Proactive Security with Unit 42 Managed Threat Hunting
By proactively hunting down threats, you can unmask every adversary, reduce dwell times, and avoid successful attacks. Unit 42 Managed Threat Hunting helps you uncover attackers wherever they hide by combining world-class threat hunters with Cortex XDR technology that runs on integrated endpoint, network, and cloud data sources. With Managed Threat Hunting, you can relax; we’ve got you covered.
Unrivaled Visibility Built on Comprehensive Data Sources
To detect attackers hiding in your organization, our hunters comb through integrated endpoint, network, and cloud data sources, including third-party security solutions. Our hunters can pinpoint attacks originating from any device, including unmanaged devices and remote users.
World-Renowned Unit 42 Threat Hunters Working for You
Augment your team with security experts ceaselessly searching your environment for attacker tactics and techniques. Our analysts have years of experience hunting and identifying unknown threats as well as reverse-engineering malware.
Unit 42 analysts:
- Analyze suspicious signals generated by Cortex XDR analytics, custom detection rules, and Cortex XDR research.
- Manually seek out emerging adversaries using the powerful data exploration capabilities of Cortex XDR.
- Investigate threats and determine the total scope of incidents.
- Produce detailed threat reports that reveal the tools and steps of attacks so you can root out adversaries quickly.
- Offer direct assistance to answer questions and provide guidance about threat reports and impact reports.
High-Fidelity Threat Intelligence
Our analysts benefit from an industry-leading repository of threat intelligence, sourced from the largest network of sensors, to find emerging attacks quickly. Leveraging AutoFocus contextual threat intelligence, our Unit 42 analysts can pinpoint indicators of compromise in your organization and instantly understand both the source and objective of every incident with unrivaled context.
“With Managed Threat Hunting, we know a team of security experts have our back, helping me sleep easy at night by providing continuous monitoring to identify cybersecurity risks to stay ahead of attackers.” — Johan Lelong, CISO, Petit Forestier
Unrivaled Hunting Built on Cortex XDR Analytics
Managed threat hunters have full access to all the analytics and detection rules in the Cortex XDR platform. They use these as high-quality leads to start hunting. They also have access to emerging detectors the Cortex XDR research team is working on, and they can use these detectors before they are rolled into the Cortex XDR platform.
Figure 1: Methods Unit 42 analysts use to find new threats
Table 1: Unit 42 Threat Intel and Incident Response Services
| 24/7, year-round monitoring and detection across integrated endpoint, network, and cloud data |
| Threat hunting by Unit 42 experts |
| Integrated threat intelligence from AutoFocus |
| Early access to new behavioral analytics and threat detection rules |
| Threat reports describing critical security incidents |
| Impact reports revealing emerging threats and customer exposure |
| Integration with the Cortex XDR management console for incident management |
| Direct assistance from analysts for context on threat reports |
Clear, Prescriptive Results That Let You Act with Confidence
Managed Threat Hunting gives you the information you need to remediate threats and improve your security posture. As a Managed Threat Hunting customer, you receive:
- Threat reports that provide detailed information about cyberthreats identified in your organization. You get a complete account of each security incident, including the scope of the attack, the probable source, the attack tools, and recommended guidance.
- Impact reports that let you stay ahead of emerging threats affecting multiple organizations. You can answer critical questions about exposure to high-profile attack campaigns from your executives or board before they even ask. With impact reports, you can rest assured that your organization is safe.
- Threat hunting alerts integrated into Cortex XDR, allowing analysts to review and triage reports using their standard investigation workflows. Threat hunting alerts are automatically grouped with related alerts into incidents, providing a complete picture of an attack.
Prerequisites for Cortex XDR Managed Threat Hunting
Managed Threat Hunting with Cortex XDR Pro for Endpoint requires a minimum of 500 endpoints.
Under Attack?
If you think you may have been compromised or have an urgent matter, please contact Unit 42 Incident Response team, email unit42-investigations@paloaltonetworks.com or call North America Toll-Free: 866.486.4842 (866.4.UNIT42), Europe, the Middle East and Africa: +31.20.299.3130, United Kingdom: +44.20.3743.3660, Asia-Pacific: +65.6983.8730, or Japan: +81.50.1790.0200
About Unit 42
Palo Alto Networks® Unit 42® brings together world-renowned threat researchers, elite incident responders, and expert security consultants to create an intelligence-driven, response-ready organization that’s passionate about helping you proactively manage cyber risk. Together, our team serves as your trusted advisor to help assess and test your security controls against real-world threats, transform your security strategy with a threat-informed approach, and respond to incidents in record time so that you get back to business faster.
Visit paloaltonetworks.com/unit42 to learn more.