ThreatLocker Zero Trust Endpoint Protection Platform Reviews

I am currently using it mainly for application control on our endpoints and servers.

Something that I actually really like is that it can block the file extensions for scripting files like Python. Our current tool can't do that. So if somebody had the permissions to actually write code, they could bring it in and just run it without any kind of block. I'm really enjoying that we now have more control over that.

The pre-built policies and the fact that I get notified when a user requests an application are significant. My current tool does not do that, so requests sometimes remain pending for days. 

Additionally, I really like that it can block file extensions for scripting files like Python and bash. My current tool cannot do that, so if someone has permission to write code, they can bring it in and run it without any block. I am really enjoying that particular feature.

It's easy for IT teams to use for reducing attack surfaces. It has a good UI and is easy to use. It's simply blocking items that aren't allowed, however, with the easy to use interface, it makes the process of control easier. 

We are in the process of removing other solutions. For example, we're going to eliminate ManageEngine's app control.

We expect the solution will save costs. For example, in the future, we expect that we won't have to have our IT staff waiting for 90 minutes to finish an installation of a new application or have our employees not be able to use their computer if they're waiting for that installation

It's very good at blocking unauthorized applications. We have a lot of users that don't care about security, and they will download anything that they see from any link that they're given. This helps stop that behavior.

We haven't rolled out production, although it likely will help us reduce help desk tickets. 

One of the things I would really like is the ability to create custom groups and assign machines to them. Right now, I can apply policies, kind of, however, it would be nice to have an 'all users' group and then multiple overlapping groups for application control. That would be a beneficial feature.

I used ThreatLocker for a month or two under the trial version, and I will start rolling it out to our production environment.

I do not see any issues with stability at all.

Scalability it will be fine. It seems to primarily operate on the endpoints rather than at a central location pushing out policies. This setup is advantageous as it will not take an extended amount of time to deploy things.

The customer service is excellent, ten out of ten. They have been very responsive, helpful, and knowledgeable.

Positive

I am going to eliminate Manage Engines App Control. I absolutely hate that product. It has a very unintuitive UI/UX, does not provide notifications, and takes ninety minutes to roll out any change.

The initial setup was straightforward. I encountered a minor issue where it accidentally blocked our DNS server, which is the primary financial server, while I was on vacation. Resolving it took two days. Aside from this small issue, it has been very good.

We are proceeding directly through ThreatLocker.

We will see a significant return on investment since it will reduce the downtime for users waiting for applications.

I considered alternatives. I looked at AppLocker and another solution besides the one I am currently using. AppLocker responded the fastest, and after trying it, I appreciated its UI and features.

Overall, I would rate this solution nine out of ten.

We work with small businesses, and we are slowly rolling it out. We have implemented ThreatLocker for about 30 clients to protect those who are habitual clickers and those with compliance demands. 

ThreatLocker Zero Trust Endpoint Protection Platform provides no-sweat security that we can easily deploy. We do not worry about our habitual clickers because we receive an alert if they try to do something, and we know ThreatLocker has already taken care of it.

We are large for an MSP, but we are relatively new to security. We only have about three people. It helps us because we know that things are automatically going to be blocked. We do not have to worry about somebody at a company downloading Epic Games installers every fortnight or every Ccleaner app they can find. We know that will be taken care of. It just allows us to focus on other areas where we need to be. We are trying to get big clients. It allows us to focus on that and not worry about applications.

The automatic script generation and the number of install methods make it incredibly easy to put out. It automatically adds them to the portal. It is very easy to implement as long as you have tools in place that allow you to access those systems. For example, if you are implementing for the first time and do not have remote access to your system, it could be difficult. For us, it is incredible. We do not have to be hands-on. We just push it out.

ThreatLocker Zero Trust Endpoint Protection Platform has saved operational costs or expenses. Especially with clients who are heavy clickers, the work on remediation has been amazing. Once deployed to a client, we do not worry about them anymore. Manpower reduction has been significant. It is deployed to a small percentage of our clients, resulting in a 30% to 40% reduction in manpower for those clients.

Knowing that it automatically blocks unwanted applications allows us to focus on other areas. The other day somebody downloaded a fake Geek Squad, and I did not have to worry about it. I got the alert. 

ThreatLocker Zero Trust Endpoint Protection Platform has helped a little bit to reduce help desk tickets. It is for our heavy clickers group, but they are still a very small portion. Once we get it out to more and more clients, it will do even more.

ThreatLocker Zero Trust Endpoint Protection Platform allows us to focus on other areas. We are working towards compliance and other things, without worrying about their applications. It saves at least 10 to 15 hours a month, which does not seem like a lot, but we have a very small team. It adds up quickly. 

Currently, we are only using default-deny application control and ringfencing. We are considering implementing elevation control and storage control, but those are in the beta stages. Application control and ringfencing are what we use most, and we rely on them for many of our clients. 

That is challenging to answer because, in the areas we are working, we have been very happy. The improvements we need are more focused on user training than on ThreatLocker itself. They are constantly improving the platform. The Cyber Hero certification exam could use a bit of love, but overall, I have been very satisfied with the platform.

As a company, we have used it for almost four years. I am new to the team, so it has been about eight months for me.

I have not experienced any downtime with it, so I would rate it very high. We thought we had a ThreatLocker issue once, but it turned out to be a Comcast issue blocking ThreatLocker access.

The scalability is very high. It is very easy to scale.

Customer support has been very good. Whenever we have had issues with a couple of scripts, we contacted Cyber Heros support and said, "We need to figure out how to get this blocked without allowing that," and they have always been very quick to assist.

I would rate them a ten out of ten. I have never had an issue with contacting them or them not being able to help.

Positive

We did not use any other solutions for application security before this. It was the first one we implemented after discovering a need.

The setup was pretty seamless. We generate a script and deploy it through our infrastructure and managed service team. We verify that everything is in place, and during the onboarding process, within a few hours, the machines report that it is already implemented.

We implement it in-house.

It has saved time and provided safety. We are also able to work on compliance. We were able to get more business from someone because we could do this. It got us some more work.

