{"id":1289,"date":"2020-04-08T13:00:49","date_gmt":"2020-04-08T13:00:49","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=109108"},"modified":"2023-06-06T23:55:23","modified_gmt":"2023-06-06T23:55:23","slug":"how-dns-security-helps-secure-your-remote-workforce","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2020\/04\/08\/how-dns-security-helps-secure-your-remote-workforce\/","title":{"rendered":"How DNS Security Helps Secure Your Remote Workforce"},"content":{"rendered":"<p><span>All of us are currently dealing with the COVID-19 crisis. For many of us, that means the new adjustment of working from home. While this enables business continuity, it also places our businesses at additional risk from cyber threats. Adversaries know many employees are working from home using work laptops that may contain sensitive, valuable information. Already, we\u2019ve seen threats such as malware, phishing attacks and ransomware related to COVID-19.<\/span><\/p>\n<p><span>There are a multitude of different ways <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2020\/04\/network-working-from-home\/\"><span>businesses can help protect their employees and their customers from these attacks<\/span><\/a><span>. Protecting endpoints, using <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/cyberpedia\/what-is-a-vpn\"><span>VPNs<\/span><\/a><span>, patching systems with completely up to date software and using multi-factor authentication are great examples of low-hanging fruit that enable greater protection. But one threat vector that\u2019s easily addressed with high impact is being overlooked: securing your DNS traffic.<\/span><\/p>\n<p><span>Every connection with the internet starts with a <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/cyberpedia\/what-is-dns\"><span>DNS query<\/span><\/a><span>. DNS is required for mission-critical applications, websites and resources across your network. Securing DNS is essential to your network security. Millions of malicious domains already exist and thousands of new malicious domains are created every day. In fact, our Unit 42 threat research team has <\/span><a href=\"https:\/\/unit42.paloaltonetworks.com\/covid19-cyber-threats\/\"><span>logged over 100,000 new potentially phony web domains<\/span><\/a><span> registered with words including \u201ccovid,\u201d \u201cvirus\u201d and \u201ccorona\u201d in their names, in just the past few weeks.<\/span><\/p>\n<p><span>Attackers have increasingly used DNS to spread malware and steal data by hiding within DNS traffic itself. Because DNS is necessary for business and therefore ubiquitous, it\u2019s easy to hide in the high volume of traffic. By securing your DNS you\u2019re protecting against malware and other forms of advanced attacks that may include domain generation algorithms and tunneling. According to our <\/span><a href=\"https:\/\/unit42.paloaltonetworks.com\/\"><span>Unit 42<\/span><\/a><span> threat research team, over <\/span><a href=\"https:\/\/cdw-prod.adobecqms.net\/content\/dam\/cdw\/on-domain-cdw\/brands\/palo-alto-networks\/stop-attackers-from-using-dns-against-you.pdf\" rel=\"nofollow,noopener\"><span>80% of malware uses DNS to establish command-and-control channels to exfiltrate data<\/span><\/a><span>. Securing your DNS traffic has a tremendous impact, with <\/span><a href=\"https:\/\/www.globalcyberalliance.org\/dns-economic-value-report\/\" rel=\"nofollow,noopener\"><span>over a third of breaches preventable through DNS-level security<\/span><\/a><span>. In other words, implementing better DNS security could translate to preventing upwards of $200 billion in global losses. <\/span><\/p>\n<p><span>The Palo Alto Networks DNS Security subscription applies predictive analytics to disrupt attacks that use DNS for command-and-control or data theft. Our cloud-based protections are always-up-to-date and scale infinitely, <img fetchpriority=\"high\" decoding=\"async\" class=\" wp-image-109109 alignright lozad\" data-src=\"\/blog\/wp-content\/uploads\/2020\/04\/DNS123.png\" alt=\"Three steps to install DNS Security as an add-on subscription for a Palo Alto Networks Next-Generation Firewall: 1) Activate your DNS Security subscription license, 2) Configure DNS policy settings, 3) Test and validate that policy actions are enforced.\" width=\"557\" height=\"373\">giving your organization a critical new control point to stop attacks that use DNS. If you\u2019re already a customer, installing <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/products\/threat-detection-and-prevention\/dns-security\"><span>DNS Security<\/span><\/a><span> is as easy as turning it on. You won\u2019t need to deploy additional appliances, and since it\u2019s cloud-based, you won\u2019t have to deploy additional software or make changes to your DNS infrastructure. It\u2019s simply a matter of activating a subscription. Existing customers can <\/span><a href=\"https:\/\/knowledgebase.paloaltonetworks.com\/KCSArticleDetail?id=kA10g000000Cm6HCAS\"><span>begin a 90-day free trial<\/span><\/a><span> or just follow the three easy steps below to turn DNS Security on and protect DNS traffic in minutes. For more information on deploying DNS Security, see our <\/span><a href=\"https:\/\/docs.paloaltonetworks.com\/pan-os\/9-0\/pan-os-admin\/threat-prevention\/dns-security\/enable-dns-security\"><span>Step-by-Step Enablement Walkthrough<\/span><\/a><span>.<\/span><\/p>\n<p><span>If you\u2019re not currently a customer of Palo Alto Networks firewalls in physical deployments, and you\u2019re looking into adding protection quickly, consider <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/prisma\/access\"><span>Prisma Access<\/span><\/a><span> for cloud-delivered security.<\/span><\/p>\n<p><span>Learn more about <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/resources\/datasheets\/dns-security-service\"><span>DNS Security<\/span><\/a><span>. <\/span><\/p>\n<p><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2020\/04\/network-dns-security\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>All of us are currently dealing with the COVID-19 crisis.<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[186,30,187,188,189,184,185],"tags":[192,38,193,194,195,190,191],"class_list":["post-1289","post","type-post","status-publish","format-standard","hentry","category-covid-19","category-dns","category-ngfw","category-prisma-access","category-remote-access","category-secure-the-cloud","category-secure-the-enterprise","tag-covid-19","tag-dns","tag-ngfw","tag-prisma-access","tag-remote-access","tag-secure-the-cloud","tag-secure-the-enterprise"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Palo Alto","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/paloalto\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/covid-19\/\" rel=\"category tag\">COVID-19<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/dns\/\" rel=\"category tag\">DNS<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ngfw\/\" rel=\"category tag\">NGFW<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/prisma-access\/\" rel=\"category tag\">Prisma Access<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/remote-access\/\" rel=\"category tag\">remote access<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/secure-the-cloud\/\" rel=\"category tag\">Secure the Cloud<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/secure-the-enterprise\/\" rel=\"category tag\">Secure the Enterprise<\/a>","tag_info":"Secure the Enterprise","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1289","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=1289"}],"version-history":[{"count":1,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1289\/revisions"}],"predecessor-version":[{"id":1387,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1289\/revisions\/1387"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=1289"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=1289"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=1289"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}