[](https://www.paloaltonetworks.com/?ts=markdown)

* Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)
  ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [](https://www.paloaltonetworks.com/?ts=markdown)

* Products  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products  
  [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)
  
  * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)
  
  * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  
  * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)
  
  * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)
  
  * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  
  * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)
  
  * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)
  
  * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  
  * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)
  
  * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)
  
  * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)
  
  * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)
  
  * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)
  
  * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  
  * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)
  
  * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)
  
  * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)
  
  * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)
  
  * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)
  
  * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)
  
  * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)
  
  * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)
  
  * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)
  
  * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)  
    [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)
  
  * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)
  
  * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)
  
  * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)
  
  * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)
  
  * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)
  
  * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown)
  
  * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)
  
  * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown)
  
  * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)
  
  * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown)
  
  * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  
  * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* Solutions  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions  
  Secure AI by Design
  
  * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)  
    Network Security
  * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown)
  * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown)
  * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown)
  * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown)
  * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown)
  * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown)
  * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown)
  * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown)
  * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)  
    Cloud Security
  * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown)
  * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown)
  * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown)
  * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown)
  * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown)
  * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown)
  * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown)
  * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown)
  * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown)  
    Security Operations
  * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown)
  * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown)
  * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown)
  * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown)
  * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown)
  * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown)
  * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown)
  * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown)
  * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown)
  * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown)  
    Endpoint Security
  * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown)
  * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown)
  * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown)
  * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown)  
    [Industries](https://www.paloaltonetworks.com/industry?ts=markdown)
  * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown)
  * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown)
  * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown)
  * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown)
  * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown)

* Services  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services  
  [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)
  
  * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)
  
  * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown)
  
  * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown)
  
  * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown)
  
  * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown)
  
  * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown)
  
  * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown)
  
  * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown)
  
  * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown)
  
  * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown)
  
  * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown)
  
  * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown)
  
  * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown)
  
  * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown)
  
  * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)
  
  * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown)
  
  * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown)
  
  * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown)
  
  * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown)
  
  * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown)
  
  * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)
  
  * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown)
  
  * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown)
  
  * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown)
  
  * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown)  
    [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown)
  
  * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown)
  
  * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown)
  
  * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown)
  
  * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown)
  
  * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown)  
    [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg)  
    UNIT 42 RETAINER
    Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial.
    Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)

* Partners  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners  
  NextWave Partners
  
  * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown)
  * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown)
  * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown)
  * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown)
  * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown)
  * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown)
  * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown)
  * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown)  
    Take Action
  * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown)
  * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown)
  * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner)
  * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess)
  * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator)  
    [CYBERFORCE
    CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise.
    Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown)

* Company  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company  
  Palo Alto Networks
  
  * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
  * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown)
  * [Investor Relations](https://investors.paloaltonetworks.com)
  * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
  * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown)
  * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
  * [Military \& Veterans](https://jobs.paloaltonetworks.com/military)  
    [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown)
  * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown)
  * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown)
  * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown)
  * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown)
  * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown)
  * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
  * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown)  
    Careers
  * [Overview](https://jobs.paloaltonetworks.com/)
  * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/)  
    [A Newsweek Most Loved Workplace
    "Businesses that do right by their employees"
    Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown)

* More  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More  
  Resources
  
  * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
  * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/)
  * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
  * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
  * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
  * [Tech Insider](https://techinsider.paloaltonetworks.com/)
  * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/)
  * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/)
  * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown)
  * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown)
  * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown)
  * [Tech Docs](https://docs.paloaltonetworks.com/)
  * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown)
  * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/)
  * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown)  
    Connect
  * [LIVE community](https://live.paloaltonetworks.com/)
  * [Events](https://events.paloaltonetworks.com/)
  * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown)
  * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown)
  * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)  
    [Blog
    Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity
    Learn more](https://www.paloaltonetworks.com/blog/)

* Sign In  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)

* [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown)  
  Search  
  All

* [Tech Docs](https://docs.paloaltonetworks.com/search)  
  Close search modal
  [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com)  
  [](https://www.paloaltonetworks.com/?ts=markdown)

1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
2. [Cloud Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security?ts=markdown)
3. [What Is Secure SD-WAN? | What It Is and How It Works](https://www.paloaltonetworks.com/cyberpedia/what-is-secure-sd-wan?ts=markdown)  
   Table of contents

* [How does secure SD-WAN work?](#how)
* [What are the common features of secure SD-WAN solutions?](#what)
* [What are the benefits of secure SD-WAN?](#benefits)
* [Who should consider secure SD-WAN?](#consider)
* [What is the difference between secure SD-WAN and SD-WAN security?](#difference)
* [Secure SD-WAN FAQs](#faqs)

# What Is Secure SD-WAN? | What It Is and How It Works

4 min. read  
Table of contents

* [How does secure SD-WAN work?](#how)
* [What are the common features of secure SD-WAN solutions?](#what)
* [What are the benefits of secure SD-WAN?](#benefits)
* [Who should consider secure SD-WAN?](#consider)
* [What is the difference between secure SD-WAN and SD-WAN security?](#difference)
* [Secure SD-WAN FAQs](#faqs)

1. How does secure SD-WAN work?

* [1. How does secure SD-WAN work?](#how)
* [2. What are the common features of secure SD-WAN solutions?](#what)
* [3. What are the benefits of secure SD-WAN?](#benefits)
* [4. Who should consider secure SD-WAN?](#consider)
* [5. What is the difference between secure SD-WAN and SD-WAN security?](#difference)
* [6. Secure SD-WAN FAQs](#faqs)  
  ![What Is Secure SD-WAN?](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/video-thumbnail-what-is-secure-sd-wan.png)  
  close

The term "secure SD-WAN" describes an SD-WAN solution that integrates advanced security features with its core functionalities of optimizing and managing wide area network (WAN) connections.

Unlike traditional SD-WAN, which primarily focuses on improving network performance and connectivity, secure SD-WAN includes robust security measures to guard against cyber threats.

## How does secure SD-WAN work?

The operational mechanics of secure [SD-WAN (software-defined wide area network)](https://www.paloaltonetworks.com/cyberpedia/what-is-sd-wan?ts=markdown) are the same as those you can expect to find within a traditional [SD-WAN architecture](https://www.paloaltonetworks.com/cyberpedia/sd-wan-architecture?ts=markdown).  
![SD-WAN architecture diagram, featuring a central data center connected to four branch locations, represented as gray building icons. These connections are color-coded to indicate different types of internet connections: MPLS in red, cellular connections in green, and broadband in orange. Surrounding the central network diagram are logos of various internet and cloud services, such as AWS, Azure, Google, Dropbox, Salesforce, Workday, and YouTube, implying their integration or accessibility through this network architecture.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-sd-wan/sd-wan-architecture.png "SD-WAN architecture diagram, featuring a central data center connected to four branch locations, represented as gray building icons. These connections are color-coded to indicate different types of internet connections: MPLS in red, cellular connections in green, and broadband in orange. Surrounding the central network diagram are logos of various internet and cloud services, such as AWS, Azure, Google, Dropbox, Salesforce, Workday, and YouTube, implying their integration or accessibility through this network architecture.")

Secure SD-WAN operation begins with its ability to intelligently direct traffic flows across the WAN. Instead of sending all traffic through a central corporate data center---which can introduce latency and clog network bandwidth---secure SD-WAN uses policies to identify and route traffic through the most efficient paths.

It dynamically chooses between multiple connections, such as broadband internet, [MPLS](https://www.paloaltonetworks.com/cyberpedia/mpls-what-is-multiprotocol-label-switching?ts=markdown), or cellular links, based on the current network conditions and predefined policies, optimizing both performance and cost.

Like this:  
![The diagram titled](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-sd-wan/sd-wan-dynamic-path.png "The diagram titled ")

Now here's where security comes in.

Security capabilities are woven into this fabric, with secure [SD-WAN devices](https://www.paloaltonetworks.com/cyberpedia/what-is-an-sdwan-appliance?ts=markdown) deploying next-generation firewall and intrusion prevention technologies at the branch level.

This setup ensures that sensitive data is encrypted and that all incoming and outgoing traffic flows are scrutinized for threats in real-time.

By integrating security into the SD-WAN devices themselves, organizations can enforce a consistent security posture across all locations. Which is way simpler and often more effective than managing disparate security products.

