Try out our new Check IoC. Check IPs and Domains for Malware Here



ThreatSTOP Overview
Description: ThreatSTOP is a powerful service that blocks attacks before they reach your network, and prevents data theft. Unlike other tools that only integrate into a SIEM or notify you of threats, ThreatSTOP deflects attacks that have bypassed your firewall, IDS/IPS, web filter and endpoint security. Then ThreatSTOP’s real-time reporting provides the visibility you need to remediate threats.
Download Datasheet »
ThreatSTOP Technology Overview
Description: The ThreatSTOP platform delivers up-to-the-minute threat intelligence to routers, firewalls and DNS servers to provide an automated, proactive defense against malicious attacks such as ransomware, DDoS, and botnets. A cloud-based service, it works with a customer’s existing security devices to automatically block attacks and prevent data theft and corruption.
Download Datasheet »
ThreatSTOP DNS Defense
Description: ThreatSTOP DNS Defense is a highly effective, proactive security solution that blocks advanced threats from completing their mission, be it DDoS attacks, data theft or corruption, or phishing. It delivers up-to-the-minute protection against advanced attacks, and enhances your existing security posture by adding a powerful layer of security that functions at the DNS level, and delivers granular control over the actions taken against outbound network queries.
Download Datasheet »
ThreatSTOP Protective DNS (PDNS)
Description: ThreatSTOP PDNS delivers true Protective DNS powered by 900+ real-time threat intelligence feeds. ThreatSTOP PDNS works on your existing DDI/IPAM or DNS servers to block or redirect threats early, before any damage can be done. No new hardware or network changes needed. ThreatSTOP PDNS exceeds new DNS security requirements without the privacy issues found in competing hosted DNS products.
Download Datasheet »
ThreatSTOP IP Defense
Description: ThreatSTOP IP Defense provides customizable real-time configuration management of your firewalls, routers, switches, cloud environments, and DNS servers in a heterogeneous network to maximize the power and functionality of your existing network infrastructure. Your security policy will be enforced at the network level with the ability to tailor your policy on a device-by-device basis.
Download Datasheet »
Description: ThreatSTOP's MyDNS is the world’s first and only fully recursive DNS Firewall solution packaged into a light-weight agent, and compatible with all modern Windows and Mac OS X endpoints like laptops, ultrabooks and desktop computers. MyDNS provides a self-contained, fully recursive DNS server with unparalleled security protection and advanced customization options. Additionally, MyDNS delivers privacy features unavailable in other commercial DNS filtering solutions, ensuring DNS requests made by protected endpoints remain private to your devices and your network.
Download Datasheet »
ThreatSTOP Check IOC Subscription
Description: ThreatSTOP has always provided security research tools as part of our services, and Check IOC is now available as a standalone subscription. We've made it easy to get your hands on tools that give you invaluable data, backed by one of the largest databases that we've been building for over a decade
Download Datasheet »


Case Studies


University of Baltimore
"ThreatSTOP has eliminated manual blacklisting and remediation, and reduced help desk tickets related to malware by 90%, to only 1-2 per month."
    - Mike Connors, Information Security Analyst

Download Case Study »

Bibliotheek Rotterdam
"ThreatSTOP has solved a big headache for us. Now we have no service stoppages, no escalations with the ISP, and no manual cleanups."
    - Nikola Nicolic, Contracts and Services Manager

Download Case Study »

Cirrus Tech
"ThreatSTOP’s IP reputation service provides invaluable protection for Cirrus Tech and our customers against threats that other solutions fail to address."
    - Ehsan Mirdamadi, CEO, Cirrus Tech

Download Case Study »
"ThreatSTOP is the clear leader in IP reputation services, and provides invaluable protection for AISO and our customers against zero-day, APTs, botnets and other advanced threats."
    - Phil Nash, CTO,

Download Case Study »

Armor Logo

Armor (formerly FireHost)
"Implementing this system has helped to decrease the number of total attacks against our customers by about 40 percent."
    - Chris Drake, Founder/CTO, FireHost

Download Case Study »