I would rate ThreatLocker Zero Trust Endpoint Protection Platform a ten out of ten. It is the only solution we know that does what it does. Customer service is a significant factor. We had a client who was a habitual clicker, and after implementing ThreatLocker, I received a call saying, "I did something," but I could see it was already blocked. The difference in response between reacting to a malware alert and knowing ThreatLocker handled the issue is substantial. 

We use ThreatLocker Protect along with ringfencing and elevation. 

We include it as part of our managed service for our clients. Our clients are aware of the tool, but they are not buying it. We package it as a part of a service.

When we look at security on the endpoint, there are two parts to it. One is blocking known bad things and then setting an allowlist for the things that you want to run. Defining allowlisting reduces the attack surface just to the known good applications. It also reduces the number of false positives that we need to chase when it comes to things that hit our endpoint detection or response, which is more of our known bad or behavioral-based security endpoint. So, we pair the two together.

Allowlisting helps to keep the environment clean. More and more applications do not require admin rights to install. Even if you limit the ability for a user to install applications, they can still run some things on their own such as browser plugins. We know that browser plugins can be potentially very dangerous because they sit in a browser, and that is where most people do their work. They can become a problem. Allowlisting helps to put guardrails around what is allowed to run. By keeping the environment clean, the programs perform better. They are more secure, and there is less noise for us to chase when it comes to actual security events.

It is easy for administrators to approve or deny requests using allowlisting. They have two ways for administrators to approve or deny requests. They can do it in a managed way, where they do it for you using Cyber Hero. We do not do it that way. We are an old customer of ThreatLocker. We have been using it before they had Cyber Hero in place. Originally, we thought it was going to be problematic because allowlisting tends to be very hard to implement. Most of the other allowlisting systems, such as Microsoft's AppLocker, are very difficult to implement and maintain, but ThreatLocker does two things. When it comes to very common applications, they work with vendors. They are always looking at the new installations and making sure they are constantly up to date, so you do not have to always approve those things. But, of course, things happen, and sometimes they happen in the middle of the night when somebody is doing something and needs help. The nice thing about it is that it is fairly easy to approve. We can approve even with a mobile app. I have had the ThreatLocker mobile app since they introduced it a year or two years ago. If one of our clients in Australia or somewhere else is doing something, I can easily approve it without having to get up from my chair. I can approve it after doing a quick review of what they are installing. If I want to do a little bit deeper check, I can do that, but most of the time, there are just basic things, and we can approve them on the fly. The portal gives us a lot of granularity in terms of not only approvals but also how to approve them. We can choose to approve something for a person, the entire company, or all of our clients. We can choose to approve only the hash or a particular version of a particular executable or any application that is signed by a company. We can define how loose or tight we want to be when it comes to certain applications. They have recently also introduced time-based approval. We can give approval for only a period of time, and then the approval goes away. If somebody needs to run something, but we do not want it to be allowed to run for a long period of time, we can implement that.

In terms of access requests, we control what is allowed and what is not allowed. They have curated things on our behalf for Windows, Office, Chrome, Firefox, and a whole slew of other applications, but you do not have to add those. You can curate your own list. For example, we have an engineering company, and the applications that they use are not used by anybody else. They are very bespoke for their specific industry. We get new requests from them all the time. We check if it is something that looks nefarious. Is it on VirusTotal? Are there any other scans that show that it could be potentially malicious? If we are still not sure, ThreatLocker now has a sandboxing feature where we can watch the application execute in a secure environment and see if it is doing anything potentially bad and if it is touching files that it should not be touching. By doing that, we have some more comfort. We know that the program we are allowing is safe.

We were able to see some of its benefits immediately and some were over time. We were using an EDR tool before ThreatLocker about six years ago. It was very noisy. A lot of alerts came up on that EDR. We were chasing a lot of ghosts, trying to figure out whether it was malicious or not. A lot of it was not malicious, but we still had to do all that checking. When we put ThreatLocker in place, one of the things that we immediately noticed was that it was blocking everything by default and only allowing things that we approved. It reduced the ticket noise. We mostly had things that needed investigation and more likely were malicious and needed to be reviewed. That was an immediate change. Over time, we got other benefits. We got a better grasp of what is being run on our clients' desktops. In the rare cases where because of the nature of their work, we allow them to have admin rights, we can still control what applications are being installed. Could they bypass it? Potentially and theoretically, yes, but that would be very difficult and require some technical skill. We at least have some verification of what applications are run and what applications are allowed. So, its long-term benefit was much more control over the clients' environments and the short-term or immediate benefit was a reduction in ticket noise that we were having to deal with chasing a lot of false positive alerts.

Allowlisting helped us reduce our organization’s help desk tickets. We were able to reduce our security alerts by 75% to 85% after its implementation, and now, it is practically down to zero. We have very few alerts that we need to chase at this point. 

Allowlisting has technically helped us to free up help desk staff for other projects, but we have not quantified the savings. Because we are not having to do these other things, we are able to work on helping clients and get their work done better rather than just chasing security events.

Allowlisting has not helped us consolidate applications and tools because our usage is quite narrow. We are just using allowlisting, ringfencing, and a little bit of elevation. They have other products in their mix, but we already have other products that do some of those things. I do not see us necessarily replacing all of that with other parts of ThreatLocker, so there is no tool reduction. However, it fits nicely into our workflows. In other words, it integrates into our PSA. Tickets come in there, and from there, we can go directly to ThreatLocker and do approvals. We also have the pop-ups on the mobile device.

Allowlisting, in general, is valuable because it allows us to have a lot more granular control over what is executed on a desktop. We are also able to ringfence known vectors of attack through Office applications, email, browsers, etc. By doing that, we can also limit the exposure of those applications for the company. This encapsulates how we are trying to protect the clients. We can tell them the applications that they need to run and what they are allowed to do, and that is it. 

It would be beneficial to have a tighter integration into PSA systems so that approvals can be done directly without having to leave the PSA. 

Additionally, having their Cyber Hero support available during non-working hours could improve service for clients. They have a managed version of allowlisting with Cyber Hero so that their Cyber Heroes can approve things. It would be nice if I could implement that during the hours we are not working so that clients who work during our night would have a better experience and do not have to wait till morning to get their applications approved.

I started Triada Networks in 2008, which makes it 16 years. However, we started using ThreatLocker about six years ago.

