Palo Alto Networks DNS Security now provides enhanced identification of malicious DNS
tunnel activity by evaluating individual DNS queries in real-time to minimize data leakage.
The DNS Security DNS tunnel detector now provides enhanced identification of
malicious DNS tunnel activity by evaluating individual DNS queries in real-time to
minimize data leakage. Previously, including with traditional DNS tunnel detectors,
DNS Security relied on statistical analysis of query sequences, which can lead to
data loss, as they require pattern observation across multiple queries, before
detection is possible. However, the revamped DNS tunnel detector is able to evaluate
individual DNS queries in real-time, enabling it to identify malicious tunneling
activity from the very first query to the last. This can help protect your network
from sophisticated strategies designed to evade session-based detectors and minimize
initial data loss.
Additional configuration is not required if you have already
enabled DNS Security and defined a policy
action for
Command and Control Domains, which is the parent
category for the existing DNS Tunnel Detection
DNS threat category.