Here's what it looks like:  
![Architecture diagram illustrating a secure SD-WAN deployment. At the top, a next-generation firewall (NGFW) is depicted alongside various security measures, including IDS/IPS, ATP, UTM, SWG, DLP, and SSL. Below, two branch retail locations are shown, each connected through multiple WAN types, including LTE, Cable, and MPLS. The connections lead to a colocation hub, which is centrally positioned in the diagram. From the colocation hub, a line connects to centralized security management, indicated by a lock icon, emphasizing its role in overseeing security across the network. The diagram also connects to various external services, including a public cloud, SaaS, the Internet, and HQ, all represented on the right side. The title](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-sd-wan/secure-sd-wan-deployment.png "Architecture diagram illustrating a secure SD-WAN deployment. At the top, a next-generation firewall (NGFW) is depicted alongside various security measures, including IDS/IPS, ATP, UTM, SWG, DLP, and SSL. Below, two branch retail locations are shown, each connected through multiple WAN types, including LTE, Cable, and MPLS. The connections lead to a colocation hub, which is centrally positioned in the diagram. From the colocation hub, a line connects to centralized security management, indicated by a lock icon, emphasizing its role in overseeing security across the network. The diagram also connects to various external services, including a public cloud, SaaS, the Internet, and HQ, all represented on the right side. The title ")

Not to mention, secure SD-WAN is a great stepping stone for organizations who are seeking to increase security but aren't yet ready for a full transition to a more comprehensive solution like [SASE](https://www.paloaltonetworks.com/cyberpedia/what-is-sase?ts=markdown).

*** ** * ** ***

***Further reading:***

* [*Traditional WAN vs. SD-WAN: What Are the Differences?*](https://www.paloaltonetworks.com/cyberpedia/traditional-wan-vs-sd-wan?ts=markdown)
* [*SD-WAN vs. SASE: What's the Difference?*](https://www.paloaltonetworks.com/cyberpedia/sd-wan-vs-sase?ts=markdown)

*** ** * ** ***

## What are the common features of secure SD-WAN solutions?

![Architecture diagram listing the integrated security features of secure SD-WAN solutions. It features six distinct security measures, each enclosed in a blue square with corresponding icons. The measures include](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-sd-wan/secure-sd-wan-features.png)

Secure SD-WAN solutions are fundamentally similar to traditional SD-WAN, incorporating all of the same core features, including:

* Internet connectivity
* Dynamic path selection
* Centralized management
* [Quality of service (QoS)](https://www.paloaltonetworks.com/cyberpedia/what-is-quality-of-service-qos?ts=markdown)
* Application-aware routing
* [Zero-touch provisioning](https://www.paloaltonetworks.com/cyberpedia/what-is-zero-touch-provisioning-ZTP?ts=markdown)
* Limited integrated security features

\*Note: Security features depend on the SD-WAN solution and vendor.

As we've established, secure SD-WAN technology merges advanced networking capabilities with advanced security measures.

Integrated security features unique to secure SD-WAN solutions often include:

* Next-generation firewalls (NGFWs)
* Intrusion detection and prevention systems (IDS/IPS)
* Advanced threat protection (ATP)
* Secure web gateways (SWG)
* Unified threat management (UTM)
* Data loss prevention (DLP)
* SSL inspection

By offering these features, secure SD-WAN solutions improve network performance, streamline network management, and enhance network security.

Let's take a closer look at each feature.

### Next-generation firewalls

Firewalls play a key role in secure SD-WAN deployments by providing advanced security features integrated into the network fabric.

In secure SD-WAN architectures, NGFWs are deployed at branch locations and headquarters, serving as a first line of defense against cyber threats.

Here's what it looks like:  
![Architecture diagram illustrating the architecture of SD-WAN for next-generation firewalls (NGFW) within a global context. It features a world map with various points marked to represent different branch locations connected by a global backbone. Each branch is shown with the label](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-sd-wan/sd-wan-for-ngfw.png "Architecture diagram illustrating the architecture of SD-WAN for next-generation firewalls (NGFW) within a global context. It features a world map with various points marked to represent different branch locations connected by a global backbone. Each branch is shown with the label ")

This particular scenario demonstrates the integration of Palo Alto Networks NGFWs into an end-to-end Prisma SD-WAN architecture, architected for global interconnect. The end result is natively integrated security and connectivity. Note: Deployments vary depending on the SD-WAN and NGFW solutions, as well as the network environment.

