When the NSA and CISA published their latest guide, Selecting a Protective DNS Service (April 2025, Ver. 1.4), it was designed to help organizations understand the critical role of Protective DNS (PDNS) in stopping modern cyberattacks. The report included a comparative chart of commercial PDNS providers and their reported capabilities .

You may have noticed something curious: ThreatSTOP wasn’t listed.

Why? Maybe there weren’t enough columns on the page. Maybe someone got tired of clicking “Add Column.” Or maybe we’re considered “too small” a vendor in the eyes of the compilers. We weren't the only ones left off. Regardless of the reason, the absence doesn’t change the reality: ThreatSTOP not only meets every requirement in the NSA/CISA table - we exceed them.

How ThreatSTOP Maps to the NSA/CISA PDNS Capabilities

Here’s how we line up against every attribute in the official chart:

  • Feature

    ThreatSTOP

    Blocks malware domains

    ThreatSTOP protects customers from known malware infrastructure using thousands of curated threat intelligence feeds (both organic from our Security, Intelligence, and Research team and select third-party sources).

    Blocks phishing domains

    We stop phishing, fraud, and credential theft campaigns before they reach users.

    DGA protection

    Our research-driven ML models and heuristics catch algorithmically generated domains before they connect to command-and-control servers.

    Machine learning & heuristics

    More than just static lists: our detections include punycode lookalikes, Levenshtein distance similarity, clustering of suspicious infrastructure, and anomaly detection from live DNS telemetry.

    Content filtering

    Customers can apply flexible, category-based filters (gambling, adult, social media, etc.) in addition to threat-based blocking.  Not only can we filter on content, but we can filter down the application level in many areas.

    API/SIEM/custom analytics

    Deep integrations with SIEMs and custom APIs mean organizations can enrich their telemetry and automate response.

    Web interface dashboard

    The ThreatSTOP Admin Portal gives visibility into queries, blocked domains, top threats, and compliance reporting.

    DNSSEC validation

    Fully supported.

    DoH capable

    Supported in DNS Defense Cloud, ensuring privacy and security of DNS queries.

    Customizable policies

    Highly granular policies by group, device, user, or network. No ‘one size fits all.’  In fact, our system is more customizable than any of the other vendors listed in this chart.

    Hybrid deployment

    DNS Defense Cloud, DNS Defense (on-prem), and IP Defense provide flexible deployment models across cloud, hybrid, and on-premises environments.

Bottom line: If we’d been in the table, every single box would be checked, just like (and in many ways beyond) the vendors listed.

Why ThreatSTOP Goes Further

Where ThreatSTOP stands out is in breadth of coverage and configurability:

  • Thousands of feeds, not just a few – We combine the best of open source, commercial, and proprietary ThreatSTOP intelligence.

  • Unified DNS + IP protection – Unlike most PDNS vendors, we extend coverage to IP Defense, protecting against direct-to-IP traffic that PDNS alone cannot catch.

  • Research-driven innovation – From punycode and lookalike detection (“MagicCat/MagicMouse”) to anomaly detection (“Spike Watcher”), ThreatSTOP’s Security, Intelligence, and Research team pushes protection forward.

  • Compliance-ready reporting – Our dashboards and evidence outputs map directly to compliance frameworks like NIST CSF 2.0, HIPAA, PCI DSS, and CMMC, making audits easier.

Final Word

Whether or not our name appears in the NSA/CISA comparison chart, ThreatSTOP delivers on every attribute of Protective DNS and then some. For organizations serious about stopping threats before they cause harm, ThreatSTOP is the proven choice.

👉 Ready to see ThreatSTOP in action? Contact us for a demo, pricing, or more information on how our DNS Defense Cloud, DNS Defense, and IP Defense can protect your organization.

Connect with Customers, Disconnect from Risks.