ThreatLocker Zero Trust Endpoint Protection Platform Reviews

We have been using the solution for about five years now. We started shortly after our company was acquired by an ISP that was looking for a managed services provider solution. I was looking at our stack and deciding which one would answer the pressing questions, which usually involved cyber insurance questions, such as if we have application whitelisting. I happened to call ThreatLocker and fell in love with the offerings. At the time, it had application control, ringfencing, and elevation. They have, of course, advanced their platform a lot since then.

The biggest benefit is application whitelisting. We have customers who have a set of products that they expect their users to use, and we have the ability to enforce that policy by restricting them from adding additional software on their own. It helps reduce the risk of the shadow IT type of solutions being brought in by users who think they know better or do not realize the risks.

In the beginning, it was almost an augmentation to antivirus, but now, antivirus is almost an augmentation to Zero Trust. If the applications do not run, the antivirus does not have to block them, so the antivirus is almost the second layer. With the layered protection approach, it is one of our key layers at the endpoint to keep the endpoint from running ransomware or unknown software packages.

A number of times, we have had customers who did not see the need for it until the first time we called them and said, "Hey, did you realize so-and-so wants to run this application?" and they went, "Why would they be doing that?" The ability for us to let the end-users or customers know the things going on in their environment and to stop attacks dead in their tracks has been great. We have seen it multiple times where a bad actor would have gotten a whole lot further along if they had been able to run the software they wanted to. ThreatLocker stopped that.

It is not hard to use, but it also depends on the customer base that you are working with. It can be a challenge to educate the end user and the customer with regard to why this is the right answer. A lot of times, if you have customers who have older applications, custom-written applications, and things like that, dealing with updates and dealing with changes can be time-consuming. It is not hard. None of it is particularly difficult, but it can be a bit of a draw on time.

We have been able to do consolidation primarily in the antivirus realm. Because of the fact that the applications are never allowed to run, we have been able to reduce some of our costs by not having to go to top-line AVs. We can go to Windows Defender, which is a good antivirus, but it is not centrally-managed SentinelOne or something like that. We have been able to see some big advantages in cutting back. Some of the other tools do not have to carry the heavy load. ThreatLocker carries a heavier load of protection.

I do not know if it has helped our organization save on operational costs or expenses. It has to be manned by people. We are not using the functionality where ThreatLocker Cyber Heroes respond to the tickets. Instead of hiring two people, if we let ThreatLocker manage that, we would see some definite advantages cost-wise.

It is priceless in its ability to block access to unauthorized applications. We have had everything from attacks on financial institutions to shutdown holds where the attacker was about to exfiltrate four years of data, but the PowerShell script was still sitting on the screen, unable to run because ThreatLocker blocked it. It is well worth it.

It has helped reduce help desk tickets because we get a lot fewer situations where end users are running software that they should not be and are causing conflicts with the business protection software. There are a lot fewer situations where someone is compromising the machine.

We run on a very lean team, and we have been able to maintain that status reasonably well because, with ThreatLocker, we do not have to chase things that cannot happen.

We use it as an endpoint protection solution. It pretty much sits on all of our devices. We manage the app control piece through it. 

We use it for elevation requests. Worldwide, we have set Zero Trust, so people need to elevate through applications. We do not want to give them an admin account on the machine, but we need these applications to run with administrator privileges. That is the piece we leverage the most.

The greatest benefit is the ease. The mobile app is great. I get requests in the portal, and I can allow or reject them, and it works almost instantly, getting teams up and running within 60 seconds. That is the best part. We can train global teams in a half-hour meeting. We are able to break down all their permissions. It is done in a few seconds. We are happy with it.

Elevation control has been second to none for us. It has been amazing. We switched off the last product we were using. We did not have a great experience with them, but we have had a great experience with ThreatLocker Zero Trust Endpoint Protection Platform.

We have eliminated our original endpoint app. We will look into consolidating some of the other tools that our Information Security team uses, but at the moment, it is a replacement; it has not cut any other apps out of our environment. We have already started exploring different ways to eliminate or at least add to our security posture. Specifically, we are targeting the storage control and deeper application control with ringfencing and things like that. We have had lots of demos from ThreatLocker. They are always very good about giving demos on the spot. Thanks to Blaine and Jesse for that.

ThreatLocker Zero Trust Endpoint Protection Platform is fantastic at blocking access to unauthorized applications. With our old product, we had so many issues with policies being all over the place. It was not very intuitive, and the product could not even update itself. ThreatLocker has broken it down in terms of how exactly it is run and the science behind it all. That education and their knowledge base have helped us with understanding. It has been a fantastic platform. It has been in our environment for a relatively short period of time. It has been fantastic so far, and I am hoping that it continues to prove itself.

ThreatLocker Zero Trust Endpoint Protection Platform has not helped to reduce help desk tickets, but it has streamlined them. Instead of guessing what the user needs, the elevation requests pretty much tell you the properties or the paths of what needs to run. That may introduce more tickets, but it is so much faster that it outweighs that aspect.