NGFWs offer enhanced capabilities including but not limited to:

* Application awareness
* URL and web content filtering
* Deep packet inspection
* Malware detection
* Antivirus protection

A key function of NGFWs in secure SD-WAN is to enforce security policies consistently across all locations. This maintains the same level of security, whether users are accessing data from a branch office, headquarters, or through cloud based services.

*** ** * ** ***

***Further reading:** [How Are Firewalls and SD-WAN Related?](https://www.paloaltonetworks.com/cyberpedia/how-are-firewalls-and-sd-wan-related?ts=markdown)*

*** ** * ** ***

### Intrusion detection and prevention systems

![Architecture diagram illustrating the relationship between IDS/IPS (Intrusion Detection System/Intrusion Prevention System) and SD-WAN. On the left, a branch is connected to a switch and a firewall, leading to the SD-WAN router positioned in the center. Above the router, an IDS/IPS component is shown, with a dashed line indicating its connection to the switch and firewall. To the right, the SD-WAN router connects to HQ, where it links to a SIEM (Security Information and Event Management) system and a data center. The router also connects to the Internet, with an attacker depicted as a potential threat on the far right. The title](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-sd-wan/ids-ips-sd-wan.png "Architecture diagram illustrating the relationship between IDS/IPS (Intrusion Detection System/Intrusion Prevention System) and SD-WAN. On the left, a branch is connected to a switch and a firewall, leading to the SD-WAN router positioned in the center. Above the router, an IDS/IPS component is shown, with a dashed line indicating its connection to the switch and firewall. To the right, the SD-WAN router connects to HQ, where it links to a SIEM (Security Information and Event Management) system and a data center. The router also connects to the Internet, with an attacker depicted as a potential threat on the far right. The title ")

Intrusion detection and prevention systems (IDS/IPS) are embedded within secure SD-WAN to monitor network traffic for signs of malicious activity and known threats, actively analyzing and preventing attacks.

### Advanced threat protection

Advanced threat protection offers sophisticated defenses against evolving cyber threats by using continuously updated threat intelligence to identify, block, and remediate attacks in real time.

These defenses include, but aren't limited to:

* **Sandboxing**  
  Sandboxing provides a controlled environment to execute suspicious code or analyze unknown software. This helps in identifying zero-day threats by observing behavior without risking the main network.
* **Encrypted traffic analysis**  
  Encrypted traffic analysis allows for the detection and blocking of threats within encrypted traffic without decryption, maintaining privacy while reducing load.

### Secure web gateways (SWG)

![Architecture diagram illustrating the components and functionalities of a Secure Web Gateway (SWG). On the left side, various sources are depicted, including offices, private data centers, and the option to work from anywhere. In the center, the Secure Web Gateway is prominently displayed, connecting to the left sources and the public Internet on the right. Several security functions are associated with the SWG, including web proxy, policy enforcement, and malware detection, indicated by upward arrows. Below the SWG, additional features such as URL filtering, Data Loss Prevention (DLP), a sandbox environment, and traffic inspection are listed. At the bottom, elements for user interaction, real-time analytics, and live 24/7 monitoring are shown. On the far right, cloud services such as AWS, Box, and Salesforce are indicated, along with web traffic flowing from the public Internet. The title](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-sd-wan/secure-web-gateway.png "Architecture diagram illustrating the components and functionalities of a Secure Web Gateway (SWG). On the left side, various sources are depicted, including offices, private data centers, and the option to work from anywhere. In the center, the Secure Web Gateway is prominently displayed, connecting to the left sources and the public Internet on the right. Several security functions are associated with the SWG, including web proxy, policy enforcement, and malware detection, indicated by upward arrows. Below the SWG, additional features such as URL filtering, Data Loss Prevention (DLP), a sandbox environment, and traffic inspection are listed. At the bottom, elements for user interaction, real-time analytics, and live 24/7 monitoring are shown. On the far right, cloud services such as AWS, Box, and Salesforce are indicated, along with web traffic flowing from the public Internet. The title ")

SWGs provide web security through content filtering, malicious website detection, and enforcement of corporate policies.

### Data loss prevention

Data loss prevention (DLP) monitors and protects sensitive data from unauthorized access and breaches, ensuring it doesn't leave the network without proper authorization.

