<span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text" ><p>ThreatSTOP's innovative system utilizes DNS-based threat intelligence to provide real-time automated proactive threat defense for various platforms, addressing issues like active malware, ransomware, data exfiltration, and compliance challenges in today's highly dynamic and attacked environment. This approach enables effective filtering, auditing, redirection, and management of unwanted network traffic, ensuring comprehensive protection and streamlined management across diverse locations and infrastructures. <span style="font-weight: bold;">Watch the following video</span> for more information on using IP defense and getting real-time threat intelligence.</p> <p>&nbsp;</p> <!--more--> <div class="hs-embed-wrapper" data-service="youtube" data-responsive="true" style="position: relative; overflow: hidden; width: 100%; height: auto; padding: 0px; max-width: 853px; min-width: 256px; display: block; margin: auto;"><div class="hs-embed-content-wrapper"><div style="position: relative; overflow: hidden; max-width: 100%; padding-bottom: 56.27%; margin: 0px;" data-mce-style="position: relative; overflow: hidden; max-width: 100%; padding-bottom: 56.27%; margin: 0px;" data-mce-fragment="1"><iframe style="position: absolute; top: 0px; left: 0px; width: 100%; height: 100%; border: none;" title="YouTube video player" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" xml="lang" src="https://www.youtube.com/embed/jsahJtKHK3w?rel=0" width="853" height="480" frameborder="0" allowfullscreen data-mce-src="https://www.youtube.com/embed/jsahJtKHK3w?rel=0" data-mce-style="position: absolute; top: 0px; left: 0px; width: 100%; height: 100%; border: none;" data-mce-fragment="1"></iframe></div></div></div> <p>&nbsp;</p> <h2>Key Takeaway</h2> <p>ThreatSTOP uses your existing firewalls, WAFs, and DNS devices to protect your perimeter and your AWS applications. &nbsp;Get threat intelligence protecting your network in minutes!<br>Register here: <a href="https://admin.threatstop.com/register">https://admin.threatstop.com/register</a>.&nbsp;</p> <p><span></span></p> <p>&nbsp;</p> <p><span style="font-weight: bold;">Learn More:</span></p> <p><a href="/blog/what-dns-security-does-an-enterprise-need" rel="noopener" target="_blank">What DNS Security Does A Typical Enterprise Need?</a></p> <p><a href="/dns-defense-cloud" rel="noopener" target="_blank">DNS Defense Cloud</a>&nbsp;</p> <p><a href="/solutions/threatstop-dns-firewall-overview" rel="noopener" target="_blank">DNS Defense</a>&nbsp;</p> <p>&nbsp;</p> <p><span style="font-weight: bold;">Video Transcript</span></p> <p>Intro<br>Enforcement Options<br>Implementing Perimeter Defenses<br>DNS Security<br>DNS Defense Cloud<br>Proactive, Full-Coverage Cybersecurity<br>AWS WAF<br>Automated, Pro-Active Threat Defense<br>Comprehensive Integrations<br>Public Policy Creates Business Risk<br><br><span style="font-weight: bold;">Enforcement Options</span><br>So ThreatSTOP was started to solve a problem I was having. I was protecting IRS databases of charitable foundations that were being attacked because people were trying to steal the personal identifiable information of my net worth individuals, and we had firewalls and servers that were donated, and so we had to be able to make the threat intelligence that was available at the time actionable on those platforms regardless of where they came from, and then as unfortunately mostly now, threat intelligence was either not machine-readable, couldn't be put into an enforcement gateway, or it was very, very vendor specific, and neither really worked for us.<br><br>So what we did was we created a system using DNS, which was invented by Paul, which is a universal API that enabled us to push threat intelligence into arbitrary pieces of network information that could then be used for filtering in real-time, and it worked. So this application of this platform for compliance is merely one use case. It's very, very close to the original use case, which was protecting websites of protecting people from people they don't want to talk to, and we enable that no matter what it is that you use.<br><br><span style="font-weight: bold;">Implementing Perimeter Defenses</span><br>So we have three basic ways of doing this. The original way was IP defense, which was in firewalls from routers and switches, which allowed you to filter inbound and outbound traffic to and from criminal infrastructure. So you block the inbound stuff from the vulnerability scanners, the people that are trying to steal your data. You can catch everything regardless of what the protocol is being used because no matter what it is, encrypted or not, the destination IP address has to be valid for the attack to succeed.&nbsp;<br><br><span style="font-weight: bold;">DNS Security</span><br>And then, we added the ability to do this using DNS. We're the only company that supports all of the widely distributed DNS servers in addition to response policy zones which are widely used. We also support natively active directory DNS filters, and we have, like everybody else in the DNS business, a cloud service where you can just point your DNS at our resolvers and have that filter happen. That enables you to filter outbound connections based on the DNS query.&nbsp;<br><br>It's pretty important these days because IP addresses, particularly for malware, tend to be in cloud services; content distribution networks are using something like Bitly, where they move around a lot and use the name, not the IP address. So without having DNS-based security, which again is unencrypted, can't be flustgated because the query has to work for the connection to succeed, you have no other way of addressing those highly dynamic attacks.<br><br>So what we've done is we've used the two things that have to be valid, and that cannot be confused, encrypted, and otherwise obfuscated for unwanted traffic wanted as well to succeed and allow you to filter that regardless of what platform you're on. For ransomware, that's really important because they have to call home to get the encryption key and to notify their masters of the data, especially now since ransomware, typically just data exfiltration before it encrypts it, catching it, then allows you to interdict the actual lockdown.&nbsp;<br><br>Again, because it is in DNS, which, as Paul loves to say, ‘everything good or bad on the internet starts with a DNS query’, it'll catch all the different protocols because that's how the connection is starting, and with DNS, you have the ability to do blocking. &nbsp;You have the ability to allow it through and audit it, and you also have the ability to rewrite the result, allowing it to redirect.