Learn how the Palo Alto Networks DNS Security service
can help protect your network from advanced DNS-based threats.
With an active Threat Prevention license, customers
can configure their firewalls to sinkhole DNS requests using a list
of domains generated by Palo Alto Networks. These locally-accessed,
customizable DNS signature lists are packaged with antivirus and WildFire updates and
include the most relevant threats for policy enforcement and protection
at the time of publication. For improved coverage against threats
using DNS, the DNS Security subscription enables users to access
real-time protections using advanced predictive analytics. Using
techniques such as DGA/DNS tunneling detection and machine learning, threats
hidden within DNS traffic can be proactively identified and shared
through an infinitely scalable cloud service. Because the DNS signatures
and protections are stored in a cloud-based architecture, you can
access the full database of ever-expanding signatures that have
been generated using a multitude of data sources. This allows you
to defend against an array of threats using DNS in real-time against
newly generated malicious domains. To combat future threats, updates
to the analysis, detection, and prevention capabilities of the DNS
Security service will be available through content releases.
To access the DNS Security service, you must have a valid Threat
Prevention and DNS Security license.
The following workflow describes how the DNS Security service
uses various data sources to generate DNS signatures: