Provides a bird’s-eye view of the state of your network. Statements on the total number threats detected on your network and the number of applications in use (including high-risk and SaaS applications) allow you to quickly assess how exposed you are to risk and focus areas for more strict or granular security policy control.

Gives you a view into the applications traversing your network, especially highlighting applications that are commonly non-compliant and/or can introduce operational or security risks. Application findings also include total and application-level bandwidth consumption and the applications in use according to type (like media or collaboration). This application visibility allows you to weigh the business value of applications in use on your network, against the risk applications can introduce (such as malware delivery, data exfiltration, or excessive bandwidth consumption).

Highlights the SaaS applications in use on your network, including the SaaS apps that are transferring the most data and those that have risky hosting characteristics (frequent data breaches, poor terms of service, etc.). Understanding the presence of SaaS apps on your network can help you work towards safely enabling the apps that are critical to your business, while providing threat protection and preventing data leaks.

Summarizes the web browsing activity on your network. Uncontrolled web access can result in exposure to malware, phishing attacks, and data loss. The advanced URL filtering activity report is broken down into several sections:

Gives you insight into the most commonly-used file types on your network, and what applications are being used to transfer these files. You can use the analysis provided here to consider more strict controls that prevent sensitive or proprietary data from leaving your network, and the delivery of malicious content into your network.

Summarizes your organization’s risk exposure by breaking down the attacks detected in your network:

Your Threat summary also breaks down the high risk file types detected on your network, and the file types found to have delivered malware that was unknown until WildFire detection. Examine this data to best assess where you can immediately start to reduce your attack surface.

Summarizes your exposure to threats hidden within DNS traffic. DNS is an often overlooked attack vector. Advanced attackers in particular use DNS-based techniques like DNS tunneling and DGAs (domain generation algorithms) to exfiltrate data and to set up command-and-control (C2) channels, respectively. To give you a view into malicious DNS activity on your network, the DNS Security Analysis section also reveals:

The Advanced DNS Security and Advanced DNS Security Resolver subscriptions offer additional detection and/or deployment possibilities. To reflect those enhancements, you also get access to additional widgets that provide insight into specific detections and performance metrics relevant to those subscriptions.

The following sections are available in each report:

DNS Security Analysis (Summary): Provides an overview report about the DNS activity in your network. This includes how much of your DNS traffic is malicious (including the associated malware families), the host country of the malicious threats, and the total number of DNS requests analyzed.

Traffic Distribution: Provides a breakdown of the DNS requests and responses from your network, based on the DNS categories as defined by DNS Security.

DNS Traffic Insights: Provides domains that are most requested from within your network, organized by DNS traffic type.

Malicious Traffic Insights: Provides a list of the top malicious domains accessed from your network, and the countries hosting most of these malicious domains.

Known Malware and Families: Provides a list of malicious domains and any malware families that are associated with the top domains in your network.

Advanced DNS Security Resolver: Provides a list of Malicious, High-Risk, and Benign traffic entering your network using the Palo Alto Networks Advanced DNS Security Resolver. If you are using third-party resolvers in your network, the same breakdown is listed based on each resolver.

DNS Zone Misconfiguration: Provides a listing of public-facing misconfigured domains that are inadvertently created by domain owners who point alias records to third party domains using CNAME, MX, NS record types, using entries that are no longer valid. This can allow an attacker to take over the domain by registering the expired or unused domains.