ThreatSTOP 4.05 release

ThreatSTOP 4.05 release includes:

  • Reporting updates
  • Policy update


  • Two new filter options have been added to the web-based reporting.
    • A Port filter has been added, allowing users to filter IP Firewall reports by port number, port range, or port name.
    • An Exclude filter has been added, allowing users to specify an IP address or IP range they would like excluded from report results.


  • A new geographic target has been added to the policy editor, allowing users to create Geo policies using top level domain (TLD) data.

Protecting your hybrid cloud

Did you miss ThreatSTOP’s webinar with dinCloud? Watch it hear to learn how ThreatSTOP can help you increase security beyond the cloud. Check it out

ThreatSTOP launches next generation of DNS Firewall to Stop Outbound Communications with Threat Actors

Use live threat data to turn DNS servers into true DNS Firewalls

Carlsbad, CA – October 5, 2016 – ThreatSTOP has released the next generation of its cloud-based solution that easily turns any DNS server into a DNS firewall. The service enables automatic blocking or redirection of network communications in accordance with customizable policies. Version 4 adds graphical reporting with drilldowns and enhanced “Check IOC” functionality. The ThreatSTOP® DNS Firewall prevents a broad range of threats including ransomware, drive-by downloads, botnets and other Internet risks from activating and doing their dirty work.

DNS Firewalls are a necessary layer in a defense-in-depth approach to securing networks and systems. Virtually all Internet connections begin with a DNS lookup, regardless of the device used or network type. ThreatSTOP’s DNS Firewall interdicts outbound connections to malicious domains and IP addresses by enforcing custom policies populated with timely threat intelligence using existing DNS servers. No new hardware or software is needed, and the flow of traffic in the network does not need to be reconfigured. Privacy and confidentiality are preserved because queries and data remain in the customer network.

“Every company uses a DNS server to initiate direct connections to domains and IP addresses. Turning that DNS server into a DNS firewall is the easiest and most effective way to secure networks and systems,” said Paul Mockapetris, DNS inventor and Chief Scientist for ThreatSTOP. “Most of the time, if you just shut down the outbound conversations between malware and the attackers, they will lose interest and move on. The real key though is having a layered policy driven enforcement system that allows for multiple response options, custom reports and detailed queries on specific events, and tools to truly understand the nature of the indicators of compromise.”

ThreatSTOP DNS Firewall supports BIND 9.8.1 and later and all its derivatives including: Infoblox, BlueCat, VitalQIP, and EfficientIP; as well as Windows Server 2016, F5, Knot and PowerDNS.

ThreatSTOP’s next generation DNS Firewall is a significant upgrade to the company’s legacy OEM solution distributed by Infoblox, providing:

  • Full customization of policy and action including custom policy elements from user provided data, enabling custom white, black, and greylisting.
  • Powerful new graphical reports that are fully customizable with filtering and scoping
  • An in-depth research tool that enables users to easily navigate between their data and compiled research information
  • A new agile alerting system.

Legacy OEM customers who migrate to the ThreatSTOP branded next generation version can take advantage of one-time support and transition offerings through ThreatSTOP and its channel partners. ThreatSTOP is offering a fully functional free trial for new customers that takes less than 15 minutes to configure.

Key benefits of the next generation ThreatSTOP DNS Firewall are:

  • Automated blocking or redirection of outbound communications per user policy
  • Graphical summary reporting with event and threat indicator drilldowns enable host forensics for immediate remediation or training
  • Easy to install and works everywhere:
    • Requires no new hardware or software
    • No network reconfiguration required: Queries and data never leave the customer network
    • Can be deployed on premise or in the cloud
    • Works with the overwhelming majority of DNS servers, whether physical, virtual, or cloud.
  • Works with the ThreatSTOP IP Firewall service to block inbound attacks

The DNS firewall acts as the perfect complement to the ThreatSTOP IP Firewall, which prevents inbound communications from bad actors. ThreatSTOP is currently offering a “Starter Kit” for companies of any size that includes both the DNS Firewall and IP Firewall for $25,000 per year. Multi-year licenses are available on request. More details available on the ThreatSTOP website

