{"id":109108,"date":"2020-04-08T06:00:49","date_gmt":"2020-04-08T13:00:49","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=109108"},"modified":"2020-08-07T15:23:14","modified_gmt":"2020-08-07T22:23:14","slug":"network-dns-security","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2020\/04\/network-dns-security\/","title":{"rendered":"How DNS Security Helps Secure Your Remote Workforce"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">All of us are currently dealing with the COVID-19 crisis. For many of us, that means the new adjustment of working from home. While this enables business continuity, it also places our businesses at additional risk from cyber threats. Adversaries know many employees are working from home using work laptops that may contain sensitive, valuable information. Already, we\u2019ve seen threats such as malware, phishing attacks and ransomware related to COVID-19.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">There are a multitude of different ways <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2020\/04\/network-working-from-home\/\"><span style=\"font-weight: 400;\">businesses can help protect their employees and their customers from these attacks<\/span><\/a><span style=\"font-weight: 400;\">. Protecting endpoints, using <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/cyberpedia\/what-is-a-vpn\"><span style=\"font-weight: 400;\">VPNs<\/span><\/a><span style=\"font-weight: 400;\">, patching systems with completely up to date software and using multi-factor authentication are great examples of low-hanging fruit that enable greater protection. But one threat vector that\u2019s easily addressed with high impact is being overlooked: securing your DNS traffic.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Every connection with the internet starts with a <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/cyberpedia\/what-is-dns\"><span style=\"font-weight: 400;\">DNS query<\/span><\/a><span style=\"font-weight: 400;\">. DNS is required for mission-critical applications, websites and resources across your network. Securing DNS is essential to your network security. Millions of malicious domains already exist and thousands of new malicious domains are created every day. In fact, our Unit 42 threat research team has <\/span><a href=\"https:\/\/unit42.paloaltonetworks.com\/covid19-cyber-threats\/\"><span style=\"font-weight: 400;\">logged over 100,000 new potentially phony web domains<\/span><\/a><span style=\"font-weight: 400;\"> registered with words including \u201ccovid,\u201d \u201cvirus\u201d and \u201ccorona\u201d in their names, in just the past few weeks.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Attackers have increasingly used DNS to spread malware and steal data by hiding within DNS traffic itself. Because DNS is necessary for business and therefore ubiquitous, it\u2019s easy to hide in the high volume of traffic. By securing your DNS you\u2019re protecting against malware and other forms of advanced attacks that may include domain generation algorithms and tunneling. According to our <\/span><a href=\"https:\/\/unit42.paloaltonetworks.com\/\"><span style=\"font-weight: 400;\">Unit 42<\/span><\/a><span style=\"font-weight: 400;\"> threat research team, over <\/span><a href=\"https:\/\/cdw-prod.adobecqms.net\/content\/dam\/cdw\/on-domain-cdw\/brands\/palo-alto-networks\/stop-attackers-from-using-dns-against-you.pdf\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">80% of malware uses DNS to establish command-and-control channels to exfiltrate data<\/span><\/a><span style=\"font-weight: 400;\">. Securing your DNS traffic has a tremendous impact, with <\/span><a href=\"https:\/\/www.globalcyberalliance.org\/dns-economic-value-report\/\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">over a third of breaches preventable through DNS-level security<\/span><\/a><span style=\"font-weight: 400;\">. In other words, implementing better DNS security could translate to preventing upwards of $200 billion in global losses. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Palo Alto Networks DNS Security subscription applies predictive analytics to disrupt attacks that use DNS for command-and-control or data theft. Our cloud-based protections are always-up-to-date and scale infinitely, <img loading=\"lazy\" decoding=\"async\"  class=\" wp-image-109109 alignright lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/04\/DNS123.png\" alt=\"Three steps to install DNS Security as an add-on subscription for a Palo Alto Networks Next-Generation Firewall: 1) Activate your DNS Security subscription license, 2) Configure DNS policy settings, 3) Test and validate that policy actions are enforced.\" width=\"557\" height=\"373\" \/>giving your organization a critical new control point to stop attacks that use DNS. If you\u2019re already a customer, installing <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/products\/threat-detection-and-prevention\/dns-security\"><span style=\"font-weight: 400;\">DNS Security<\/span><\/a><span style=\"font-weight: 400;\"> is as easy as turning it on. You won\u2019t need to deploy additional appliances, and since it\u2019s cloud-based, you won\u2019t have to deploy additional software or make changes to your DNS infrastructure. It\u2019s simply a matter of activating a subscription. Existing customers can <\/span><a href=\"https:\/\/knowledgebase.paloaltonetworks.com\/KCSArticleDetail?id=kA10g000000Cm6HCAS\"><span style=\"font-weight: 400;\">begin a 90-day free trial<\/span><\/a><span style=\"font-weight: 400;\"> or just follow the three easy steps below to turn DNS Security on and protect DNS traffic in minutes. For more information on deploying DNS Security, see our <\/span><a href=\"https:\/\/docs.paloaltonetworks.com\/pan-os\/9-0\/pan-os-admin\/threat-prevention\/dns-security\/enable-dns-security\"><span style=\"font-weight: 400;\">Step-by-Step Enablement Walkthrough<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">If you\u2019re not currently a customer of Palo Alto Networks firewalls in physical deployments, and you\u2019re looking into adding protection quickly, consider <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/prisma\/access\"><span style=\"font-weight: 400;\">Prisma Access<\/span><\/a><span style=\"font-weight: 400;\"> for cloud-delivered security.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Learn more about <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/resources\/datasheets\/dns-security-service\"><span style=\"font-weight: 400;\">DNS Security<\/span><\/a><span style=\"font-weight: 400;\">. <\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>DNS security is often overlooked in discussions of securing remote workers. Addressing it can be simple to execute and have a tremendous impact.<\/p>\n","protected":false},"author":283,"featured_media":108905,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6768,6765],"tags":[7050,1548,111,6833,102],"coauthors":[3023],"class_list":["post-109108","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-secure-the-cloud","category-secure-the-enterprise","tag-covid-19","tag-dns","tag-ngfw","tag-prisma-access","tag-remote-access","net_sec_category-next-generation-firewalls"],"jetpack_featured_media_url":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/04\/unit42-covid-blog-image.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/109108","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/283"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=109108"}],"version-history":[{"count":8,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/109108\/revisions"}],"predecessor-version":[{"id":109129,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/109108\/revisions\/109129"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/108905"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=109108"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=109108"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=109108"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=109108"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}