ThreatSTOP is a threat intelligence Web service that protects enterprise networks from bots, trojans, spam, viruses and other forms of "malware."  The company has established relationships with a wide variety of partners that are part of the Internet monitoring community.  Using a proprietary analytics engine, ThreatSTOP reduces the data provided by millions of Internet sensors down to a dynamic list of the current most active and most dangerous sources of network attacks and bot control. 

When a customer subscribes to the ThreatSTOP threat intelligence service, a profile of the customer's IT environment is created.  Using this profile, ThreatSTOP periodically updates a personalized subset of the active threat list as a "block list" in the customer's network firewalls.  Any connection attempt from a system on the block list is immediately dropped at the perimeter of the enterprise.

Any connection from an internal system out to an address on the list is also blocked, thereby isolating a compromised machine. 

Reputation and Policy

The IP addresses on a ThreatSTOP active threat list have all earned a "reputation" of being a current active source of network attacks or other malicious intent based on observed behavior.  By being able to block every connection attempt to or from these addresses, an enterprise significantly decreases the risk of being compromised.

The Domain Name Service (DNS)

ThreatSTOP leverages the scalability and pervasiveness of the Internet's Domain Name Service (DNS) to reliably propagate threat intelligence as enforcable policy.  Using standard DNS protocols, ThreatSTOP delivers the active threat lists via a private, secure, DNS system. 

The ThreatSTOP threat intelligence service requires no special hardware or traffic re-routing and is wholly managed through a Web service.

Implementation 

To use ThreatSTOP, your firewall(s) and other traffic management devices resolve the domain threatstop.local through our private DNS. You then use special lookups that tell you what to block or whitelist in your rules. The lookups are updated by your devices querying our nameservers, and logs are uploaded by you.

ThreatSTOP does not take control of your systems in any way.  All communication is initiated by your devices. You control synchronization, update, and log submission activity and schedule. 

Read more about our service in the FAQ .  To see a bigger diagram, click the image.