Take back control of your DNS traffic

Disrupt attacks that use DNS

DNS Security service applies predictive analytics for automated protections to thwart attacks that use DNS.

A powerful new weapon to combat attacks

DNS is wide open for attackers. Attacks using DNS often succeed because security teams lack basic visibility into how threats use DNS to maintain control of infected devices or steal data. Current approaches drown you in uncoordinated data from independent tools or require changes to DNS infrastructure.

DNS Security service applies predictive analytics, machine learning, and automation to block attacks that use DNS. Tight integration with the next-generation firewall gives you automated protections and eliminates the need for independent tools. Now you can rapidly predict and prevent malicious domains, neutralize threats hidden in DNS tunneling, and apply automation to quickly find and contain infected devices.


Predict and block new malicious domains

DNS Security gives the advantage back to defenders. It automatically prevents tens of millions of malicious domains identified with real-time analysis and continuously growing global threat intelligence. It predicts and stops malicious domains from domain generation algorithm-based malware with instant enforcement. And it provides limitless protection against malicious domains with a cloud-based database for infinite scale.


Neutralize DNS tunneling

DNS Security enables you to quickly detect command and control or data theft employing DNS tunneling with machine learning-powered analysis. It builds on the signature-based protection of PAN-OS® to identify advanced tunneling attempts, enabling you to rapidly neutralize DNS tunneling attempts with automated policy action.


Simplify security with automation

With integrated DNS Security on the next-generation firewall, there’s no need for independent DNS security tools or changes to DNS routing. It automates dynamic response to find infections quickly and respond with policy. And it makes it easy to take advantage of the latest DNS security innovations through our extensible cloud-based architecture, which continues to improve detection and prevention.


Related Products

Security Operating Platform

Provides multiple layers of prevention at each stage of the attack lifecycle with consistency across the network, endpoints, datacenter, remote offices and cloud environments.

Learn more

Next-Generation Firewalls

Our next-generation firewalls secure your business with a prevention-focused architecture and integrated innovations that are easy to deploy and use.

Learn more


Our virtualized next-generation firewall that protects your private and public cloud deployments by segmenting applications and preventing threats.

Learn more


WildFire® malware prevention service is the industry’s most advanced analysis and prevention engine for highly evasive zero-day exploits and malware.

Learn more


Panorama™ network security management empowers you with easy-to-implement, consolidated policy creation and management, and. Set up and control next-generation firewalls centrally with an efficient rule base, and gain insight into network-wide threats.

Learn more

URL Filtering

The URL Filtering security service protects users by identifying malicious sites and automatically preventing web-based attacks, including phishing, command-and-control, and exploit kits.

Learn more

Threat Prevention

The Threat Prevention security service protects organizations across the entire attack lifecycle, preventing known vulnerability exploits, malware, and spyware (command-and-control).

Learn more

Request your Security Lifecycle Review (SLR)

The SLR examines your network traffic and generates a comprehensive report unique to your organization to help you discover the applications and threats exposing vulnerabilities in your security posture. Request now