>
    Strata Copilot
    Cloud-Delivered Security Services Support for Prisma Access
    Focus
    Download PDF
    Focus
    1. Home
    2. What's New in the NetSec Platform
    3. What's New in the NetSec Platform
    4. November 2025
    5. Cloud-Delivered Security Services Support for Prisma Access
    Download PDF
    What's New in the NetSec Platform

    Cloud-Delivered Security Services Support for Prisma Access

    Table of Contents

    Cloud-Delivered Security Services Support for Prisma Access

    Prisma Access support for Cloud-Delivered Security Services (CDSS).
    To maintain a robust defense against emerging threats, Prisma Access now includes support for the following Cloud-Delivered Security Services (CDSS) capabilities:
    These features require a minimum Cloud Services plugin of 6.0 (for Prisma Access (Managed by Panorama deployments only) and a minimum dataplane version of PAN-OS® 11.2.
    • Advanced DNS Security Powered by Precision AI®—The Advanced DNS Security service defends against sophisticated DNS-related threats to maintain network integrity and data security.
      • DNS hijacking and misconfiguration prevention—Meticulously detects and immediately blocks DNS hijacking (where attackers alter DNS records to redirect traffic) and accidental or malicious DNS misconfigurations. This ensures the integrity of DNS resolution by preventing unauthorized redirection through advanced monitoring and analysis.
      • Malicious traffic distribution system (TDS)—Combats threats hidden within malicious TDS—sophisticated attack frameworks that use complex DNS schemes to distribute malware and exploit kits. The service analyzes DNS traffic patterns to identify indicators of compromise (IOCs), effectively blocking access to these malicious distribution channels.
      • Domain masquerading protection—Safeguards against domain masquerading by identifying and blocking malicious domains that closely resemble legitimate ones (typosquatting). It uses cutting-edge AI and machine learning algorithms to analyze vast amounts of DNS data, detecting subtle patterns and characteristic behaviors associated with spoofed or malicious domains.
    • Advanced URL Filtering—Use Prisma Access to add support for the following categories:
      • Compromised website—This category specifically identifies legitimate websites that have been hacked or infected with malicious content. This allows you to use granular policy control to distinguish between inherently malicious sites and otherwise trustworthy sites that have been temporarily compromised.
      • File converter—This categorizes sites that allow users to convert, compress, or modify files. This new category helps organizations manage access to these tools, mitigating data leakage and compliance risks associated with unauthorized file sharing and modification.
      • ML-powered quishing (QR code) protection—Blocks quishing attacks by introducing an ML-powered QR code detector. This feature specifically addresses the growing threat of malicious QR codes embedded on legitimate websites, which attackers use to bypass the perimeter defenses of enterprise-protected networks and target unmanaged personal devices.
      • Deepfake content detection—Protects against hyper-realistic social engineering. A new deep learning model is active to identify and block malicious content featuring deepfake videos. This provides essential protection from attackers who use highly convincing deepfake impersonations of trusted individuals in phishing attacks.
    • Advanced WildFire® Powered by Precision AI—Enhanced defenses against evasive threats including a new deep learning model for PDF phishing, multi-CPU sandboxing for advanced malware, and ML-powered API Vector Categorization for fileless attacks.
      • PDF analysis for phishing—A new Convolutional Neural Network (CNN)-based deep learning model is available. This model analyzes the visual appearance (in addition to the text) of embedded URLs in PDF files to detect highly evasive, embedded phishing attacks that exploit the PDF format.
      • API vector categorization—Leverages Machine Learning (ML) to perform in-memory analysis of the patterns and sequences of API calls made by malware during runtime. This advanced approach creates a unique behavioral "fingerprint" (API Vector) to accurately identify and classify highly evasive, fileless, and memory-resident attacks that bypass conventional analysis.
      • Multi-CPU advanced dynamic analysis—Enhances Advanced Dynamic Analysis (sandboxing) by including multiple virtual CPUs (vCPUs) in the Windows guest sandbox environment. This capability is specifically designed to defeat sophisticated malware that evades detection by checking for and refusing to execute in single-CPU virtual environments.
    • Advanced Threat Prevention Powered by Precision AI—The following new features enhance threat detection, custom threat coverage, and protection against advanced data exfiltration attempts.
        • Exfiltration shield for advanced threat prevention—Introduces a sophisticated machine learning (ML) model to combat advanced data exfiltration. This feature focuses on detecting stealthy data egress over common protocols like DNS relay and HTTP headers, which are frequently used to bypass traditional security. Integration is seamless with existing Advanced DNS Security and ATP subscriptions.

    © 2025 Palo Alto Networks, Inc. All rights reserved.