Cyber criminals will create roughly 100 million new malware variants over the next 12 months. Security vendors will respond with new malware signatures and behaviors to stop them, but thousands of companies will be victimized in the process, experiencing costly or catastrophic breaches. This isn’t new - it’s a cycle.

12monthsmalwareThreats succeed by avoiding detection; victim-specific malware, domain generation algorithms, and data exfiltration over DNS are the handiwork of motivated and innovative attackers. Tomorrow’s threats will be even tougher to detect and defend against.

Attackers have near infinite ways to change malware and attack vectors to increase the chances that their attacks succeed; it’s why we see tens of millions of new variants every year. Traditional security controls work by using known signatures and behaviors to pinpoint a threat, but aren’t very effective against advanced and persistent attackers, or malware and tactics that are new or different. Though traditional security controls are still necessary, the odds are stacked infinitely against their ability to catch everything.

Threats Come From Threat Factories

Try4_EditedScullsGraphicMalware and methods always evolve, but attackers continue to use (and reuse) infrastructure to carryout attacks - the same command and control servers, domains, AS’s NS’s, hosting, etc. Threats are transient; a moving target, but the infrastructure powering them is far less dynamic and easier to pin down. The infrastructure used by criminals to conduct targeted attacks or broad campaigns is an investment in time and money, and not easily moved or replaced. How do we know? We’ve been tracking attacker infrastructure for over a decade - mapping the threat factories behind APT, nation-state, and commodity attacks.

Attackers and Threats Have a Weak Point

ThreatSTOP has studied what makes attacks successful and what causes them to fail. Our platform is a reflection of what delivers verifiable security for real-world networks at companies of all types and sizes. We’ve reverse engineered malware, performed source attribution, conducted incident response, and here’s the big takeaway:

Regardless of the attack type, the vectors, or the variant - the IP addresses and domains cyber criminals use to conduct an attack must be real and routable over the Internet, and here’s the important part: Your network must be able to communicate with them for an attack to succeed. This is how you block the threat factory.


Block the Threat Factory

If attacker infrastructure cannot communicate with your network and your devices, the bad guy loses - the attack fails. No amount of ingenuity, no undiscovered 0-day, and no tinkering with the malware kit will reverse that failure for the threat factory. The attacker would need to be incredibly motivated in targeting your network or company to even consider a redoubling of effort when they can (and will) just move on to an easier victim they can communicate with.

ThreatSTOP proactively blocks any inbound or outbound communications with infrastructure used by attackers. The platform is a web service that integrates with your existing firewall, router, switch and DNS server (and other network traffic enforcement devices), to deliver policies that contain the currently active IP addresses and domains being used by cyber criminals to conduct attacks right at this very moment. Policies are automatically and continuously updated as the landscape of threats and threat factories change to ensure accurate and timely protection.


It takes less than an hour to install ThreatSTOP, and the security benefits are immediately visible. Join the movement of companies blocking attackers instead of just their threats. 

Get a quick demo or try out ThreatSTOP for 14 days. (Free, no commitment)

Learn More