DNS Security
DNS Security delivers enterprise-grade DNS control and filtering with rapid resolution for unbeatable performance and availability with the industry’s most comprehensive cloud native security service edge (SSE) platform.
Sophisticated DNS-based attacks bypass legacy security tools
The Domain Name System (DNS) is integral to how we use the internet, but as a decades-old service, it’s being tested in the modern digital world. Surging traffic from hybrid and remote work, cloud applications, and IoT/OT devices greatly impacts DNS performance and availability—and DNS is a popular vector for threat actors to exploit. Commonly found in firewall allowlists, DNS and now DNS over HTTP/S (DoH) can easily mask DNS attacks. Without monitoring and protection at scale, adversaries can deliver threats and exfiltrate data undetected.
Deliver unbeatable and secure DNS resolution through Zscaler Trusted Resolvers while providing high availability, hyper-specific location-based content for all users and devices. Give your users the best experience with DNS gateway to third-party resolvers.
Leave no stone unturned: proxy all DNS traffic to Zscaler for inspection at scale and inline DNS tunnel protection. Detect and stop data exfiltration, stop sneaky DNS attacks hiding in DNS over HTTPS (DoH), and ensure compliance with domain and IP address categorization.
Investigate all DNS transactions with confidence through context-rich data and forensically complete logs. Establish zero trust network access (ZTNA) with context, strict user authentication, and continual policy checks while terminating malicious connections with adaptive, real-time policy enforcement.
Zscaler Trusted Resolvers (ZTR) speed up DNS resolution and improve user experience by bringing resolvers closer to the user at more than 150 edge locations.
DNS Gateway translates all plaintext DNS requests to DNS over HTTPS (DoH) for privacy and security. It also directs DoH traffic to Protective DNS (PDNS) resolvers that analyze and block requests to malicious domains.
DNS Security features granular filtering rules for DNS queries sent over any protocol and customizable actions designed to prevent or thwart DNS-based attacks.
Zscaler’s advanced detection engine finds and stops DNS tunnels used to control malware and exfiltrate data.
DNS Deployment Architecture
Outsmart adversaries while improving user experience
No matter where your users connect, give them first-rate, highly available DNS resolution and location-based content through ECS injection.
Detect threats early and throughout the attack kill chain, providing inline protection against advanced DNS tunneling and data exfiltration techniques.
100% cloud-delivered DNS Security has no hardware or software to manage, letting your administrators focus on more critical tasks while reducing infrastructure costs.
Forensically complete logs and contextually rich data enhance incident response (IR), forensics, and threat hunting.
The segmentation-centric, identity- and access-focused framework allows you to increase agility and resilience, enabling business initiatives such as digital transformation and cloud adoption.
Experience the power of the Zscaler Zero Trust Exchange
A comprehensive cloud platform eliminates point products and reduces operational overhead.
01 Cyberthreat Protection
Holistic approach to securing users, workloads, and devices
02 Data Protection
Full TLS/SSL inspection at scale for complete data protection across the SSE platform
03 Zero Trust Connectivity
Connect to apps, not networks, to prevent lateral movement with ZTNA
04 Digital Experience Management
Digital Experience Management
Take the next step
Let our experts show you how you can prevent modern DNS attacks with Zscaler DNS Control.