Unit 42: Managed Detection
and Response Service
Best-in-Class Extended Detection and Response and
Unit 42 Security Expertise, Delivered as a Managed Service
A Service Delivered by Palo Alto Networks World-Renowned Unit 42
Unit 42 experts work for you to detect and respond to cyberattacks 24/7, allowing your team to scale fast and focus on what matters most. We use Cortex XDR, so our analysts have unmatched visibility into all data sources (endpoint, network, cloud, and identity) to quickly identify and stop malicious activity most likely to impact your organization:
- Built on Cortex XDR
- Backed by Unit 42 expertise
- Enriched with world-class threat intelligence
Let Unit 42 MDR Address These Challenges
- Cyberattacks are increasing in speed and sophistication. The threat landscape is shifting to advanced, multistep attacks. Without constant coverage, proactive hunting, and immediate response, you may not stop these attacks before it’s too late.
- Prioritizing limited resources to combat the changing threat landscape. Threat actors and their tactics change daily, and many organizations lack broad visibility to interpret and recognize attack indicators.
- Security teams need help managing an endless backlog of alerts. Overwhelmed by too many lowfidelity alerts, many security teams don’t have additional time for threat hunting.
- 24/7 monitoring of your Cortex XDR environment by Unit 42 security experts
- Direct communication with Unit 42 analysts if you ever have questions
- Proactive threat hunting when new vulnerabilities are identified in the wild
- Detailed threat and impact reports
- Continuous posture optimization drives improved security outcomes
Security teams are challenged to keep up with the evolving threat landscape while also trying to be proactive.
- The attack surface is expanding and threats are becoming more sophisticated -
Complex investigations can delay response and result in increased attacker dwell times or missed attacks.
- Security teams need help managing an endless backlog of alerts. -
Constant firefighting and reacting to competing priorities leaves little time for strategic initiatives or to hunt for new threats.
- Organizations can’t hire and retain the seasoned analysts and threat hunters they need. -
This is exacerbated by a proliferation of security tools that are increasing complexity
MDR built on Cortex XDR offers superior detection and response
Rapidly increase your cyber defenses with 24/7 monitoring, expertise, threat hunting and remediation. gives MDR analysts an advantage by automating data collection across endpoint, network and cloud, providing the critical insight and context needed to block attacks before they can impact your organization. You can start with managed endpoint detection and response and expand coverage over time for additional protection.
- Threat detection and response
- 24/7 monitoring and triage
- Expert security analysis
- Proactive threat hunting
- Guided remediation
Unit 42 MDR Delivers Complete Visibility Across Your Environment
Unit 42 experts leverage Cortex XDR to aggregate security telemetry from endpoints, network, cloud, and identity sources and apply high-fidelity threat intelligence; next-generation behavioral indicators; and AI-powered analytics to prevent, detect, and respond to even the most advanced threats.
Flexible Coverage Options to Fit Your Needs
Unit 42 MDR service starts with endpoints but can be configured to cover any combination of the following data sources:
- Endpoint : Protect and detect threats on workstations and servers
- Network : Firewall integration provides NTA and NIDS coverage
- Cloud : Integrate third-party cloud security data, including cloud host data, traffic logs, and audit logs
- Identity : Identity analytics from AD and Workday provide a 360-degree view of user behavior
The People and Operational Expertise to Keep Your Organization Safe
Our deep knowledge of Cortex XDR and connection to the Cortex R&D team allow us to scale the service without eroding service levels. The Unit 42 MDR team uses a mix of proprietary processes, infrastructure, and enrichment to accelerate detection, response, and threat hunting to quickly stop malicious activity most likely to impact your organization.
- Comprehensive visibility: Cover endpoints, network, cloud, and identity data with SLO-driven, 24/7 monitoring and analysis of security incidents identified in Cortex XDR.
- Alert management and incident triage: Automated and manual review to analyze alert details, incidents, and generate BIoC or IoC rules to understand context and follow-up actions
- Notification and security event escalation: Escalation of incidents that require attention, leveraging built-in logic and alert stitching aligned with MITRE ATTACK framework.
Proactive Advanced Threat Hunting
- 24/7 hunting for advanced threats: Sophisticated threat hunting based on analysis of suspicious signals, Cortex XDR analytics, custom detection rules, and Unit 42 research to identify and stop new threats.
- High-fidelity threat intel: Integration of industry-leading, comprehensive Unit 42 threat intelligence based on telemetry and detections from Palo Alto Networks products across our global customer base to inform and enrich investigations
- Actionable reporting: Threat reports detailing the scope, source, and attack tools of threats, along with recommended actions; impact of emerging threats affecting multiple organizations to stay ahead of high-profile cyberattacks.
- Direct assistance: Easy access to threat hunting team to ask questions and get guidance about threats.
Managed Investigation & Response
- Contain threats quickly: Analysts will quickly contain active threats by isolating endpoints and removing malicious files or processes using Cortex XDR
- Streamlined investigations: Investigate endpoints, analyze forensic artifacts, and network and cloud telemetry to identify incident root cause and scope.
- Recover rapidly: Use of Cortex XDR to remove malicious files, registry keys, and restore damaged files
Security Posture Optimization
- Health checks: Identify gaps in hardening requirements with endpoint security profiles, device control, host firewall, and disk encryption.
- Vulnerability assessments: Identify and quantify security vulnerabilities (CVEs) for applications installed on your endpoints.
- Host inventory: Review the inventory of hosts to quickly identify any IT or security issues.
Extend Your Team with Unit 42 Experts
Unit 42 MDR provides a co-managed Cortex XDR user interface with integrated two-way communication with the Unit 42 team and dashboards for real-time visibility into incidents being managed as well as key performance indicators.
As new vulnerabilities are identified or a new threat actor is in the news, our threat hunters will proactively look for indicators of attack or vulnerable systems that have not been patched, providing detailed impact reports and recommended actions.
Backed by Unit 42 Expertise
Unit 42 security experts will continuously monitor your environment and hunt for threats. With more than 200 analysts, researchers, and engineers, the Unit 42 team advises and is trusted by CISOs around the globe. With this partnership, your team will be elevated by an elite team of security analysts, reducing the need to hire hard-to-find experts, giving you confidence in delivering the security, stability, and continuity your organization demands. And because Unit 42 will be familiar with your environment, we will be well positioned to respond to threats we’ve identified. Plus in the event of a major incident, you will have access to the Unit 42 Incident Response team. Our experts become an extension of your team—well-versed in your environment so they can respond quickly and accurately should an incident occur. This puts Unit 42 on speed dial, so we’re ready to assist at a moment’s notice.
Palo Alto Networks Unit 42™ brings together world-renowned threat researchers, elite incident responders, and expert security consultants to create an intelligence-driven, response-ready organization that’s passionate about helping you proactively manage cyber risk. Together, our team serves as your trusted advisor to help assess and test your security controls against the right threats, transform your security strategy with a threat-informed approach, and respond to incidents in record time so that you get back to business faster.