The DNS Security Resolver now provides access to a new domain category for content-based DNS signature sources: file-converter. File-converter websites used for tasks like PDF conversion or unlocking documents pose possible data exfiltration risks, especially for enterprises in regulated industries handling sensitive patient or financial data. These sites were previously grouped under Computer and Internet Info. You can now apply a discrete policy action for the file-converter domain category, allowing you to block a specific range of websites.

Threat actors increasingly use domains that mimic legitimate software providers to distribute fake or malicious software. By employing techniques like typo-squatting or character substitution, these deceptive domains trick you into unwittingly downloading trojanized versions of productivity applications or secure shell clients. This vulnerability exposes your network to system infections, data theft, and lateral movement by threat actors who exploit the trust users place in familiar brand names.

The Advanced DNS Security and Advanced DNS Security Resolver services now include a specialized detection capability to proactively identify and block access to these malicious domains. Fake/Malicious software hosting domain detection leverages advanced techniques to analyze DNS queries and responses in real-time for indicators of impersonation. By categorizing these threats under the existing Malware category with a specific threat name (using the format <generic>:Fake_Software:<FQDN>), the service provides you with granular visibility and proactive protection at the DNS layer. This ensures a robust defense against sophisticated impersonation attacks before a network connection is ever established.