We have had very few stability issues. Occasionally, the portal has become unresponsive, but the product itself continues to function without interruption. I do not remember the last time that happened. It was maybe about two years ago. They have fairly solidly developed this product.

We have not encountered any scalability issues. I know colleagues with thousands of endpoints on ThreatLocker with no reported problems. I do not anticipate having scalability problems at all.

To contact ThreatLocker, we go through their chat service. They have a live chat where they typically get somebody on in a minute or two. They always have somebody who is available and starts to work with us on any issues. We had to contact them more frequently when we were learning ThreatLocker Protect and ran into weird issues, but we do not contact them too often now just because we are managing it ourselves. Once in a while, we do get their support. They are very fast and helpful regardless of what time it is.

Their support is a ten out of ten. They are one of the best support teams that we run into product-wise. I do not give that rating lightly. Most of our vendors are in the six or seven range. ThreatLocker does an exceptional job when it comes to support.

Positive

The management console is in the cloud, and the endpoint agent is on the device.

Its deployment was very easy. They provided installation scripts for Windows. We were easily able to put it into our RMM tool and deploy it to the devices of our clients. In fact, we do that today when we onboard a new client. As soon as our RMM agent is installed, one of the first things that gets installed in that stack is ThreatLocker, so we have it automated so that as soon as a client is onboarded or we install a new PC, ThreatLocker gets installed.

We deployed it client by client. We were onboarded very early. We would do one client a month and ramp that up until we got to month three, and then we deployed everything else. That was the process. In about three months, we were comfortable enough with the platform that we were able to manage it going forward on our own. After 90 days, we went to town and deployed the rest of our fleet. It was en masse at that point.

The implementation was done in-house with support from ThreatLocker during onboarding. We had a couple of weekly or biweekly sessions to learn troubleshooting and approvals.

Of course, things have changed since then, so you learn those along the way. One good thing they do is that once a quarter, they do a check-in with their technical account manager. We go over any issues or things that we would like to bring up. They do a nice job of taking that information back to their development team or their product teams to make adjustments in the solution over time.

Its price is fair. They have added some additional things to it beyond allowlisting. They are up-charging for them, but in terms of the value we get and the way it impacts us, we get a bang for our buck with ThreatLocker than a lot of our other security tools. We have a few tools that would fit into that category, but then there are some that are more expensive than they need to be. ThreatLocker is definitely not one of them. 

It is one of the reasons why we have eliminated other tools, but ThreatLocker has not necessarily replaced them. It was because ThreatLocker and some of our other things were doing so much that we did not necessarily need them. We were able to remove that redundancy. So, its price is fair. Hopefully, they do not take this to raise their prices.

We looked at Microsoft AppLocker but found it difficult to manage and maintain. We also considered Airlock Digital and other security tools but found that they lacked the ability to manage at scale. That is what ThreatLocker does very well. We are a small team. We are managing 400 or so computers with a small staff, and we are still able to do that because the tools do a lot of the heavy lifting for us. If we had to do that with AppLocker, AirLock Digital, or any other security tools, it would have been a lot more time-consuming. We probably would have needed more staff to do that.

When we went with ThreatLocker, there were not a lot of allowlisting companies out there. Some of them were more enterprise and mid-market. The concept of ringfencing was not the one that the others were even talking about. 

When we are at a conference or business meeting, a lot of times we do a hacker demo. Usually, the demo involves a Word document that downloads something malicious or runs something malicious that gives you backdoor access. Ringfencing is designed to prevent that from happening. When you have a Word document, Word does not need to execute other programs. Chrome does not need to execute other programs. Excel does not need to execute other programs. Excel does not need to beacon out and connect to the Internet. Locking these little avenues greatly diminishes your chances of getting compromised. Nothing is 100%, but controlling what each application can do can make everything work better.

I would rate ThreatLocker Protect a ten out of ten. It is a great product. At times, it might block something, and we are not aware that it is being blocked and are trying to troubleshoot something. It is one of those things that we always have to remember. We bring up ThreatLocker and see if something is going on. In the past, we had to go to the portal, and there was a delay by the time that the agent would report to the portal for that information, but now, we have the ability to, at least on the device, see in real-time what is happening so that we can troubleshoot it and more. We just need to check this, but it is solid. It would probably be one of the last tools that we would remove if we ever remove anything.

We use this solution for Zero Trust application installations, as well as ringfencing those applications and elevating administrative rights.

ThreatLocker Zero Trust Endpoint Protection Platform cuts down on ticket times for a couple of my employees. They are able to get tickets done faster. Elevation helps with that, and throwing a computer in learning mode is super easy for them, so it just works in their workflow.

They are able to get the work that they need to do faster because they are not being bogged down with needless tickets.

It has helped free up our IT team’s time for other projects or tasks. On average, it has saved about two hours a week of work time.

ThreatLocker Zero Trust Endpoint Protection Platform is not difficult. It is easy for IT teams to use. They just need to install an agent.

ThreatLocker Zero Trust Endpoint Protection Platform has not consolidated any of our tools. It has just added to our stack and helps us sleep at night.

ThreatLocker Zero Trust Endpoint Protection Platform has not saved us costs because purchasing the agents costs money, but it helps in generating revenue because it is another thing that we can add to contracts to help our clients be more secure. I do not do the finances for the company, but I know it produces revenue because we are keeping the product.

ThreatLocker Zero Trust Endpoint Protection Platform is great for blocking access to unauthorized applications. We test it for when we need it. We have never come across any issues. Cyber Heroes are great. They resolve many issues that we find in a matter of minutes.

I really enjoy ringfencing and elevation features. It makes my life easier because I do not have to get on a computer to elevate a prompt to allow users to run something they run every day as an admin. 

They have a good foothold in the game right now. They are doing everything right, and as long as they keep improvising and adapting, they will continue to overcome. I cannot suggest anything that they are not already doing. They should keep adding features as they have been.

We have used the solution for a little bit over a year.

It is excellent. They are constantly pushing out updates. They are always putting out webinars and keeping everyone informed. They are great.

Scalability is easy. Their policies, the grouping of the policies, and the way the hierarchy works for all of their policies are excellent.

The customer service is a ten out of ten. It cannot get better.

Positive

We did not use any previous solutions.

We have a hybrid environment. We are an MSP, and we have 40 different clients. We adopt the environment they come with. We use Microsoft Azure Cloud.

