Malware Free Networks

Malware Free Networks®

The NCSC has developed a service called Malware Free Networks® (MFN®), which is designed to strengthen New Zealand’s cyber defence capabilities. MFN is a threat detection and disruption service that provides near real-time threat intelligence reflecting current malicious activity targeting New Zealand organisations. MFN brings our cyber security capabilities to a large number of nationally significant New Zealand organisations.

The MFN threat intelligence service can be integrated with other systems and platforms to increase the range of malicious activity MFN customers are defended against. MFN complements commercial threat intelligence by detecting and disrupting against indicators identified through our advanced cyber defence capabilities and sourced from our international cyber security partnerships.

For most customers, the MFN service will be available through their network operator or primary cyber security service provider. MFN is additional to CORTEX, which is a cyber defence capability provided by the NCSC to New Zealand’s nationally significant organisations. MFN complements the existing threat detection and disruption service provided by the NCSC to consenting organisations.

MFN was the winner of the 2022 iSANZ Award for Best New Zealand Security Product or Service.


MFN® Partners

We have worked with a range of local partners to deliver a technology platform that can take our cyber threat information and very quickly turn it into actionable threat intelligence for partners to deploy.

These organisations include:

These partners are progressively offering the MFN service as part of their managed security products.

If you’d like to become an MFN partner yourself and offer the service to your customers, or if you’d like a referral to one of our MFN partners, please get in touch with us by email: services@ncsc.govt.nz


MFN® in Action: Case Studies

A widely used technology service provided by a trusted international vendor was compromised globally. We were able to use our international relationships to quickly understand the nature of the compromise and obtain information that could be used to defend New Zealand users of the affected service. Within hours of becoming aware of the compromise we had deployed indicators to MFN, enabling customers of the service to be automatically defended.

We learned of payment information being sent to malicious foreign domains when some users made payments through a platform on a New Zealand organisation's website. While the cause of this activity was likely due to banking malware on the users' systems, rather than a compromise of the organisation, we added the details about malicious domains to the MFN threat intelligence service. Within days, MFN prevented over 250 connection attempts from a device in a New Zealand Government department to one of the malicious domains. The government organisation located and disabled the affected device, avoiding a potentially additional, larger compromise.


MFN® Frequently Asked Questions

Malware Free Networks® (MFN®) is an award-winning, partner-lead threat disruption service provided by the National Cyber Security Centre (NCSC).

The service is delivered through a threat intelligence feed curated from a range of sources, including our international cyber security partners and our cyber defence capabilities. 

MFN provides near real-time threat intelligence reflecting current malicious activity targeting New Zealand organisations. 

No, we do not. MFN is designed to function without private data being visible to the NCSC.

However, the NCSC does receive some analytical feedback from partners, which helps the NCSC to increase the effectiveness of the feed.

Also, where a partner's customer has consented, the NCSC can receive information about when an MFN indicator has been seen and disrupted on the consenting customer’s network.

The analytical feedback contains no personal information. Information passed back to us includes: the partner’s name, which indicator was triggered, and the date and time of the event.

The NCSC has worked with a range of local partners to deliver a technology platform that can take our cyber threat information and very quickly turn it into actionable threat intelligence for companies to deploy. MFN partners include telecommunications network operators and managed cyber security service providers.

View a current list of our MFN partners here.

MFN protects against a broad range of cyber threats. These typically relate to malware activity, remote scanning or exploitation, and phishing.

When MFN is used in combination with other feeds, it can help to defend against the full spectrum of cyber threats impacting New Zealand. 

The NCSC does not charge for the supply of MFN to partners. The cost to the end-user is dependent on the type of cyber security service offering provided by each MFN partner direct to the customer. 

MFN has been developed to help defend against malicious activity impacting small to medium enterprises, large corporates, and government organisations. When MFN is used in combination with other feeds, it can help to defend against the full spectrum of cyber threats impacting New Zealand.

We are partnering with some internet service providers (ISPs) and cyber security service providers to enable them to make MFN available to their customers. Our partners are at various stages in their customer engagement and onboarding processes. We suggest that you ask your ISP or service provider about gaining access to our MFN threat intelligence service.

The MFN threat feed is available via a commonly used industry standard for sharing threat information: STIX/TAXII. Your current cyber security capabilities may support integration via this format. 

If you consume managed security services through an internet service provider (ISP) or managed service provider (MSP), they may offer services that utilise the MFN threat feed.

The MFN threat intelligence service can be integrated with cyber security capabilities to protect against threats that operate and propagate via the Domain Name System (DNS), internet IP addresses, and web URLs.

The telemetry we receive via MFN is stored securely on NCSC systems.

No NCSC-owned equipment is required inside your network. MFN is delivered purely as a threat feed via STIX/TAXII to our industry partners. 

MFN has been developed to help defend against malicious activity impacting a broad spectrum of users. MFN is designed to defend against threats coming from domains, URLs and IPs.

Organisational users can test whether they are being protected from these threats by clicking on the links below. If the page loads successfully, this indicates that either you are not protected by MFN, or MFN may be in place as detection only. If the page fails to load, this means your provider is actively blocking malicious activity.

Click here to check if you are protected against URL threats(external link)

Click here to check if you are protected against domain name threats(external link)

Click here to check if you are protected against IP address threats(external link)

If you are working directly with an MFN partner to enable the service, you can use these tests to confirm MFN is working correctly in your environment. In some situations, your network or device settings may bypass the MFN protections. This may be because your environment does not restrict the use of virtual private networks (VPN), alternative domain name servers (DNS), or it may be due to your browser's compatibility and/or device settings.  

If you are working directly with an MFN partner to enable protections and you receive an unexpected result from these tests, we recommend contacting your MFN partner to better understand how the MFN service can best work for you.