ThreatLocker Zero Trust Endpoint Protection Platform Reviews

We use the solution as a zero-trust application. We put it on all of our customer machines. We're a security operations company that performs, security, and compliance services for different companies. For all of the companies that we support, we put Threat Locker on. As a zero-trust application, we know the only applications that we've approved are going to be able to function in those customer environments and be that much more secure.

The solution has improved the organization by making sure every customer is more secure. It doesn't allow anything we don't know or haven't approved to run on any machine.

Every single feature has been invaluable.

It's very easy for administrators to approve or deny requests using the cloud listing. 

You get good visibility with this product - more than anything else on the market. Threat Locker is amazing for providing that visibility. I know every single thing about a request due to the way they process it and the data they show us. We have the ability to see everything that an application is actually going to do. 

We do use ring-fencing for every customer. It's great at blocking known and unknown threats. It's the only thing that I know, without a doubt, will do the job. I know that if I haven't made a policy for something, it still will not let it run.

It's the best, period, for allowing us to assess allowed listings and establishing trust for every request.

Overall, the solution has helped us consolidate applications and tools. It's definitely helped reduce unnecessary software. 

We've been able to reduce operating costs based on tool consolidation. However, it would be a difficult number to calculate. 

The reporting could be improved. They're already working on some things with that. That said, as far as its functionality, its stability, and my trust level in it, I honestly don't know how it could get better.

We've been using the solution for two years.

We have never had a problem with stability. 

We have 2500 machines. There are different customers using it. Some are government entities and some are public. Organizations range from very small to extremely large. 

The solution is 100% scalable. 

Technical support is the best in the business. 

Positive

While we have used different solutions, nothing compared to what this solution provides. 

We have different deployment models for each customer. It's an application that I install on every machine in my customer's environment. 

The deployment is very straightforward. In a couple of clicks, you are finished. 

The implementation depends on the customer. For some customers, we install to the machine. Others, we push it out. Some also have scripting so that if you have an RMM tool, It's an easy little script that you push out via the RMM tool or even as a PowerShell script. Their deployment is something else that sets them apart since it's so easy to get it on either one machine or a mass deployment of machines.

You only need one person for deployment. 

The product doesn't require maintenance. Everything is handled on the back end. 

We used a third party to deploy the solution. We don't support the machine it's installed on. We only do security. We use multiple third parties. 

We have 100% witnessed an ROI. It sells my service. 

The pricing is correct.

We did evaluate other options. We've tested everything from top to bottom. For example, we looked at Fortigate and Palo Alto as well as some options from Cisco and Microsoft. None offered the same level of detail.

We're a partner. 

We have witnessed an immediate time to value using this solution. 

I'd rate the solution ten out of ten. I'd advise others to pull the trigger and get it. They'll love it. The solution provides a level of security that is unmatched. 

ThreatLocker is our standard security stack, with very few exceptions. We use it for all of our MSP clients, MSSP clients, and recently for IR response cases. We use ThreatLocker to control application installations and take advantage of its ring-fencing option, which prevents otherwise good applications from interacting maliciously.

Administrators can easily approve or deny requests using the log listings.

The overall visibility into software approval requests of end users is very good.

ThreatLocker and ring-fencing are two of the main ways to prevent applications from interacting with each other, outside of application control. This means that we can take two otherwise non-malicious applications and prevent them from speaking to each other. A good example is Microsoft Word and Microsoft PowerShell. We wouldn't want Word to interact with PowerShell.

From a visibility standpoint, we like Allowlisting's ability to establish trust from every access request, regardless of its origin. However, there is nothing quite like the application control feature, even in an XDR or EDR solution. We are looking for the process path, CERT, and other information to identify the application.

Allowlisting has helped reduce the number of our help desk tickets. There was an initial spike in configuring trusted applications, but it has definitely cut down on supporting applications that should not be part of an organization anyway, such as PDF readers and browsers outside of the standard. Once we add an acceptable group of applications, we no longer support any deviations from that. Allowlisting has cut down on some of the ticketing there.

Allowlisting has helped us consolidate applications and tools. For example, we have standardized on a list of allowed browsers because those are the browsers that are patched regularly. We have also standardized PDF readers and Office suites, such as LibreOffice and Microsoft Office.

We saw the benefits of Allowlisting quickly. We observed that applications, such as PowerShell, were able to run freely within an environment, and that there was a high likelihood that one of these tools could be used maliciously without any effective deterrents. None of the EDR, XDR, logging, and forwarding SOX solutions were able to stop such an attack from proceeding.

Application control, ring-fencing, and storage control are the most important features, followed closely by elevation.

More visibility in the built-ins would be nice.

The learning curve is wide because there are a lot of things to learn. 

I have been using ThreatLocker Allowlisting for two years.

ThreatLocker Allowlisting has had minimal downtime, comparable to, if not exceeding, Microsoft's uptime standards.

