ThreatSTOP Service Overview

ThreatSTOP Service Overview

The ThreatSTOP Service is a cloud based solution that enables your existing firewalls and routers to block inbound and outbound communications to cyber-criminal’s command and control (C&C) architecture. The service prevents data theft, reduces network load and attack surface. It is deployable within an hour without the expense, complexity and delay of hardware upgrades, network reconfigurations, retraining or manual updates. With auto-updates to ensure up-to-date protection without creating additional overhead and powerful reporting that details compromised devices on your network.


For a FREE evaluation of the ThreatSTOP Service, please call +1.855.95T.STOP or email

ThreatSTOP Benefits

  • image description
    "Calls Home" to Command and Control Computers Blocked
    • Prevents outbound connections with command and control hosts.
    • Blocks traffic based on the destination of outbound traffic, regardless of protocol, application or content.
  • image description
    Prevents Zero-day Attacks
    • Once ThreatSTOP detects and confirms that a new IP is acting badly and warrants blocking, it is sent to your firewall in the next update cycle, offering immediate protection for your network.
  • image description
    Improve Network Performance and Reduce Bandwidth Utilization
    • For every incoming packet, a firewall using the ThreatSTOP service looks at only the source address, which means that using ThreatSTOP requires less than 10% of the data required by deep packet inspection to make a decision, creating greater efficiency and capacity savings.
  • image description
    "Make Your Network Disappear", Reduce Spam and Risk of Attack
    • Incoming packets from a bad IP address are rejected immediately, without even acknowledging the first syn packet. This in effect tells the sender that "there is no one here" or "this is the wrong address", allowing your network to effectively "disappear" from the Internet from the cybercriminals' perspective, and they will move on.
  • image description
    Prevent Data Exfiltration and Ensure Compliance
    • Since our default mode is to block the suspected traffic first, and provide you with log data to enable remediation of the breached machines, each failed attempt to breach is not a reportable event under the various compliance regimes.


How It Works

ThreatSTOP's technology lives in the cloud and provides a list of active bad IP addresses to your existing firewalls that is updated in near real time via a patented distribution mechanism. When a Bot or other malware attempts to "call home," ThreatSTOP prevents this from happening by blocking the communication to the criminals' computers.

  1. ThreatSTOP's detection engine maintains an active database of untrustworthy
    IP addresses
  2. The current ThreatSTOP database is downloaded onto your firewall regularly.
  3. Malware makes an attempt to "call home."
  4. Bad IP addresses are blocked by your firewall preventing communication.
  5. Since there is no possibility of communication, the criminals in the outside world are unable to see the network.
  6. The firewall sends its logs back to ThreatSTOP resulting in:
    • Intelligent actionable reports showing infected internal hosts for easy
    • A closed-loop system where each user becomes part of a defense community by sharing the collected data.
image description

Supported Devices

The ThreatSTOP threat intelligence Web service should work with any firewall, or other traffic management device, that can make a forwarding decision based on a DNS lookup. For systems without that native capability, it should be simple to write scripts on the management stations that update rules using lists retrieved from DNS. Below we have - as well as the generic overview - implementation details for a number of the most common firewalls.

For firewalls that we do not currently support directly, we recommend that customers deploy a software firewall (e.g. Vyatta or pfSense) in bridge mode behind the firewall. This deployment method has been used successfully by many of our customers to identify and block botted machines on their networks.

  • CheckPoint: UTM/SPLAT
  • Fortinet: Fortigate
  • Juniper: SRX/MX
  • Vyatta/VyOS/EdgeOS
  • Palo Alto Networks: PAN-OS
  • PF: BSD/pfSense
  • IP Tables/Linux
  • Netscreen


Pricing Plans

Our very competitive and affordable pricing model is based on the number, model and make of Firewall or edge device protected by the ThreatSTOP Service.