The setup was easy. It was just deploying the agent and letting it learn for 21 days. It then just goes, and you do not hear much from it after that. It is super simple. The only time you hear from it after that is when there is a new application or it is not a built-in.

We have a technical representative from ThreatLocker who assists us.

It is the fact that I am sleeping at night. I know that my systems are secure. They are not going anywhere. Nothing is happening to them. Any policy I put in place is a policy that stays in place, and it knows it is going to protect my system.

It is a great platform all around. It has great support. People developing it know what they are doing. They see a future. They see a path, and they are going down it. I like it. I like what I see. 

Overall, I would rate ThreatLocker Zero Trust Endpoint Protection Platform a ten out of ten.

We have deployed it across many clients, including a major client in the caretaking business. They need to be protected well. I am quite satisfied with the product.

I use the product to monitor what users can or cannot do, with variations for each type of customer. We are starting to consolidate all clients into one comprehensive map.

The portal is easy to use and provides a centralized region for management, which is beneficial.

It helped us to consolidate security products. We previously worked with another product but switched to ThreatLocker. It eliminated the need for another product, as ThreatLocker combines multiple functionalities. We used to have antivirus, but if you can block computers from doing anything, the virus has no chance or very little chance.

The endpoint protection itself is very valuable because that is the primary feature I am using. We deal with a lot of users who are not always aware of what they are doing while using their computers for business. In the caretaking business, you have several people who are not IT-minded. Phishing emails or things like that can happen very easily.

It is a comprehensive platform that allows you to do a lot of things. We are not using all the things yet, but it keeps our clients safe, which is the main service we aim to deliver as an IT partner.

The company should strive to stay ahead of all the developments happening externally. If their progress accelerates more rapidly than the ongoing changes outside, it would prove advantageous.

I have been using the solution for more than a year. 

The stability is satisfactory.

It is scalable.

Customer service is good. The Cyber Hero program ensures there is always someone available to help. It was one of the reasons to go with this solution.

Positive

We worked with Enable. We changed it because our company saw ThreatLocker at a convention. They were convinced that the product would do better.

The setup was straightforward. We utilized another platform to deploy ThreatLocker, and this eased the process.

We implemented it ourselves.

I do not deal with pricing, but I assume it is cost-effective for us. We choose a solution based on functionality and affordability.

We did not evaluate other products.

It is easy to use, but we are having some difficulties as we are still learning how to best deploy it for our customers and adjust the endpoints so that they can work efficiently and do whatever they need to do. Even though you put machines in learning mode, it requires finetuning. For some business clients, it is okay, but other clients, particularly the smaller ones, have to be able to do a lot of things. It can be difficult to have that balance.

It has not helped reduce our help desk tickets. We are still in learning mode, and after we are fully knowledgeable, we will be able to see some ticket reductions.

I would rate it eight out of ten. Nobody deserves a ten.

We are a managed service provider offering comprehensive network and security monitoring for other service providers. We remotely monitor our clients' systems, many of which utilize ThreatLocker. This application allows us to provide end-to-end technical support, including proactive protection against malicious scripts and applications. ThreatLocker prevents unauthorized installations and execution of potentially harmful programs, such as PowerShell or CMD scripts, by blocking them in real-time. Essentially, it's a comprehensive security application that logs events, captures data, and aids in recovery and analysis, enabling us to understand and respond to security incidents effectively.

We have deployed ThreatLocker in the Azure and AWS clouds for some of our customers, while others utilize it in a hybrid model.

Administrators can easily approve or deny requests using their ThreatLocker allow list. With full access, an administrator can enable learning mode or create exclusions for any user, allowing them to execute specific files or actions within their user space.

The software provides superior visibility into end-user software approval requests compared to other EDR applications I've encountered. Real-time scanning is available when an exclusion occurs, and the software captures comprehensive logs of all activity on the machine.

We use allowlisting once a user access request is submitted. We verify the reason for the request and, once verified, we send an email notification to the requesting user. After approval through the ThreatLocker console, the user can access and execute the requested resources.

ThreatLocker has significantly improved numerous techniques that mitigate vulnerabilities and viruses initiated on the back end of a network. This prevents recurring attacks that utilize script files or various hacking methods by stopping them at the network level.

Previously, users with installation privileges often installed various third-party applications without oversight. ThreatLocker prevents unauthorized application execution, requiring users to submit installation requests. Since most users are reluctant to request third-party applications, this policy significantly reduces the volume of help desk tickets related to software installation and troubleshooting.

ThreatLocker helps consolidate applications and tools.

ThreatLocker's most valuable feature is its scanning capability, which executes all types of executable files. Rather than denying specific applications, it denies all applications originating from the back end, providing comprehensive protection.

ThreatLocker would benefit from incorporating an antivirus feature or comprehensive 24-hour log monitoring, a valuable enhancement for both business and enterprise-level users.

I have been using ThreatLocker Protect for approximately seven to nine months.

I haven't experienced any performance or stability issues with ThreatLocker.

ThreatLocker is highly scalable and useful for real-time protection.

ThreatLocker's technical support process could be streamlined by reducing the number of steps required to reach a human agent. Currently, users must navigate through multiple chatbot interactions before being connected, which can be time-consuming and frustrating.

Neutral

The initial setup involves deploying the solution through an agent procedure within cloud platforms. Configuration is done according to system administrator instructions, and policies are set accordingly.

A team of five is involved in deploying and configuring ThreatLocker, as well as monitoring its use.

The measurable benefits of using ThreatLocker include ensuring real-time protection of organizational resources and maintaining user authentication and protection levels to reduce risks. It fosters business growth by securing the business module.

I rate ThreatLocker Protect eight out of ten.

There is no maintenance required by the customers.

The endpoint value typically falls within the range of 300 to 450 per MSP, although this can vary depending on the client. Larger enterprise-level clients may have up to 500 endpoints.

I recommend purchasing the exact number of agent subscriptions needed for the environment to avoid unnecessary expenditures.

We provide IT security or cybersecurity services to our customers. ThreatLocker is a key component of our security stack, and we roll it out to every one of our customer's endpoints. It's not an optional component, but a must-have because we are strong proponents of zero trust.