ThreatLocker Zero Trust Endpoint Protection Platform has expedited our ticket resolution. Although we are getting more tickets, we are plowing through a lot faster. We can see them in the console. People no longer have to reach out to us. People can create an elevation request for the entire organization. They could go to the console and see it there and do it themselves. It makes things so much easier. It has been awesome.

ThreatLocker Zero Trust Endpoint Protection Platform allows us to see what the user needs immediately and simply hit the Go or Approve button. We can set the rules we want. Our last solution was trial and error. It would take me up to an hour and a half sometimes to get the rules working exactly the way I wanted, whereas, with ThreatLocker, it is already all there for me. I can even break down and specify exactly what I want or drill down even more. 

In a day, it saves us one to two hours a day depending on what is being elevated and what people need. This time saving is significant for our technicians. The overall savings could be two to three days. We get overtime, but that is still a lot of work. ThreatLocker has been amazing at saving us time. 

In terms of use cases, there are quite a few good ones that come to mind. One instance is when people unexpectedly download items, especially in the downloads folder or the documents folder, and try to run them. It is effective at blocking those. We need to vet them to ensure they are legitimate and intended, not just random malicious downloads. 

Another scenario involves items in the Windows folder itself, where sometimes an update might get blocked, requiring us to verify its legitimacy. 

Occasionally, we receive help from Cyber Heroes as well. Those are the three use cases I can think of.

It helps keep track of shadow IT activities. We have more compliance because we know who is doing what. Previously, we did not know who was doing what, especially at the application control level. Some people had some administrative rights that we did not know about. We now have got more into compliance. We have everything in a single pane of glass. Everything has to be approved before it can be run. It helps our company become more secure and more compliant.

We have more consolidated security. We are three to four times more secure than before using the solution. It helps us be more compliant with what we do on a daily basis, even though sometimes it can be confusing, such as a whitelisted app getting blocked. That is probably because of fine-tuning. We will have to fine-tune that policy to make it run more smoothly.

It helped us consolidate security tools. We are now focused on this rather than looking into other tools we had in the past. We just go to ThreatLocker, look at the path, look at the hash, and see whether it is vetted. If yes, we just allow it. We had ManageEngine Application Control, and we thought we did not need that anymore. It was like an add-on. We had Endpoint Central. On top of that, we had Application Control and other things. Now, with ThreatLocker, we do not need them anymore.

I am not the finance person, but I believe it has helped our organization save on operational costs because we got this product with other security products from our managed service provider. They gave us a good rate when we combined multiple solutions together. We purchased Huntress for antivirus and other security tools from them.

I would rate it highly in its ability to block access to unauthorized applications. It works and does its job. It does what it is supposed to do, especially if you train it well. If we fine-tune the policies, it works the best. Some of the policies might be confusing, but it works well.

I am not sure if it has helped reduce help desk tickets. We still get help desk tickets here and there. We are a small company. We do not have a whole lot of applications running in our environment. In a large organization with thousands of employees, it might reduce helpdesk tickets.

We can now shift the gear and focus on other things, such as server logs or security logs, more firewall rules, etc. It saves us at least three hours every day. 

I deploy it on every endpoint that I can, primarily focusing on application control, ring-fencing, and elevation control.

The ring-fencing and elevation control are the most valuable features for my use cases. The benefits, specifically regarding elevation control, allow me to enable an end user to complete tasks independently. They can install the software by requesting access, saving time and empowering them while maintaining necessary controls.

It's very easy to use, implement, and deploy. The caveat is that you do need to dedicate resources and effort that are focused on the product, and you need to truly understand it. You can't just deploy it and forget about it. 

The tickets that we get are more actionable. When ThreatLocker blocks something or when there is an elevation request, we can do more with the request. We are more actionable. The requests come with more data and information about what's going on so that we can react. If it's a proactive request like installing software, we can provide access to the person without having to manually do it ourselves.

ThreatLocker helps with cost saving. It's not an operational cost. It saves on reactive and recovery costs by preventing it in the first place.

ThreatLocker Zero Trust Endpoint Protection Platform has helped us protect our environments and have more meaningful requests for access as well as meaningful logging for response.

I don't see ThreatLocker as a time-saving platform. The caveat is specifically with things like control. It allows us to save time on the elevation controls allows or helps us to save time when it comes to monitoring and getting on a user's computer and watching them install something or going through the steps with them when they are capable on their own. We can empower them to have that access as needed in a controlled way. That saves our time by giving them the access rather than having to go do the action for them.

When we assessed application whitelisting and ringfencing controls, we decided to sign on with ThreatLocker. The way we operate our business is that it is deployed across all our clients. Once we identified the benefits of application whitelisting, we knew it belonged in every client's setup, and we implemented it for all our clients.

