Learn how the Palo Alto Networks DNS Security service
can help protect your network from advanced DNS-based threats.
With an active Threat Prevention license, customers
can configure their firewalls to sinkhole DNS requests using a list
of domains generated by Palo Alto Networks. These locally-accessed,
customizable DNS signature lists are packaged with antivirus and WildFire
updates and include the most relevant threats for policy
enforcement and protection at the time of publication. For improved
coverage against threats using DNS, the DNS Security subscription enables
users to access real-time protections using advanced predictive
analytics. Using techniques such as DGA/DNS tunneling detection
and machine learning, threats hidden within DNS traffic can be proactively
identified and shared through an infinitely scalable cloud service.
Because the DNS signatures and protections are stored in a cloud-based
architecture, you can access the full database of ever-expanding
signatures that have been generated using a multitude of data sources.
This allows you to defend against an array of threats using DNS
in real-time against newly generated malicious domains. To combat
future threats, updates to the analysis, detection, and prevention
capabilities of the DNS Security service will be available through
To access the DNS Security service, you must have a valid Threat
Prevention and DNS Security license.
The following workflow describes how the DNS Security service
uses various data sources to generate DNS signatures: