ThreatSTOP provides its users with many benefits both direct security assistance and indirect benefits in terms of legal compliance, reduction in traffic and automation of routine security tasks.

ThreatSTOP is a key weapon to help block incoming attacks, be they targeted at your servers or at your users. ThreatSTOP also plays critical role in both identifying and stopping outgoing "call home" messages from compromised computers within your network.

ThreatSTOP frees up IT security resources from boring, repetitive work allowing them to focus on more stimulating tasks.

ThreatSTOP on Inbound Threats




The fact that ThreatSTOP allows a firewall to drop a connection at the first TCP SYN request is enormously beneficial to the owners of the firewall for three reasons

10% - 25% Less Inbound Traffic on Average


By rejecting unwanted traffic as soon as possible network utilization is saved. Take the packet trace in the picture. With ThreatSTOP the initial 74 byte TCP SYN request is ignored. Relying on the webserver or an IDS to forbid access could result in anywhere from 800 to 4000 bytes being transferred, just to say "no".

This is a huge waste of Bandwidth and it is no theoretical claim - one of our educational customers agreed to switch off ThreatSTOP for a few days and saw enormous spikes in traffic despite the fact that the students were off for a holiday weekend at the time.

Lower utilization of servers

But the bandwidth saving, while potentially large is not the only way that ThreatSTOP helps reduce the load. By drastically cutting down on the number of unwanted access attempts, ThreatSTOP allows you to have fewer, lower powered servers to handle the good traffic. This is because, typically, the effort required to determine that a request is malicious is generally higher than the effort required to handle a genuine one. For email servers, where scanning for spam and viruses is a major load, this is particularly true but it also applies to other servers as well.

"Cloak of invisibility"


The direct reduction in attacks that your servers need to handle is not the only way dropping the TCP SYN helps you. Because all packats are dropped you appear invisible - or perhaps partially visible - to the attackers. This lack of visibility means that attackers cannot use port scans or other tricks to identify vulnerabilities because, to the computers under their control, your servers simply do not exist.

Stop 0-day attacks


Finally this invisibiity means that you are protected against 0-day vulnerabilities. It doesn't matter if a hole is found in, say, the SSL or SNMP implementations your computers and network devices run because the computers used by the attackers to exploit these holes will bounce against the "cloak of invisibility"

Outbound Data Theft Protection

Reduce infestations of malware on users's computers


XSS, SQL-injection and other security vulnerabilities mean that visitors to reputable websites may end up downloading malware from a different location. Because ThreatSTOP blocks known malware servers - and keeps the list updated as new servers are discovered and old ones cleaned - computers on a network protected by ThreatSTOP are far less likely to become infected by malware.

This is great for network security. On a ThreatSTOP network, users who are tricked into trying to download malware masquerading as something else are blocked automatically. Furthermore your IT staff can be automatically alerted to the attempt which means they can verify that the user did not in fact install anything unwanted.

No Data Leakage to Criminals on the ThreatList


ThreatSTOP includes feeedback from PhishTank and others about phishing servers which updated every 2-4 hours. This means that if a user on a network protected by ThreatSTOP is conned into visiting a known phishing server the connection will not work. This make it impossible for the user to unwittingly provide the criminals with passwords and other sensitive data.

Complete Information Security



ThreatSTOP also includes the list of C&C (Command and Control) machines used by bot herders and other criminals to control compromised machines and feed back data gathered from trojans. This means that if a computer on a ThreatSTOP protected network tries to "call home" this attempt will be blocked and logged so that remedial action may be taken.



One of our customers found that his network contained over one thousand infected computers thanks to ThreatSTOP logging and blocking their activity.

Web Based Management and Reporting



Find Bots and Trojans within Your Network.


ThreatSTOP can analyze your firewall logs and tell you precisely which IP addresses inside your network are trying to "call home" and what they were trying to access at the time. This helps you to identify what kind of compromise the computer in question may have suffered.

Use the ThreatList to Audit Click-Through Traffic for Authenticity


Click fraud is a major headache for internet advertisers. The fraudsters are typically the same people, using the same bots, as those making other sorts of attack, thus ThreatSTOP can help you identify whether certain revenue claims are justified or not.

Customize Whitelists and Blacklists for Desired Protection


When an IP address is blocked by ThreatSTOP you can always find out why, and if you wish, you can decide to allow traffic to/from that particular address.
Although ThreatSTOP does its best to only include known "bad actors", sometimes we err on the side of caution and sometimes, of course, we also miss something. With customized lists, users can choose to override our database when they have specific reason to do so.

Automation

Employee Time and Money Savings.


Keeping firewalls up to date on security threats is a full time job if it is done properly because the threats are constantly mutating. It is also a mind-numbingly tedious one because it entails repeating the same steps over and over again. ThreatSTOP automates the process so that firewalls that use it are automatically updated every 2-4 hours with the latest threats.

Dynamic Security from All Known Threats.


Because ThreatSTOP aggregates information from different collectors of information, once an IP Address is on the list it will be blocked whether it is a spammer, a bot controller, a malware distributor or anything else.