lead to incomplete implementations. **Solution:** * Start small and prioritize. * Focus on the tactics and techniques most relevant to your organization's specific threat landscape and critical assets. * Leverage tools and resources that provide curated views or guided pathways through the matrix, such as MITRE's ATT\&CK Navigator, which allows for visual representation and filtering of techniques. ### Lack of Integration with Existing Tools Many organizations struggle to integrate the MITRE ATT\&CK Matrix with their existing security information and event management (SIEM) systems, endpoint detection and response (EDR) solutions, or threat intelligence platforms. Without seamless integration, the utility of ATT\&CK as an operational framework is limited. **Solution:** * Prioritize security tools that offer native ATT\&CK mapping and reporting capabilities. For tools that don't, develop custom parsers or scripts to align their outputs with ATT\&CK techniques. * Consider investing in security orchestration, automation, and response (SOAR) platforms that can automate the correlation of events with ATT\&CK techniques, streamlining analysis and response. Palo Alto Networks solutions, for instance, are designed with strong ATT\&CK integration, providing visibility and protection mapped directly to the framework. ### Insufficient Expertise and Training Effectively utilizing the MITRE ATT\&CK Matrix requires a thorough understanding of adversary behaviors and how they align with the framework. Many security teams lack the specialized expertise needed to fully leverage ATT\&CK for threat hunting, incident response, or control validation. **Solution:** * Invest in comprehensive training for security analysts, incident responders, and security architects. * Encourage certifications related to threat intelligence and ATT\&CK. * Foster a culture of continuous learning and knowledge sharing within the security team. * Consider engaging with external experts or consulting services to jumpstart ATT\&CK adoption and provide specialized guidance. ### Difficulty in Measuring Effectiveness Organizations often struggle to measure the effectiveness of their ATT\&CK-driven security improvements quantitatively. Without clear metrics, it's challenging to demonstrate return on investment (ROI) or justify further resources for ATT\&CK initiatives. **Solution:** * Establish clear key performance indicators (KPIs) related to ATT\&CK coverage, detection rates, and response times for specific techniques. * Use simulation tools to test defensive capabilities against ATT\&CK techniques and track improvements over time. * Regularly perform red team exercises or adversary emulation based on ATT\&CK to validate and measure the effectiveness of controls. ## MITRE ATT\&CK and the Cybersecurity Landscape The MITRE ATT\&CK framework has become a cornerstone of modern cybersecurity, influencing how organizations approach threat intelligence, defense, and overall security strategy. ### Evolution of Cybersecurity Practices ATT\&CK has driven a shift from purely reactive, signature-based security to a more proactive, threat-informed defense model. This evolution emphasizes understanding adversary intent and capabilities. * It encourages security teams to think like attackers, anticipating their moves and building defenses that disrupt their typical attack paths. ### Integration with Other Frameworks While comprehensive, ATT\&CK often complements other cybersecurity frameworks, such as the [Lockheed Martin Cyber Kill Chain](https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html) or the [NIST Cybersecurity Framework](https://www.nist.gov/cyberframework). * **Cyber Kill Chain**: The Cyber Kill Chain provides a high-level view of the stages of an attack, while ATT\&CK offers granular detail on the techniques used within each stage. They can be used together to provide both strategic and tactical perspectives. * **NIST Cybersecurity Framework** : NIST provides a framework for [managing cybersecurity risk](https://www.paloaltonetworks.com/cyberpedia/ai-risk-management-framework?ts=markdown), and ATT\&CK can be used to inform specific implementation details within the "Detect" and "Respond" functions of the NIST framework. ### The Future of Threat-Informed Defense As [AI](https://www.paloaltonetworks.com/cyberpedia/artificial-intelligence-ai?ts=markdown) and [machine learning](https://www.paloaltonetworks.com/cyberpedia/machine-learning-ml?ts=markdown) continue to evolve, their integration with ATT\&CK will likely deepen, enabling more sophisticated automated detection and response capabilities. * The framework's adaptability ensures it will remain a critical resource for defenders as new threats and technologies emerge. ## MITRE ATT\&CK Matrix FAQs ### What is the primary difference between a MITRE ATT\&CK tactic and a technique? A tactic represents the "why" or the adversarial objective (e.g., Initial Access), while a technique describes the "how" or the specific method used to achieve that objective (e.g., Spearphishing Attachment). Tactics are high-level goals, and techniques are the specific actions that achieve them. ### How does MITRE ATT\&CK help in prioritizing security investments? By mapping your existing security controls and threat intelligence to the ATT\&CK matrix, you can identify which adversary techniques are not adequately covered. This gap analysis allows you to prioritize investments in tools, processes, or training that address the most critical and unmitigated attack techniques. ### Can MITRE ATT\&CK be used by small and medium-sized businesses (SMBs)? Yes, while extensive, SMBs can start by focusing on the most common tactics and techniques relevant to their specific threat landscape. They can utilize the framework to enhance their basic cyber hygiene, deepen their understanding of common attacks, and inform their security tool selections. ### How often is the MITRE ATT\&CK framework updated? The MITRE ATT\&CK framework is regularly updated, typically on a semi-annual basis, to incorporate new adversary tactics, techniques, and procedures observed in the wild, ensuring it remains current with evolving threat actor methodologies. ### Is there an official tool to navigate the MITRE ATT\&CK Matrix? Yes, MITRE provides the ATT\&CK Navigator, an open-source web application that allows users to explore, annotate, and visualize the ATT\&CK matrix. It's a popular tool for gap analysis, threat hunting, and red team planning. Related Content [The Complete Guide to the 2024 MITRE ATT\&CK Evaluations This essential guide breaks down the test methodology, highlighting changes this year and shows how endpoint security vendors performed.](https://start.paloaltonetworks.com/mitre-round-6-the-essential-guide) [Cortex XDR's Mitre ATT\&CK Results Page Resources for the Mitre ATT\&CK Evaluations and Cortex XDR results](https://www.paloaltonetworks.com/cortex/cortex-xdr/mitre) [Understanding Round 6 Mitre Results Watch the video for Cortex XDR's performance](https://players.brightcove.net/1050259881001/default_default/index.html?videoId=6371714649112) [The Mitre Att\&CK Evaluations Dashboard Explore our interactive tool on current and past evaluations](https://app.fabric.microsoft.com/view?r=eyJrIjoiNDk5ZWFmODctYjY2ZS00NzI5LWJkZDYtNDE5ODAwYjU2ZGNlIiwidCI6IjgyOTNjZmRmLThjMjQtNDY1NS1hMzA3LWVhMjFjZDNiMjJmZiIsImMiOjF9) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20is%20the%20MITRE%20ATT%26CK%20Matrix%3F&body=Improve%20cybersecurity%20with%20the%20MITRE%20ATT%26CK%20Matrix.%20Learn%20how%20this%20framework%20maps%20adversary%20tactics%20and%20techniques%20to%20strengthen%20threat%20detection%20and%20response.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-matrix) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/how-to-implement-mitre-attack-techniques?ts=markdown) How Do I Implement MITRE ATT\&CK Techniques? [Next](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-techniques?ts=markdown) What Are MITRE ATT\&CK Techniques? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language