We provide remote monitoring and management services, which can be considered remote IT security for our clients. Our clients have minimal interaction with ThreatLocker Protect directly. It is one of the security tools we install on their systems to secure their networks and end devices. More importantly, it allows us to manage and control the specific applications and services running on their endpoints.

For instance, we can maintain a pre-approved list of applications that are allowed to run in the environment, while preventing unauthorized applications from executing. Even for permitted applications, we implement additional security measures.

ThreatLocker's unique capabilities are particularly evident in its handling of Adobe Acrobat, a common PDF reader. PDFs can be exploited by malicious actors, or hackers, to gain access to systems. Typically, a user clicks on a PDF, it opens, and without their knowledge, malicious code executes on the system, interacting with other components to enable hacker access.

With ThreatLocker, we can restrict Adobe Acrobat to only accessing the official Adobe update servers on the internet, preventing it from accessing any other websites. Additionally, we can restrict Adobe's access to other applications and underlying files on the computer, preventing hackers from utilizing the program to compromise the system.

ThreatLocker is a cloud-based endpoint protection platform that utilizes endpoint agents installed on each device. The deployment of these agents can be automated through Microsoft Intune or RMM, depending on the specific scenario. The ThreatLocker portal is also cloud-based, and once the agent is installed, it communicates directly with the ThreatLocker cloud. One of the key advantages of ThreatLocker is the instantaneous implementation of changes made in the cloud to the endpoints. This ensures that devices are always protected with the latest security policies.

Administration of Allowlisting is incredibly simple, and ThreatLocker provides numerous methods for approving applications and ensuring their legitimacy. One of ThreatLocker's strengths is its dedicated team that continuously monitors applications for changes. For instance, Microsoft's infamous "patch Tuesday" releases require thorough vetting of all patches. If not vetted, ThreatLocker will block them. ThreatLocker's team proactively prevents these issues by adding validated applications to the system. Occasionally, an unpopular application may slip through their team's detection. In such cases, the process for blocking is straightforward. Upon receiving an alert, we can examine the application and its characteristics, including its files. Directly from ThreatLocker, we can verify the application against known repositories that track applications based on their hash or unique Digital DNA to determine if it's a registered application with a known location. Additionally, we can check for any malicious characteristics. Based on this assessment, we can take two actions: either approve the application or utilize ThreatLocker's newly introduced virtual sandbox environment. With a simple click, we can isolate the blocked file in a virtual environment. ThreatLocker creates a separate Windows screen, copies the file over, and executes it within the environment for two purposes. The first is for capturing the file's signatures and any missing elements. The second is for observing the file's behavior in a controlled environment.

Software approval requests for end users are simple. The end user will typically see a small box, which can be customized. We can create a custom appearance or use the ThreatLocker standard box that appears and states that the application has been blocked. There is a box where users can justify the application and explain why they need it. They can then request approval. This is their interaction in terms of requesting approval. On the backend, either the Cyber Heroes or our team will review and approve everything. If the application is approved, the users will receive another small box in the lower right-hand corner of the screen stating that the app has been approved and can now be run. The box will have a button that users can click to run the previously blocked application.

The combination of Allowlisting and Ringfencing is a key advantage of ThreatLocker, particularly in preventing applications from accessing unauthorized internet sources or tampering with sensitive system programs. Allowlisting explicitly permits specific applications to run, while Ringfencing imposes additional restrictions on their behavior. This layered approach ensures that applications can only execute authorized actions and cannot escalate privileges or compromise system integrity. Allowlisting simplifies application control by eliminating the need to define granular permissions for each application. Instead, administrators can simply check a few boxes to whitelist trusted applications. However, for more advanced configurations, ThreatLocker provides granular control over application permissions. Ringfencing acts as a safeguard, akin to guardrails along a mountain road. Just as guardrails prevent vehicles from plunging over the edge, Ringfencing prevents applications from engaging in unauthorized or malicious activities. This additional layer of protection provides peace of mind and enhances overall security.

Establishing trust is crucial, and with Allowlisting, we have a thorough vetting process to ensure applications meet the necessary security criteria. We first evaluate whether the application is truly needed in the environment or what its purpose is. Additionally, we can identify who initiated the request. Furthermore, ThreatLocker's portal provides access to historical data on applications, including file hashes, which act as unique digital DNA. This allows us to verify whether the application is in its original form and check for any known threat advisories. This comprehensive information empowers us to make informed decisions about whether to Allowlist or deny an application based on our findings. Additionally, we can sandbox the application to observe its behavior in a controlled environment and detect any malicious activities. This rigorous vetting process ensures that only trustworthy applications are Allowlisted.

ThreatLocker allows us to maintain consistent environments by providing a central repository that tracks which applications are authorized to run. This simplifies application management and ensures that only approved applications are installed. Additionally, ThreatLocker enables us to control bloatware, which can often contain vulnerabilities. We can prevent bloatware from executing within our environment, further enhancing security. ThreatLocker's zero-trust architecture, including application control, ringfencing, and other features, strengthens our overall security posture. With ThreatLocker, we no longer need to worry excessively about end users clicking on malicious emails, as the embedded code cannot execute due to the restrictions we have implemented. Overall, ThreatLocker's zero-trust architecture is mandatory across all clients in our environment. It is not an optional security measure; it is essential for doing business with us. ThreatLocker empowers us to control our environment and ensure comprehensive security.

ThreatLocker has helped us reduce our helpdesk tickets by preventing rogue applications from running in our environment. This significantly reduces the overhead associated with managing tickets. With ThreatLocker, we have complete control over which applications are allowed to run, so we don't have to worry about users clicking on something they shouldn't. Occasionally, we do receive requests from end users who are trying to run blocked applications, such as games. These requests are denied and do not become tickets. Overall, ThreatLocker has significantly improved the standardization of our environments and reduced the overhead associated with managing user-related tickets. It has given us complete control over which applications can run in our environment, and we rarely have any end-user-related tickets as a result.

Many tickets are created due to an inconsistent or non-standardized user environment. Users encounter differences in software configurations between systems, leading to curiosity and clicking on unfamiliar items. In the current era where 96 percent of security incidents originate from phishing email clicks, we have clear evidence, supported by metrics, of the impact and consequences of such actions within client environments. By standardizing the environment and utilizing a common system like ThreatLocker, which enables whitelisting, blacklisting, or implementing guardrails, the number of tickets and user-generated noise can be significantly reduced.

