ThreatSTOP

Subscribe to ThreatSTOP feed
Updated: 2 hours 10 min ago

RSA 2016

Sat, 01/23/2016 - 01:01

See ThreatSTOP at RSA 2016, booth number 4714.

In addition, ThreatSTOP’s founder and CEO Tom Byrnes will be moderating a panel titled: “Malware As A Service” on March 2, 10:20 am to 11:10 am

Topic: Cybercriminals are business people who recognize the power of the cloud to reduce costs, improve ROI and speed up processes—just like legitimate businesses. The cloud is paving the way to cheaper, faster, broader scale attacks that can be stood up, launched and torn down within hours, undetected. Security luminaries will advise on taking down the malware business.

 

Panelists:

Tags: newsRSA Conferencepanel

Getting Started with ThreatSTOP

Wed, 01/13/2016 - 18:46

ThreatSTOP® delivers automated firewall policy updates powered by real-time threat intelligence. This guide will enable you to get started, and immediately begin protecting every device on your network.

  1. Create a Protection Policy Block List
  2. Fine-tune Your Protection Policy
  3. Select a Device
  4. Configure the Device
  5. View Reports of Blocked Threats
A PDF of this document can be downloaded here. Create a Protection Policy Block List

ThreatSTOP offers fully customizable block policies to fit an array of security needs. Follow the steps below to create a custom protection policy that suits your device-specific needs.

Login and open the Policies & Lists tab

Enter your ThreatSTOP username and password to login to the customer portal, click on the Policies & Lists tab at the top left of the page.

ThreatSTOP encourages users to create custom policies that match their security needs. However, pre-defined policies are available, you can learn about them by clicking the explained here link.

Add a custom policy and give it a name

Click Add Policy on the bottom right of the Policies tab.

Enter a Policy Name and Description.

Select threat categories to block

Browse through the available categories and select the threat lists you want to include in your custom policy. Use the checkbox to add or remove lists from the policy.

Review and submit the changes to your custom block policy

Once you’ve added the threat lists you want to protect against, you should review the total Number of Records it contains to ensure it does not exceed the max policy size limits of your network device.

Consult the documentation for your device and adjust your policy as needed.

Click Submit when you’ve finished making additions or changes to the policy.

 

Fine-tune Your Protection Policy

You can tailor protection for your network by creating your own custom allow lists and blocklists. Follow the steps below to create a custom allow list and add it to the policy you just created.

Open the Add User List page

Open the Policies and Lists page, and select the User Defined Lists tab. At the bottom right, click on Add User List.

Name your custom allow list

Enter a name for your list in the List Name field, and add a Description.

Since this will be an allow list, select Allow from the List Type drop-down menu. (For custom block- lists you would select Block instead).

Add IP addresses to your policy

In the IP/netmask field add an IP address you want included in this allow list. Add a Comment for the IP address, and click Add to save changes.

Add multiple IP/Netmasks using the Multiple IPs tab to save time.

When you have finished adding IPs click Done to commit all additions to the list.

Add the allow list to your policy

Click the Edit icon next to your custom policy in the Policies tab of the Policies & Lists page.

In the Allow tab of Edit Policy, open the User Defined Lists category. Check the box next to the allow list you created. Click Submit to save changes.

 

Add a Network Device

Once you have created a protection policy, you will then select the device or network appliance that will run the ThreatSTOP Firewall Service. Follow the steps below to add a supported device.

Open the Devices tab

Click on the Devices tab toward the top of the page.

Click on the Add Device button at the bottom right of the window.

Complete the Add Device fields

Complete the fields by entering or selecting your device information in the fields provided.

Enter a name for your device and select the manufacturer and model from the drop-down menus. Next, select your location and enter your postal code.

Add the public IP address and select your policy

Add the public IP address of your device and select the IP type1.

If you created a custom policy in the previous steps, select it from the Policy drop-down list.

Alternatively, you can use one of the pre-defined policies. Descriptions for the pre-defined policies can be found by clicking here.

When you’ve completed all fields click Next to save the changes.

 

Configure the Network Device

After selecting and adding your device, you will configure your device to run the ThreatSTOP service. Follow the steps below to configure your device.

View your newly added device

Click on the Devices tab again, you should be able to view your newly added device details in the Devices Under ThreatSTOP Protection window. You are now ready to configure the device.

Open the installation documents

To the right of your device details, click on the information icon found in the Actions section.

Installation information is provided for your specific device based on the manufacturer and model.

Follow the instructions step-by-step to complete the installation and configuration of your device.

Uploading logs to enable reporting

On the next page we’ll cover the powerful reporting that empowers you to better understand the inbound and outbound attacks blocked by the ThreatSTOP service.

