<span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text" ><p>Audits don’t start with technology; they begin with questions: Who has access to sensitive data? How quickly can you detect malicious traffic? Where is the evidence? ThreatSTOP’s Protective DNS offers clear, evidence-based answers. By analyzing every domain request in real time and recording each decision, our platform aligns seamlessly with various regulatory frameworks. As numerous customers have demonstrated, it achieves this without the need for extensive projects or hardware upgrades.</p> <!--more--> <h3><strong>1. HIPAA: Safeguarding ePHI in Healthcare</strong></h3> <p><strong>Key mandate</strong></p> <p>The HIPAA Security Rule requires “reasonable and appropriate” technical safeguards that preserve the confidentiality, integrity, and availability of electronic protected health information (ePHI).</p> <p><strong>Protective DNS in action</strong></p> <ul> <li> <p>Blocks command-and-control domains that attempt to siphon patient data.</p> </li> <li> <p>Applies granular application controls to keep risky consumer apps off clinical networks.</p> </li> <li> <p>Delivers per-query logs that demonstrate continuous monitoring for auditors.</p> </li> </ul> <p><a href="/healthcare-geisinger" rel="noopener" target="_blank"><strong>Real-world proof: Geisinger Health</strong></a></p> <p>When the 12-hospital Geisinger system added ThreatSTOP DNS Firewall, it gained full visibility into previously unknown malware and blocked threats proactively, all without new hardware.</p> <p>References:<br><a href="https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164/subpart-C" rel="noopener" target="_blank">https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164/subpart-C</a><br><a href="https://www.hhs.gov/hipaa/for-professionals/security/index.html" rel="noopener" target="_blank">https://www.hhs.gov/hipaa/for-professionals/security/index.html</a></p> <h3><strong>2. PCI DSS v4.0: Protecting Cardholder Data at E-commerce Scale</strong></h3> <p><strong>Key mandates</strong></p> <ul> <li> <p><span><strong>Requirement 1</strong></span>: Restrict connections to trusted destinations.</p> </li> <li> <p><span><strong>Requirement 10</strong></span>: Log security events and retain them for forensic review.</p> </li> </ul> <p><strong>Protective DNS in action</strong></p> <ul> <li> <p>Enforces outbound domain policies that close gaps attackers exploit to bypass firewalls.</p> </li> <li> <p>Updates every few minutes, satisfying the “continuous protection” intent of PCI DSS 4.0.</p> </li> <li> <p>Generates tamper-evident logs ready for 12-month retention.</p> </li> </ul> <p><a href="/hubfs/Case%20Studies/TopCashBack%20Case%20study.pdf?hsLang=en" rel="noopener" target="_blank"><strong>Real-world proof: TopCashback</strong></a></p> <p>To meet complex OFAC and payment-card obligations across eight global sites, TopCashback attached ThreatSTOP’s managed rules to its AWS WAF. The service automatically blocks sanctioned geographies and updates itself continuously, eliminating a workload the team deemed “difficult if not impossible” to manage in-house.</p> <p>References:<br><a href="https://www.pcisecuritystandards.org/document_library/" rel="noopener" target="_blank">https://www.pcisecuritystandards.org/document_library</a><br>(select “PCI DSS v4.0.1&nbsp;PDF”)</p> <h3><strong>3. NERC CIP: Securing Critical Infrastructure</strong></h3> <p><strong>Key mandate</strong></p> <p>CIP-005-5 R1.5 requires Electronic Access Points to detect inbound and outbound malicious communications.</p> <p><strong>Protective DNS in action</strong></p> <ul> <li> <p>Serves as an electronic perimeter that blocks malicious domains before any packet crosses into operational technology (OT).</p> </li> <li> <p>Extends identical block policies to routers, firewalls, and IDS appliances via IP Defense.</p> </li> <li> <p>Supplies continuous, machine-readable logs that feed existing SIEMs.</p> </li> </ul> <p><a href="/hubfs/Case%20Studies/SoCoWD.WhitePaper.pdf?hsLang=en" rel="noopener" target="_blank"><strong>Real-world proof: South Coast Water District</strong></a></p> <p>In Southern California, South Coast Water District deployed ThreatSTOP IP Defense, DNS Defense, and Roaming Defense to cut mean time to detection and response by 40 percent while blocking thousands of malicious domains and IPs every month.