* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Cloud Security](https://www.paloaltonetworks.com.au/blog/cloud-security/)
* [Data Detection and Response](https://www.paloaltonetworks.com.au/blog/cloud-security/category/data-detection-and-response/)
* Redshift Security: Access...

# Redshift Security: Access and Data Flows Explained

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fcloud-security%2Fredshift-inside-out-part-1%2F)  
[](https://twitter.com/share?text=Redshift+Security%3A+Access+and+Data+Flows+Explained&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fcloud-security%2Fredshift-inside-out-part-1%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fcloud-security%2Fredshift-inside-out-part-1%2F&title=Redshift+Security%3A+Access+and+Data+Flows+Explained&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/cloud-security/redshift-inside-out-part-1/&ts=markdown)  
\[\](mailto:?subject=Redshift Security: Access and Data Flows Explained)  
Link copied  
By [Ofir Shaty](https://www.paloaltonetworks.com/blog/author/ofir-shaty/?ts=markdown "Posts by Ofir Shaty") and [Ofir Balassiano](https://www.paloaltonetworks.com/blog/author/ofir-balassiano/?ts=markdown "Posts by Ofir Balassiano")  
Mar 26, 2024  
9 minutes  
[Data Detection and Response](https://www.paloaltonetworks.com/blog/cloud-security/category/data-detection-and-response/?ts=markdown)  
[Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown)  
[Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown)

![Redshift Security: Access and Data Flows Explained](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/redshift-security-access-and-data-flows-explained-1.png)

This blog post is the first in a series that exposes security risks, possible attack vectors, and how to hunt and prevent them using data detection and response (DDR).

When correctly configured, Redshift's security features and capabilities protect [sensitive data](https://www.paloaltonetworks.com/cyberpedia/sensitive-data) from leaks or other security incidents. However, often, organizations struggle to correctly configure and implement these features because the manual processes can be time-consuming and require specialized skills.

To mitigate security and privacy risks, you need to appropriately configure security features and follow practices. Implementing rigorous [access controls](https://www.paloaltonetworks.com/cyberpedia/access-control) is the first step to protecting sensitive data stored in Redshift.

## Why Research Data Security in Redshift?

Redshift is a fully managed [data warehouse](https://www.paloaltonetworks.com/cyberpedia/data-warehouse) service (such as Google BigQuery and Snowflake). Based on PostgreSQL, its performance enables extremely fast query execution on extremely big datasets by employing several features such as:

* Massive Parallel Processing (MPP)
* Columnar data storage
* Data compression

According to Amazon, [Redshift delivers business value with 2-7 times better price performance](https://d1.awsstatic.com/reInvent/re21-pdp-tier1/redshift-serverless/AWS_Redshift_infographic_final.pdf) on high-concurrency and low-latency real-world analytics. A popular service, [Redshift is used by more than 20,000 companies](https://discovery.hgdata.com/product/amazon-redshift).

As a widely used data warehouse containing sensitive personal and intellectual property data, you need to secure your deployment to comply with privacy laws and mitigate data breach risk.

## Implement Least-Privileged Access to Sensitive Data on Redshift

Access control is the front gate to the data and the assets containing the data.  
Features like RBAC and SSO are the first security guards to limit access to sensitive information inside the organization.

During our work with customers we have seen so many cases of excessive privileges that are difficult to track and exposing their data to a real danger. Strong [access control](https://www.paloaltonetworks.com/cyberpedia/access-control) policy can help to protect against external and internal threats by limiting users access to sensitive data.

### Using SSO Authentication

Redshift offers identity federation as well as database user management.

With the Redshift browser SAML plugin, you can launch a custom AWS SSO SAML application that provides the SAML attributes needed to connect to Amazon Redshift using a JDBC/ODBC client.

When configured, AWS SSO authenticates the user identity against the identity source directory.

#### **Bypass Redshift User Authentication with IAM Access**

In most cases, Redshift users log in with their database username and password. However, to prevent Redshift administrators from maintaining usernames and passwords, AWS enables you to create user credentials based on IAM credentials to access the databases in Redshift.

The AWS Redshift API GetClusterCredentials returns the username and a temporary password for the database along with temporary authorization to log in.

To get the credentials, you need to assign a policy with the redshift:GetClusterCredentials to your User/Role.

After the temporary credentials are obtained, Redshift-data API can perform SQL queries.

