SANS “Intelligent Network Security” Webinar with ThreatSTOP – August 25

SANS logo

Security teams appreciate the value of threat intelligence, but often find it difficult to use the data while it is still fresh across all network devices with limited team resources.

On Thursday, August 25th, at 1:00 pm Eastern, ThreatSTOP CEO Tom Byrnes will join SANS instructor Jake Williams to discuss how security teams can use threat intelligence as a proactive measure to automatically interdict inbound attacks and prevent data theft and data corruption / ransomware. Click here for more information or to register.


Threat intelligence is all the buzz, but how do you actually utilize it to stop threats and prevent attacks from occurring in your enterprise? Attend this webcast and learn how to use operationalized threat intelligence for threat detection and prevention without needing all new tools, processes or skills.

In this webcast attendees will learn the following:

  • How to leverage the existing DNS, firewall and router infrastructure to consume operationalized threat intelligence and automatically block inbound attacks and outbound communications with threat actors before they succeed
  • What type of intelligence is useful for these devices
  • How to leverage automation to easily disseminate intelligence to your network infrastructure devices
  • How to integrate intelligence into a full feedback loop for future prevention and reuse
  • How to use reports on blocked threats to speed remediation of affected machines

Attend this webcast and be among the first to receive the associated whitepaper developed by SANS instructor Jake Williams.

ThreatSTOP 4.0 – Next Generation Reporting is Here!


The release of ThreatSTOP 4.0 introduces next generation IP Firewall Reporting.

Last year we surveyed our customers about which improvements you want to see. Resoundingly we heard that reporting should be an area of our focus. We listened, and after some months of effort we have launched our Next Gen Reporting for ThreatSTOP IP Firewall devices!

The new reporting solution delivers:

  • more control
  • an improved UI
  • a more responsive and powerful backend
  • better email reports
  • and much more

Here is a link to documentation to help you understand how to work with the new reporting:

Now, we have a favor to ask:

Our new reporting will only get better with your input. We would love to hear your suggestions and requests for changes after you’ve had a chance to use it. To provide your valuable input please email us at

AIRI 2016 — DNS Inventor Dr. Paul Mockapetris Speaking

AIRI Screen Capture

The theme for AIRI 2016 is “disruption”.  In our lifetimes nothing has been more disruptive, or world-changing, than the invention of the Internet.  Initially the Internet allowed computers to communicate, but today virtually every digital device, phones, control systems, even our watches, communicate via the Internet. Dr. Mockapetris, Internet pioneer, will speak at AIRI 2016 about how his inventions have changed the world to be a better place, and why Internet Security poses such a serious problem to our privacy and freedom.

Dr. Mockapetris will be speaking on September 13, 2016, from 4:15 pm to 5:00 pm.

AIRI 2016 is taking place in West Palm Beach, September 11-14 at the PGA National Resort & Spa Hotel. The 55th annual meeting will feature nearly fifty sessions.

DNS Capabilities in Windows Server 2016: DNS Firewall and more


Click here to read Senior Program Manager for Microsoft Dynamics, SDN, & DNS, Kumar Ashutosh’s technical summary of the DNS Capabilities available in Windows Server 2016 including DNS Policies, Response Rate Limiting (RRL), DANE Support, Unknown Record Types, IPv6 root hints, DNS Server on Nano and ThreatSTOP’s partnership to provide DNS Firewall security to block malicious domain access.


The DNC Attacked by Bears?

romantic teddy-bears

Following the Democratic National Committee’s (DNC) announcement of a breach in June 2016, a report by CrowdStrike detailed its findings about the threat actors behind the attack concluding it was the work of two different sophisticated Russian-based APT groups.

Subsequently, an individual called Guccifer 2.0 claimed responsibility for the attack – countering Crowdstrike’s claims that it was a sophisticated breach – and leaked documents to Wikileaks as proof. ArsTechnica reported, “…either CrowdStrike misattributed the breach to the wrong groups or failed to detect that one or more additional actors had also gained high-level access and made off with a trove of confidential information.”

The Crowdstrike report claimed it was the work of adversaries dubbed Fancy Bear and Cozy Bear. Some background on the suspected threat actors:

Fancy Bear

  • a.k.a. Sofacy and APT28
  • Known for spear-phishing attacks against government and military organizations worldwide
  • Registers domains similar to commonly-used websites to phish victims for credentials
  • Sends trojans through weaponized documents to conduct cyber espionage
  • Believed to have been used to breach the DNC in April to obtain opposition research on Donald Trump

Cozy Bear

  • a.k.a. CozyDuke and APT29
  • Known for use in targeting a wide range of industries, including defense, legal, and financial organizations
  • Sends spear-phishing emails to drop Remote Access Trojans (RATs) that allow attackers to have persistent access to the victim’s networks
  • Tied to hacks of the White House, State Department, and the Joint Chiefs of Staff
  • Believed to have been used to breach the DNC in the summer of 2015

New ThreatSTOP Research Report on Why Healthcare Data is Under Attack

Healthcare whitepaper graphic

Last year, 1 out of every 3 Americans was the victim of a healthcare data breach.

The healthcare sector has many points of weakness and highly desirable data. Factors such as multiple types of systems in hospital networks, clinical devices that are not or cannot be updated, and the lack of cybersecurity knowledge of users with access to highly sensitive data, all create high levels of risk in the industry.

ThreatSTOP’s latest research report, “Healthcare Data Under Siege: Ransomware and the Cyber Threat Landscape” provides insight into what makes the healthcare industry both an attractive and vulnerable target for attacks. The report discusses attacks commonly used including ransomware, phishing attacks, and DDoS.

Click here to get the full report.

« Older Entries