Latest Blog Posts
ThreatSTOP is pleased to announce a new release of its web portal that significantly improves the speed an utility of the logfile analysis and reporting it provides to subscribers. The new reporting UI presents data in a way that is in line with how our customers prefer to analyze the data.
The most important information is which types of attack have been seen and so the order of the default tabs has been changed so that “Summary by Threat” is the first one displayed. Within that tab, we have broken the attacks down by threat category (Botnets, Malware, Inbound …) and then within each category we detail the number of hits in particular target lists.
In addition to changing the “Summary by Threat” tab, we have also changed the “Summary by IP” tab to make it quicker to identify vulnerable internal hosts. Rather than displaying communication pairs, it now shows internal IP addresses only. Clicking on a particular internal IP address shows what communications with it have been blocked.
Finally we have tweaked the “Summary by Date” tab to display the busiest date/hour and to provide breakdowns of traffic by hour. This can be particularly useful to identify infected devices that are “calling home” when no one is in the office.
We do of course welcome feedback from our subscribers and suggestions from them on additional ways to enhance our reporting UI.
In addition to the layout changes some back end work has been done to improve performance, particularly for our larger customers. The combined result of the back end database changes and the UI changes is that ThreatSTOP’s customers get to see the firewall log data they care about immediately so that they can take action to remediate compromise internal hosts or handle sustained attacks on internet facing devices.
ThreatSTOP is a real-time domain and IP Reputation Service that automatically delivers a block list directly to users’ firewalls, routers and DNS servers, so they can enforce it. It is a cloud-based service that protects the user’s network against the most serious information security problem today—malware designed to steal valuable data perpetrated by organized criminals and state actors. The data consists of both specific threat indicators and geographic data which users combine to create their own customized policies for protection. ThreatSTOP enables existing hardware and network infrastructure to enforce user defined malware blocking policy without requiring the expense, complexity and time of a forklift upgrade of new equipment. It can be deployed within the hour with simple rule-settings or a script on the user’s BIND (DNS) server, firewall or router. Founded in 2009, ThreatSTOP is headquartered in Carlsbad, CA. For more information visit http://www.threatstop.com/