NonLinear Tech
"ThreatSTOP was able to help us rapidly identify and remediate a spam botnet that was putting one of our customer’s business at risk."
    - John Verbrugge, Principal, NonLinear Tech

Download Case Study »

Phoenix Energy Systems
"By automating the process and providing the reports, ThreatSTOP provides me a peace of mind and saves me time."
    - Carol Maffitt, CIO

Download Case Study »

Earth Systems
"ThreatSTOP works great. We are attacked every day and it stops them. It gives me the warm and fuzzies that
I am protected. It's well worth every penny."
    - Richard Gaustad, VP & CIO

Download Case Study »

West Memphis School District
"I had no idea my network printers are talking to China!"
    - Gary Woodward, Network Administrator

Download Case Study »

SANS Case Study: What Works In Threat Prevention - Detecting & Stopping Attacks More Accurately & Quickly With ThreatSTOP
"A community college found that ThreatSTOP enabled them to detect in-progress targeted attacks more quickly and with few falso positives. This enabled them to reduce the number of resources reached by attack payloads and significantly reduce the business impact of those attacks. Integration with existing security controls and the accuracy of threat intelligence supported an increase in the level of security without requiring increased staffing or investment in additional security products."
    - SANS WhatWorks

Download Case Study »

Operation Smile
"When we began using the product on premise, we immediately saw what was hitting our firewall on a daily basis. Definitely a success story for us. Working with ThreatSTOP really made sense for us from a business standpoint. We have a relatively small IT team for an organization of our size. With ThreatSTOP, we can stay ahead of the hackers."
    - Christopher Ackman, Application System Analyst

Download Case Study »


Why Email Is Such a Dangerous Attack Platform (And How to Protect Yourself)
Description: Although it seems as though cyber awareness is somewhat increasing due to the attempt to keep up with rapid advances in attack techniques, preying on human error continues to be extremely rewarding for threat actors. In this article, we will outline five common email attack types, and explain how to protect yourself and your organization from these attacks.
  Download Whitepaper »
Healthcare Information Security
Description: Healthcare information has become an increasingly valuable target. This paper reviews the value of this information and the reasons that healthcare infrastructure attacks are on the rise.
  Download Whitepaper »
Leading Cybersecurity Out of Medieval Times
Description: Today's security threats may be considered "advanced" by some, but ThreatSTOP founder and CEO Tom Byrnes believes many organizations are living in the medieval times of cybersecurity. How can they avoid slipping into the Dark Ages?
  Download Whitepaper »
Threat Mitigation:
Proactive Defense against Botnets and Criminal Malware
  Download Whitepaper »
Learning From Three 2018 Healthcare Cyber Attacks (That Could Have Been Prevented)
Medical records are cyber's new goldmine. Leading cyber security experts claim that medical records have been one of the most sought after data types, worth 10 times more than credit card information. As stated by Forbes, a single medical health record could be worth up to thousands of dollars, while social security and credit card numbers are worth 10 and 25 cents, concecutively. This paper outlines three major malware campaigns that hit the healthcare sector this past year.
  Download Whitepaper »


How to Get Real SMB Value From Threat Intelligence

Threat intelligence has become very popular, with every type and size of company trying to figure out how to get value from it. Getting real, tangible value is hard and typically requires people, skills and large budgets. ThreatSTOP has built its platform around a guaranteed recipe for how small and mid-market companies can achieve value from threat intelligence, all without breaking the bank or breaking your employees’ backs.


Learn How Threat Intelligence & DNS Work Together, All In Less Than 4 Minutes

Don't have the resources, budget or time to transform threat data into threat intelligence that proactively blocks threats against your organization? We do the heavy lifting for you with automation.


ThreatSTOP's CEO & Founder, Tom Byrnes, Explains the ThreatSTOP-Powered A10 DDoS Map

ThreatSTOP's Founder and CEO, Tom Byrnes, talks the importance and role of threat intelligence in preventing DDoS attacks at RSA 2018. We partnered with A10 to make these threats into a real-time, visual map.

RSA 2018 Interview: Tom Byrnes, Founder & CEO of ThreatSTOP, Chats with A10 Networks

Tom Byrnes talks about the role and importance of DDoS threat intelligence in modern defenses.