We strongly recommend you leave log uploading in the default enabled state – if you disable log uploading, reporting will not function.

Allow time for your device to register

The registration of new devices with ThreatSTOP can take up to 15 minutes following the completion of the installation.  While this new device registration is taking place, review these useful resources:

 

View Blocked Threats

ThreatSTOP is now automatically protecting your network using the custom policy you created. You can view reports showing results of the security enforcement taking place. Allow a minimum of 24-48 hours before checking your report (depending on the protection policy to be enforced on the network traffic). Follow the steps below to view the threats being blocked on your network.

Open the Reporting section

Click on Reporting to open and view reports for your device.

The inbound and outbound attacks blocked by ThreatSTOP are displayed. Click See Details to view more information about your protection

Select Report Parameters

Choose the protected Device, Date Range, and whether you want to view details for Inbound or Outbound Connections. Click Search after making your selections.

View report data by summary type

Click the summary tabs to view the report details as a Summary by Threat, Summary by IP, Summary by Port, or Summary by Date. You can export the data by clicking Download CSV.

Drill down to view more detail

You can drill down to view more details in each of the summary tabs. Click + to expand the Threat Category of choice, then click the corresponding number of events in red text to see full details of those events.

Next Steps with ThreatSTOP

You’ve just added a powerful layer of protection, and the results you will experience can be immediate.

Your network is now blocking known malicious attacks and new emerging threats with ThreatSTOP’s automated actionable threat intelligence. Continuous updates for your custom security policy will be delivered automatically and enforced by your network infrastructure.

To verify the ThreatSTOP service is blocking threats successfully, visit bad.threatstop.com from a host connected to the device with the ThreatSTOP service installed. This is a non-malicious site we’ve setup for testing purposes. If the service is working, you should not be able to view the page.

Your network security and satisfaction are very important to us. ThreatSTOP’s Customer Success Team is standing by to ensure we deliver both.

Don’t hesitate to contact us for assistance, or with any questions you have. We’d love to hear from you!

Customer Success Team

success [at] threatop [dot] com

or

1 (855) 958-7867

 

Neutrino Exploit Kit and Ponmocup

Tue, 01/12/2016 - 20:56
Neutrino Exploit Kit and Ponmocup Droppers

Although these two bits of malware are different, both are blocked by ThreatSTOP in the same way.

How does ThreatSTOP Block the Infection?

Thanks to work by extremely talented malware researchers the servers that actively distribute this malware to vulnerable visitors (known as droppers) have been identified. We are propagating the result of this work as a block list in both our IP reputation (ThreatSTOP) and RPZ (DNS Firewall) services.

As a result our users stop vulnerable computers that try to visit (often via a number of redirects) these servers from successfully connecting. Blocking these connections prevents the malware from being downloaded and installed on the vulnerable computer.

This is not, and cannot be, a permanent fix. Both malware strains exploit known vulnerabilities, so keeping systems up to date is critical. If a computer is vulnerable, then while it is on a network that is protected by ThreatSTOP it is protected from being exploited.  If the user tries to visit the malware dropping site on a different network, say when someone takes their laptop home, their computer can become infected.

Neutrino Exploit Kit

The Neutrino Exploit kit uses a number of vulnerabilities, primarily in Java, to infect vulnerable systems. Neutrino is extremely dangerous as it is under active development and, with the arrest of "Paunch" - the alleged author of the Black Hole Exploit Kit - this malware kit is now in a near monopoly position when it comes to being used by criminals to infect new victims.

Ponmocup Botnet

The Ponmocup botnet is currently less of a threat as it seems to not download really nasty malware onto infected computers, rather it displays a lot of unwanted ads and does very little more. However, while this is what it does now, there is no reason why it should continue to be so comparatively benign. As an example, there are indications that the Cryptolocker malware criminals are operating "pay per infection" schemes where they pay other botnet masters if they infect machines under their control with Cryptolocker.

How to Protect Yourself

ThreatSTOP and DNS Firewall stop the malware from being installed. Our alerts and log analysis tools tell you which systems tried to contact those servers, and therefore which may be vulnerable to infection. This allows network and systems administrators to update vulnerable devices before they can become infected.

Implementing ThreatSTOP and/or Infoblox DNS firewall, both of which are available for a 30 day, no obligation, trial, is the simplest and most effective way to identify any systems in your network that may be at risk.

For more information, contact ThreatSTOP Sales or your Infoblox account executive.