When we adopted ThreatLocker Zero Trust Endpoint Protection Platform, there were frustrations among clients as everybody was learning and getting used to it. We were learning how to administer it, and our customers were learning what it was, but it ended up becoming a fantastic thing where we now get referrals from our customers to other companies. Over time, it transformed into a positive experience, leading to customer referrals and advocacy for ThreatLocker. Although some clients overstate it by claiming it makes them ransomware-proof, the product's impact is undeniable. The contributions of Ben and Garrett were pivotal in this success, resulting in enthusiastic customer recommendations.

It has not helped eliminate or consolidate any security tools or solutions. We do not see ThreatLocker as a replacement for any of the current base functionality of existing tools; we see it as augmenting it. We see it as something that is important to have. One of the philosophies at our company is that we do not believe there should ever be an all-in for any security product. There should always be a check and a balance in place. One of our main checks on ThreatLocker is Huntress, so we use them in combination. It is something that maintains a balance. They are not overlapping by any means. Even though ThreatLocker has an MDR product now, we are electing not to use it because we want to have a separation and those checks and balances in place.

We initially anticipated a reduction in ticket hours through elevation control, but rather than a decrease, over the years, the nature of the tickets changed. Instead of broad, permissive policies, we now focus on diligent policy creation, accompanied by an increase in technical costs. I do not see that as a negative. While it increased our overall technical costs on an average basis, the benefits that come with it make it completely worthwhile and something that I would recommend to every MSP.

It has not decreased help desk tickets. It has changed the nature of the tickets, and that is not a bad thing. It means that we are using ThreatLocker properly, and we are not making broad sweeping policies that are overly permissive. It requires us to do our job a little more diligently.

It has increased our operational costs, but it is entirely worth it to increase those operational costs.

It can block access to unauthorized applications. It is very dependent upon the implementation and the access that is allowed. If you are giving this to your technicians without the appropriate training, it can be dangerous and not helpful. It can be a false sense of security, but if you implement it properly and are willing to make the investment in training your team properly on how to manage ThreatLocker, it is fantastic.

It has changed what our IT team is working on. Instead of working on old-style things, such as GPO or CryptoLocker policies and reviewing enforcement and deployment of that GPO and linkage, they are now spending their time reviewing policies within ThreatLocker. There is a shift in focus, but it is far more worthwhile. Every hour that has been replaced with ThreatLocker time is a much more effective use of their time.

I use ThreatLocker at a bank and at a trucking company mainly because one has been hit with ransomware a few dozen times, and for the other, we just wanted to ensure it never got hit. It has actually stopped threats in their tracks at the trucking company. We haven't had a problem yet, so thankfully, nobody randomly clicks on things. 

At the other company, there are 300 employees in a warehouse, and only two of them are computer literate, so they click on everything. It has been very helpful in reducing the madness that comes with phishing and random malware or ransomware.

ThreatLocker has been excellent for reducing the issues with ransomware and malware, keeping end users in check, and ensuring they have to request access for certain actions. This process involves verification for necessity, particularly when considering VPN bypasses.

I work for an architecture firm. We use ThreatLocker Protect to protect the company's systems from unknown malware by blocking unapproved applications. We encounter a lot of malware and ThreatLocker has been able to help with that.

As an architecture firm, we rely on TAISE’s Cybersecurity-as-a-Service (CaaS) to keep our systems safe from malware threats. TAISE introduced us to ThreatLocker, which has become essential in safeguarding our infrastructure by blocking unapproved applications and defending against unknown malware. Given our exposure to frequent malware, ThreatLocker, through TAISE's expert implementation, has proven invaluable

ThreatLocker Protect is very simple and easy to understand. You do not need much technical knowledge to be able to use it. It is very good. Anybody with a bit of IT knowledge is able to handle it.

Ringfencing adds an extra layer of defense. If an application is compromised, you can just exclude the computer and do your troubleshooting and find out what the problem was. It goes hand in hand with application whitelisting. It has been very helpful. It adds an extra security system which is very much needed for our infrastructure.

ThreatLocker Protect has improved my organization greatly. Before using ThreatLocker Protect, we experienced a malware attack that caused significant damage, corrupting many of our files. Since implementing ThreatLocker Protect, we have not faced any such issues, and our operations have been smooth.

We were able to realize its benefits immediately. No user can install any unknown applications or unauthorized applications on their own. I have been able to manage my systems effectively without any malware.

ThreatLocker Protect has reduced our help desk tickets by about 40%, as every software they use is approved by me before use, limiting unauthorized installations.

ThreatLocker Protect has freed up a lot of time. I do not have to do much with the help desk because our systems are protected with ThreatLocker Protect.

I primarily use it on servers. We deal with smaller customers, and they don't always have the money to get it on every endpoint. The main thing exposed to the internet is, of course, the server, RDP, and other functions. 

We have some customers that have it on the endpoint. In the past few years of using ThreatLocker, I haven't experienced ransomware on servers. However, there are small occurrences on endpoints when they're not using ThreatLocker.

With ThreatLocker, we don't have shadow IT, and it has reduced ransomware. 

We have a lot of companies concerned with compliance. They have an application list, and anything outside of that application list is not allowed. ThreatLocker makes that really easy for us since you just allow what they need, and no one can run anything else.