### SSL inspection

![Architecture diagram illustrating the process of SSL inspection within a network security framework. On the left, a server is connected to an SSL inspection device, which is centrally positioned in the diagram. Above the SSL inspection device, an Intrusion Prevention System (IPS) is indicated with an upward arrow, showing interaction with the device. To the right, a firewall is depicted, with a direct connection to the user. Below the SSL inspection device, two additional components are shown: a forensic tool and Data Loss Prevention (DLP) measures, each with their respective icons. The title](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-sd-wan/ssl-inspection.png "Architecture diagram illustrating the process of SSL inspection within a network security framework. On the left, a server is connected to an SSL inspection device, which is centrally positioned in the diagram. Above the SSL inspection device, an Intrusion Prevention System (IPS) is indicated with an upward arrow, showing interaction with the device. To the right, a firewall is depicted, with a direct connection to the user. Below the SSL inspection device, two additional components are shown: a forensic tool and Data Loss Prevention (DLP) measures, each with their respective icons. The title ")

Secure SD-WAN solutions often include SSL inspection to decrypt encrypted traffic, enabling deeper inspection of the contents for hidden threats.

### Unified threat management

Unified threat management (UTM) integrates essential security features into a single platform, several of which we've mentioned above, including:

* Antispam
* URL filtering and application control
* Firewalls
* IDS/IPS
* VPN
* Content filtering

## What are the benefits of secure SD-WAN?

Secure SD-WAN offers the same foundational [benefits of SD-WAN](https://www.paloaltonetworks.com/cyberpedia/benefits-of-sd-wan?ts=markdown), including:

* Operational simplicity
* Carrier-independent WAN connectivity and improved ROI
* Improved security
* Enhanced performance
* Improved connectivity and direct cloud access
* Seamless connectivity management
* Foundation to secure access service edge (SASE) strategy
* Integration with other network services
* 24/7 support
* Hardware lifecycle management
* Public cloud support

Additional security benefits of secure SD-WAN solutions include:  
![Architecture diagram illustrating the security benefits of secure SD-WAN solutions, featuring six distinct advantages displayed in blue squares. The benefits listed include](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-sd-wan/secure-sd-wan-benefits.png)

* Enhanced network security posture
* Simplified security management
* Improved visibility and control
* Reduced complexity and increased operational efficiency
* Secure cloud connectivity
* Improved compliance with security standards

Let's dive into the details.

### Enhanced network security posture

Secure SD-WAN improves overall network security posture by seamlessly integrating security measures into the network architecture. This approach ensures security isn't just an overlay but built into the network. And that reduces the potential for gaps and vulnerabilities across the WAN.

### Simplified security management

The centralized management capabilities of secure SD-WAN allow for streamlined security operations.

Like so:  
![Architecture diagram illustrating centralized security management in an SD-WAN environment. An admin is shown at the top left, indicating responsibility for policy management. Below, there are three branch locations: one existing branch and two new branches, each connected to an SD-WAN controller positioned on the right. The SD-WAN controller features a list of management functions, including security policy management, routing option management, network orchestration, and access control lists. The layout emphasizes the centralized approach to managing security across multiple branch locations within the SD-WAN architecture. The title](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-sd-wan/sd-wan-centralized-security-management.png "Architecture diagram illustrating centralized security management in an SD-WAN environment. An admin is shown at the top left, indicating responsibility for policy management. Below, there are three branch locations: one existing branch and two new branches, each connected to an SD-WAN controller positioned on the right. The SD-WAN controller features a list of management functions, including security policy management, routing option management, network orchestration, and access control lists. The layout emphasizes the centralized approach to managing security across multiple branch locations within the SD-WAN architecture. The title ")

Network admins can implement and update security policies across all locations simultaneously. Which ensures consistent security measures are enforced without the need for manual configuration at each site.

### Improved visibility and control

Secure SD-WAN solutions also provide enhanced visibility into network and application traffic with detailed analytics and reporting capabilities.  
![UI screenshot displaying the NGFW (Next-Generation Firewall) SD-WAN dashboard within the Strata Cloud Manager interface. The title](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-sd-wan/monitoring-ngfw-sd-wan-dashboard.png "UI screenshot displaying the NGFW (Next-Generation Firewall) SD-WAN dashboard within the Strata Cloud Manager interface. The title ")

Here you can see an example of the NGFW SD-WAN Dashboard in Strata Cloud Manager, which allows you to monitor network traffic, manage security policies, and view real-time analytics from a centralized platform. Note: Security analytics and reporting capabilities will be different depending on the SD-WAN vendor.

