ThreatSTOP Intelligence List Types
What You Get When Adding Our Data To Your Network
- No changes to your network infrastructure
- Standard or tailored threat lists
- One interface for Cloud, IoT, roaming laptops and traditional enterprise network
- One interface regardless of your Firewall, router, brand, etc.
- Constant updates to latest threats
- Keep your data in and network out
- Get 20% more of your network bandwidth back
- Throw spam and DDoS away at the perimeter of your network, rather than your servers
- Don't just block, report
ThreatSTOP converts the latest threat data into enforcement policies, and automatically updates your firewalls, routers, DNS servers and endpoints to stop attacks before they become breaches. While customers can use their own threat intel feeds, or those from major vendors like Anomali or ThreatConnect, we have our own curated feed that most customers prefer.
Our target lists are derived from over 60 Threat Intelligence sources, both public and proprietary, and we use our own custom algorithms to identify currently bad domains, IP addresses and networks broken down by the kind of threat they present.
Our Intelligence Sources
Our data suppliers include the Network Security Research Lab at 360, Farsight Security, Team Cymru, Shadow Server, Abuse.ch and DSHIELD as well as researchers from the University of Georgia and Cambridge University (UK). ThreatSTOP is a DSHIELD mirror and has an archive of all DSHIELD data ever gathered, allowing us to do far more analysis than the publicly available datasets.
We protect IT infrastructure against the most current and active criminals via our Ransomware, Botnet C&C hosts, phishing and Malware dropper intelligence for both inbound and outbound connections, while at the same time protecting data center infrastructure via our Server centric lists against inbound attacks. In addition, our customers’ VOIP infrastructure is safeguarded against criminals that use VOIP servers to relay their calls and we also provide geographical filtering on regional, country and in special cases ZIP/Postal code level granularity.
Weaponizing Threat Intelligence
While the accuracy of our Threat Intelligence is what makes ThreatSTOP different, the fact that we make this intelligence actionable is what truly sets us apart. This is achieved in near real time via frequent updates and uses proprietary algorithms that we apply to each and every list we capture.
Depending on the data source and specific method used to collect the data, ThreatSTOP utilizes various techniques to ensure the validity of each entry. Based on our experience in the security space as well as our background in signal processing we have developed proprietary algorithms to identify currently active threats from these sources. Using techniques adapted from signal processing and noise reduction we are able to identify the domains and IP addresses that are currently malicious.
We also remove BOGONs, duplicates, Martians and other invalid data while we are aging out IP addresses and domains no longer deemed a threat. These correlation and processing heuristics have been carefully tuned over the last 5 years to ensure that they optimize the output to minimize false positives without missing serious threats.
Aside from scrubbing each of the sources tracked by ThreatSTOP and ensuring their validity, our protection takes it a step further by running our threat intelligence against our proven whitelists of known and trusted sites to effectively guard against botnet controllers deliberately trying to make IP reputation ineffective. Our whitelists are rigorously maintained, with domains only deemed ‘trusted’ after meeting ThreatSTOP’s strict evaluation to ensure that they are highly unlikely to contain a threat for a significant period of time.