Our current security stack is very lean and well-integrated. Whenever I attend a trade show or conference with vendor halls, I'm always approached by vendors trying to sell me something. ThreatLocker already does what they're offering, so there's no need for additional purchases. From a cost perspective, ThreatLocker has allowed us to consolidate and save significantly. Additionally, without ThreatLocker, we would likely need six or seven different tools to achieve the same level of security, further reducing costs.

We use ThreatLocker's Allowlisting to whitelist specific applications and prevent unauthorized software from running.

We utilize Ringfencing to establish guardrails around implementations, ensuring that applications operate within defined boundaries.

We leverage network access control to granularly control interactions between computer systems and servers. This enables us to restrict communication between specific applications, even within a locked-down environment.

We employ storage control to impose additional security measures on data storage. This includes controlling access to network shares, network files, and folders, as well as USB storage devices. We can whitelist specific devices based on their serial numbers or allow access based on predefined conditions.

We rely on ThreatLocker's Cyber Hero support, which provides exceptional assistance and responsiveness. At any time, we can initiate a chat session and receive immediate support. If the issue requires escalation, it is promptly handled.

Cyber Hero support also plays a crucial role in vetting application updates. When a user attempts to install or update an application, and the update has not been approved from a security standpoint, it is blocked by ThreatLocker. A notification is presented to the user, informing them of the block and providing an option to justify the application's need. These requests are then reviewed by ThreatLocker's Cyber Hero support team, who evaluate them against our security criteria and make an informed decision to allow or deny the application.

We utilize ThreatLocker's elevated control feature for applications that require administrator-level access. We avoid granting full administrative privileges to end users, as this elevates the risk of compromise if the device is infiltrated. Instead, elevated control allows us to precisely define the execution conditions for specific applications, such as QuickBooks updates. By verifying the application's signature and certificate, we can enable the update to run with administrative privileges while restricting the user's overall administrative access.

Integrating ThreatLocker with other products is simple and only requires a few clicks. ThreatLocker's deployment is also very straightforward. The company provides extensive and well-written online documentation, which is continuously being improved. They also offer a variety of training resources, including university courses, training videos, webinars, and conferences. I have no complaints about the level of support and knowledge transfer provided by the company. ThreatLocker is also developing a new reporting tool, which I had the opportunity to beta test. The company has also been showcasing the new reporting tool at conferences. The new reporting tool provides a level of detail that is unmatched by any other product on the market.

From a reporting perspective, enhancing the ability to customize reports would be beneficial. This could include the option to export reports to a Word document for further tailoring, allowing users to add their own executive summaries and additional content.

I have been using ThreatLocker Protect for five and a half years.

ThreatLocker's development team is capable of releasing beta versions of upcoming releases. Our organization has a policy against deploying beta code due to potential stability and security issues. We don't want to inconvenience our customers or use them as guinea pigs. Overall, ThreatLocker has been a stable platform. However, the threat landscape changes rapidly, and even vetted releases can have minor glitches, such as applications being categorized differently. This can sometimes have adverse effects. However, ThreatLocker's team is very responsive and quickly addresses any issues we bring to their attention.

I haven't identified any inherent limitations or restrictions, or let's say, a ceiling. I'm aware that ThreatLocker is deployed in large corporations around the world. So, they can accommodate organizations of all sizes, from single-person entities to Fortune 500 companies. It's undoubtedly scalable. When I evaluate scalability, I consider not only the number of endpoints and various supported components but also the ability to adapt to the evolving threat landscape. ThreatLocker has certainly been doing that with the introduction of new products and services, as well as the continuous evolution of the platform as a whole.

ThreatLocker is the only company where, regardless of the time of day or whether it's a holiday, I can get immediate support by just jumping into the portal, clicking on the chat, and having someone respond. And it's not just a bot; it's a real Cyber Hero who is ready to assist. They even offer the option to request a Zoom link so that we can have a face-to-face meeting to explain our scenarios and share our screens. If the Cyber Hero is unable to resolve the issue, there are two additional levels of support available online 24/7. We've dealt with many vendors, but we've never experienced this level of support.

Positive

The implementation process was relatively straightforward. ThreatLocker provides us with granular control over almost every aspect of the system, which is one of its key advantages. Upon initial installation, ThreatLocker enters a learning mode where it identifies and catalogs all applications within the environment. We can then determine when to transition ThreatLocker from learning mode to full secure mode, with options ranging from one day to 30 days. In our case, the transition to full secure mode was relatively seamless. We completed the learning phase and had ThreatLocker fully operational within 30 days.

We utilize Microsoft Azure and Intune to manage the majority of our services. In this instance, we employed a PowerShell script provided by ThreatLocker, tailored to our specific environment, and deployed it via Intune. Intune ensures that every device is enrolled. Upon defining and adding the PowerShell script, Intune automatically distributes it to the endpoints, completing the installation process. The deployment process is simple.

We don't require many people for the deployment of ThreatLocker.

ThreatLocker has been instrumental in our ability to standardize and secure our environments, enabling us to replicate them consistently. This standardization has significantly reduced overhead, as we no longer need to rebuild the infrastructure for each new client or prospect. Furthermore, the controlled environment that ThreatLocker has facilitated resembles a well-policed community, where crime rates are low, residents are content, and property values are rising. In contrast, an uncontrolled environment akin to one with inadequate law enforcement would result in chaos. Consequently, ThreatLocker has allowed us to operate efficiently and effectively, minimizing support tickets, eliminating security concerns, and ultimately contributing to our profitability.

Today, the term "zero-trust bubble" is used to describe the growing number of vendors offering zero-trust security solutions. However, I've observed that the IT security industry, as a whole, tends to over-hype new technologies with acronyms and buzzwords without fully understanding their implications. When I examine the current zero-trust landscape and compare it to other security bubbles like endpoint detection and response, secure access service edge, and so on, I find ThreatLocker's pricing to be reasonable for the services it provides.

