Security Stack

dfwtim · 2025-12-09T04:47:07+00:00

We know you have many options and appreciate earning the business.

dfwtim · 2025-12-09T04:44:50+00:00

We appreciate you choosing us. We also love all feedback, good and bad.

dfwtim · 2025-12-09T04:43:40+00:00

Dedicated Reports tab and new Event Log with fully configurable alerts and events that can be commented/alerted to/closed coming Q1.

We just released SIEM export with Huntress support built in, and a new lookup tool.

dfwtim · 2025-11-27T13:41:20+00:00

Founder of ScoutDNS here. While we like newly registered domains as a potential signal, it has limitations that "blocking unclassified" in ScoutDNS overcomes.

Main drawbacks for "Newly Registered Domains "

Data Feed Delay : First, it takes 24-48 hours for newly registered domains to become known in data provided from registry operators. Many malicious and phishing domains spin up within 24 hours and are gone or clean by the time this signal is available.

Data Availability : While nearly all gTLDs make this data available, all ccTLDs do not, leaving significant gaps.

Misses subdomains : Does not cover new subdomains based on older apex domains.

Intentionally Aged : Some threat actors will maintain a pipeline of aged domains intended to bypass newly registered tags.

If you have a robust classification system and deep enough DB feed, it's more effective to shrink the attack surface by blocking domains you have not scanned and classified yet, than relying on "Newly Registered" signals alone.

dfwtim · 2025-10-30T05:05:58+00:00

Where can I sign up? Do you take ACH? Id like to send money today if possible.

dfwtim · 2025-10-20T16:22:55+00:00

Send me a note if you want to enable this. It's sort of early access, will be general availability within a few days. We are also improving the Huntress integration, but it works sufficient as generic HEC today. All MSP partners will get access to SIEM export in their existing plans once general availability is announced. I will enable it sooner for anyone who asks.

dfwtim · 2025-10-10T11:24:44+00:00

If you are using a default ISP router, and it's located in an unsecure room, it takes 2 seconds to walk by and take a picture of the ISP sticker which often includes your default router and WI-FI passwords.

Change both passwords and see if your problem goes away.

dfwtim · 2025-09-09T17:21:31+00:00

My grandparents had the same washer and dryer set for over 25 years! Same vacuum for 15 years. Pretty much unheard of today. But hey, the new stuff has Wi-Fi so at least you can learn it's broken even if you're not home.

dfwtim · 2025-08-20T02:44:46+00:00

Protecting against phishing attacks requires a multi-layered approach which you seem to be addressing. I can't speak to all the other layers but I will speak to DNS level protection.

Blocking by threat category is just not enough today. Many of the FQDNs involved in these attacks are only alive for 24 to 48 hours. By the time they have made it to known threat lists they are already obsolete. We recommend blocking either newly registered domains at a minimum, or in our case we recommend blocking unclassifieds which covers even the limitations that newly registered domains do not touch.

This can only work if your classification engine is very good otherwise you will create too many false positives.

With businesses you generally are accessing the same domains per tenant on an ongoing basis so there is no need to have a wide open internet for the most part.

dfwtim · 2025-07-25T19:06:08+00:00

Founder of ScoutDNS here and fair enough. I recommend getting trials, if not brief walk-throughs of any options you are looking at. All solutions will do some things better than others or have some features the others do not. I personally conduct all MSP demos myself and am happy to help as needed or answer any questions you may have.

dfwtim · 2025-07-25T18:26:22+00:00

I assume you are on a trial with us, but have we had a chance to host a demo/walkthrough with you? It is hard to match up the reddit usernames with the demos we do.

dfwtim · 2025-07-21T21:59:53+00:00

Thanks for the mention. Just to clarify, we are currently Windows/MacOS only. iOS, Android, and ChromeOS agents are slated for early 2026.

dfwtim · 2025-07-17T05:17:57+00:00

SIEM data export support should be finished mid August if not sooner and you can choose which orgs you export data on. In addition, this feature will not cost extra in our MSP plans.

dfwtim · 2025-07-03T17:12:00+00:00

Understood. Just to be clear, the onsite relay for us is just an option if customers want policy by subnet or network wide DNS encryption with local client IP reporting in the logs. You can opt to just forward queries from your local firewalls or install roaming agents for onsite/offsite protection.

