ThreatSTOP Intelligence List Types
Threat Intelligence - Delivered
ThreatSTOP converts the latest threat data into enforcement policies, and automatically updates your firewalls, routers, DNS servers and endpoints to stop attacks before they become breaches. While customers can use their own threat intel feeds, or those from major vendors like Anomali or ThreatConnect, we have our own curated feed that most customers prefer.
Our target lists are derived from over 60 Threat Intelligence sources, both public and proprietary, and we use our own custom algorithms to identify currently bad domains, IP addresses and networks broken down by the kind of threat they present.
60 Sources and 200 Categories
Our data suppliers include the Network Security Research Lab at 360, Farsight Security, Team Cymru, Shadow Server, Abuse.ch and DSHIELD as well as researchers from the University of Georgia and Cambridge University (UK). ThreatSTOP is a DSHIELD mirror and has an archive of all DSHIELD data ever gathered, allowing us to do far more analysis than the publicly available datasets.
We protect IT infrastructure against the most current and active criminals via our Ransomware, Botnet C&C hosts, phishing and Malware dropper intelligence for both inbound and outbound connections, while at the same time protecting data center infrastructure via our Server centric lists against inbound attacks. In addition, our customers’ VOIP infrastructure is safeguarded against criminals that use VOIP servers to relay their calls and we also provide geographical filtering on regional, country and in special cases ZIP/Postal code level granularity.
Weaponizing Threat Intelligence
While the accuracy of our Threat Intelligence is what makes ThreatSTOP different, the fact that we make this intelligence actionable is what truly sets us apart. This is achieved in near real time via frequent updates and uses proprietary algorithms that we apply to each and every list we capture.
Depending on the data source and specific method used to collect the data, ThreatSTOP utilizes various techniques to ensure the validity of each entry. Based on our experience in the security space as well as our background in signal processing we have developed proprietary algorithms to identify currently active threats from these sources. Using techniques adapted from signal processing and noise reduction we are able to identify the domains and IP addresses that are currently malicious.
We also remove BOGONs, duplicates, Martians and other invalid data while we are aging out IP addresses and domains no longer deemed a threat. These correlation and processing heuristics have been carefully tuned over the last 5 years to ensure that they optimize the output to minimize false positives without missing serious threats.
Aside from scrubbing each of the sources tracked by ThreatSTOP and ensuring their validity, our protection takes it a step further by running our threat intelligence against our proven whitelists of known and trusted sites to effectively guard against botnet controllers deliberately trying to make IP reputation ineffective. Our whitelists are rigorously maintained, with domains only deemed ‘trusted’ after meeting ThreatSTOP’s strict evaluation to ensure that they are highly unlikely to contain a threat for a significant period of time.