* [Blog](https://www.paloaltonetworks.com/blog)
* [Network Security](https://www.paloaltonetworks.com/blog/network-security/)
* [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/)
* Innovations in Web Securi...

# Innovations in Web Security to Stop Evasive Threats

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fdns-security-advanced-url-filtering%2F)  
[](https://twitter.com/share?text=Innovations+in+Web+Security+to+Stop+Evasive+Threats&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fdns-security-advanced-url-filtering%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fdns-security-advanced-url-filtering%2F&title=Innovations+in+Web+Security+to+Stop+Evasive+Threats&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/network-security/dns-security-advanced-url-filtering/&ts=markdown)  
\[\](mailto:?subject=Innovations in Web Security to Stop Evasive Threats)  
Link copied  
By [Mitchell Bezzina](https://www.paloaltonetworks.com/blog/author/mitchell-bezzina/?ts=markdown "Posts by Mitchell Bezzina")  
Jun 03, 2022  
7 minutes  
[Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown)  
[Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)  
[Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)  
[Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)  
[Advanced URL Filtering](https://www.paloaltonetworks.com/blog/tag/advanced-url-filtering/?ts=markdown)  
[CDSS](https://www.paloaltonetworks.com/blog/tag/cdss/?ts=markdown)  
[Cloud-Delivered Security Services](https://www.paloaltonetworks.com/blog/tag/cloud-delivered-security-services/?ts=markdown)  
[DNS Security](https://www.paloaltonetworks.com/blog/tag/dns-security/?ts=markdown)  
[Inline Deep Learning](https://www.paloaltonetworks.com/blog/tag/inline-deep-learning/?ts=markdown)  
[Network Security. Nebula](https://www.paloaltonetworks.com/blog/tag/network-security-nebula/?ts=markdown)

We've witnessed a fundamental shift in today's digital landscape as many organizations have adopted a hybrid work model -- employees working from everywhere with more and more SaaS applications being used to operate day-to-day. As we move to cloud apps and internet usage sharply increases across different devices and locations, it's becoming more important -- and more difficult -- for the enterprise to secure the web.

The evolution of the digital era has also paved the way for adversaries to develop and deploy sophisticated, advanced threats. To make matters worse, entry points like the Domain Name System (DNS), are often left unprotected, making it a highly desirable target. According to research done by IDC Threat Research Group, 42% of organizations today fail to secure their DNS traffic. This coupled with the evolution of web-based attacks has left security professionals struggling to prevent today's highly-evasive threats including phishing, command-and-control (C2) and ransomware. It's time for that to change.

Continuing our six-part webinar series, [episode 3](https://register.paloaltonetworks.com/nebula-tech-deep-dive-series?utm_medium=blog&utm_source=deep-dive-second-episode&utm_campaign=nebula-deep-dives)will cover how our Advanced URL Filtering and DNS Security solutions can protect customers from today's highly-evasive web-based and DNS-layer threats in real-time. If you missed our previous episodes, you can check them out here:

* Episode 1: [Industry Firsts in NGFW Design and Security for Internet Edge, Campus, and Data Centers.](https://register.paloaltonetworks.com/nebula-tech-deep-dive-series?utm_medium=blog&utm_source=deep-dive-second-episode&utm_campaign=nebula-deep-dives)
* Episode 2: [Evolution of IPS to Advanced Threat Prevention](https://register.paloaltonetworks.com/nebula-tech-deep-dive-series?utm_medium=blog&utm_source=deep-dive-second-episode&utm_campaign=nebula-deep-dives)

## Attackers Are Becoming More Sophisticated Than Ever

Today's attackers are innovating faster than traditional security can keep up. Well aware of the techniques security vendors use to prevent threats like phishing or data exfiltration, adversaries have combated this with techniques of their own. They are now leveraging the power of automation to rapidly generate millions and millions of malicious single use domains and URLs to use in attack campaigns, creating endless amounts of opportunities to breach an organization. They are also using highly-evasive techniques such as cloaking, which enables an attacker to hide malicious URLs from web crawlers and easily bypass security defenses.

Furthermore, threat actors are deploying sophisticated techniques for communications such as ultra-slow DNS tunneling, which leaks data extremely slowly across multiple domains controlled by the attacker, thereby making it even harder to detect and block. As the rate of innovation amongst attackers expands rapidly, organizations need to provide safe web access while keeping pace with the proliferation of advanced attacks.

## Traditional Security Can't Keep Up

Today's security solutions lack the necessary capabilities to keep up with the level of sophistication of web-based threats. Many URL filtering solutions solely rely on web crawlers and static databases of known malicious URLs, which can prevent the threats we've seen in the past, but these databases cannot scale and do nothing to stop the unknown and highly-evasive threats we see today. This results in phishing continuing to pervade networks, accounting for 90% of today's security incidents. Plus, research shows that 90% of today's phishing kits include at least one evasive technique that allows attackers to breach organizations at scale. It's clear that simply relying on URL filtering database lookups, which are done after-the-fact and offline, is no longer sufficient.

DNS traffic is often missed by security before protection, resulting in a rise of DNS-layer attacks. Research done by our Unit 42 Threat Intelligence team shows that 85% of malware abuses DNS for malicious activity such as data exfiltration, C2, phishing and ransomware. Traditional approaches to DNS security have relied on resolver-based solutions, meaning that with simple changes to configuration settings, adversaries can easily redirect an organization's traffic to malicious DNS servers. Moreover, most organizations today have some kind of static domain block list, but with millions and millions of new domains popping up each day, these static database signatures simply cannot scale to keep pace with emerging threats.

