Try out our new Check IoC. Check IPs and Domains for Malware Here

The ThreatSTOP Platform

We automate the process of operationalizing intelligence

Even with all your existing security layers, threats are still getting into your network. While attackers are motivated and more sophisticated, your security products don't always integrate, resources are scarce and manual processes take too long. Our platform transforms 200+ threat feeds into actionable security policies to block real-time threats for your whole network. We built ThreatSTOP to make this possible for every organization.

We start off gathering threat data from high quality sources. Tell us once about your network, blend the feeds you like or use our defaults. Threat intelligence becomes actionable through machine and human analysis. One language for all devices, feeds are customized for device and add your own blacklist/whitelist. Block inbound and outbound malicious connection attempts over all protocol and ports. Get 10 - 30% of your bandwith back. Create your policy by choosing categories to block or allow. Constant updates, blocking and easy to understand reporting. It only takes 30 minutes to integrate ThreatSTOP with your network enforcement devices.


Save Time

  • Automate and outsource essential 24/7 security policy updates.
  • Rich reports in our portal or your SIEM.
  • Rapidly identify infected hosts.
  • Research tools, like Check IOC, included.
  • Customize and schedule email reports and alerts.

Save Money

  • Add powerful security to existing devices.
  • Reduce endpoint infections and stop breaches.
  • Reduce load on existing security layers.
  • Eliminate unwanted bandwidth usage.
  • Increase security and network efficiency.

Be More Secure

  • Block connection attempts to criminal infrastructure on all ports and protocols.
  • Continuous, automatic policy updates.
  • Unique and valuable telemetry for SOC's and MSSP's.
  • Customize policies to match security postures.
  • Multivendor security is always a feature, not a bug.

Products that make up our platform

DNS Defense

  • Threats are continuously discovered by our security researchers, tracked by the 200+ authoritative threat intelligence sources we integrate into our platform, automatically shared as policy updates direct to your DNS firewall.
  • Attacks are prevented by neutralizing malware's ability to call home, eliminating data destruction or exfiltration that has bypassed existing network security layers.
  • Advanced reporting provides full visibility into blocked DNS queries and identifies infected machines, allowing for efficient and accurate remediation.

IP Defense

  • Automatically delivers the latest actionable threat intelligence to network firewalls, routers and switches based on user-defined policies.
  • Proactively blocks or redirects inbound malware, DDoS and other attacks, regardless of attack type or vulnerability. Renders your network invisible to scanners, so attackers move on.
  • Prevents data theft by stopping malware from "phoning home" to threat actors. Prevents activation of ransomware, such as Cryptowall and Cryptolocker.

Roaming Defense

  • Your security on the road: Takes our DNS Defense and delivers it to individual endpoints, providing the same security for your team when your laptop is off the corporate network. Essentially, putting a DNS firewall on your laptop. No relying on VPN or unknown wifi network security.

Check IOC Subscription

  • Rich Metadata and Passive DNS.
  • Our database of known malicious IPs has grown: 24 million indicators of compromise keep you safe.
  • Optional API Service available to automatically check for indicators of compromise.

Deploying ThreatSTOP

  1. Device integration is fast and easy.
  2. We work everywhere.
  3. Integrates with firewalls, routers, switches, DNS servers (and more) in less than one hour.
  4. Option to spin up a VM and start blocking threats: Pick your hypervisor and open source platform. Create a virtualized IP firewall, transparent bridge or DNS device running ThreatSTOP in minutes. 
  5. Protects Cloud workloads.


ThreatSTOP Supported Devices

We're vendor neutral and comprehensive, with complimentary DNS and IP filtering. You have the ability to provision your devices and enterprise consistently, with multi-layered security. Check us out with a quick demo here.

Hear Directly From Our Customers

  • "We have plenty of other systems in place, but ThreatSTOP prevented an ultrasound machine attack and gave us visibility into a large number of DNS queries that were being blocked. It also enabled us to quickly track down the infected ultrasound making the calls. That sold the product." - Geisinger Health
  • "ThreatSTOP has eliminated manual blacklisting & remediation, reducing help desk tickets relating to malware by 90%, to only 1 - 2 per month." - University of Baltimore
  • "ThreatSTOP is an effective and easy tool for reducing internet enabled/distributed malware. The price is incredibly fair, even for a non-profit." - Oklahoma Medical Research Foundation
  • "Implementing this system has decreased the total number of attacks against our customers by about 40%." - Armor
  • "Now we have no service stoppages, no escalations with the ISP, and no manual cleanups. We just look at the reports and respond to any issues very quickly. ThreatSTOP has solved a very big headache for us." - Bibliotheek Rotterdam

Want to Learn More?

Request a free, 30-minute online walk-through of the ThreatSTOP Platform.

Request a Free Demo

Already in Prevention Mode?

Sign-up for a free, 14-day trial of the ThreatSTOP Platform.

Start a Free Trial

Prefer a Free Assessment?

Use any of our free assessment tools to better
understand your need for proactive defense.

Get a Real-time Assessment