DNS Inventor Paul Mockapetris Sets Sights on Cyber Security

Mon, 12/14/2015 - 18:06
DNS Inventor Paul Mockapetris Sets
Sights on Cybersecurity

World-renowned computer scientist and Internet Hall of Fame
inductee joins ThreatSTOP as Chief Scientist

Carlsbad, CADecember 15, 2015ThreatSTOP, the company that makes threat intelligence actionable in real time, today announced Paul Mockapetris, inventor of the Internet Domain Name System (DNS), has joined the company as its Chief Scientist. Mockapetris is a world-renowned expert and visionary in the international computer science community, with more than 30 years’ experience in consistently developing landmark Internet technologies. In this newly created role, Mockapetris will provide guidance to the ongoing product innovation process, and lead research into DNS-based security.

The DNS was introduced during the transition from the ARPAnet to the IP/TCP based Internet, and was the largest single architectural innovation of that transition. As a critical infrastructure, DNS has been subjected to many attacks and misuse, but in today’s hardened form, it is seen as an essential tool for implementing security.

ThreatSTOP delivers a highly scalable defense against advanced attacks by leveraging the power of DNS to protect against any malware for every device across a network. More than 500 companies trust ThreatSTOP to protect their networks today. The ThreatSTOP service enables firewalls and/or DNS servers to deflect inbound attacks, and prevents infected hosts from communicating with threat actors to corrupt or extract data. The service is cloud-based, updates automatically and integrates with leading firewalls and DNS servers.

“Effective security requires real-time threat intelligence that is distributed to all of an enterprise’s enforcement devices whether they are routers, firewalls, application delivery controllers, or servers. DNS is an ideal vehicle,” said Mockapetris. “ThreatSTOP’s threat intelligence is developed from industry-leading sources, as well as feedback from the enterprise enforcement devices. Working with the team at ThreatSTOP, we field powerful, scalable security tools that leverage the ubiquity of DNS to protect organizations of all sizes.”

Prior to joining ThreatSTOP, Mockapetris has held leadership roles at high-profile technology companies including @Home, Software.com, and Fiberlane (split into Cerent and Siara). He currently serves as a board member for Nominum and Farsight Security, two other leaders in DNS-based security. Mockapetris also served as chairman of the Internet Engineering Task Force (IETF), program manager at ARPA, and chair of ICANN's Strategy Panel on Identifier Technology Innovation.

“Paul is a well-recognized Internet pioneer whose initial DNS has endured and flourished over the past three decades, which is a rare and marvelous feat of innovation,” said Tom Byrnes, CEO of ThreatSTOP. “We are honored to work alongside Paul to use DNS to successfully address one of the most challenging Internet issues facing companies today—availability of security that is not only effective, but easy to deploy and manage.”

Throughout his career, Mockapetris has contributed to the computing research community and the evolution of the Internet. His earliest work at the University of California, Irvine (UCI) on distributed systems and local area network technology preceded the commercial Ethernet and Token Ring designs. At ISI, after working on the design and initial implementation of the SMTP protocol for email as part of the birth of the Internet in 1983, he took on the challenge of designing DNS, and then operated the original “root servers” for all Internet names. Subsequent to creating DNS at USC’s ISI, Mockapetris later served as the Director of ISI’s High Performance Computing and Communications Division.

Mockapetris earned his bachelor's degrees in physics and electrical engineering from the Massachusetts Institute of Technology and his doctorate in Information and Computer Science from UCI. Mockapetris is a frequent speaker and the recipient of numerous awards including induction into the inaugural Internet Society’s Internet Hall of Fame in 2012. He was also an initial investor in ThreatSTOP, and participated in its most recent Series B round of funding.

 

About ThreatSTOP

ThreatSTOP is a network security company offering a cloud-based threat protection service that protects every device and workload on a network from cyber attacks and data theft. It can protect any network, from virtual cloud networks to branch LANs to the largest carrier networks. The service leverages market-leading threat intelligence to deflect inbound and outbound threats, including botnet, phishing and ransomware attacks, and prevents data exfiltration. For more information visit www.threatstop.com.

CONTACTS:

Michael Becce, MRB Public Relations, Inc.
mbecce [at] mrb-pr [dot] com | (732) 758-1100 x104

Brigitte Engel, ThreatSTOP
bengel [at] threatstop [dot] com | (760) 542-1550 x4394

Tags: news

ThreatSTOP Joins Microsoft Enterprise Cloud Alliance

Wed, 12/02/2015 - 23:39
ThreatSTOP Joins Microsoft Enterprise Cloud Alliance

Cloud-based security service protects Microsoft Azure customers from attacks and data-theft

Carlsbad, CA – Dec. 3, 2015 – ThreatSTOP, the company that makes threat intelligence actionable in real time, today announced it has joined the Microsoft Enterprise Cloud Alliance to deliver its cloud-based, automated threat protection service to enterprise customers using Microsoft Azure. This collaboration highlights ThreatSTOP’s commitment to better protect customers’ data both on-premises and in the cloud, enabling businesses to take advantage of Azure flexibility, scale and innovation.