ThreatLocker Allowlisting is easily scalable. We doubled our endpoint count in three days, and we know that we can scale.

The support team is the best we've had by far. I don't think I've ever waited more than a minute, They usually answer our call in about 30 seconds.

Positive

The initial setup was straightforward. We pushed ThreatLocker Allowlisting out from our RMM automation system. We have also pushed it out in other ways, and it is always straightforward.

Two of our people were involved in the deployment.

We used ThreatLocker's onboarding process support for the implementation.

The pricing is fair and there is no hard sell.

I would rate ThreatLocker Allowlisting ten out of ten.

The alert board for maintenance requires monitoring.

Potential users should expect to dedicate resources to ThreatLocker Allowlisting. It is not a set-and-forget solution. There is a learning curve, but Cyber Hero support is available to help users through it. Unlike some other products that onboard users and then leave them to the ticketing system, ThreatLocker provides continued support. It is important to note that ThreatLocker Allowlisting cannot be simply turned on and left alone. It requires in-house resources to properly manage at scale.

Every single endpoint and everything that we manage has ThreatLocker on it. We saw how valuable it was, and we went to every one of our customers and told them either we install this on your PCs or we have to just part ways as friends.

We use the basic ThreatLocker product for Zero Trust and we have one client where we're using Elevation Control.

The big benefit is that I can sleep better.

The fact that it stops anything that we don't want from running is the biggest thing. It's also very easy for administrators to physically approve or deny requests. The difficulty is in determining whether they should approve or deny.

We use ThreatLocker Allowlisting with Ringfencing and I would give ThreatLocker a 10 out of 10 on pretty much everything. The establishing of trust for every access request, no matter where it comes from, is the way of the future.

Something we have come up against a couple of times is that we have two clients that are software developers. They create software that doesn't have digital signatures and that's not easy to categorize or whitelist with ThreatLocker. We have to go in and make custom rules to allow them to do their work and be protected from malicious threats. We've gotten really good at it. 

ThreatLocker's support has been absolutely wonderful, you get somebody there very quickly. The danger is when one of my techs calls in with a question about some rules, and he reaches somebody on the other end that has about the same level of technical ability—and I know it says "cyber hero in training"—my concern would be that if the people on both ends of a call are inexperienced, they could inadvertently create a rule that opens up too much. So if I have a concern about that, I usually just get on the call myself.

There is one other big thing. If I want to install a piece of software, and I want everybody in the organization to be able to install that software subsequently, when I put a computer in Learning Mode that disables ThreatLocker. I then install the software and Learning Mode tells ThreatLocker everything that the software just did. 

Every now and then, ThreatLocker will block something, like a web browser update or a web browser plug-in update, and some of that is just not important so I don't worry about whitelisting it. It keeps trying to run, and ThreatLocker keeps causing it to not run, which is okay.

But when I turn on ThreatLocker Learning Mode to install some other piece of software, if there is something that has been trying to install for weeks and hasn't been able, and then attempts to install while ThreatLocker is in Learning Mode, it will allow it to happen.

To summarize, when you put ThreatLocker in Learning Mode, if there's something else that is trying to run at the same time as whatever it is that you're trying to install, it will be allowed to run.

I've been using ThreatLocker Allowlisting for two or three years.

It's completely stable, other than every now and then an agent will stop phoning home and somebody will have to intervene, but that's very rare.

Scaling is super easy. The great thing is that you can deploy policies to other computers. That means I can make a policy in the parent company, which is mine, and I can then deploy it to all computers.

We have 380 users of ThreatLocker from our company, but I just merged my company with another company so the total across all of our endpoints is about 1,300.

Their tech support is the best I have ever come across.

Positive

We never used a Zero Trust solution before ThreatLocker. We use a next-gen antivirus product called SentinelOne. We had deployed that on all PCs and servers. When ThreatLocker came up, it was so valuable and thorough, that we replaced SentinelOne with ThreatLocker across the board.

In the initial deployment, which I did completely, it was a little difficult to understand how the policies and the rules interact together, at first. But it's a complicated subject, so it took a while for us to grasp all of it. And it took even longer to grasp the finer points of it. But they have very good training and their support is absolutely unparalleled, just great. I've never waited longer than a minute for somebody to get online.

ThreatLocker is a cloud solution. We install it on the local machines but it reports back to the portal, which is in the cloud. As a deployment model, that's perfectly fine. It's very easy to roll out. We use a little piece of software called PDQ Deploy and we can push it out to all machines at once. We can also use our RMM solution, which is ConnectWise, to push it out. It's very easy.

Once I understood it a little, I brought on two techs and they sat with me while we did deployments. Periodically, if I have figured out a different way to do rules, we do in-house training where I show my guys what I'm doing and why I'm doing it, and we document it and write down the steps. Now, those guys know how to install ThreatLocker and deploy it.

