About Unit 42

This post is also available in: 日本語 (Japanese)

Unit 42 brings together our world-renowned threat researchers with an elite team of security consultants to create an intelligence-driven, response ready organization. The Unit 42 Threat Intelligence team provides threat research that enables security teams to understand adversary intent and attribution, while enhancing protections offered by our products and services to stop advanced attacks. As threats escalate, Unit 42 is available to advise customers on the latest risks, assess their readiness, and help them recover when the worst occurs. The Unit 42 Security Consulting team serves as a trusted partner with state-of-the-art cyber risk expertise and incident response capabilities, helping customers focus on their business before, during, and after a breach.

Mission

Our daily mission is to protect the digital world from cyberattacks. We make sure that your worst days aren’t as bad as they might have been without us.

How Unit 42 Threat Intelligence Works

Our team follows a traditional intelligence cycle, starting with direction from our leadership in the form of Critical Intelligence Requirements, or CIRs. These help our analysts determine what data is necessary to answer specific questions about threats to Palo Alto Networks and our customers. Unit 42 collects that data from internal and external sources and runs it through a detailed threat analysis process that includes not only automated systems to correlate incoming data but also expert human analysis to interpret the data, identify patterns, formulate hypotheses and evaluate them against our entire data set. By doing this, our team can put threats into context and help others determine how to best defend against future attacks. Unit 42 is also backed by the Palo Alto Networks Engineering and Critical Response teams, offering years of experience detecting and preventing attacks.

Unit 42 ATOMs

Actionable Threat Objects and Mitigations, or ATOMs, are discrete products that contain actionable intelligence on one or more adversaries, describing campaign stop and start dates, tactics, techniques, and procedures (plays) as defined by the international MITRE ATT&CK standard. When adversaries run these plays on victim networks, they leave indicators of compromise in their wake that network defenders can use to detect adversaries attacking their networks. Defenders can use these plays and the subsequent indicators of compromise to develop prevention and detection controls designed for specific adversaries.

ATOMs enable the network defender community to change the intelligence paradigm with automation. Instead of manually crossing the last mile with intelligence, using humans to analyze the data as well as develop prevention and detection controls, we can automatically cross it with intelligence, organizing the information so machines can read it as well as automatically deploy prevention and detection controls for each adversary. See our ATOMs.

Contact Us

If you have been breached or have an urgent matter, please call the Unit 42 Incident Response team or fill out this form to get in touch immediately.

North America Toll-Free: 1.866.486.4842 (1.866.4.UNIT42)
EMEA: +31.20.299.3130
APAC: +65.6983.8730
Japan: +81.50.1790.0200

If you have cyber insurance or legal counsel, you can request for Unit 42 to serve as your incident response team. Unit 42 is on over 70 cyber insurance panels as a preferred vendor.

Work with Unit 42

We invite you to visit the Palo Alto Networks Careers page, which lists any open positions in Unit 42.