Saucepan

User Tools

Site Tools

Trace: dns_security
paloaltonetworks:dns_security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
paloaltonetworks:dns_security [2023/01/04 12:13] bstaffordpaloaltonetworks:dns_security [2025/08/29 13:27] (current) – [Details] bstafford
Line 7: Line 7:
  
 [[https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/datasheets/dns-security-service|DNS Security Data Sheet]] [[https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/datasheets/dns-security-service|DNS Security Data Sheet]]
 +===== DoT/DoH =====
 +PAN-OS 11.2.1 [[https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-networking-admin/dns/configure-a-dns-proxy-object|released the ability]] for DNS Proxy on PAN-OS to act as a DoT/DoH server and also forward on DoT/DoH.
  
-Data Sources Include:+ 
 +=====Data Sources=====
   * Passive DNS   * Passive DNS
-  * WildFire 
-  * [[https://www.honeynet.org/|Honeynet]] 
   * URL Filtering   * URL Filtering
 +  * [[https://www.paloaltonetworks.com/network-security/wildfire|WildFire]]
 +  * [[https://www.honeynet.org/|Honeynet]]
   * [[https://cyberthreatalliance.org/|Cyber Threat Alliance]]   * [[https://cyberthreatalliance.org/|Cyber Threat Alliance]]
-  * Unit 42 +  * [[https://unit42.paloaltonetworks.com/|Unit 42]]
  
 +=====Details=====
   * Response in <100 Milliseconds   * Response in <100 Milliseconds
   * More than 30 third-party sources of threat intelligence to enrich data and ensure you have coverage   * More than 30 third-party sources of threat intelligence to enrich data and ensure you have coverage
Line 23: Line 26:
   * 40% more threat coverage than other leading vendors   * 40% more threat coverage than other leading vendors
   * Stops newly registered domains 6x faster than publicaly avaialble scanners   * Stops newly registered domains 6x faster than publicaly avaialble scanners
 +
 +New in mid 2025
 +
 +  * Detection of unknown C2 threats developed using the open source Sliver C2 framework (ATP)
 +  * Enhanced Empire C2 deteciton
 +  * Protection against DNS relaying attacks, also known as Data Exfiltration via HTTP request headers (ATP+ADNS)
 +  * Domain Masquerading Detection, Malicious TDS Detection (ADNS)
 +  * AI Categorization, Crypto Scam Detection, DeepFake Phishing Detection (AURL)
 +  * Endpoint DLP
 +
 +=====URL Categories Blockable=====
 +  * Ad Tracking
 +  * Command and Control
 +  * Dynamic DNS Hosted
 +  * Grayware
 +  * Malware
 +  * Newly Registered Domains (NRD)
 +  * Parked
 +  * Phishing
 +  * Proxy Avoidance & Anonymizers
 +
 +===== DNS Techniques =====
 +  * Dangling DNS (PAN only)
 +  * WildCard DNS (PAN only)
 +  * NXNS Attack (PAN only)
 +  * CNAME Cloaking
 +  * Ultra-Slow DNS Tunneling
 +  * Data Theft
 +  * DNS Tunneling
 +  * DNS Infiltration
 +  * Compromised DNS Zone
 +  * DNS Rebinding
 +  * Strategically Aged Domains
 +  * Domain Squating
 +  * Domain Generation Algorithm (DGA)
 +  * Dictionary DGA
 +  * Fast Flux Domains
 +  * DNS Rebinding Attacks
 +  * Dangling SNA Attacks
paloaltonetworks/dns_security.1672834426.txt.gz · Last modified: by bstafford