Previously, we had not implemented any solutions for zero trust because it was a relatively new concept at the time. We were exploring various options to gain more granular control over applications running on separate networks within our environment. Our goal was to standardize and normalize these applications while preventing the execution of unauthorized applications or scripts. However, we were unable to find any solutions that met our specific requirements. When we were introduced to ThreatLocker, we evaluated other available solutions and found that ThreatLocker offered the most comprehensive feature set.

There was nothing else in the market at the time that was doing what ThreatLocker was doing or even attempting to do anything with Zero Trust. The CEO and co-founder visited my office and provided me with an in-depth explanation of the product, its vision, and its future plans. This was sufficient for me because, first and foremost, what matters most to me, especially in the security industry, is having personal connections with my vendors. I don't want to be just another customer. I specifically want to know that I have people I can call on my speed dial when something goes wrong. And that's the kind of relationship I have with ThreatLocker.

I would rate ThreatLocker Protect nine out of ten. There are many security products available today that companies like mine utilize, and some of these products could be replaced with ThreatLocker. However, ThreatLocker is one of those tools that I consider indispensable to our security stack. We have such a strong conviction about this because we understand its capabilities and have seen its effectiveness firsthand. While a significant portion of our work is proactive security, we have also been called upon by companies who have experienced ransomware attacks. In these situations, we have been able to assist them in their recovery efforts. If these companies had ThreatLocker in place, they would not have been vulnerable to these attacks. This reinforces our unwavering belief in the value of ThreatLocker.

We implemented ThreatLocker from the outset within our environments. Therefore, it's difficult for me to compare it to previous solutions as it has become an integral part of our security framework. When I interact with colleagues who don't use ThreatLocker, I hear a lot of complaints, particularly regarding ticketing and the time wasted on text-based communications. I would say that the vast majority of these issues could be avoided if they had ThreatLocker in place.

The company as a whole has experienced and addressed all the concerns that have been raised. Firstly, they are continuously developing and enhancing their product offerings, which include not only the product itself but also the accompanying knowledge base and support structure. Most recently, we have been beta testing their latest portal upgrade, which is remarkably impressive. Ultimately, if I were forced to reduce my security stack to just one or two tools, ThreatLocker would undoubtedly be among them.

Occasionally, a less popular application pushed by a publisher may be flagged by ThreatLocker. In such instances, customers may inquire about the issue. However, once the reasoning behind the flag and the importance of our application vetting process to safeguard their environment are explained, the concerns typically subside.

ThreatLocker's user interface has undergone a significant transformation since its inception. The new beta portal, which we now have access to, is a vast improvement over the original portal. It is both aesthetically pleasing and functional, fulfilling all of its intended purposes. In terms of UI customization, I see little room for improvement. One area where I always seek enhancements is integration with third-party products, particularly PSA platforms. We utilize ConnectWise Manage, now known as ConnectWise PSA, and it seamlessly integrates with ThreatLocker. During a recent client audit, I compared the actual numbers to the PSA's reports, and everything matched up perfectly. When I consider ThreatLocker as a whole, I am impressed with not only the product itself but also the company's culture and commitment to innovation. They continuously invest in thought leadership initiatives, such as webinars, training programs, the ThreatLocker University, and their annual conference. These efforts demonstrate their dedication to providing their customers with the best possible experience. I have no specific wishlist items for ThreatLocker. I am genuinely satisfied with their product and overall approach.

We began realizing immediate value from ThreatLocker, as it provided us with the ability to view blocked applications, scripts, or files within the environment through its unified audit feature. This allowed us to quickly identify and eliminate unwanted software from our environment. Additionally, we could revisit applications that had been vetted or cataloged and decide to block them if they were no longer deemed necessary. Overall, the time to value for ThreatLocker was within the first 30 to 45 days.

ThreatLocker is used by all of our clients and on all of our endpoints. We currently have over 250 endpoints protected by ThreatLocker.

From a maintenance standpoint, ThreatLocker is relatively straightforward. While application signatures inevitably change, the most frustrating aspect is the lack of consistent code signing by software publishers. Despite the current cybersecurity emphasis and efforts to minimize risk, it's baffling that reputable software developers often fail to sign their code. This necessitates an additional vetting process to verify the code's authenticity and ensure it hasn't been tampered with. One of ThreatLocker's strengths is its audit service. Upon request, their system engineers conduct a thorough audit of our client's environment via a Webex or Zoom session. They examine what's being blocked, what's not, our configurations, best practices adherence, and potential changes. This proactive approach ensures we're on the right track and adhering to best practices.

First and foremost, it is crucial to thoroughly understand the clients' environments and develop a tailored strategy for each one before implementing ThreatLocker. A one-size-fits-all approach is ineffective as every client environment has its unique set of applications and requirements. Thorough education is key. When rolling out ThreatLocker, we spend a considerable amount of time educating our customers about its purpose, functionality, and potential impact. We address their concerns and explain the rationale behind the restrictions. This education process should be ongoing for end customers. In the technology industry, there is a tendency to focus on the latest bells and whistles, neglecting the importance of educating end users about the benefits and implications of new technologies. This oversight can hinder the successful implementation of security solutions like ThreatLocker. It is essential to dedicate sufficient time to educating end users to ensure a smooth and effective rollout.
Know the environment. Before implementing ThreatLocker, thoroughly document and understand the client's environment. Initially, run ThreatLocker in learning mode to capture all applications used in the environment. Fine-tune the policy. Before switching to secure mode, collaborate with a Cyber Hero or solutions engineer to identify and address potential application conflicts or redundant applications. Leverage ThreatLocker University. Encourage the team to participate in ThreatLocker University training to gain in-depth product knowledge. Test in the environment first. Before deploying ThreatLocker to clients, thoroughly test it in your own environment to gain familiarity and expertise. ThreatLocker is not suitable for every organization. It is not intended for those who lack a serious commitment to security or are unwilling to invest the time and effort required to properly vet and configure the product for their specific environment. ThreatLocker is most effective for organizations that are willing to take advantage of its comprehensive features and dedicated support to tailor the solution to their unique needs. Remember, the success of ThreatLocker implementation depends on thorough planning, education, and a commitment to security.

I am one of two internal support staff for our company of approximately 60 employees. We manage roughly 80 devices, including servers and similar equipment, and utilize ThreatLocker Protect for internal support only. We do not resell this product.

