Respond with Confidence

Threat-Informed Incident Response

Every minute an attack remains unresolved costs you money and reputation. With Unit 42 Incident Response services, you don’t need to start an investigation from scratch every time. Our team of over 200 threat hunters, reverse engineers, and incident responders investigate over 1,000 matters each year, so we’ve seen incidents like yours before and understand all of the elements of the attacks— whether it be ransomware, advanced persistent threats (APT), or business email compromise.

Team Up with the Experts

Unit 42 experts will help you understand the nature of the attack and then quickly contain, remediate, and eradicate it utilizing proven techniques employed by experts who know how to get the job done quickly and thoroughly. Unit 42 can do this faster and more effectively using battle-tested methodologies developed from our real-world experience.

Trusted Partner for Law Firms and Insurance Providers

Unit 42 leverages decades of experience working with the world’s largest and best digital forensics and incident response legal counsel to offer forensically defensible reporting. We understand the significance and implications of what to report, how to report it, and when to start the process to ensure the best privilege protections in the event of litigation.

Only with Unit 42 can you leverage trusted relationships with 70+ cyber insurance carriers, more than 150 global law firms, and various international law enforcement agencies, as well as services for forensics, expert witness, and litigation support should the need arise. While we hope you never need it, we can also help with ransom payment facilitation, where we negotiate the ransom with threat actors on your behalf, and our partners facilitate the payment.

Unit 42 Retainer Provides Incident Response On Demand

The speed of your response, as well as the effectiveness of your tools and playbooks, will determine how quickly you can recover. Extend the capabilities of your team by putting the world-class Unit 42 Incident Response and Cyber Risk Management teams on speed dial. The Unit 42 Retainer is custom-built to fit your organization’s needs, as you can choose to allocate your retainer credits to any of our offerings, including incident response and proactive cyber risk management services. Learn how to put the world-class Unit 42 Incident Response team on speed dial.

Table 1: Unit 42 Incident Response and Digital Forensics Services

Incident Response

Ransomware Investigation

Respond to and recover from a ransomware attack. Contain the threat, determine root cause, window of compromise, attacker activity, and quantify sensitive information exposed. If needed, negotiate with threat actors, acquire and validate decryption keys, and develop and implement a recovery plan.

Cloud Incident Response

Respond to and recover from a cloud-based attack. Contain the threat incident. Identify initial attack vector, extent of unauthorized access and data exfiltration, and identify scope of systems for remediation. Identify and implement additional safeguards.

Business Email Compromise

Respond to and recover from unauthorized access to your enterprise email environment. Contain the incident, determine root cause, window of compromise, attacker activity, and quantify sensitive information exposed

Web App Compromise

Respond to and recover from a web application attack. Contain the threat, analyze logs, review code, quantify exposure or loss of sensitive information, and get recommendations for designing hardening countermeasures.

Advanced Persistent Threat (APT) Investigation

Respond to and recover from a suspected APT incident. Contain the threat, determine root cause, window of compromise, attacker activity, and quantify sensitive information exposed.

Managed Detection and Response

Unit 42 MDR service helps you monitor security events in your Cortex XDR environment and proactively detect and respond to threats to minimize their impact.

Managed Threat Hunting

The Unit 42 MTH service helps uncover attackers by combining world-class threat hunters with Cortex XDR technology that runs on endpoint, network and cloud data sources.

Digital Forensics

Digital Investigation

Forensic collection, analysis, recovery, and reporting on information gleaned from digital media using scientific methods to determine what happened on that media or how it was used.

Insider Threat & Departing Employee Investigation

Investigate abuse of privileged access afforded to otherwise trusted employees, including identification of data accessed or misappropriated and/or unwanted actions taken by insiders.

Structured Data Investigation

Collection and analysis of SQL and NoSQL database environments, including external logs.

Expert Witness & Litigation Support

Review digital evidence and discovery and offer expert opinions to the trier of fact in reports, declarations, depositions, or open court testimony.

About Unit 42

Palo Alto Networks® Unit 42® brings together world-renowned threat researchers, elite incident responders, and expert security consultants to create an intelligence-driven, response-ready organization that’s passionate about helping you proactively manage cyber risk. Together, our team serves as your trusted advisor to help assess and test your security controls against real-world threats, transform your security strategy with a threat-informed approach, and respond to incidents in record time so that you get back to business faster.


If you think you may have been compromised or have an urgent matter, please contact Unit 42 Incident Response team or call North America Toll-Free: 866.486.4842 (866.4.UNIT42), EMEA: +, UK: +44.20.3743.3660, APAC: +65.6983.8730, or Japan: +81.50.1790.0200.