Targeted threats, at your fingertips

AutoFocus™ contextual threat intelligence service accelerates analysis, correlation and prevention workflows. Unique, targeted attacks are automatically prioritized with full context, allowing security teams to respond to critical attacks faster, without additional IT security resources.

Threat context you have never seen before

Gain visibility into the most critical threats with contextual intelligence on malware families, campaigns, threat actors, malicious behaviors and exploits used. AutoFocus allows you to answer questions like: “Who is attacking me?” “What tools are they using?” and “How targeted or unique is this threat?”

Extend the platform with threat intelligence

AutoFocus helps the entire IT security team become advanced threat hunters, instead of relying on a small group of highly specialized security operations professionals. Threat intelligence from the service is made directly accessible in the Palo Alto Networks platform, including PAN-OS and Panorama, without requiring a separate tool.

Security teams are inundated by alerts and threat data, lacking the time to follow up on each event, let alone investigate advanced, targeted attacks. The issue isn’t a lack of information, but rather the ability to surface high-impact threats and drive automated prevention from the intelligence you already have.

Our Most Intelligent Service Yet

AutoFocus enables you to distinguish the most important threats from everyday commodity attacks. Now, instead of seeing that a malicious event has occurred, you immediately know the context around an attack, such as the malware family, campaign, or malicious actor targeting your organization. When identified, AutoFocus will alert your security team about high-priority events, enabling you to take swift action to mitigate their impact. 

Visibility Into the Unknown

AutoFocus provides unprecedented visibility into unknown threats, with the collective insight of thousands of global enterprises, service providers, and governments feeding the service. AutoFocus correlates and gains intelligence from:

  • WildFire™ service – the industry’s largest threat analysis environment
  • PAN-DB URL filtering service
  • MineMeld application for AutoFocus, enabling aggregation and correlation of any third-party threat intelligence source directly in AutoFocus
  • Traps™ advanced endpoint protection
  • Aperture™ SaaS-protection service
  • Unit 42 threat intelligence and research team
  • Intelligence from technology partners
  • Palo Alto Networks global passive DNS network

Accelerated Analysis and Hunting Workflows

Legacy approaches to securing the organization rely on aggregating an increasing number of detection-focused alerts with complex analysis workflows after the event.

AutoFocus puts the entire wealth of Palo Alto Networks threat intelligence at your fingertips, dramatically cutting the time it takes to conduct analysis, forensics or hunting efforts. Threat intelligence and context are available directly in PAN-OS® security operating system, Panorama™ network security management, or the AutoFocus portal for in-depth searching across indicators of compromise (IoCs).

Aggregate Any Third-Party Intelligence Source

Organizations rely on multiple source of threat intelligence to ensure the widest possible visibility into emerging threats, but they struggle to aggregate, correlate, validate and share indicators across different feeds. As part of AutoFocus, the MineMeld application provides a single, unified, threat feed and indicator management system.


Threat Intelligence Drives Prevention

Security teams require more than just raw threat intelligence – they need to automatically transform it into actionable controls that prevent future attacks. AutoFocus simplifies workflows to create and enforce new controls, from fully automated to user directed, within the same unified security platform.


Realize the power of the Application Framework

Magnifier is part of the Palo Alto Networks Application Framework, which lets you quickly consume the latest cybersecurity innovations as apps. The Application Framework makes it easy to adopt cloud-delivered capabilities like Magnifier – so you can gain immediate security value, and spend less time provisioning and managing infrastructure.





AutoFocus Datasheet

Overview of the AutoFocus threat intelligence service.
Palo Alto Networks,
  • 2
  • 13337

AutoFocus Quick Demo

Watch a short overview video how of the AutoFocus threat intelligence service helps security teams identify and prevent targeted attacks. We will explain the key concepts of AutoFocus and benefits the service provides.
  • 3
  • 5786

AutoFocus At A Glance

The AutoFocus threat intelligence service allows security teams to prioritize their response to unique, targeted attacks. Gain the intelligence, analytics, and context needed to protect your organization. View the At-a-Glance for a high-level view into the AutoFocus service and key use-cases.
Palo Alto Networks,
  • 3
  • 5210

SilverTerrier: The Rise of Nigerian Business Email Compromise

Through our analysis, it remains clear that Nigerian cyber actors will continue to expand their attacks in terms of size, scope and capabilities. According to law enforcement organizations, the exposed losses to businesses worldwide from these threat actors are now estimated to be more than US$3 billion. Given the substantial risk these actors pose, we present techniques to enable large-scale attribution efforts to combat this threat. In doing so, we demonstrate a repeatable and sustainable process to identify SilverTerrier infrastructure and put preventive measures in place prior to the first samples of malware reaching our security products.
  • 0
  • 3051

Next-Generation Security Platform

To enable organisations to securely roll out new services and apps, Palo Alto Networks built the Next-Generation Security Platform to provide prevention through automation, applied consistently across the network, endpoint and cloud.
  • 0
  • 683

Telkom Indonesia

Telkom Indonesia chose Palo Alto Networks to strengthen the security operations center as the company prepares for global expansion.
  • 1
  • 983