Positively Identify Infected Hosts
We speed security teams’ ability to identify and take action on infected hosts with our DNS sinkhole capability. Using the DNS sinkhole, outbound requests to malicious domains or IP addresses are redirected to an internal IP address set up by an administrator, preventing those requests from leaving the network and providing you with a report of the compromised machines initiating those requests on which incident response teams can act.
The Palo Alto Networks threat research team proactively investigates new command-and-control techniques, reverse engineering them to create high-fidelity C2 protections that conclusively identify and block the malicious activity. By proactively identifying new command-and-control activity, developing protections for our customers, and sharing the information with the security community, we are removing weapons used by attackers to threaten users and compromise enterprise, government and service provider networks.