Our Response to COVID-19: ThreatSTOP is Securing the Remote Workforce for FREE. Learn More


DNS Defense

DNS is a Vector Used in Almost Every Attack, From Phishing to Massive-Scale DDoS


Every connection with the Internet starts with a DNS query. Your users rely on DNS to make connections to mission critical applications, websites and resources on your network. Malware must use DNS to communicate back to their command and control servers to deliver ransomware, steal your data, or turn your network into a botnet for criminal use. This is why a DNS Firewall is absolutely essential to your network security.

ThreatSTOP DNS Defense delivers a DNS Firewall with continuous updates containing IP addresses and domains used by threat actors to intercept dangerous and unwanted traffic heading out of your network. With this, traffic can be blocked, monitored, or redirected to safe locations, such as a walled-garden.


                                                              Free 14-Day Trial              Request a Free Demo

Automate and Augment your DNS Threat Defense

  • Threats are continuously discovered by our security researchers, tracked by the 50+ threat intelligence sources we integrate into our platform, and automatically shared as policy updates direct to your DNS Firewall.
  • Attacks are prevented by neutralizing malware’s ability to call home, eliminating data destruction or exfiltration that has bypassed existing network security layers.
  • Advanced reporting provides full visibility into blocked DNS queries, and identifies impacted machines, allowing for efficient and accurate remediation.

How It Works

  • Pick the DNS Server you want to transform into a DNS Firewall. Select standard policies or create your own custom policy in our customer portal.
  • Apply any number of action rules.  For example, attempts to contact botnet C&C servers can simply be denied, while users who click on phishing links see a redirection to a walled garden.
  • All rules are automatically downloaded from the portal and are added to the BIND DNS server configuration files. The DNS server automatically downloads the policy and applies it to all lookups it receives.
  • The policy is automatically updated (by default this is every two hours) so that the policy can block new threats and no longer block access to locations that have been remediated.
  • RPZ takes action based on the domain name queried (QNAME), the IP address returned (RPZ IP) or the fully qualified domain name (FQDN) or IP address of any of the name servers used in the resolution process (NS IP and NS DNAME).

No New Hardware or Software

  • 100% Cloud-based Security as a service
  • Deploys in under an hour via an online portal
  • Custom, user-defined policies are easy to create and manage
  • Compatible with all major DNS servers including Windows Server 2016 and Microsoft Azure


ThreatSTOP Supported Devices

DNS Defense Datasheet


Check IOC for DNS DefenseClient IP Summary Reports for DNS FirewallDNS Defense Policy Creation


Hear Directly From Our Customers

  • "We have plenty of other systems in place, but ThreatSTOP prevented an ultrasound machine attack and gave us visibility into a large number of DNS queries that were being blocked. It also enabled us to quickly track down the infected ultrasound making the calls. That sold the product." - Geisinger Health
  • "ThreatSTOP has eliminated manual blacklisting & remediation, reducing help desk tickets relating to malware by 90%, to only 1 - 2 per month." - University of Baltimore
  • "ThreatSTOP is an effective and easy tool for reducing internet enabled/distributed malware. The price is incredibly fair, even for a non-profit." - Oklahoma Medical Research Foundation
  • "Implementing this system has decreased the total number of attacks against our customers by about 40%." - Armor
  • "Now we have no service stoppages, no escalations with the ISP, and no manual cleanups. We just look at the reports and respond to any issues very quickly. ThreatSTOP has solved a very big headache for us." - Bibliotheek Rotterdam

Want to Learn More?

Request a free, 30-minute online walk-through of the ThreatSTOP Platform.

Request a Free Demo

Already in Prevention Mode?

Sign-up for a free, 14-day trial of the ThreatSTOP Platform.

Start a Free Trial

Prefer a Free Assessment?

Use any of our free assessment tools to better
understand your need for proactive defense.

Get a Real-time Assessment