Approving or denying software requests is a simple process for administrators. We have a well-defined workflow, and one of the most convenient aspects is how it handles individual user and computer requests. The beauty of ThreatLocker Protect lies in its ability to approve individual requests while also offering broader deployment options. For example, if a work operation requires specific software and John Smith initiates the request, I can not only approve it for him but also wildcard it. This means that if another member of the same team or someone else in the company wants the same software, they don't need to submit a new request; it's automatically approved based on the initial approval for John Smith. This saves everyone time and simplifies the process.

The visibility into software requests from users is perfect.

We leverage ThreatLocker's Ringfencing technology, which has proven highly effective in our security strategy. While it allows us to whitelist specific applications, it critically prevents those applications from exceeding their authorized access. Even if an approved program theoretically could access PowerShell, the command line, Regedit, or other restricted features, Ringfencing intervenes and blocks such attempts. This granular control is crucial for maintaining a strong security posture.

The need for establishing trust for every access request, regardless of its origin, is crucial. Before implementing ThreatLocker, we faced a significant issue. A department member needed a specific program, so he downloaded it from a third-party site instead of the official source. Unfortunately, the site was riddled with malware. Unaware of this danger, he downloaded and installed the program. Three of us spent two days not just cleaning up the mess, but also verifying that the malware hadn't infiltrated our network. This is where ThreatLocker shines. Even if a trusted program like "Program A" is installed from the official source, ThreatLocker can be configured to only allow future requests from the program's parent company with a valid signed certificate. Any request for the same program from an unauthorized third-party source with an unverified certificate gets automatically blocked. This is truly a powerful feature.

ThreatLocker Protect has significantly reduced our help desk tickets. We used to be bombarded with repetitive requests, particularly software update approvals. The ability to use wildcards for both users and versions in ThreatLocker is fantastic. Previously, when new versions of software were released (e.g., Software A version 1.1), we'd receive up to 15 separate requests for approval. Thankfully, ThreatLocker allows us to whitelist both users and versions. Once we approve Software A from the authorized vendor for version 1.0, we can create a wildcard rule that automatically approves future updates (1.1, 1.2, etc.) from the same vendor. This eliminates the need for manual intervention, saving me an incredible 80 percent of my time. ThreatLocker Protect is truly a game-changer!

ThreatLocker Protect helps our staff focus on other projects.

We saw the value of ThreatLocker Protect shortly after deployment, but it's important to understand how the initial stage works. After signing up and installing the program, the machines enter a learning mode. During this period, ThreatLocker observes and analyzes the software on our devices, identifying common applications and their components (DLLs and EXEs). This learning phase typically lasts around 30 days. While we might not see immediate results during learning mode, it's crucial as it lays the foundation for secure operation. Our first audit review, conducted ten days after deployment, revealed a large number of identified applications because the system was still learning. However, our assigned systems engineer provided excellent explanations and handled the back-end processes seamlessly, eliminating the need for manual intervention. This is one of the program's key strengths. While ten days might seem like a short time to realize the value, it's important to remember the learning phase is essential for effective protection. The automatic learning environment and subsequent transition to secure mode ensure a smooth and efficient deployment process.

I'm deeply impressed with ThreatLocker Protect, and I've been in IT for over 40 years, including four years as a school administrator and teacher. The software is incredibly intuitive and easy to use, even for non-technical users. The interface is clean and well-organized, making it simple to navigate and find what we need. The support team is truly exceptional. They are responsive, knowledgeable, and genuinely helpful. Whether it's a quick question or a complex issue, they are always available to assist. My wait time has never exceeded 15 seconds, and resolutions are typically within five minutes. They even offer regular audit reviews to proactively identify and address any potential problems. ThreatLocker University provides comprehensive, self-paced training that is easy to follow and understand. It empowers users to effectively utilize the software and maximize its benefits. Overall, ThreatLocker Protect stands out for its intuitive design, exceptional support, and comprehensive training. It's a fantastic product backed by a remarkable company culture, making it a true pleasure to use.

The snapshots used in the ThreatLocker University portal are outdated snippets and have not been updated in conjunction with the portal itself.

I have been using ThreatLocker Protect for two years.

We have never had stability issues with ThreatLocker Protect.

ThreatLocker Protect is easily scalable.

The technical support is great.

Positive

Deploying ThreatLocker was surprisingly straightforward. Their documentation guides users through the process clearly, offering multiple options for deployment. From traditional MSI installers to EFCs, users have the flexibility to choose the method that best suits their needs.

It took just five minutes to deploy the software on a single machine. However, for the network-wide rollout, we opted for a cautious, phased approach to minimize potential conflicts. Out of our 60 machines, we selected 10-15 users or computers as a test group. After pushing the update to this initial group, we monitored closely for any red flags or issues. As no problems arose, we gradually added more computers to the deployment in 15-user increments until everyone was covered. This approach, while slower, allowed us to identify and address any potential issues before impacting the entire network.

While two of us were involved in the deployment planning, the actual execution was carried out by one individual. Once they started rolling out the machines, I joined in to monitor the results and provide support. It's worth noting that this single person successfully deployed the software to 60 machines.

The implementation was completed in-house.

ThreatLocker's pricing seems justifiable. We get a lot of value for what we pay, with excellent support, the program itself, and everything related to it being top-notch. If my CTO ever suggested dropping it due to budget constraints, I'd be concerned. While I don't have access to the exact cost, even if it was around five thousand dollars annually, I'd suggest reallocating that amount from my salary to keep ThreatLocker Protect. That's how strongly I believe in the program's effectiveness.

I would rate ThreatLocker Protect ten out of ten.

ThreatLocker Protect is not a significant CPU consumer. We've had it for over three years, and while there have been a few minor conflicts with other programs, they were easily resolved. This is to be expected with any software.

I have a biweekly call with an analyst from ThreatLocker, and they treat our organization, which has only 60 computers, the same way they treat businesses with 4,000 computers.

ThreatLocker Protect is incredibly easy to install. I highly recommend engaging their system engineer for assistance. Don't hesitate to reach out with any questions, no matter how simple they may seem. The ThreatLocker support team is known for its patience and willingness to help. They're happy to answer anything you ask, regardless of your initial perception of the question's importance. So, feel free to be open and honest with them; they'll treat you with the utmost respect.