Playing Offense with the Domain Name System (DNS): A Conversation with Dr. Paul Mockapetris & Dr. Paul Vixie

Paul Mockapetris, DNS Inventor & ThreatSTOP Chief Scientist, talks with Paul Vixie, Chairman, CEO & Co-Founder of Farsight Security, about DNS being weaponized by cyber criminals and how exactly can you utilize DNS to combat these ongoing attacks to your network.

ThreatSTOP's DNS Defense in 2 Minutes

Everything (good and bad) on the internet starts and ends with DNS. Here's why you need a DNS Firewall, what protecting it means and how easy it is to use ThreatSTOP's platform for blocking (plus, seeing what's been blocked), reporting and analytics.


.IT 30th Anniversary Message from Paul Mockapetris, DNS Inventor & ThreatSTOP Chief Scientist

.IT TLD 30th Anniversary Message from Paul Mockapetris, Inventor of DNS & ThreatSTOP's Chief Scientist.

An Interview with Paul Mockapetris, Creator of the DNS

Brad White interviews with Paul Mockapetris, Creator of the DNS, on the new gTLD program, name collisions and how to move forward with the new gTLD program.

History Heard: Paul Mockapetris, Creator of the Domain Name System (DNS)

dotSecurity 2017: Session with Paul Mockapetris, Names & Security

RSAC TV: The New Geopolitics of Cybersecurity Research with John Bambenek, VP of Security & Research at ThreatSTOP

With cybersecurity becoming an increasingly high-profile field, new risks have emerged as governments are playing out foreign policy on the backs of security companies. This talk will cover the new geopolitical risks that have emerged in the wake of decisions made by governments such as the recent US government actions against Kaspersky. Learning Objectives: 1. Demonstrate the new risks for security researchers. 2. Discuss policy changes and the impacts those have. 3. Illustrate what the end result of these policies are and the long-term impact.



We recently put out a survey to find out where customers derive value from ThreatSTOP, what’s on their product wish list, and what’s their overall experience working with us and our platform. ThreatSTOP’s 2017 Customer Satisfaction Survey
Securing DNS is more important now than ever before, and now more affordable than ever. DNS is used in more than 95% of malware attacks, and it only takes an hour to add ThreatSTOP's DNS Defense. Why you need ThreatSTOP's DNS Defense
We uncover the worst healthcare data breaches of 2018, including the attack vector, damage to the company and the number of patients exposed. Uncovered: 2018's Worst Healthcare Data Breaches  

Webinars and Podcasts


Speaker: Paul Mockapetris

Earlier this year the NSA and CISA issued a call-to-action to enterprises to deploy Protective DNS (PDNS), emphasizing “the centrality of DNS for cybersecurity.” Yet using DNS as a control point for security is not new. So why is PDNS now making headlines and what should your organization do to address this mandate? Join us on June 24th at 10AM PT/1PM ET for a lively panel discussion on the what, why and how of Protective DNS (PDNS) with 4 industry leaders, including the world’s two leading DNS experts, Dr. Paul Mockapetris and Dr. Paul Vixie.

Register Now »


Speaker: Tom Byrnes

In a recent interview with Tomás Byrnes, CEO and Founder of ThreatSTOP, Aviva Zacks of Safety Detectives asked him about his motivation to start his company and what keeps it ahead of its competition. "I was solving a problem I had. I was running a site that had all the tax returns for private foundations, which are mostly high net worth individuals, in the United States, and we were constantly under attack." Check out the full interview now.

Read Now »


Speaker: Joe Dahlquist

Threat intelligence has become very popular, with every type and size of company trying to figure out how to get value from it. Getting real, tangible value is hard and typically requires people, skills and large budgets. ThreatSTOP has built its platform around a guaranteed recipe for how small and mid-market companies can achieve value from threat intelligence, all without breaking the bank or breaking your employees’ backs.

Watch Now »


Speaker: John Bambenek

Despite a massive spike in security awareness (and huge increase in cyber security spending), why are there still data breaches and security failures? By studying how attackers are getting in, we learn the hard lessons about undetected missing defenses.