Usually, you need to specify a user in the request parameters. However, if the "AutoCreate" option is "True", a new user is created automatically.  
![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/word-image-317352-2-1.png)

#### Pro Tip

It's recommended to know exactly which users and roles have "redshift:GetClusterCredentials" and "redshift-data" permissions, as they can potentially connect and read/write your sensitive data.

To check if there are policies allowing to generate temporary credentials for Redshift cluster, you can follow these steps and search for policies that allow the action "redshift:GetClusterCredentials":

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/red1.png)

After identifying the relevant policies, check the attached users, groups and roles. Further, you should also review inline policies for users and roles that may contain this privilege.

To get temporary credentials to connect to Redshift with cli:  
![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/00red2.png)

After the credentials are obtained, it's possible to execute queries against Redshift by running the following cli command:

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/00red3.png)

### ‍Protecting Data in Redshift with RBAC Authorization

Access to database objects, such as tables and views, is controlled by local users, roles and groups in the Amazon Redshift database. These users are managed separately from AWS standard IAM with local users and roles acting similarly to standard RDBMS mechanisms.

The local users and roles act the same as the standard RDBMS mechanism. Redshift admin can create users and groups and assign them the relevant privileges they need. It's recommended to create a user per identity so in the event of a security incident it'll be possible to track and monitor what data was accessed or even prevent unauthorized access before it happens.

The default users are the "rdsdb" user, and the user you created in the creation process.  
They're both Supeusers, when the user rdsdb is used internally by Redshift to perform routine administrative and maintenance tasks and only rdsdb can update the system catalog.

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/word-image-317352-3-1.png)

### Fine-Grained Data Security with Access Control

Redshift gives you fine-grained [data access controls](https://www.paloaltonetworks.com/cyberpedia/data-access-governance) that allow you to mitigate risk at the column- and row-levels.

#### **Column-Level Security**

You can grant user permissions to a subset of columns. Similar to managing any database object, column-level access control can be done by using GRANT and REVOKE statements at the column level.

#### **Row-Level Security (Rls)**

To ensure that sensitive data is only accessible by those who need it, Redshift provides fine-grained access control at the row level with its row-level security (RLS) feature.

Based on the foundation of role-based access control (RBAC), the RLS feature restricts who can access specific records within tables based on security policies defined at the database object level. Unlike other tools that require you to create different views or use different databases and schemas for different users, this approach is sustainable.

An RLS policy can control whether Amazon Redshift returns any existing rows from a table in a query by specifying expressions.

## Protecting Sensitive Data on Redshift by Limiting Network Access

### Disable Public Access

Redshift isn't publicly accessible by default so access to redshift clusters is possible only from inside the VPC or through a VPN. If the Public Access configuration is enabled, it's possible to connect to the Redshift cluster from anywhere without any restrictions.

#### Pro Tip

We strongly recommend blocking public access to Redshift clusters.

Disable public access with cli:

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/00red4.png)

Disable public access with AWS console:

Under the "Properties" tab, click "Edit" on the "Network and security settings" section:

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/word-image-317352-5-1.png)

### Control Network Access with Security Group

Another option to control access to the Redshift cluster is by setting the cluster's security group inbound rules. The security group is like firewall rules for the specific AWS service, by limiting to specific IPs, subnets, ports etc we can add another layer of security to our Redshift cluster.

#### Pro Tip

It's recommended to use the security group as a second layer of security and not use it together with public access to avoid mistakes that can easily lead to your data being exposed publicly.

### Enable Enhanced VPC Routing

When enhanced VPC routing is disabled, Amazon Redshift routes traffic through the internet, even traffic to other services within the AWS network.

#### Pro Tip

It's recommended to enable enhanced VPC routing to add another layer of security to your data at-transit.

To enable enhanced VPC routing with cli:

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/00red6.png)

To enable enhanced VPC routing with the AWS console:  
Under the "Properties" tab, on the "Network and security settings", click on "Edit".  
Change the configuration to "Turn on" then click "Save changes":

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/word-image-317352-8-1.png)

## Manage Your External Data Sources

As part of the AWS ecosystem, Redshift can use other services as data sources, to import or export data.

### IAM Role Association with Your Cluster

Redshift can be associated with IAM roles that authorize the cluster to access external data sources like S3, DynamoDB etc.

#### Pro Tip

It's recommended to make sure that the roles are configured correctly with the least privilege principle to avoid data leakage.

We will dig deeper into the data sources risks in our next blog post.

