Threat actors increasingly use domains that mimic legitimate software providers to distribute fake or malicious software. By employing techniques like typo-squatting or character substitution, these deceptive domains trick you into unwittingly downloading trojanized versions of productivity applications or secure shell clients. This vulnerability exposes your network to system infections, data theft, and lateral movement by threat actors who exploit the trust users place in familiar brand names.

The Advanced DNS Security and Advanced DNS Security Resolver services now include a specialized detection capability to proactively identify and block access to these malicious domains. Fake/Malicious software hosting domain detection leverages advanced techniques to analyze DNS queries and responses in real-time for indicators of impersonation. By categorizing these threats under the existing Malware category with a specific threat name (using the format <generic>:Fake_Software:<FQDN>), the service provides you with granular visibility and proactive protection at the DNS layer. This ensures a robust defense against sophisticated impersonation attacks before a network connection is ever established.

Relying on a single global DNS sinkhole setting for an entire tenant limits your ability to tailor threat response strategies across different network segments. This constraint forces all security profiles to use the same redirection target, preventing granular control over how you handle malicious traffic from specific sources like External Dynamic Lists (EDLs) or Custom FQDN Groups.

You can now configure multiple custom sinkhole definitions to address diverse security requirements within Strata Cloud Manager for the Advanced DNS Security Resolver. This capability allows you to define up to 10 distinct sinkhole servers and assign them individually to specific profiles, categories, or lists. You can also easily toggle your tenant-wide default sinkhole without disrupting other custom configurations.

By diversifying your sinkhole targets, you improve your ability to isolate compromised devices and collect precise forensic data based on the nature of the detected threat. Existing custom configurations migrate automatically to this new framework, ensuring continuity for your current security policies.