Monday, August 19, 2019
By Blake Volk, Fuel User Group Member
Palo Alto Networks has released PAN-OS 9.0 to the user community recently, and now after releasing version 9.0.3, there are a lot of great features I am excited to run and use in my environment. They have added multiple features to cover the enterprise as a whole, and also to streamline the conversion process of legacy policies to app-based policies. This helps secure the enterprise even more.
I have been running PAN-OS 9.0 in a lab environment, and I can say that the newly added features have greatly helped with streamlining multiple daily processes. In this article, I plan to do a deep dive into one of the biggest features that I am excited to implement: DNS Security. These security features will help you secure your organization from multiple threats in a very streamlined way.
DNS Security is one of the biggest features added to PAN-OS 9.0. With DNS Security, you are able to leverage the powerful, real-time global threat intelligence available from Palo Alto Networks, along with the real-time investigation and detection. DNS Security also has a growing database of malicious domains that it will instantly start enforcing. The feature is also able to recognize DNS Tunneling quickly and neutralize the threat automatically. This, per Palo Alto Network’s website, is all done using automated policy action. Adding this security layer on to your Wildfire, threat prevention and other security subscriptions allows to help reduce the threat vectors the enterprise would be vulnerable to and also allows the enterprise to leverage policy automation to block threats.
The below diagram displays DNS Security from Palo Alto’s white pages website on the product.
I plan to leverage the DNS Security platform to help reduce command and control as well as the threat of DNS Tunneling in my environment. With DNS being allowed to move through a network so easily and the growing threat of DNS Tunneling, DNS Security will help minimize that threat.
DNS Tunneling itself is an interesting concept when you look at how the threat is executed. Let’s say a hacker creates a bad domain called acmevirus.com and points out that bad domain’s name server back to their server. It has a malware program running on it that runs some kind of malware with the ability to tunnel. The attacker then starts a phishing attack, or some other kind of attack, to infect a computer on the enterprise network. Once the computer on the enterprise network is infected, it then sends DNS requests back to the attacker’s server. This connection can then be used by the hacker to pull data and do other things to the network.
Unit 42 wrote up a great article on what DNS Tunneling is and I recommend people read it to understand how much of a threat this is. You can access the article here: What is DNS Tunneling?
I think DNS Security as a whole will help secure the enterprise and help minimize attacks while leveraging the Next-Generation Firewall.
More to Explore
Check out these Fuel blog posts for further reading