Add or remove roles with cli:

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/00red7.png)

Add or remove roles with the AWS console:  
Under the "Properties" tab, on the "Cluster permissions" section, click on "Manage IAM roles"

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/word-image-317352-10-1.png)

### Data Sharing with Redshift Clusters

With the Redshift datashares feature it's possible to share data across Redshift clusters in the same account or in different accounts. The feature gives instant access to data without the need to copy or move it. It's important to make sure that the cluster shares only data that is intended to be shared.

It's possible to share data on schema db level, schema level or table level.

Keep in mind that any data that leaves the cluster reduces the control on it, don't share sensitive data that shouldn't leave the cluster.

#### Pro Tip

To get full visibility to your current data shares status in your account, please follow the next steps.

To show Redshift data shares from cli:

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/00red8.png)

To see your data shares from inside Redshift:

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/00red9.png)

#### Pro Tip

Reduce the scope of sensitive information shared with other accounts.

To modify the tables or schemas that shared in the datashare you can use the alter command:

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/00red10.png)

Another important aspect when creating a data share is whether your data share can be shared with Redshift clusters that are publicly accessible.

#### Pro Tip

It's recommended to limit the data share so it won't be shared with public clusters.

Below are some examples for creating data shares:

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/00red11.png)

In case that the data share is already set as publicly accessible it's possible to modify this setting to false:

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/00red12.png)

## How Prisma Cloud Can Help with Data Security Posture Management for Redshift

Redshift is an awesome service with great capabilities that offers many security features. We reviewed many security aspects that need to be considered, reducing the attack surface is the most challenging but important part of prevention.

Appropriately configuring Redshift access controls may be challenging, but it can be done manually. Continuously monitoring your controls to ensure they function as intended, though, becomes a challenge, especially as you scale your data analytics usage.

Prisma Cloud prevents exposure of sensitive data with full data security posture management (DSPM) capabilities, highlighting data misconfigurations, access anomalies and data vulnerabilities that increase the risk of a data breach. Dig enriches [DSPM](https://www.paloaltonetworks.com/cyberpedia/data-security-posture-management-why-dspm) with near real-time data detection and response (DDR) to ensure an immediate handling of newly discovered data-related incidents by integrating with your existing security solutions.

### What's Next?

In our next post in the series of Redshift inside-out, we'll continue to review security features of Redshift, including encryption, backups and logs. More to come in our series exploring potential Redshift attack vectors and how to hunt and prevent them.

*** ** * ** ***

## Related Blogs

### [Data Detection and Response](https://www.paloaltonetworks.com/blog/cloud-security/category/data-detection-and-response/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown)

[#### How to Build an Enterprise Data Security Team](https://www.paloaltonetworks.com.au/blog/cloud-security/how-to-build-enterprise-data-security-team/)

### [Data Detection and Response](https://www.paloaltonetworks.com/blog/cloud-security/category/data-detection-and-response/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown)

[#### Redshift Security: Attack Surface Explained](https://www.paloaltonetworks.com.au/blog/cloud-security/redshift-security-attack-surface-explained/)

### [Data Detection and Response](https://www.paloaltonetworks.com/blog/cloud-security/category/data-detection-and-response/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown), [DLP](https://www.paloaltonetworks.com/blog/cloud-security/category/dlp/?ts=markdown)

[#### Data Security Platforms: 9 Key Capabilities and Evaluation Criteria](https://www.paloaltonetworks.com.au/blog/cloud-security/data-security-platform-capabilities-criteria/)

### [Data Detection and Response](https://www.paloaltonetworks.com/blog/cloud-security/category/data-detection-and-response/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown)

[#### Cloud Data Security \& Protection: Everything You Need to Know](https://www.paloaltonetworks.com.au/blog/cloud-security/cloud-data-security-protection-everything-you-need-to-know/)

### [Data Detection and Response](https://www.paloaltonetworks.com/blog/cloud-security/category/data-detection-and-response/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown)

[#### Prisma Cloud Data Security Vs. Other CSPM Vendors](https://www.paloaltonetworks.com.au/blog/cloud-security/dspm-vs-cspm/)

### [Data Detection and Response](https://www.paloaltonetworks.com/blog/cloud-security/category/data-detection-and-response/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown)

[#### Shadow Data Is Inevitable, But Security Risks Aren't](https://www.paloaltonetworks.com.au/blog/cloud-security/shadow-data-risk-mitigation/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language