About ThreatSTOP

ThreatSTOP is a network security company offering a cloud-based threat protection service that protects every device and workload on a network from cyberattacks and data theft. It can protect any network, from virtual cloud networks to branch LANs to the largest carrier networks. The service operationalizes threat intelligence to deflect inbound and outbound threats, including botnets, phishing and ransomware, and prevent data exfiltration. For more information, visit

CONTACTS:   Michael Becce, MRB Public Relations, Inc. | (732) 758-1100 x104

ThreatSTOP DNS Firewall Now Integrates with Windows Server 2016


ThreatSTOP today announced availability of ThreatSTOP DNS Firewall for Windows Server 2016, Microsoft’s most cloud-ready Server operating system ever. Using ThreatSTOP DNS Firewall, Windows Server 2016 customers can now automatically block outbound communications with threat actors’ command and control, dead-letter-drop, and dropper/infection infrastructure, preventing data theft and system compromise.

ThreatSTOP DNS Firewall will be showcased in a Microsoft and ThreatSTOP presentation on September 30th, and in booth 314 at the Microsoft Ignite conference in Atlanta, Georgia from September 26th through the 30th.

Almost all Internet connections begin with a DNS query. Just as users need DNS to make connections with applications, threats also use DNS to communicate with threat actors across a broad range of attack vectors. Thanks to Microsoft’s introduction of DNS Policies in Windows Server 2016, customers can now use ThreatSTOP DNS Firewall to interdict those communication attempts to prevent ransomware, drive-by downloads, botnets and other threats from succeeding. As a result, organizations gain immediate protection from known and unknown threats.

“The ThreatSTOP DNS Firewall provides an entirely new and powerful layer of security for our Microsoft Windows Server 2016 customers,” said Vithalprasad Gaitonde, Principal Program Manager at Microsoft. “It combines the benefit of up-to-the-minute threat intelligence with automated policy updates to proactively safeguard every device on the network from new and evolving threats.”

ThreatSTOP DNS Firewall protects the entire network by continuously updating user-defined policies powered by live threat data on the DNS servers used by all network clients. Policies can be based on threat type, geographic location and user-defined block lists. Once policies are set, the DNS Firewall immediately begins blocking or redirecting outbound communications with malicious domains. Detailed reports identify affected machines to speed remediation and prevent further infection across the network. The cloud-based service is easy to deploy and works with Windows Server 2016 natively─no new equipment or software installation is required.

Read the entire announcement here.

SC Magazine: ThreatSTOP CEO Talks IoT Security for Healthcare Industry


ThreatSTOP CEO and Founder Tom Byrnes recently spoke with SC Magazine about the inherent security risks of IoT devices in the healthcare industry.

According to the article, “another huge area for IoT attacks is the health care vertical. In the same way that operations and facility departments are not in the habit of having light bulbs and door locks approved by IT, their hospital counterparts are not used to getting standard medical systems, such as X-ray and ultrasound machines, approved by IT, either.”

Healthcare facilities are under attack because they enable hackers to access very valuable personal healthcare information such as Social Security numbers, medical records and dates of birth. A medical record can fetch as much as $363 on the black market.

Click here to read the SC Magazine article.

The ThreatSTOP report on security for the healthcare industry is available here.

ThreatSTOP 4.01 – New alerts for IP and DNS Firewall users


ThreatSTOP 4.01 release includes:

  • Email alerts for IP and DNS Firewall users

You can now have personalized alerts sent directly to your inbox. The new alerts are a based on user-defined filters and thresholds, are easily managed and configured through the dashboard and can be emailed to selected user(s). Alerts will only be sent when specified conditions are met and feature a “cool off” setting to eliminate an abundance of unwanted notifications.

Click here for more information.


  • Did you miss ThreatSTOP’s chief scientist, Paul Mockapetris, on the Peggy Smedley Show? Listen to a recording of the podcast here.
  • Going to Microsoft Ignite? Stop by and visit us at booth #314.

DNS Inventor and ThreatSTOP Chief Scientist is Guest on Domain Name Wire Podcast


Paul Mockapetris


This week Domain Name Wire is celebrating 100 episodes of the DNW podcast, and what better way to do it than have Paul Mockapetris as its guest. Paul invented the domain name system back in the 80s, and currently serves as the Chief Scientist for ThreatSTOP.

On this podcast, he talks about the early days of DNS, new uses for DNS, and security.

Click here to listen.

« Older Entries