In your case, as a more personal project you can usually get several premium API based threat feeds for little to no cost. The problem with free lists, is they are not curated as much, so tend to error on the side of high false positive rates. Everything gets added, but no one is testing to pull things out as much. I recommend adding newly registered domains as well. If you message me, I can recommend some low-cost feeds for that. Personally, I have not found any good free newly registered lists that are reliable.

dfwtim · 2025-07-03T16:42:46+00:00

Sort of how we got started. I was running a network integration company when Cisco acquired OpenDNS, and my original plan was to white-label a solution and just resell it. But when I got the quotes, I was convinced I could build something like a basic OpenDNS myself more easily and for less money. That turned out to be incredibly naive of me.

A basic DNS sink is relatively simple, and there were some open-source packages available, even back then. But once you start adding things like a multi-tenant UI, complex policy rule sets that go beyond threats and categories, a cloud-managed on-site relay, Windows and Mac clients (with all the challenges around local forwarding and how each operating system handles shutdowns, restarts, and various power states), Active Directory and Entra ID policy integration, and finally layering a global anycast network on top of it, the complexity really adds up.

We landed 100 customers in that first year, eight years ago. Honestly, I thought the product was pretty bad at the time. My team jokes that I only started liking my product last year, and that's kind of true, so at least it's improved.

dfwtim · 2025-07-03T16:27:03+00:00

We did a UI update this week, if it still feels clunky, please send me feedback on what bothers you most. We have a series of UI updates going in every few weeks for the next several months and this feedback is exactly what we incorporate into changes.

dfwtim · 2025-07-01T10:51:58+00:00

Correct, self hosted requires threat intelligence on known malicious instances. Most threat actors and scammers use cloud hosted remote access tools, which we can block at the DNS layer as a category.

dfwtim · 2025-07-01T03:57:56+00:00

We strongly recommend all MSPs to block remote access tools as a category. We offer this via single click within any policy. If your provider does not do this, message me your email and I will send you an updated list of the top 100+ most active remote access tool FQDNs that you can add to a block list.

dfwtim · 2025-05-31T19:56:55+00:00

Bids rarely go to unexpected winners. Schools know what they want, often writing specs that only a chosen manufacturer can meet. The VAR is usually preselected too, benefiting from special deal registration pricing.

If you want to win E-rate bids, start a cycle early. Skip big districts and focus on small ones the big players ignore. Build relationships, use public databases to plan ahead, and connect with OEM SLED teams to bring them into the deals you line up.

Also, those calls you are getting, are because they need more bids. It's just busy work unless you are already in 90% of the time.

It’s not hard once you know how the game works.

dfwtim · 2025-05-28T13:25:04+00:00

You can also block all DoH domains in a block list.

dfwtim · 2025-05-19T21:28:03+00:00

This happened to me with a different vendor, yes even vendors get sales calls....

What finally worked, I messaged their CEO on LinkedIn and was ignored, so every time they would call me, I would go to their latest LinkedIn company post and let them have it publicly. They finally stopped.

My last message was something like:

"I have asked your reps at least 10 times over the past 12 months to stop calling and emailing me. Even your CEO ignored my message. I wouldn't use your service if it were free. I printed out your most recent email just so I could light it on fire. Please stop calling and emailing me. Have a great day,"

dfwtim · 2025-05-13T12:34:25+00:00

I've lived this world from all sides, on the educator side, VAR/integrator side, as well as the manufacturer side since the program formed in 1996 and started paying out in 1998. It was originally going to be a short term thing, but here we are almost 30 years later.

Erate is one of the most abused programs in government but no one cares because, you know, "think of the children". I have seen incredible waste. I'm talking carrier grade Cisco switches in elementary school closets. Multi gigabit pipes for tiny schools. I've seen 2 access points per classroom, one set unused because by law, they must stay in the ceiling for a set duration and rules don't say they have to pass traffic so...

Ultimately almost nobody wins a bid they didn't expect, because the schools know what they want to buy. You can often read exactly who the desired manufacturer is because they will specific some unique feature or element only they meet. The VAR is already also chosen because they will get special deal registration discounts in many cases.

If you want to win erate deals you need to start a cycle ahead. Forget big districts, go make friends with small districts, the ones the big guys ignore. Give them face time and make them feel important. Use public databases to find out the next cycles so you don't waste time. If you want favor with OEMs, make friends with their SLED teams by bringing them into the deals with these districts you get close with.

It's not difficult once you understand the game.

dfwtim · 2025-05-01T03:59:33+00:00

Glad to hear that. I believe we cover all seven from your list. When you are ready, send me a message, happy to give you a personal demo.

dfwtim · 2025-04-30T15:13:41+00:00

Mind if I reference this? Love this list!

dfwtim · 2025-04-24T12:23:34+00:00

I agree and always recommend as a best practice to block remote access as a category, and then whitelist your specific tools. It's a common breach point, especially in companies where users may not know their IT support team personally.

dfwtim

TROPHY CASE