ThreatSTOP DNS Firewall Now Integrates with Windows Server 2016


ThreatSTOP today announced availability of ThreatSTOP DNS Firewall for Windows Server 2016, Microsoft’s most cloud-ready Server operating system ever. Using ThreatSTOP DNS Firewall, Windows Server 2016 customers can now automatically block outbound communications with threat actors’ command and control, dead-letter-drop, and dropper/infection infrastructure, preventing data theft and system compromise.

ThreatSTOP DNS Firewall will be showcased in a Microsoft and ThreatSTOP presentation on September 30th, and in booth 314 at the Microsoft Ignite conference in Atlanta, Georgia from September 26th through the 30th.

Almost all Internet connections begin with a DNS query. Just as users need DNS to make connections with applications, threats also use DNS to communicate with threat actors across a broad range of attack vectors. Thanks to Microsoft’s introduction of DNS Policies in Windows Server 2016, customers can now use ThreatSTOP DNS Firewall to interdict those communication attempts to prevent ransomware, drive-by downloads, botnets and other threats from succeeding. As a result, organizations gain immediate protection from known and unknown threats.

“The ThreatSTOP DNS Firewall provides an entirely new and powerful layer of security for our Microsoft Windows Server 2016 customers,” said Vithalprasad Gaitonde, Principal Program Manager at Microsoft. “It combines the benefit of up-to-the-minute threat intelligence with automated policy updates to proactively safeguard every device on the network from new and evolving threats.”

ThreatSTOP DNS Firewall protects the entire network by continuously updating user-defined policies powered by live threat data on the DNS servers used by all network clients. Policies can be based on threat type, geographic location and user-defined block lists. Once policies are set, the DNS Firewall immediately begins blocking or redirecting outbound communications with malicious domains. Detailed reports identify affected machines to speed remediation and prevent further infection across the network. The cloud-based service is easy to deploy and works with Windows Server 2016 natively─no new equipment or software installation is required.

Read the entire announcement here.

SC Magazine: ThreatSTOP CEO Talks IoT Security for Healthcare Industry


ThreatSTOP CEO and Founder Tom Byrnes recently spoke with SC Magazine about the inherent security risks of IoT devices in the healthcare industry.

According to the article, “another huge area for IoT attacks is the health care vertical. In the same way that operations and facility departments are not in the habit of having light bulbs and door locks approved by IT, their hospital counterparts are not used to getting standard medical systems, such as X-ray and ultrasound machines, approved by IT, either.”

Healthcare facilities are under attack because they enable hackers to access very valuable personal healthcare information such as Social Security numbers, medical records and dates of birth. A medical record can fetch as much as $363 on the black market.

Click here to read the SC Magazine article.

The ThreatSTOP report on security for the healthcare industry is available here.

ThreatSTOP 4.01 – New alerts for IP and DNS Firewall users


ThreatSTOP 4.01 release includes:

  • Email alerts for IP and DNS Firewall users

You can now have personalized alerts sent directly to your inbox. The new alerts are a based on user-defined filters and thresholds, are easily managed and configured through the dashboard and can be emailed to selected user(s). Alerts will only be sent when specified conditions are met and feature a “cool off” setting to eliminate an abundance of unwanted notifications.

Click here for more information.


  • Did you miss ThreatSTOP’s chief scientist, Paul Mockapetris, on the Peggy Smedley Show? Listen to a recording of the podcast here.
  • Going to Microsoft Ignite? Stop by and visit us at booth #314.

DNS Inventor and ThreatSTOP Chief Scientist is Guest on Domain Name Wire Podcast


Paul Mockapetris


This week Domain Name Wire is celebrating 100 episodes of the DNW podcast, and what better way to do it than have Paul Mockapetris as its guest. Paul invented the domain name system back in the 80s, and currently serves as the Chief Scientist for ThreatSTOP.

On this podcast, he talks about the early days of DNS, new uses for DNS, and security.

Click here to listen.

.XYZ taking action

Last week ThreatSTOP published a security analysis report regarding registration of malicious domains used for the Neutrino EK infrastructure.

In the report we mentioned that our analysis found that domains belonging to two ccTLDs, .top and .xyz, were found to host different parts of the I/S.

Shortly after publication of the report we were approached by the team from .xyz and they requested more info and specifically the list of domains that were associated with them.  Once we provided the domains, they were either detected as suspended by the time we published our report (93%) or were suspended imminently after the information was provided.

It is important to note that the good work that is done by the .xyz ccTLD team is helping to secure the internet and they are doing whatever they can to prevent abuse of their registry.

No response has been recorded to date from the .top ccTLD.

Security Report: Neutrino EK


Recently, we have seen vast DGA infrastructures constantly popping up for the Neutrino EK. The randomly generated string is usually a subdomain to a set of domains following a certain pattern, and are registered by the same registrant.

These domains are created by concatenating various parts such as letters, numbers, animal names, and colors, and forming a single string.

Read the security report here.

ThreatSTOP DNS Firewall customers are protected from Neutrino EK.

« Older Entries