Innovations in Web Security to Stop Evasive Threats

Jun 03, 2022
7 minutes
... views

We’ve witnessed a fundamental shift in today’s digital landscape as many organizations have adopted a hybrid work model – employees working from everywhere with more and more SaaS applications being used to operate day-to-day. As we move to cloud apps and internet usage sharply increases across different devices and locations, it’s becoming more important – and more difficult – for the enterprise to secure the web.

The evolution of the digital era has also paved the way for adversaries to develop and deploy sophisticated, advanced threats. To make matters worse, entry points like the Domain Name System (DNS), are often left unprotected, making it a highly desirable target. According to research done by IDC Threat Research Group, 42% of organizations today fail to secure their DNS traffic. This coupled with the evolution of web-based attacks has left security professionals struggling to prevent today’s highly-evasive threats including phishing, command-and-control (C2) and ransomware. It’s time for that to change.

Continuing our six-part webinar series, episode 3 will cover how our Advanced URL Filtering and DNS Security solutions can protect customers from today’s highly-evasive web-based and DNS-layer threats in real-time. If you missed our previous episodes, you can check them out here:

Attackers Are Becoming More Sophisticated Than Ever

Today’s attackers are innovating faster than traditional security can keep up. Well aware of the techniques security vendors use to prevent threats like phishing or data exfiltration, adversaries have combated this with techniques of their own. They are now leveraging the power of automation to rapidly generate millions and millions of malicious single use domains and URLs to use in attack campaigns, creating endless amounts of opportunities to breach an organization. They are also using highly-evasive techniques such as cloaking, which enables an attacker to hide malicious URLs from web crawlers and easily bypass security defenses.

Furthermore, threat actors are deploying sophisticated techniques for communications such as ultra-slow DNS tunneling, which leaks data extremely slowly across multiple domains controlled by the attacker, thereby making it even harder to detect and block. As the rate of innovation amongst attackers expands rapidly, organizations need to provide safe web access while keeping pace with the proliferation of advanced attacks.

Traditional Security Can’t Keep Up

Today’s security solutions lack the necessary capabilities to keep up with the level of sophistication of web-based threats. Many URL filtering solutions solely rely on web crawlers and static databases of known malicious URLs, which can prevent the threats we’ve seen in the past, but these databases cannot scale and do nothing to stop the unknown and highly-evasive threats we see today. This results in phishing continuing to pervade networks, accounting for 90% of today’s security incidents. Plus, research shows that 90% of today’s phishing kits include at least one evasive technique that allows attackers to breach organizations at scale. It’s clear that simply relying on URL filtering database lookups, which are done after-the-fact and offline, is no longer sufficient.

DNS traffic is often missed by security before protection, resulting in a rise of DNS-layer attacks. Research done by our Unit 42 Threat Intelligence team shows that 85% of malware abuses DNS for malicious activity such as data exfiltration, C2, phishing and ransomware. Traditional approaches to DNS security have relied on resolver-based solutions, meaning that with simple changes to configuration settings, adversaries can easily redirect an organization's traffic to malicious DNS servers. Moreover, most organizations today have some kind of static domain block list, but with millions and millions of new domains popping up each day, these static database signatures simply cannot scale to keep pace with emerging threats.

Gone are the days where organizations could prevent attacks by relying on after-the-fact analysis or static lists of previous threats. Studies have shown that 40% of today’s threats can only be prevented in real-time, meaning solutions must be able to detect and prevent threats inline. That’s why in our latest announcement of PAN-OS Nebula 10.2, we introduced new innovations to our web security solutions, Advanced URL Filtering and DNS Security, that help our customers ensure safe access to the web.

Real-Time Prevention of Web-Based Threats

To counter this evolution of modern day phishing, we’ve augmented our renowned database of known malicious URLs with inline deep learning applied to live user-based web content. Our Advanced URL Filtering service is able to analyze web traffic from a user session to detect and prevent evasion techniques used in modern phishing kits, instantly. Furthermore, we expanded our detection capabilities to not only analyze URL strings, but webpage content as well so that detection evasion techniques do not work. This enables customers to prevent 40% more threats than traditional web-filtering databases, as well as stop 76% of malicious URLs up to full day before any other vendor. On top of that, our Advanced URL Filtering solution is a cloud-native architecture, meaning that we can continue to train and retrain our deep learning models, and build entirely new detection capabilities – at cloud-scale and speed to protect the user from upcoming threats.

Comprehensive DNS-Layer Threat Protection

Enabling safe internet access for customers does not stop at web traffic. Organizations need to protect DNS, the most used non-web application. With DNS Security from Palo Alto Networks, customers can benefit from a resolver agnostic and natively-integrated solution that can provide comprehensive coverage and visibility of all of their DNS traffic across all users, locations and devices within their network. With the release of Nebula, we have continued to build upon our innovations with a number of industry-first detections to stop the latest and most sophisticated DNS-layer threats. These added capabilities enable our customers to benefit from 40% more threat coverage than any other vendor and 6 times faster detection of malicious newly registered domains than the next leading competitor. Paired with our inline deep learning capabilities for real-time protection, DNS Security is the industry’s most comprehensive DNS solution available.

Get Ahead of Today’s Web-Based Threats

As web usage continues to increase, organizations must prioritize securing internet access with solutions that offer real-time detection and prevention. With these latest enhancements to Advanced URL Filtering and DNS Security, Palo Alto Networks is helping organizations move away from the use of outdated and ineffective techniques to secure their internet edge, and equipping them with a solution that was made to combat the evolution of today's web-based and DNS-layer threats.

To dive into the technology behind our unique Advanced URL Filtering and DNS Security and understand how we stop today’s most evasive threats, register for episode 3 of our Nebula Tech Deep Dive Series: Innovations in Web Security to Stop Evasive Threats.

Check Out Our Previous Episodes

In episode one, we covered the nitty gritty of our new NGFW and security infrastructure that redefines what was thought possible – the prevention of advanced evasive threats as they happen. If you missed it, you can check out episode one: Industry Firsts in NGFW Design and Security for Internet Edge, Campus, and Data Centers.

In episode two, we explained how modern attackers are leveraging automated hack tools to evade traditional security controls and how organizations can stop unknown C2 inline using an intrusion prevention system (IPS). If you missed it you can check out episode two: Evolution of IPS to Advanced Threat Prevention.

Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.