Strengthening Your DNS Protection with Advanced DNS Security

May 08, 2024
4 minutes
270 views

The intensity of today’s threat landscape has put organizations at greater risk of a breach. However, vulnerability can be looked at as the birthplace of innovation. As modern adversaries continue to innovate, so does security. As the leader in global cybersecurity, Palo Alto Networks continues to evolve their solutions in order to deliver best-in-class security for their customers and protect every major threat vector in their network. This includes Precision AI by Palo Alto Networks–our proprietary AI system that helps security teams trust AI outcomes by using rich data and security-specific models to automate detection, prevention and remediation with accuracy. How does Precision AI help drive our Advanced DNS Security?

DNS, also known as the domain name system, has become one area that attackers are increasingly abusing for their malicious campaigns. In fact, Palo Alto Networks sees over 1.6 million new and unique malicious domains everyday, resulting in 584 million never-before-seen DNS-layer threats per year. Unfortunately, this increase in abuse is due to the general nature of DNS. It is foundational to our use of the internet, it carries a significant amount of data in and out of a network, and sadly, organizations often leave it unprotected due to not being aware of the many ways it can be abused.

One method of DNS abuse that has become extremely popular amongst attackers is DNS hijacking. DNS hijacking is the act of redirecting DNS queries to a malicious server and intercepting traffic intended for a legitimate destination. This attack is used to manipulate communication between users and websites and leave organizations vulnerable to phishing attacks, data theft, malware delivery and much more. Recent studies have found that in 2023, 33% of organizations fell victim to a DNS hijacking attack, and with the relentlessness of today’s threat actors, this number is only expected to rise. This is why here at Palo Alto Networks, we believe DNS security solutions must evolve to successfully secure an organization’s DNS traffic and prevent the emerging threat of DNS hijacking.

In our recent release of PAN-OS 11.2 Quasar, we introduced our new cloud-delivered security service, Advanced DNS Security. Advanced DNS Security directly addresses the threat of DNS hijacking by offering real-time AI-powered analysis of the DNS response. The ability to inspect responses inline is the only way to stop DNS hijacking attacks. In this attack, because threat actors can redirect a user’s legitimate request to a malicious site by manipulating the DNS response, the inspection cannot be done offline or after the fact. By the time a solution identifies the attack, the user has likely already fallen victim and engaged with the attacker’s site. The only way to stop DNS hijacking attacks is to inspect the DNS response in real-time with AI-powered models to ensure a user’s request isn’t redirected to a domain whose legitimate IP address has been changed to a malicious IP using DNS hijacking techniques. With real-time inspection, not only can Advanced DNS Security instantly block malicious domains, but this analysis also offers valuable insights, including comprehensive logging for historical context of hijacked domains and fine-grained policy controls.

However, manipulating the DNS response is not the only means for an attacker to carry out the threat of DNS hijacking. As organizations continue to grow their business, their DNS footprint grows as well. Organizations must maintain every domain and subdomain associated with their business and, if done manually, there is a higher chance of their domains being misconfigured. Attackers today continuously scan for these misconfigured domains that they can easily take control of and host their malicious content. In order to prevent this, organizations can no longer rely on the slow and manual process of managing their DNS records. In fact, studies have found that 20% of DNS records are misconfigured and therefore prone to DNS hijacking. Now with Advanced DNS Security, customers can prevent any misconfigurations with simple and automated configuration management. This allows them to proactively block access to misconfigured domains through automated discovery and monitoring of their public-facing domains.

With this announcement, Palo Alto Networks builds on its already industry-leading DNS Security solution by offering 22% more coverage than before and over 2x more threat coverage than the next leading security vendor. With its ability to analyze and prevent threats with inline AI-powered models, Advanced DNS Security offers real-time protection across the entire DNS journey (the DNS request and response) and is the industry’s first solution to stop network-based DNS hijacking attacks in real time. These innovations allow customers to provide a safe and reliable online experience for their users, ensuring business continuity. To learn more about Advanced DNS Security, please visit paloaltonetworks.com. If you are already a DNS Security customer and want to learn how you can start using Advanced DNS Security, please contact your sales representative.


Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.