Unit 42 FAQs

What is Unit 42

Unit 42 is the Palo Alto Networks threat intelligence team. Made up of accomplished cybersecurity researchers and industry experts, Unit 42 gathers, researches, analyzes, and provides insights into the latest cyber threats, then shares it with Palo Alto Networks customers, partners and the broader community to better protect enterprise, service provider and government computing environments. Unit 42 also unearths adversary groups by analyzing data collected from the Palo Alto Networks security platform to provide context into an attacker’s motivations and methods. 

How does Unit 42 work?

Our team follows a traditional intelligence cycle, starting with direction from our leadership in the form of Critical Intelligence Requirements (CIRs). These CIRs help our analysts determine what data is necessary to answer specific questions about threats to Palo Alto Networks and our customers. Unit 42 collects that data from both internal and external sources and runs it through a detailed threat analysis process. This process includes automated systems to correlate incoming data, but also expert human analysis to interpret the data, identify patterns, formulate hypotheses and evaluate them against our entire data set.  By doing this, our team can put the threat into context and help others determine how to best defend against future attacks.

The team disseminates finished intelligence products in the form of white papers as well as blog posts available at: researchcenter.paloaltonetworks.com/unit42. Unit 42 is backed by the Palo Alto Networks engineering team, which offers years of experience in detecting and preventing attacks against the enterprise.

Get Updates

Sign up to receive emails with the latest news, research, and reports from Unit 42.

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.

What is the significance of "Unit 42"?

In Douglas Adams' "The Hitchhikers Guide to the Galaxy" the number 42 is the answer to "The ultimate question of life, the universe and everything." Our CSO is a huge sci-fi fan, and when he got tired of saying "Palo Alto Networks Threat Intelligence Team" he started using the name Unit 42 as shorthand and it stuck. While Unit 42 is not the answer to the ultimate question, we endeavor to provide answers to the hard problems our industry faces today.

What makes Unit 42 different from other IT security vendor research organizations?

The industry has some excellent research teams pushing out volumes of new material every week. We read them all and have great respect for the time and effort these groups put into sharing their discoveries with the community.

Many of these blogs and reports focus primarily on the technical aspects of attacks and fail to address the context in which they are executed. Our goal is to provide this context wherever possible, explaining not only the nuts and bolts of the attack, but also who's executing the attacks and why. This helps us provide research and recommendations in a way that makes sense to key members of an organization, from technical practitioners to the CEO.

Does Unit 42 work in partnership with other research organizations?

Yes. We have both formal partnerships such as our Cyber Consortium, and informal relationships between our team members and their peers in the industry. We believe collaboration and data sharing is a critical piece of any intelligence operation to help paint a more complete picture of an attack or campaign. 

Is Unit 42 hiring?

We invite you to visit the Palo Alto Networks Careers page, where any open positions within Unit 42 are listed.

How often will Unit 42  produce reports?

We publish new research and commentary on our blog every week and will publish more formal reports when we want to provide more detail on specific adversaries and attacks. 

Who Heads Up Unit 42

Unit 42 is headed by Rick Howard, Chief Security Officer at Palo Alto Networks. Meet Rick and the members of Unit 42 over at our Meet the Team page.