Unparalleled Experience

Whether responding to a breach or managing cyber risk, we understand your challenges. Hailing from US government agencies, law enforcement, and global security firms, Unit 42® security consultants have handled some of the largest data breaches in history. Our breach response team is one of the busiest, responding to security incidents at a rate of more than 1,300 per year. Our risk management solutions are informed by this unparalleled experience, and we focus our assessments and prioritize recommendations based on the attack vectors we see affecting organizations day in and day out. Our teams have conducted thousands of cyber risk evaluations and worked with organizations across the globe to identify and mitigate cyberthreats.

Built for Speed and Efficiency

We move fast to help our clients. Everything we do, from deployment to analysis and delivery of findings, is built for speed. We activate our incident response teams within minutes, integrating the specialized skill sets needed—from forensic consultants to analysts and team leaders. We move quickly to contain, investigate, and coordinate our response. We work with you to find the facts and maneuver through the critical decisions that get you back to business fast. In our risk management engagements, we appreciate that cybersecurity spending is an investment. We take care to consider where our clients’ security budgets are focused—achieving the best return on investment in terms of risk mitigation. We deliver solutions on time, on budget, and designed for maximum impact.

Constant Innovation and Advanced Technology Drive Us

Staying ahead of the rapidly evolving threat landscape requires the best technology and constant innovation. We pride ourselves on the research, development, and creativity we put into solving our clients’ cybersecurity challenges. We have developed and continue to evolve a powerful suite of technology-enabled threat prevention, detection, and incident response solutions. We integrate cloud-native computing and machine learning AI to enable our teams to respond globally and at enterprise scale in minutes, not days, or weeks. Our products allow Unit 42 to deploy faster, hunt smarter, investigate deeper, and contain completely.

Reduce recovery times

15 Average Years of Experience

Built for Speed and Efficiency

1K+ Matters Per Year

24/7/365 Incident Response

Unit 42 Retainer

When your organization faces a severe cyber incident, will you be ready? The speed of your response, as well as the effectiveness of your tools and playbooks, will determine how quickly you can recover. Extend the capabilities of your team by putting the world-class Unit 42 Incident Response and Cyber Risk Management teams on speed dial.

From cases involving rogue insiders to organized crime syndicates and nation-state threats, Unit 42 performs more than 1,000 engagements each year. The Unit 42 Retainer gives you deep forensics and response expertise when you need it most, with predetermined service-level agreements (SLAs).

You can also use your Unit 42 Retainer for proactive Cyber Risk Management services scoped during the contract term. Our trusted advisors can assist your team with security strategy, assessment of technical controls, and overall program maturity.


