Professional Documents
Culture Documents
Dns Security Service
Dns Security Service
Dns Security Service
Service
Apply predictive analytics to disrupt
Benefits attacks that use DNS for command
• Predict and block new malicious
domains with machine learning
and control or data theft
• Neutralize DNS-based tunneling The Domain Name System (DNS) is wide open for
• Simplify security with automation attackers. According to Palo Alto Networks Unit 42 threat
and replace standalone tools research team, almost 80% of malware uses DNS to initiate
command-and-control (C2) procedures. Unfortunately,
security teams lack basic visibility into how threats use
DNS to maintain control of infected devices.
Infinite scale
Honeynet URL Filtering
DNS Security Service ontinuously growing global threat intelligence. Your protec-
c
Palo Alto Networks DNS Security service applies predictive tion continues to grow with data from a large, expanding threat
analytics to disrupt attacks that use DNS for C2 or data theft. intelligence sharing community. Our malicious domain data-
Tight integration with Palo Alto Networks Next-Generation base has been gathered over years, with sources including:
Firewalls gives you automated protection and eliminates the • WildFire® malware prevention service to find new C2
need for independent tools. Threats hidden in DNS traffic are domains, file download source domains, and domains in
rapidly identified with shared threat intelligence and ma- malicious email links.
chine learning. Cloud-based protections scale infinitely and • URL Filtering to continuously crawl newfound or
are always up to date, giving your organization a critical new uncategorized sites for threat indicators.
control point to stop attacks that use DNS.
• Passive DNS and device telemetry to understand do-
main resolution history seen from thousands of deployed
Predict and Block New Malicious next-generation firewalls, generating petabytes of data
per day.
Domains • Unit 42 threat research to provide human-driven ad-
DNS is a massive and often overlooked attack surface pres- versary tracking and malware reverse engineering, in-
ent in every organization. Adversaries take advantage of the cluding insight from globally deployed honeypots.
ubiquitous nature of DNS to abuse it at multiple points of an • More than 30 third-party sources of threat intelligence
attack, including reliable C2. Security teams struggle to keep to enrich our understanding.
up with new malicious domains and enforce consistent pro-
With the DNS Security service, your firewalls can predict
tections for millions of emerging domains at once.
and stop malicious domains from domain generation algo-
The DNS Security service takes a different approach to pre- rithm-based malware with instant enforcement. Malware’s
dicting and blocking malicious domains, giving the advan- use of domain generation algorithms (DGA) continues to
tage back to overwhelmed network defenders. grow, limiting the effectiveness of blocking known malicious
Next-Generation Firewalls protect you against tens of m
illions domains alone. DGA malware uses a list of randomly gen-
of malicious domains identified with realtime analysis and erated domains for C2, which can overwhelm the signature
Standalone Tools
The DNS Security service is built on a modular, cloud-based
architecture to seamlessly add new detection, prevention,
Security teams need integrated innovations that extend and analytics capabilities with zero customer impact. We will
the value of their existing security investments without continue to use our rich shared threat intelligence and native
complicating operations. DNS Security takes advantage of enforcement capabilities to deliver new innovations against
the Next-Generation Firewall to stop attacks using DNS, attacks using DNS.
with full automation to reduce manual effort.
3000 Tannery Way © 2020 Palo Alto Networks, Inc. Palo Alto Networks is a registered
Santa Clara, CA 95054 trademark of Palo Alto Networks. A list of our trademarks can be found at
https://www.paloaltonetworks.com/company/trademarks.html. All other
Main: +1.408.753.4000 marks mentioned herein may be trademarks of their respective companies.
Sales: +1.866.320.4788 strata-dns-security-service-ds-021120
Support: +1.866.898.9087
www.paloaltonetworks.com