How DNS Security Helps Secure Your Remote Workforce

Apr 08, 2020
3 minutes

All of us are currently dealing with the COVID-19 crisis. For many of us, that means the new adjustment of working from home. While this enables business continuity, it also places our businesses at additional risk from cyber threats. Adversaries know many employees are working from home using work laptops that may contain sensitive, valuable information. Already, we’ve seen threats such as malware, phishing attacks and ransomware related to COVID-19.

There are a multitude of different ways businesses can help protect their employees and their customers from these attacks. Protecting endpoints, using VPNs, patching systems with completely up to date software and using multi-factor authentication are great examples of low-hanging fruit that enable greater protection. But one threat vector that’s easily addressed with high impact is being overlooked: securing your DNS traffic.

Every connection with the internet starts with a DNS query. DNS is required for mission-critical applications, websites and resources across your network. Securing DNS is essential to your network security. Millions of malicious domains already exist and thousands of new malicious domains are created every day. In fact, our Unit 42 threat research team has logged over 100,000 new potentially phony web domains registered with words including “covid,” “virus” and “corona” in their names, in just the past few weeks.

Attackers have increasingly used DNS to spread malware and steal data by hiding within DNS traffic itself. Because DNS is necessary for business and therefore ubiquitous, it’s easy to hide in the high volume of traffic. By securing your DNS you’re protecting against malware and other forms of advanced attacks that may include domain generation algorithms and tunneling. According to our Unit 42 threat research team, over 80% of malware uses DNS to establish command-and-control channels to exfiltrate data. Securing your DNS traffic has a tremendous impact, with over a third of breaches preventable through DNS-level security. In other words, implementing better DNS security could translate to preventing upwards of $200 billion in global losses.

The Palo Alto Networks DNS Security subscription applies predictive analytics to disrupt attacks that use DNS for command-and-control or data theft. Our cloud-based protections are always-up-to-date and scale infinitely, Three steps to install DNS Security as an add-on subscription for a Palo Alto Networks Next-Generation Firewall: 1) Activate your DNS Security subscription license, 2) Configure DNS policy settings, 3) Test and validate that policy actions are your organization a critical new control point to stop attacks that use DNS. If you’re already a customer, installing DNS Security is as easy as turning it on. You won’t need to deploy additional appliances, and since it’s cloud-based, you won’t have to deploy additional software or make changes to your DNS infrastructure. It’s simply a matter of activating a subscription. Existing customers can begin a 90-day free trial or just follow the three easy steps below to turn DNS Security on and protect DNS traffic in minutes. For more information on deploying DNS Security, see our Step-by-Step Enablement Walkthrough.


If you’re not currently a customer of Palo Alto Networks firewalls in physical deployments, and you’re looking into adding protection quickly, consider Prisma Access for cloud-delivered security.

Learn more about DNS Security.

Subscribe to the Newsletter!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.