Unit 42 Threat Intel and Incident Response Services
Incident Response Cyber Risk Management
Strategic Advisory
Advanced Persistent Threat (APT) Investigation
Respond to and recover from a suspected APT incident. Contain the threat, determine the root cause, the window of compromise, attacker activity, and quantify sensitive information exposed.
Board of Directors and CISO Advisory
An assessment and review to identify cyber risk, create a current state profile, and build a security strategy to share with your executives and board.
BEC Investigation
Respond and recover from unauthorized access to your enterprise email environment. Contain the incident, determine root cause, window of compromise, attacker activity, and quantify sensitive information exposed
Cyber Risk Assessment
Assess cybersecurity risks, identify gaps, and build a strategic improvement plan based on industry or regulatory frameworks.
Cloud Incident Response
Respond to and recover from a cloud-based attack. Contain the threat incident. Identify the initial attack vector, the extent of unauthorized access and exfiltration, and identify the scope of systems for remediation. Identify and implement additional safeguards.
M&A Cyber Due Diligence
Identify potential red flags and hidden cybersecurity risks in the context of a merger or acquisition.
Ransomware Investigation
Respond to and recover from a ransomware attack. Contain the threat, determine the root cause, window of compromise, attacker activity, and quantify sensitive information exposed. If needed, negotiate with threat actors, acquire and validate decryption keys, and develop and implement a recovery plan.
Zero Trust Advisory
Get expert guidance on Zero Trust—from alignment and strategy to implementation and policy design.
Web App Compromise
Respond to and recover from a web application attack. Contain the threat, analyze logs, review code, quantify exposure or loss of sensitive information, and get recommendations for design hardening countermeasures.
Proactive Assessments Proactive Assessments
Managed Services Managed Services
AI Security Assessment
Empower GenAI adoption with enhanced security across employee usage and AI application development.
Managed Threat Hunting (MTH)
Unit 42 helps you proactively uncover attackers wherever they hide in your infrastructure.
Attack Surface Assessment
Identify attack surface risks and remediate issues before cyberattackers can exploit them.
Managed Detection and Response (MDR)
Unit 42 experts work for you to detect and respond to cyberattacks, 24/7.
BEC Readiness Assessment
Targeted cybersecurity risk assessment focused on controls and the people, processes, and technologies necessary to defend against BEC and other email-based attacks.
Managed XSIAM
Combining the #1 SOC transformation platform Cortex XSIAM with the cybersecurity expertise of the Unit 42 team delivers 24/7 expert-led defense for every attack surface.
Breach Readiness Review
Assess the people, processes, and technologies necessary to effectively respond to threats and a strategic roadmap to achieve a target state of breach readiness.
Compromise Assessment
Hunt for historical or ongoing indicators of compromise to identify evidence of unauthorized access or activity (across cloud, email, endpoints).
Digital Investigation
Forensic collection, analysis, recovery, and reporting on information gleaned from digital media using scientific methods to determine what happened on that media or how it was used.
Cloud Security Assessment
Assess current cloud compute or service workload controls, security configuration, and policies to identify cybersecurity risks.
Insider Threat and Departing Employee Investigation
Investigate abuse of privileged access afforded to otherwise trusted employees, including identification of data accessed or misappropriated and/or unwanted actions taken by insiders.
Insider Threat Services
Detect, deter, and disrupt insider threats with world-class expertise paired with industry-leading technology.
Structured Data Investigation
Collection and analysis of SQL and NoSQL database environments, including external logs.
Ransomware Readiness Assessment
Develop control enhancements, remediation recommendations, and a best practice playbook to achieve a target state of ransomware readiness.
  Security Operations Center (SOC) Assessment
Measure your defenses against evolving threats and improve your SOC maturity.
  Supply Chain Risk Assessment
Evaluation and assessment of vendor-based supply chain cybersecurity risk to identify and mitigate the threat of supply chain attacks.
 
Incident Simulation Incident Simulation
  Penetration Testing
Stress-test your cybersecurity controls by applying tactics, techniques, and procedures used by threat actors
  Purple Team Exercises
Uplevel your security program by collaborating with Unit 42 to identify alerting gaps, tune defenses, and enhance security operations practices.
  Tabletop Exercises
Simulate your response to a severe data security incident with key stakeholders with customized scenarios based on industry-specific threats and real-world breaches.
 
Security Consulting and Threat Intelligence Security Consulting and Threat Intelligence
  Deep and Dark Web Service
Design governance frameworks, operational models, and a roadmap for your InfoSec program, including policies and standards, a control framework, and a defense-in-depth strategy
  Incident Response Plan Development
Assessment and advisory service focused on your team’s readiness to prevent, detect, respond to, and recover from a ransomware attack.
  Security Program Design
Design governance frameworks, operational models, and a roadmap for your InfoSec program, including policies and standards, a control framework, and a defense-in-depth strategy
  Virtual CISO
An interim or part-time CISO will help identify cyber risk and develop and mature your InfoSec program.

Approved by Cybersecurity Insurance Plans

Unit 42 serves as an approved incident response provider for over 70 major cyber insurance carriers and is a partner to over 150 global law firms.

If you need to use Unit 42 services in connection with a cyber insurance claim, Unit 42 can honor any applicable preferred panel rate in place with the insurance carrier. For the panel rate to apply, just inform Unit 42 at the time of the request for service.

Under Attack?

If you think you may have been compromised or have an urgent matter, please contact Unit 42 Incident Response team, email unit42-investigations@paloaltonetworks.com or call North America Toll-Free: 866.486.4842 (866.4.UNIT42), Europe, the Middle East and Africa: +31.20.299.3130, United Kingdom: +44.20.3743.3660, Asia-Pacific: +65.6983.8730, or Japan: +81.50.1790.0200