Gone are the days where organizations could prevent attacks by relying on after-the-fact analysis or static lists of previous threats. Studies have shown that 40% of today's threats can only be prevented in real-time, meaning solutions must be able to detect and prevent threats inline. That's why in our [latest announcement of PAN-OS Nebula 10.2](https://www.paloaltonetworks.com/blog/2022/03/network-security-innovation-and-prevention/?ts=markdown), we introduced new innovations to our web security solutions, [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) and [DNS Security](https://www.paloaltonetworks.com/network-security/dns-security?ts=markdown), that help our customers ensure safe access to the web.

### Real-Time Prevention of Web-Based Threats

To counter this evolution of modern day phishing, we've augmented our renowned database of known malicious URLs with inline deep learning applied to live user-based web content. Our Advanced URL Filtering service is able to analyze web traffic from a user session to detect and prevent evasion techniques used in modern phishing kits, instantly. Furthermore, we expanded our detection capabilities to not only analyze URL strings, but webpage content as well so that detection evasion techniques do not work. This enables customers to prevent 40% more threats than traditional web-filtering databases, as well as stop 76% of malicious URLs up to full day before any other vendor. On top of that, our Advanced URL Filtering solution is a cloud-native architecture, meaning that we can continue to train and retrain our deep learning models, and build entirely new detection capabilities -- at cloud-scale and speed to protect the user from upcoming threats.

### Comprehensive DNS-Layer Threat Protection

Enabling safe internet access for customers does not stop at web traffic. Organizations need to protect DNS, the most used non-web application. With DNS Security from Palo Alto Networks, customers can benefit from a resolver agnostic and natively-integrated solution that can provide comprehensive coverage and visibility of all of their DNS traffic across all users, locations and devices within their network. With the release of Nebula, we have continued to build upon our innovations with a number of industry-first detections to stop the latest and most sophisticated DNS-layer threats. These added capabilities enable our customers to benefit from 40% more threat coverage than any other vendor and 6 times faster detection of malicious newly registered domains than the next leading competitor. Paired with our inline deep learning capabilities for real-time protection, DNS Security is the industry's most comprehensive DNS solution available.

### Get Ahead of Today's Web-Based Threats

As web usage continues to increase, organizations must prioritize securing internet access with solutions that offer real-time detection and prevention. With these latest enhancements to Advanced URL Filtering and DNS Security, Palo Alto Networks is helping organizations move away from the use of outdated and ineffective techniques to secure their internet edge, and equipping them with a solution that was made to combat the evolution of today's web-based and DNS-layer threats.

To dive into the technology behind our unique Advanced URL Filtering and DNS Security and understand how we stop today's most evasive threats, register for episode 3 of our Nebula Tech Deep Dive Series:[Innovations in Web Security to Stop Evasive Threats.](https://register.paloaltonetworks.com/nebula-tech-deep-dive-series?utm_medium=blog&utm_source=deep-dive-second-episode&utm_campaign=nebula-deep-dives)

### Check Out Our Previous Episodes

In [episode one](https://www.paloaltonetworks.com/blog/network-security/pan-os-10-2-nebula-campus-data-center-security/?ts=markdown), we covered the nitty gritty of our new NGFW and security infrastructure that redefines what was thought possible -- the prevention of advanced evasive threats as they happen. If you missed it, you can check out episode one:[Industry Firsts in NGFW Design and Security for Internet Edge, Campus, and Data Centers.](https://register.paloaltonetworks.com/nebula-tech-deep-dive-series?utm_medium=blog&utm_source=deep-dive-second-episode&utm_campaign=nebula-deep-dives)

In [episode two](https://www.paloaltonetworks.com/blog/network-security/ips-to-advanced-threat-prevention/?ts=markdown), we explained how modern attackers are leveraging automated hack tools to evade traditional security controls and how organizations can stop unknown C2 inline using an intrusion prevention system (IPS). If you missed it you can check out episode two: [Evolution of IPS to Advanced Threat Prevention](https://register.paloaltonetworks.com/nebula-tech-deep-dive-series?utm_medium=blog&utm_source=deep-dive-second-episode&utm_campaign=nebula-deep-dives).

*** ** * ** ***

## Related Blogs

### [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### The Evolution of IPS to Advanced Threat Prevention: Preventing Unknown Command and Control Attacks in Real-Time](https://www.paloaltonetworks.com/blog/network-security/ips-to-advanced-threat-prevention/)

### [Data Security](https://www.paloaltonetworks.com/blog/network-security/category/data-security/?ts=markdown), [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Improving Phishing Detection, DNS and Industrial OT Security: The Always Innovating Series](https://www.paloaltonetworks.com/blog/network-security/always-innovating-network-security-platform/)

### [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Announcing the First Unit 42 Network Threat Trends Research Report](https://www.paloaltonetworks.com/blog/network-security/unit-42-network-threat-trends-research/)

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Guarding Against Malware in 2023: 4 Predictions to Enhance Your Security Strategy](https://www.paloaltonetworks.com/blog/network-security/network-threat-trends-malware-attacks/)

### [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Why the Evolution of Ransomware Calls for Next-Level Web Protection](https://www.paloaltonetworks.com/blog/network-security/ransomware-attacks-advanced-url-filtering/)

### [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Stop Zero-Day Threats with Zero Compromises: New PA-Series Beat Competition in Head-to-Head Test](https://www.paloaltonetworks.com/blog/network-security/new-pa-series-miercom-report/)

### Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language