About DNS Security

DNS Security

About DNS Security

Table of Contents

About DNS Security

Learn how the Palo Alto Networks DNS Security service can help protect your network from advanced DNS-based threats.
Where Can I Use This?
What Do I Need?
  • Prisma Access
  • NGFW
  • DNS Security License
  • Advanced Threat Prevention or Threat Prevention License
The DNS Security cloud service is designed to protect your organization from advanced DNS-based threats. By applying advanced machine learning and predictive analytics to a diverse range of threat intelligence sources, DNS Security rapidly generates enhanced DNS signatures to defend against known malicious DNS categories, as well as real-time analysis of DNS requests to defend your network against newly generated and unknown malicious domains. DNS Security can detect various C2 threats, including DNS tunneling, DNS rebinding attacks, domains created using auto-generation, malware hosts, and many more. DNS Security requires and works with your Advanced Threat Prevention or Threat Prevention subscription for complete DNS threat coverage.
With an active Threat Prevention license operating on supported network security platforms, customers can sinkhole DNS requests using a list of domains generated by Palo Alto Networks. These locally-accessed, customizable DNS signature lists are packaged with antivirus and WildFire updates and include the most relevant threats for policy enforcement and protection at the time of publication. For improved coverage against threats using DNS, the DNS Security subscription enables users to access real-time protections using advanced predictive analytics. Using techniques such as DGA/DNS tunneling detection and machine learning, threats hidden within DNS traffic can be proactively identified and shared through an infinitely scalable cloud service. Because the DNS signatures and protections are stored in a cloud-based architecture, you can access the full database of ever-expanding signatures that have been generated using a multitude of data sources. This allows you to defend against an array of threats using DNS in real-time against newly generated malicious domains. To combat future threats, updates to the analysis, detection, and prevention capabilities of the DNS Security service will be available through content releases.
To access the DNS Security service, you must have a valid Threat Prevention and DNS Security license in addition to any base licenses required to operate your network security platform.
The following workflow describes how the DNS Security service uses various data sources to generate DNS signatures:
The DNS Security subscription service is available on the following Palo Alto Networks network security platforms:
Learn about deploying and monitoring DNS Security in your network:
DNS Security service monitoring options include:

Recommended For You