Every DNS lookup holds a story. Inside that millisecond of traffic is evidence of whether a user is connecting with a trusted resource or an unseen threat. Project Amplify is ThreatSTOP’s opt-in telemetry program only for our DNS Defense Cloud customers, designed to turn those stories into stronger, faster protection for everyone in the community.
Since rolling out in late 2024, more than 50 organizations have chosen to share their anonymized DNS query logs with ThreatSTOP. Each log contains only a timestamp and the domain that was requested. There is no personally identifiable information, and logs are stored for just 30 days in secure, access-controlled systems maintained by the ThreatSTOP Engineering team, and only accessed by certain personnel within Engineering and the Security, Intelligence, and Research (SIR) team.
By opting in, participants unlock three immediate benefits:
Real-time threat validation
Shared queries feed directly into our analytics pipeline, letting us spot command and control traffic, ransomware callbacks, coin-mining domains, and phishing campaigns the moment they emerge. Customers receive protective responses within seconds, not hours.
Machine-learning acceleration
The enriched data supercharges our proven ML models, sharpening their ability to predict and block malicious domains before they are weaponized. More data means fewer false positives and faster identification of zero-day threats.
Priority incident support
When seconds count, having historical query context lets the SIR team pinpoint attack timelines and containment steps with precision. Opt-in customers get immediate, data-driven assistance.
Project Amplify is more than data collection. Participants gain access to a dedicated ThreatSTOP target called Adaptive Threat Insights. This feed combines:
Detection signals generated exclusively from Amplify telemetry.
First-party intelligence from our researchers.
Continuous ML output tuned to the latest adversary tactics.
The result is a hyper-focused block list that protects devices and users that live behind DNS Defense Cloud and DNS Defense on-premise deployments. Whether you run your own DNS servers, leverage our cloud resolvers, as long as you are a DDC customer, you can deploy this target on any DNS infrastructure you have with ThreatSTOP.
Joining Project Amplify is as easy as enabling it in your Protective DNS Cloud console, or contacting your ThreatSTOP account team. You can opt out any time. No logs are sold, shared with third parties, or retained beyond the 30-day analysis window. The program exists to protect you, not to monetize your data. We designed it with privacy in mind.
As Project Amplify grows, so does the strength of our Protective DNS platform. Look for upcoming blog posts where we will share success stories and deeper dives into the ML innovations driving Adaptive Threat Insights. Together, we can tip the scales against adversaries who rely on stealth and speed.
For those interested in joining the ThreatSTOP family, or to learn more about our proactive protections for all environments, we invite you to visit our product page. Discover how our solutions can make a significant difference in your digital security landscape. We have pricing for all sizes of customers! Get started with a Demo today!
Connect with Customers, Disconnect from Risks