The visibility ensures security teams can better understand traffic flow patterns and potential threats. This allows for quicker responses to security incidents and more informed decision-making overall.

### Reduced complexity and increased operational efficiency

Integrating security functions with SD-WAN reduces the complexity of network architectures.

The integration simplifies security management and streamlines operations. This way, IT teams can focus on strategic tasks rather than maintaining multiple disparate systems.

### Secure cloud connectivity

Secure SD-WAN facilitates efficient, secure connectivity to cloud applications.  
![Architecture diagram illustrating secure cloud connectivity in an SD-WAN architecture. It features a branch on the left, connecting to HQ and a data center, with IPsec tunnels indicated between these components. At the center, the SD-WAN fabric is shown, which connects to an SD-WAN transit gateway. An annotation states that the transit gateway](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-sd-wan/sd-wan-secure-cloud-connectivity.png)

Data remains protected as it travels across the internet and into cloud services. Which is especially important for organizations who relying on a large number of SaaS applications---because of the robust security measures we reviewed earlier directly within the SD-WAN solution.

***Further reading:** [What Is SD-WAN Multicloud?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-sd-wan-multicloud?ts=markdown)*

### Improved compliance with security standards

Secure SD-WAN also facilitates easier compliance with regulatory requirements and security standards.

Since secure SD-WAN solutions maintain high levels of security across all network segments and endpoints, organizations can meet stringent compliance demands more efficiently.

## Who should consider secure SD-WAN?

* **Organizations replacing outdated security infrastructure are often good candidates for secure SD-WAN.**  
  For companies aiming to retire traditional branch firewalls and routers, secure SD-WAN offers a compelling upgrade.
  
  Secure SD-WAN solutions usually integrate a multitude of advanced security capabilities. Which gives organizations the opportunity to seamlessly replace legacy equipment while securing untrusted links with IPsec tunnels and enforcing consistent policies across the WAN.

* **Businesses who want to simplify branch architecture securely** can benefit from evaluating secure SD-WAN solutions.  
  ![SD-WAN architecture diagram which depicts connecting multiple branch sites to various cloud applications and a central data center. The layout shows several branch icons linked by lines in different colors representing different types of connections: MPLS, cellular, and broadband, as indicated by the key at the bottom. Cloud services such as AWS, Google Cloud, Azure, Salesforce, Dropbox, and Workday are shown above the central data center, connected to it via the internet. The connections are visualized as solid and dashed lines, denoting direct and internet-mediated links.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-sd-wan/sd-wan-architecture-multiple-branch-sites.png) Secure SD-WAN facilitates centralized security orchestration. That makes it easier for companies with multiple branches to enforce uniform security measures.  
  This is crucial for enterprises looking to maintain stringent security standards across geographically dispersed sites without the complexity and overhead of managing numerous individual devices.

* **Companies planning for secure, cloud-first approaches** may also want to consider secure SD-WAN solutions.  
  Secure SD-WAN's ability to intelligently direct traffic comes in handy when it comes to cloud services, enhancing security and performance.
  
  It efficiently handles trusted SaaS and web traffic by directing it straight to the internet while routing unknown or untrusted traffic to appropriate security services. And that supports a cloud-first architecture without compromising security.

* **Organizations who are interested in increasing security and potentially transitioning to SASE in the future may want to consider secure SD-WAN solutions.**  
  For organizations who are considering a move towards a secure access service edge (SASE) architecture but are hesitant to fully transition, secure SD-WAN offers a stepping stone.  
  ![Architecture diagram titled 'Secure Access Service Edge (SASE)' showing the integration of networking and security services. At the top, four icons represent different cloud environments: SaaS Applications, Public Cloud, Private Cloud, and HQ/Data Center. Below, a horizontal bar labeled 'Security as a Service Layer' includes five components: FwaaS, CASB, ZTNA, and Cloud SWG. Another bar labeled 'Network as a Service Layer' contains SD-WAN. The bottom section shows three icons representing different locations: Branch/Retail, Home, and Mobile, connected by a red horizontal line. The diagram illustrates how SASE integrates security and networking services across various environments and locations.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-sd-wan/sase.png)  
  It provides foundational elements of SASE, such as improved security and network efficiency, without requiring a complete overhaul of existing network infrastructures. This allows businesses to gradually integrate SASE components at a pace that suits their readiness and budget.

