RSA Conference: Cyberwire article
Cyber security news site Cyberwire attended the recent RSA Conference and included the following review of ThreatSTOP's service:
ThreatSTOP: Cloud-based blocking of malicious command-and-control traffic. ThreatSTOP's Chief Executive Officer Tomás Byrnes discussed his company's approach to bringing cloud-based security—including blocking and actionable intelligence—to enterprises of all sizes.
Their work began as almost a sideline: helping charities that were digitizing their tax returns by enabling them to obfuscate personally identifiable information while rendering the files indexable. Working with DShield, they realized they could propagate dynamic ACLs (access control lists) for firewalls with DNS.
Using Small Business Innovation Research (SBIR) support from the US Department of Homeland Security, they built the capability of managing firewall policy and parsing log data. They also added an incentive for their customers to participate in DShield: a written, graphical report on log content.
ThreatSTOP's system combines manual curation of inbound feeds with automated correlation. They have, and continue to refine, anonymizers for customers reluctant to share too much threat information, but Byrnes thinks enterprises are overcoming much of their reticence about sharing within a properly secured environment. Customers who want to hold their information close can get an API that enables them to correlate internally.
They've since continued to develop their log parsing solution, now presented in a single pane of glass with a RESTful API. Byrnes says ThreatSTOP has enjoyed high renewal rates and satisfaction with their solution to the problem of blocking both intrusion and exfiltration. About his solution Byrnes says, "It works. It works with what you have, and it protects you everywhere."
The full article can be found on The Cyberwire.