ThreatSTOP IP Firewall Overview

The ThreatSTOP IP Firewall is a cloud based solution that enables your existing firewalls and routers to block inbound and outbound communications to cyber-criminal’s command and control (C&C) architecture. The service prevents data theft, reduces network load and attack surface. It is deployable within an hour without the expense, complexity and delay of hardware upgrades, network reconfigurations, retraining or manual updates. With auto-updates to ensure up-to-date protection without creating additional overhead and powerful reporting that details compromised devices on your network.

For a FREE evaluation of the ThreatSTOP Service, please call +1.855.95T.STOP or email

To view how simple it is to setup ThreatSTOP take a peek at our Quick Start Guide.

ThreatSTOP Benefits

  • Data sync
    • Automatically delivers the latest actionable threat intelligence to network devices and DNS servers based upon user-defined policies.
  • Shield
    • Proactively deflects inbound malware, DDoS and other attacks, regardless of the attack type or vulnerability. Renders your network invisible to scanners, so attackers move on.
  • Safe
    • Prevents data theft and corruption by stopping malware from “phoning home” to threat actors. Prevents activation of ransomware such as Cryptowall and Cryptolocker.
  • Cloud
    • Cloud-based service is easy to manage and provides protection using your existing hardware. Works with leading firewalls, routers and switches.

How It Works

ThreatSTOP's IP Firewall technology lives in the cloud and provides a list of active bad IP addresses to your existing firewalls that is updated in near real time via a patented distribution mechanism. When a Bot or other malware attempts to "call home," ThreatSTOP IP Firewall prevents this from happening by blocking the communication to the criminals' computers.

  1. ThreatSTOP's detection engine maintains an active database of untrustworthy
    IP addresses.
  2. The current ThreatSTOP database is downloaded onto your firewall regularly.
  3. Malware makes an attempt to "call home."
  4. Bad IP addresses are blocked by your firewall preventing communication.
  5. Since there is no possibility of communication, the criminals in the outside world are unable to see the network.
  6. The firewall sends its logs back to ThreatSTOP resulting in:
    • Intelligent actionable reports showing infected internal hosts for easy
    • A closed-loop system where each user becomes part of a defense community by sharing the collected data.
image description

The ThreatSTOP IP Firewall service works with any firewall, or other traffic management device, that can make a forwarding decision based on a DNS lookup. For systems without that native capability, it is simple to write scripts on the management stations that update rules using lists retrieved from DNS. Below we have - as well as the generic overview - implementation details for a number of the most common firewalls.

For firewalls that we do not currently support directly, we recommend that customers deploy a software firewall (e.g. Vyatta or pfSense) in bridge mode behind the firewall. This deployment method has been used successfully by many of our customers to identify and block botted machines on their networks.

  • A10: vThunder
  • CheckPoint: UTM/SPLAT
  • Fortinet: Fortigate