Overview

Make DNS work for you—not for bad actors

hidden threats icon
Uncover and stop hidden threats

that deliver malware, steal data, and disrupt operations

visibility icon
Ensure unbeatable performance

and availability with rapid DNS resolution

performance icon
Maintain complete visibility

over DNS traffic, including detailed, context-rich logs

The Problem

Legacy firewalls let attacks like DNS tunneling and DNS spoofing go undetected

Surges in traffic from remote work, cloud applications, and IoT/OT devices have driven an exponential increase in DNS resolutions—creating too many requests for traditional firewalls to screen effectively. These firewalls can't inspect DNS or DNS over HTTPS (DoH) traffic for threats without slowing it to a crawl. Instead, they allow it, giving attackers a new way to carry out stealthy DNS spoofing, DDoS attacks, phishing, and more.

70%
of attacks involve DNS as part of the attack sequence (IDC)
90%
of organizations face multiple DNS attacks every year (IDC)
80%
of organizations say DNS Security is critical for their security posture (IDC)
Solution Overview

Stop DNS-based attacks with monitoring and protection at scale

Zscaler DNS Security filters risky and malicious domains and stops the use of DNS tunneling to distribute malware and steal data. As part of the cloud native Zscaler Zero Trust Firewall, it provides full coverage across all ports and protocols without compromising performance.

Best-in-class filtering and AI-powered DoH inspection
01

Best-in-class filtering and AI-powered DoH inspection

Inspect all DNS traffic and enforce inline DNS tunnel protection. Detect and stop data theft, stop attacks hiding in DoH, and comply with domain and IP address categorization.

Complete visibility over all DNS traffic
02

Complete visibility over all DNS traffic

Investigate DNS transactions with confidence through context-rich data and forensically complete logs. Support zero trust with context, strict authentication, continual policy checks, and adaptive real-time enforcement.

Lightning-fast, secure DNS resolution and high availability
03

Lightning-fast, secure DNS resolution and high availability

Support productivity and reliable access to location-based content for all users and devices. Ensure a great user experience with DNS gateway to third-party resolvers.

Benefits

Empower and secure your workforce and operations

gain-robust-protection
Gain robust protection

against attacks such as DNS spoofing, DNS tunneling, phishing, malware distribution, DDoS, and more.

user-experience
Ensure a great user experience

with requests resolved at the edge, and content delivered by the optimal CDN in local language and currency.

simplify-regulatory-compliance
Simplify regulatory compliance

with various mandates and practices for data retention and logging, as well as evolving standards like Protective DNS (PDNS).

Reduce total cost of ownership
Reduce total cost of ownership (TCO)

with no hardware or software to manage. 100% cloud-delivered DNS Security lets admins focus on impactful tasks over maintenance.

Solution Details

Strengthen DNS security and optimize performance

powerful-ai-powered-data-visibility
Key offerings

Granular Filtering

Prevent or thwart DNS-based attacks with customizable actions and granular filtering rules for DNS queries sent over any protocol.

AI-Powered Inspection

Find and stop hidden attacks. Unlimited inline traffic inspection, machine learning, and native TLS/SSL decryption prevent stealthy threats and terminate malicious connections.

Trusted DNS Resolvers

Speed up DNS resolution and improve the user experience. Zscaler Trusted Resolvers (ZTR) are delivered as close to the user as possible from more than 150 edge locations.

DNS Gateway

Translate plaintext DNS requests to DoH for privacy and security. Direct DoH traffic to PDNS resolvers that analyze and block requests to malicious domains.

DNS Tunnel Detection

Find and stop DNS tunnels used to control malware and exfiltrate data with an advanced detection engine.

Flexible Failover and Error Handling

Ensure users maintain reliable, high-speed access with automatic failover options and configurable error handling to support high availability.

Use Cases

Outsmart adversaries while improving user experience

Defend against DNS attacks and data exfiltration

Detect threats early and throughout the attack life cycle. Provide inline protection against advanced DNS tunneling and data exfiltration techniques.

Improve incident response and remediation

Enhance incident response, investigation, and threat hunting with forensically complete logs and contextually rich data.

Comply with industry standards and zero trust

Increase business agility and resilience to support digital transformation and cloud adoption with a segmentation-centric, identity- and access-focused framework.

Ensure reliable access and fast resolution quality

Give your users first-rate, highly available DNS resolution and location-based content through EDNS Client Subnet (ECS) injection, no matter where they connect.

FAQ

Request a demo

Let our experts show you how you can prevent DNS-based attacks with powerful DNS security and control.