ThreatSTOP - Active Internet Security - How Does ThreatSTOP Work? FAQ

Partners

How Does ThreatSTOP Work? FAQ

Gathers data using http, ftp, rss and other methods

ThreatSTOP takes data that is published on the Internet, and using standard Internet Protocols, gets that data as it is updated, parses it, and puts it into a database. The database identifies the source, time of publication, IP address, and any additional reputation information that may be available in the feed.
Turns Data into DNS files

Every 2 hours (currently, we set the update frequency to be 1/2 the update period of our feeds) ThreatSTOP creates a set of files that can be used to create DNS lookups.
Creates DNS lookups
ThreatSTOP takes the DNS files and assembles them into the 5 basic lookups, for the basic users, and custom lookups, for SMB and Enterprise users. These are then loaded into a DNS server, and made available to authorized client hosts.
The client machines query the zones they have configured in rules, using TCP lookups for larger lists, and take the actions that the firewall administrator has programmed for the hosts in those lists.
Secures the Nameservers
ThreatSTOP uses DNSSEC and ACLs to only allow subscribers access to the content they have subscribed to. Basic users only have access to the basic zones, and only the devices configured by a particular user have access to the zones created by that user. No-one can see anyone else's custom zone, allow, or deny list.
Gathers log data
Using either e-mail, to ip-address-of-your-firewall@logs.threatstop.com or a web upload form on our SSL secured UI, we gather log data from users, and identify that log data as to the firewall it came from. Log data is loaded into a database where it can be reported on.
Generates Reports
Using the UI, users can create reports using custom date ranges that show what was blocked, when, and what threat feed it was in.
Managed via the web
Users manage their feeds, subscriptions, and devices using a SSL secured website. This is also where they run reports.
Parses data and submits to DShield
We give back to the community by parsing data into DShield format and bulk submit it to DShield, where it contributes to better sensing of attacks. For users who are DShield contributors, or who would like to be, we are working on a specific userID submission mechanism, which will parse your log data and submit it on your behalf.

[ Back ]

Main Menu