Watch Now »


Speaker: John Bambenek

Community colleges and universities are the ultimate BYOD disaster. Faculty, staff and students from all over the world converge on the same network storing sensitive data, all which must be protected to comply with HIPAA, FERPA and PCI.

Tight funds and limited staff to protect devices they ultimately can’t even control or modify are huge barriers. The typical approach to using threat intelligence requires spending hundreds of thousands of dollars on tools (plus having large teams), but it doesn’t have to be this way.

This talk will discuss what threats and unique risks are faced by community colleges and universities. Also, how operationalizing threat intelligence in an automated fashion can be cost-effective and provide broad protection for BYOD and IoT devices.

Watch Now »


Speaker: John Bambenek

The 2018 elections are quickly approaching, with the next presidential election not long behind in 2020. Even during recent local elections, cyber security incidents have occurred, showing that threats don’t just emanate from Russia, but are increasing in frequency. 

This webcast will highlight aspects of the indictment and show how threat sharing between election authorities and the automated use of threat intelligence data can protect local election authorities, state election boards, and the integrity of our elections as a whole. It becomes key not only to have knowledge of threats, but to block them from ever compromising election authorities in the first place.

Watch Now »


Speaker: John Bambenek

Not many industries can say that cyber security is a life and death issue, expect for healthcare institutions. Equipment we trust and rely on to diagnose critical illnesses and provide life support for loved ones are embedded with computers that can't easily be modified. Electronic Health Records bring new, unique risks we must deal with.

This Webcast takes an informative and unique perspective on 2018's healthcare breaches and what could have been done to prevent those attacks. Plus, what we can do now to protect those devices that, due to FDA regulation, can't be modified.

Watch Now »

Vendor Comparison

ThreatSTOP vs OpenDNS (Cisco Umbrella Enterprise)
Description: OpenDNS offers a web content filter restricted to outbound traffic only, and it requires all DNS queries to be made by their DNS servers meaning every outbound connection attempt leaves your network for block/allow determination. OpenDNS works at the domain level (blunt instrument) meaning malicious URLs/IPs on “good” domains are an unprotected Threat. Like most WAF’s/URL filtering solutions you will encounter over-blocking and need reclassification. Clients can use IP proxy sites to entirely circumvent protection and expose risk to the network either naively or maliciously. See how ThreatSTOP compares.
Download Datasheet »
ThreatSTOP vs Infoblox ActiveTrust: Make Your More Infoblox More Intelligent with ThreatSTOP
Description: Infoblox customers have options when it comes to protecting their DNS, but ThreatSTOP is the clear winner. ThreatSTOP’s DNS Defense delivers greater security protection, higher performance and Stability, and more features and capabilities at a lower price compared to ActiveTrust and others. ThreatSTOP was the OEM Partner for Infoblox’s DNS Firewall up until 2016, so there are no compatibility issues. See how ThreatSTOP compares.
Download Datasheet »
ThreatSTOP vs Akamai
Description: ETP is a Cloud-based DNS solution. ThreatSTOP is a security web service that integrates with your on-prem DNS Server, where enforcement happens locally. With ThreatSTOP, there are not the privacy concerns associated with a Cloud-based DNS solution. ETP uses a single source of threat intelligence data that derives from their internal security team. TS utilizes 800+ authoritative threat intelligence partners. ETP has basic reporting, while ThreatSTOP provides preconfigured summary and email reports, detailed drill downs, IOC level metadata and Passive DNS. (ETP advertises simple categorical domain and URL lookups) Logging: ETP logs are retained for 30 days and export only. See how ThreatSTOP compares.
Download Datasheet »

Want to Learn More?

Request a free, 30-minute online walk-through of the ThreatSTOP Platform.

Request a Free Demo

Already in Prevention Mode?

Sign-up for a free, 14-day trial of the ThreatSTOP Platform.

Start a Free Trial

Prefer a Free Assessment?

Use any of our free assessment tools to better
understand your need for proactive defense.

Get a Real-time Assessment