</p> <p>Reference:<br><a href="https://www.nerc.com/pa/Stand/Reliability%20Standards/CIP-005-5.pdf" rel="noopener" target="_blank">https://www.nerc.com/pa/Stand/Reliability%20Standards/CIP-005-5.pdf</a></p> <h3><strong>Quick-Reference Compliance Matrix</strong></h3> <p>&nbsp;</p> <table style="border-collapse: collapse; table-layout: fixed; margin-left: auto; margin-right: auto; border: 1px solid #99acc2;"> <thead> <tr> <th> <p><strong>Regulation</strong></p> </th> <th> <p><strong>Example Control Text</strong></p> </th> <th> <p><strong>ThreatSTOP Capability</strong></p> </th> <th> <p><strong>Customer Proof</strong></p> </th> </tr> </thead> <tbody> <tr> <td> <p><span><strong>HIPAA §164.312(e)</strong></span> Integrity and transmission security</p> </td> <td> <p>Block and log malicious domains targeting ePHI</p> </td> <td> <p>Protective DNS with real-time logs</p> </td> <td> <p>Geisinger Health</p> </td> </tr> <tr> <td> <p><span><strong>PCI DSS v4.0 Req 1</strong></span> Restrict network connections</p> </td> <td> <p>Managed allow- and deny-list policies</p> </td> <td> <p>Protective DNS rule engine</p> </td> <td> <p>TopCashback</p> </td> </tr> <tr> <td> <p><strong>PCI DSS v4.0 Req 10</strong><span> Log and monitor</span></p> </td> <td> <p>Immutable DNS query logs</p> </td> <td> <p>SIEM export APIs</p> </td> <td> <p>TopCashback</p> </td> </tr> <tr> <td> <p><span><strong>NERC CIP-005-5 R1.5</strong></span> Detect malicious communications</p> </td> <td> <p>DNS and IP perimeter control</p> </td> <td> <p>DNS Defense + IP Defense</p> </td> <td> <p>South Coast Water District</p> </td> </tr> </tbody> </table> <p>&nbsp;</p> <h3><strong>Why Protective DNS Speeds Compliance</strong></h3> <ul> <li> <p><span><strong>Ready-made controls</strong></span>: Thousands of curated feeds from our Security, Intelligence, and Research team cover phishing, ransomware, DDoS, data exfiltration, and more.</p> </li> <li> <p><span><strong>Layered accuracy</strong></span>: Hundreds of allow lists remove known-good domains before policies ship, eliminating false positives.</p> </li> <li> <p><span><strong>Granular overrides</strong></span>: User-Defined Lists let you fine-tune any rule without losing inherited protection.</p> </li> <li> <p><span><strong>Audit-friendly reports</strong></span>: Drill-down dashboards show who queried what, when, and why it was blocked or allowed.</p> </li> <li> <p><span><strong>Proven across industries</strong></span>: From e-commerce to critical infrastructure and healthcare systems, customers trust ThreatSTOP to meet strict regulatory demands.</p> </li> </ul> <h3><strong>Get Started Today</strong></h3> <p>For those interested in joining the ThreatSTOP family, or to learn more about our proactive protections for all environments, we invite you to visit our <a href="/threatstop-platform" rel="noopener" target="_blank">product page</a>. Discover how our solutions can make a significant difference in your digital security landscape. We have pricing for all sizes of customers. <a href="https://admin.threatstop.com/register?hsLang=en" rel="noopener" target="_blank">Get started with a Demo today</a>!</p> <h3><strong>MITRE ATT&amp;CK Mapping</strong></h3> <p>&nbsp;</p> <table style="border-collapse: collapse; table-layout: fixed; margin-left: auto; margin-right: auto; border: 1px solid #99acc2;"> <thead> <tr> <th> <p><strong>ATT&amp;CK Tactic</strong></p> </th> <th> <p><strong>Technique ID</strong></p> </th> <th> <p><strong>ThreatSTOP Mitigation</strong></p> </th> </tr> </thead> <tbody> <tr> <td> <p>Initial Access</p> </td> <td> <p>T1566.002 Spearphishing Link</p> </td> <td> <p>Blocks malicious domains before users connect</p> </td> </tr> <tr> <td> <p>Command and Control</p> </td> <td> <p>T1071.004 DNS protocol</p> </td> <td> <p>Cuts off DNS-based C2 channels in real time</p> </td> </tr> <tr> <td> <p>Command and Control</p> </td> <td> <p>T1568 Dynamic Resolution</p> </td> <td> <p>Stops domain-generation algorithms via continuous updates</p> </td> </tr> <tr> <td> <p>Exfiltration</p> </td> <td> <p>T1048.003 Unencrypted Non-C2</p> </td> <td> <p>Blocks DNS tunneling and direct IP exfiltration with IP Defense</p> </td> </tr> <tr> <td> <p>Defense Evasion</p> </td> <td> <p>T1090.003 Domain Fronting</p> </td> <td> <p>Detects and blocks fronting domains</p> </td> </tr> <tr> <td> <p>Impact</p> </td> <td> <p>T1499.004 Reflection or Amplification</p> </td> <td> <p>Neutralizes DDoS command vectors at the resolver</p> </td> </tr> <tr> <td> <p>Collection</p> </td> <td> <p>T1114.001 Email Client Collection</p> </td> <td> <p>Prevents malicious tracking domains from loading</p> </td> </tr> </tbody> </table> <p>&nbsp;</p> <p><strong>Connect with Customers, Disconnect from Risks</strong></p></span>
