This post is also available in: 日本語 (Japanese)

Unit 42 brings together our world-renowned threat researchers with an elite team of security consultants to create an intelligence-driven, response ready organization. The Unit 42 Threat Intelligence team provides threat research that enables security teams to understand adversary intent and attribution, while enhancing protections offered by our products and services to stop advanced attacks. As threats escalate, Unit 42 is available to advise customers on the latest risks, assess their readiness, and help them recover when the worst occurs. The Unit 42 Security Consulting team serves as a trusted partner with state-of-the-art cyber risk expertise and incident response capabilities, helping customers focus on their business before, during, and after a breach.


Our daily mission is to protect the digital world from cyberattacks. We make sure that your worst days aren’t as bad as they might have been without us.

How Unit 42 Threat Intelligence Works

Our team follows a traditional intelligence cycle, starting with direction from our leadership in the form of Critical Intelligence Requirements, or CIRs. These help our analysts determine what data is necessary to answer specific questions about threats to Palo Alto Networks and our customers. Unit 42 collects that data from internal and external sources and runs it through a detailed threat analysis process that includes not only automated systems to correlate incoming data but also expert human analysis to interpret the data, identify patterns, formulate hypotheses and evaluate them against our entire data set. By doing this, our team can put threats into context and help others determine how to best defend against future attacks. Unit 42 is also backed by the Palo Alto Networks Engineering and Critical Response teams, offering years of experience detecting and preventing attacks.

Unit 42 ATOMs

Actionable Threat Objects and Mitigations, or ATOMs, are discrete products that contain actionable intelligence on one or more adversaries, describing campaign stop and start dates, tactics, techniques, and procedures (plays) as defined by the international MITRE ATT&CK standard. When adversaries run these plays on victim networks, they leave indicators of compromise in their wake that network defenders can use to detect adversaries attacking their networks. Defenders can use these plays and the subsequent indicators of compromise to develop prevention and detection controls designed for specific adversaries.

ATOMs enable the network defender community to change the intelligence paradigm with automation. Instead of manually crossing the last mile with intelligence, using humans to analyze the data as well as develop prevention and detection controls, we can automatically cross it with intelligence, organizing the information so machines can read it as well as automatically deploy prevention and detection controls for each adversary. See our ATOMs.

Contact Us

If you think you may have been breached, please email or call 1-866-4-UNIT42 to get in touch with the Unit 42 Incident Response team. If you’d like to learn more about how Unit 42 security consultants team can help your organization defend against and respond to severe cyberthreats, please fill out this form.

Work with Unit 42

We invite you to visit the Palo Alto Networks Careers page, which lists any open positions in Unit 42.