Freely subscribe to our NEWSLETTER

Almost all Internet connections begin with a DNS query. Just as users need DNS to make connections with applications, threats also use DNS to communicate with threat actors across a broad range of attack vectors. Thanks to Microsoft’s introduction of DNS Policies in Windows Server 2016, customers can now use ThreatSTOP DNS Firewall to interdict those communication attempts to prevent ransomware, drive-by downloads, botnets and other threats from succeeding. As a result, organizations gain immediate protection from known and unknown threats.
“The ThreatSTOP DNS Firewall provides an entirely new and powerful layer of security for our Microsoft Windows Server 2016 customers,” said Vithalprasad Gaitonde, Principal Program Manager at Microsoft.

ThreatSTOP DNS Firewall protects the entire network by continuously updating user-defined policies powered by live threat data on the DNS servers used by all network clients. Policies can be based on threat type, geographic location and user-defined block lists. Once policies are set, the DNS Firewall immediately begins blocking or redirecting outbound communications with malicious domains. Detailed reports identify affected machines to speed remediation and prevent further infection across the network. The cloud-based service is easy to deploy and works with Windows Server 2016 natively– no new equipment or software installation is required.

ThreatSTOP’s patented technology uses DNS to automatically deliver the most current threat data to DNS Firewalls and other network infrastructure. DNS is the ideal distribution method because it is a proven technology that is ubiquitous, reliable and highly scalable enabling protection for organizations of any size.
Key benefits of ThreatSTOP DNS Firewall for Windows Server 2016:

• Flexible options to handle attempted communications with threat actors: Customers can set the service either to block access to the malicious domain, or redirect the employee to a safe block page or a process that enables automated remediation.

• Reports include a high-level summary of blocked threats, host IPs that make requests for selected threat levels, and requests by target name for selected threat levels and/or date ranges. Reports also provide event details that include time stamps, actions, triggers and other useful data.

• “Check IOC” tool allows users to input a domain or IP and learn the history of that particular resource. Customers are shown whether or not the domain is actively present or has been historically present in any of ThreatSTOP’s categories enabling the user to research Indications Of Compromise received from other sources. Users have the ability to easily navigate between their reporting and data and research information.

• Personalized alerts, based on user-defined filters and thresholds, are easily managed and configured through the web-based dashboard and can be emailed to selected user(s). Alerts will only be sent when specified conditions are met and feature a “cool off” setting to eliminate excessive repeated notifications.

How it works:

1. Select security policies in the ThreatSTOP portal to protect against specific threat types, geographic locations, and user-defined domains or wildcards.

2. Configure your Windows (DNS) Server 2016 to use the ThreatSTOP service.

3. Policies are continuously updated with live threat intelligence data curated from global authoritative sources and ThreatSTOP’s research team.

4. View detailed information about the threats blocked on your network and identify infected client machines using advanced web-based reporting.

ThreatSTOP DNS Firewall is available now for Windows Server 2016 and in the Microsoft Azure marketplace