## What is the difference between secure SD-WAN and SD-WAN security?

"Secure SD-WAN" and "SD-WAN security" are terms that often appear together but represent distinct concepts within the domain of network management.

Both terms focus on the security of SD-WAN networks. Essentially, secure SD-WAN is inherently security-focused with integrated solutions, while SD-WAN security is more about the application of various security strategies to protect the network.

**Secure SD-WAN** refers specifically to SD-WAN solutions that are designed with integrated security features from the outset. Again, this design philosophy ensures security is not an afterthought but a fundamental component of the network architecture.

**SD-WAN security** pertains to the security measures and protocols implemented to protect the integrity and data of an SD-WAN network. The term can mean different things to different people, but this generally involves integrating additional security services or devices to enhance the security of an existing SD-WAN setup.

SD-WAN security can include adopting third-party security solutions---such as cloud-based security services or specialized security appliances---that work alongside SD-WAN technology to shield against external threats and vulnerabilities.

*** ** * ** ***

***Further reading:** [What Is SD-WAN Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-sd-wan-security?ts=markdown)*

*** ** * ** ***

[![CTA banner with a turquoise background and an illustration of an open book icon. Text is displayed, stating, 'Learn more about securing branch locations with SD-WAN, featuring 'The Branch of the Future, Today.' Below this text, there is a button labeled 'Download eBook.'](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-sd-wan/banner-learn-more-sd-wan.png)](https://www.paloaltonetworks.com/resources/ebooks/securely-enable-branch-modernization-with-prisma-sd-wan?ts=markdown)

## Secure SD-WAN FAQs

### Is SD-WAN more secure than VPN?

Secure SD-WAN offers more integrated security features compared to traditional VPNs, such as advanced threat protection, firewalls, and consistent policy enforcement across locations, enhancing overall network security beyond standard VPN capabilities.

### What is the biggest security risk with SD-WAN?

The biggest security risk with SD-WAN is inadequate protection from cyber threats if only basic SD-WAN is used without integrated advanced security measures, such as next-generation firewalls and intrusion prevention systems, which are essential for defending against complex attacks.

### Is SD-WAN private?

Software-defined wide area network (SD-WAN) solutions themselves are not inherently private as they can use public internet links for connectivity. However, it can be configured to enhance privacy using encryption and other security measures to protect data as it travels across these public and private networks.

### Is SD-WAN encrypted?

Secure SD-WAN solutions often include encryption protocols to protect data integrity and confidentiality across the network. This includes SSL inspection and other forms of encrypted traffic analysis to ensure secure data transmission.
Recommended for you  
[Report: 2024 Gartner Magic Quadrant for SD-WAN
5-time Leader with the Furthest for Completeness of Vision.](https://start.paloaltonetworks.com/gartner-sd-wan-mq-2024.html)  
[eBook: SD-WAN For Dummies^®^
Learn about the secure, modern approach to SD-WAN.](https://start.paloaltonetworks.com/branch-of-the-future-with-sd-wan-for-dummies.html)  
[Infographic: Next-Gen SD-WAN: The Branch of the Future
Find out how next-gen SD-WAN meets today's network demands.](https://www.paloaltonetworks.com/resources/infographics/branch-of-the-future?ts=markdown)  
[Case study: Healthcare System Saves Lives with High-Speed, Secure Connectivity
See how Atlantic Health System reduces outages by up to 33% with Prisma SD-WAN.](https://www.paloaltonetworks.com/customers/atlantic-health-system-secures-patient-and-provider-experience-with-panw?ts=markdown)  
![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Secure%20SD-WAN%3F%20%7C%20What%20It%20Is%20and%20How%20It%20Works&body=Secure%20SD-WAN%20is%20an%20SD-WAN%20solution%20that%20integrates%20advanced%20security%20features%20with%20its%20core%20functionalities%20of%20optimizing%20and%20managing%20WAN%20connections.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-secure-sd-wan)  
Back to Top  
{#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2025 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language