ThreatSTOP delivers a highly scalable defense against advanced cyberattacks by using the power of DNS to better protect every device and workload across on-premises and cloud-based networks. More than 500 companies trust ThreatSTOP to protect their networks today. The ThreatSTOP service enables a physical or virtual firewall to deflect inbound attacks and enables both firewalls and DNS servers to help prevent infected hosts from communicating with threat actors trying to extract or alter data. The service is cloud-based, updates automatically and works with leading firewalls and DNS servers.

“Microsoft is enabling companies to transform their business by utilizing the power of Microsoft Azure. Security concerns are clearly top of mind for any organization moving sensitive information to the cloud,” said Tom Byrnes, CEO of ThreatSTOP. “Working with Microsoft Corp., we are providing customers with a proactive security solution for Microsoft Azure customers that delivers immediate, powerful protection against advanced threats.”

“As organizations move workloads to the cloud, they want enterprise-class enhanced security to better protect against the latest threats,” said Gareth Bradshaw, Senior Program Manager for Microsoft Azure Networking. “ThreatSTOP provides customers with the ability to create customized security policies to help protect cloud workloads and virtual desktop infrastructure from inbound and outbound threats.”

 

About ThreatSTOP

ThreatSTOP is a network security company offering a cloud-based threat protection service that protects every device and workload on a network from cyber attacks and data theft. It can protect any network, from virtual cloud networks to branch LANs to the largest carrier networks. The service leverages market-leading threat intelligence to deflect inbound and outbound threats, including botnet, phishing and ransomware attacks, and prevents data exfiltration. For more information visit www.threatstop.com.

CONTACTS:

Michael Becce, MRB Public Relations, Inc.
mbecce [at] mrb-pr [dot] com | (732) 758-1100 x104
Brigitte Engel, ThreatSTOP
bengel [at] threatstop [dot] com | (760) 542-1550 x4394

Tags: news

ThreatSTOP Unveils Enterprise-Grade Threat Protection Platform

Thu, 11/19/2015 - 01:21
ThreatSTOP Unveils Enterprise-Grade

Threat Protection Platform

SaaS threat intelligence service meets demand for large-scale customer support

Carlsbad, CANovember 18, 2015 – ThreatSTOP, the company that makes threat intelligence actionable in real time, today announced a broad-scale upgrade to the company’s software-as-a-service threat intelligence delivery platform. In response to attracting a fast-growing customer base of large enterprise customers, the company made a long-term investment in ensuring best-in-class service delivery for enterprise-scale deployments.

ThreatSTOP delivers a highly scalable defense against advanced cyberattacks by leveraging the power of DNS to protect every device and workload across on-premise and cloud-based networks. More than 500 companies trust ThreatSTOP to protect their networks today.

“Our customers use the ThreatSTOP Firewall Service to block inbound attacks, and outbound communications with threat actors looking to steal data. Attacks are deflected before they can reach the network—in particular, those attacks that have bypassed other security controls,” said Tom Byrnes, Founder and CEO for ThreatSTOP. “This level of protection is very much in demand by large-scale organizations that have a responsibility to safeguard sensitive information and systems from advanced attacks. Our new platform enables us to support enterprise networks of any scale with best-in-class threat protection.”

Highlights of the new platform:

  • Improved performance, higher availability and resilience against brute force attacks through implementation of anycast network technology. Supports geographically dispersed addressing policies to select the most efficient path for our users and increase the speed and reliability of service delivery.
  • World-class hosting at multiple flagship data centers offering N+1 or better redundancy on all data center systems, plus redundant power and cooling systems.
  • Audited security protocols that meet or exceed the international service organization reporting standard SSAE 16 for SOC 1, 2 and 3, Type II reports. Enables support for public and private organizations.

The ThreatSTOP service enables a physical or virtual firewall to deflect inbound attacks, and enables both firewalls and DNS servers to prevent infected hosts from communicating with threat actors trying to extract or alter data. The service is cloud-based, updates automatically and works with leading software firewalls and DNS servers.

 

About ThreatSTOP

ThreatSTOP is a network security company offering a cloud-based threat protection service that protects every device on a network from cyberattacks and data theft. It can protect any network, from virtual cloud networks to branch LANs to the largest carrier networks. The service leverages market-leading threat intelligence to deflect inbound and outbound threats, including DDoS, malware, phishing and ransomware attacks, and prevents data exfiltration. For more information visit www.threatstop.com

CONTACTS:

Michael Becce, MRB Public Relations, Inc.
mbecce [at] mrb-pr [dot] com | (732) 758-1100 x104

Brigitte Engel, ThreatSTOP
bengel [at] threatstop [dot] com | (760) 542-1550 x4394

Tags: news