&nbsp;<br><br>So, for example, for phishing, instead of being worried about having to do phish training occasionally on your people, you can actually use real phishing data, real phishing sites, and when they click on that link, directs them to a web page that says, hey, you just clicked on a phishing link. That's immediate training, or as we would tend to call in the military, you know, immediate action, and is much more effective than a later correction. On-the-spot correction works far better for teaching people not to do things they shouldn't do than later and typically doesn't require anything more than, hey dude, you did something silly.&nbsp;<br><br><span style="font-weight: bold;">DNS Defense Cloud</span><br>Our cloud service offers the same service using a forwarder. The only disadvantage of that versus doing it on Prem is it's usually a forwarder, so you only see the DNS server that is forwarding the queries in the logs. So you can't tell which endpoint it is. You have to go look at your DNS server logs, but we're working on ways to address that as well.&nbsp;</p> <p><span style="font-weight: bold;">Proactive, Full-Coverage Cybersecurity</span><br>You put the two together. Now you have the best way to manage unwanted traffic in and out of your network. You have the ability to block it. You have the ability to audit it. You have the ability to see what happened, and you have the ability to redirect where that's appropriate. The use of that in compliance means that you not only have done the thing necessary to stop talking to these people you don't want to talk to, but you've also got proof that you did it. So should there be a slip-up on someone's part, you can get beyond saying hey, we screwed up. You can say, we really tried not to do this, which for most judges and most enforcement agencies, is typically enough for them to say well, don't do that again, and here's some more data you should use. By the way, we're happy to give that to you.&nbsp;<br><br><span style="font-weight: bold;">AWS WAF</span><br>We also offer this since most people are now servicing their customers from the cloud as a pre-packaged set of rules in the AWS Marketplace. These are broad-spectrum rules that should apply most broadly to people that are trying to comply with the given sanctions regimes in AWS and protect their websites. If you have something more specific that you want to do, we also have the ability to have that integrated into our platform with direct integration into AWS, but it's available to buy right now.&nbsp;<br><br>If you're in an AWS region that's supported, and that's all of them except for the People's Republic of China, Hong Kong, and anything for Eastern Europe, at least the parts of Russian-occupied Eastern Europe, you can just buy it in the marketplace. If you need more specific customization and more specific drill down and reporting, it's also supported in our platform, and you can contact us and buy that.<br><br><span style="font-weight: bold;">Automated, Pro-Active Threat Defense</span><br>The result is you get automated proactive threat defense on all of your platforms, physical, virtual, Cloud, on-prem, other people's parameters, and you can manage it all from one website and see what happened from one website. So that means that if you have multiple different firewalls or your CEO decides to go out and buy a new company today and that company has a totally different piece of network infrastructure, you can implement right away your own threat perfection policy without having to go forklift out all that stuff, which may be in multiple different locations all over the world.&nbsp;<br><br>So that's very helpful if you're doing, and it's going on a lot now with the highly dynamic nature of work, the ability to protect multiple different locations that are dynamic. You've got retail, you've got people working from home, you've got your road warriors, you've got a situation where maybe you're moving your logistics out of the People's Republic of China to new places. Well, are they compliant, because as Paul showed, you could wind up in trouble with that. You can say hey, look, if you're you're going to sell me stuff, I need you to at least log the following information from your network for me so I can know that you're compliant and that my data is not being shipped or my product is not being incorporated into somebody who's sanctioned.<br><br>The result is it takes what you already have and will have in the future and makes it work better. It's an add-on to what you've already deployed. You can typically get it up and running in less than an hour, and it hits the worst problems you're facing right now; active malware, ransomware, data exfiltration, and the compliance problem in a highly dynamic world where you're being attacked.&nbsp;<br><br><span style="font-weight: bold;">Comprehensive Integrations</span><br>As I said, it'll work with what you have now or what you have in the future. This is just some of the list. Also, we're being lazy. Actually, we just didn't want to turn it into much of an eye chart. I probably can barely read these logos at this point; it gets this small, so trying to not throw all the logos up there, but basically, anything that can take a DNS query and pipe it into an Access Control list, anything that supports HTTPS to download an XML file, anything that uses response policy zone, and as we said, any version of active directory 2016 or later can natively support our product. If it's not on there, it's not something we support, and you can see the full support suite at docs.threatstop.com. We'd love to hear about it because we really want to provide protection to the whole world.&nbsp;<br><br><span style="font-weight: bold;">Public Policy Creates Business Risk</span><br>So as Paul said, it's a real business risk right now. The policy means that not only do you have to worry about the hackers and the attackers, you now have to worry about your own government, and this is a dynamic situation where the solution has to be automated because otherwise, you're dealing with a situation where you spend a lot of time and money with a lot of people, and you still are taking too long to put the protection into place with the result that you have a big window of vulnerability.<br><br></p></span>
