ThreatSTOP today announced availability of ThreatSTOP DNS Firewall for Windows Server 2016, Microsoft’s most cloud-ready Server operating system ever. Using ThreatSTOP DNS Firewall, Windows Server 2016 customers can now automatically block outbound communications with threat actors’ command and control, dead-letter-drop, and dropper/infection infrastructure, preventing data theft and system compromise. ThreatSTOP DNS Firewall will be showcased in a Microsoft and ThreatSTOP presentation on September 30th, and in booth 314 at the Microsoft Ignite conference in Atlanta, Georgia from September 26th through the 30th.
Almost all Internet connections begin with a DNS query. Just as users need DNS to make connections with applications, threats also use DNS to communicate with threat actors across a broad range of attack vectors. Thanks to Microsoft’s introduction of DNS Policies in Windows Server 2016, customers can now use ThreatSTOP DNS Firewall to interdict those communication attempts to prevent ransomware, drive-by downloads, botnets and other threats from succeeding. As a result, organizations gain immediate protection from known and unknown threats.
“The ThreatSTOP DNS Firewall provides an entirely new and powerful layer of security for our Microsoft Windows Server 2016 customers,” said Vithalprasad Gaitonde, Principal Program Manager at Microsoft. “It combines the benefit of up-to-the-minute threat intelligence with automated policy updates to proactively safeguard every device on the network from new and evolving threats.”
ThreatSTOP DNS Firewall protects the entire network by continuously updating user-defined policies powered by live threat data on the DNS servers used by all network clients. Policies can be based on threat type, geographic location and user-defined block lists. Once policies are set, the DNS Firewall immediately begins blocking or redirecting outbound communications with malicious domains. Detailed reports identify affected machines to speed remediation and prevent further infection across the network. The cloud-based service is easy to deploy and works with Windows Server 2016 natively– no new equipment or software installation is required.
“ThreatSTOP invented the dissemination of network policy using DNS, including configuration of the DNS Firewall,” said Tom Byrnes, Founder and CEO of ThreatSTOP. “The ThreatSTOP DNS Firewall provides a continuous, automated defense for Windows Server 2016 that is essential to securing the network from today’s and tomorrow’s threats.”
ThreatSTOP’s patented technology uses DNS to automatically deliver the most current threat data to DNS Firewalls and other network infrastructure. DNS is the ideal distribution method because it is a proven technology that is ubiquitous, reliable and highly scalable enabling protection for organizations of any size.
Key benefits of ThreatSTOP DNS Firewall for Windows Server 2016:
• Flexible options to handle attempted communications with threat actors: Customers can set the service either to block access to the malicious domain, or redirect the employee to a safe block page or a process that enables automated remediation.
• Reports include a high-level summary of blocked threats, host IPs that make requests for selected threat levels, and requests by target name for selected threat levels and/or date ranges. Reports also provide event details that include time stamps, actions, triggers and other useful data.
• “Check IOC” tool allows users to input a domain or IP and learn the history of that particular resource. Customers are shown whether or not the domain is actively present or has been historically present in any of ThreatSTOP’s categories enabling the user to research Indications Of Compromise received from other sources. Users have the ability to easily navigate between their reporting and data and research information.
• Personalized alerts, based on user-defined filters and thresholds, are easily managed and configured through the web-based dashboard and can be emailed to selected user(s). Alerts will only be sent when specified conditions are met and feature a “cool off” setting to eliminate excessive repeated notifications.
How it works:
1. Select security policies in the ThreatSTOP portal to protect against specific threat types, geographic locations, and user-defined domains or wildcards.
2. Configure your Windows (DNS) Server 2016 to use the ThreatSTOP service.
3. Policies are continuously updated with live threat intelligence data curated from global authoritative sources and ThreatSTOP’s research team.
4. View detailed information about the threats blocked on your network and identify infected client machines using advanced web-based reporting.
ThreatSTOP DNS Firewall is available now for Windows Server 2016 and in the Microsoft Azure marketplace