It doesn't really require any maintenance. Every now and then we have an agent that's not phoning home, but not often.

I did it myself but had help from Colin Ellis who works for ThreatLocker. He helped us take everything out of Learning Mode and make sure that there was nothing malicious that we were missing that might be allowed to run. He is one of the smartest guys I have ever met.

We have very much seen a return on our investment. We have been around as a company for a long time, for fourteen years. And it was really only recently that we figured out what we were worth and what we should be charging. But it's very hard to go back to a customer that you've had for many years and say, "Hey,  you've been paying $45 a month for a long time and we're now charging $120 a month. 

However, if we can come in and say, "Look, this is the best tool on the market for keeping you safe, and we feel so strongly about it that we insist that you install it or we just can't work with you anymore." We were able to charge another $25 to $30 a month for that product. We had to explain exactly what it did and how it worked, but we were able to significantly increase our recurring revenue by adding that product because the pricing is reasonable and, when you present it correctly to the customer, it is so valuable that you can charge another $25 to $30 a month, per machine.

I saw the value in it before we deployed it, from the very first presentation I saw about it. I was intrigued enough that I went to the booth, once we were on break at the trade show, and started talking to people there. It was just obvious what its value was going to be. It really does allow me to sleep, in every sense of the word.

It felt as if we were in a losing battle, and then ThreatLocker came along and it
felt like we had a chance. As an industry, we're up against nation-states. All of us as little MSPs are up against people who have endless resources and money and who are either sponsored by their governments or organized crime.

The pricing works fine for me. It's very reasonably priced.

We do have other antivirus products running at the same time. We have Webroot and, in some cases, we have Windows Defender running at the same time. But ThreatLocker just catches everything so we don't have to worry about antivirus signatures being up to date.

We also evaluate other products all the time. Komodo was one as well as something from Trend Micro.

It was obvious, right from the get-go, that ThreatLocker was the most efficient and effective way to stop malware from running. The thing that makes ThreatLocker different and better than all other Zero Trust solutions that I've ever heard of—and I've never tried another one, but I've heard the horror stories —happens in the beginning by turning on Learning Mode and letting that run for three to four weeks. That means that when you turn ThreatLocker on by taking it out of Learning Mode, all of the things that have been running during that time are whitelisted and they're allowed to run.

In the olden days, when you turned on Zero Trust, it blocked everything. And then we had what we used to call the "scream test." We would wait for people to start screaming and then go wherever the screaming was, figure out what was being blocked, and unblock it. But that was horrible because even if you unblocked one file, that one file might be trying to call two or three other files to run and make that software work. And if you don't whitelist those too, you still get problems. So that's the upside of Learning Mode. ThreatLocker takes that initial pain completely out of the equation.

In terms of reducing help desk tickets, at first, it's something of a wash. When you first install ThreatLocker and make it active after a certain time in Learning Mode, the tickets are going to go up because people are going to have software, over the next 60 days or so, that they can't run because it didn't happen to run during the Learning Mode period. So for the first 45 to 60 days, we probably had a small increase in tickets because we had to whitelist things. But since then, it has been significantly better. Once we got all the rules sorted out so that people could do whatever work they need to do, and we still keep them protected, we had very little background noise. There is a ticket increase at first, which is normal and expected. There's no way that you're going to turn this on and have everything be perfect every time. But after that, the tickets go down significantly.

Every now and then, we'll get a call from someone who has gotten a phishing email, and they're suspicious of it. They'll call us and ask us to look at it. But the great thing is that if you get a malicious email and you try to run something, ThreatLocker is not going to let it do anything. It is not going to let anything infect your network.

If somebody takes a look at ThreatLocker and doesn't understand what it can do for them, I don't know if that person should be in the IT business. It sounds like I'm sitting here worshiping at the altar of ThreatLocker, but that's not entirely true. There might be other solutions out there that are similar. I know that there are other Zero Trust solutions, but there's no compelling reason for me to move anywhere else.

They just do a great job across the board. When I merged my company with another company, that company had been playing around with ThreatLocker but had never turned it on. They didn't understand how it worked. They tried turning it on internally and it blew up a bunch of stuff but that was because they didn't follow the instructions. 

When we merged the companies, I was very adamant about this: "Guys, you need to put this piece of software on every PC that you manage—every single one. I simply explained to the one guy who was complaining about it, because he was the one who had turned it on before he had figured out how to whitelist things first, that there was a way to get around the issue that you have. And once you get past that issue, it's really great.

One last point: There is a feature, Elevation Control, that we're only using for one of our clients, but it works so well. It's fabulous, just wonderful.

I have an advantage over many other people and that is that I live 20 minutes away from ThreatLocker's corporate office. I'm fortunate enough to know Danny Jenkins (CEO), his brother, and several other people who are high up in the company. I visited them at their old office, and I went over on opening day and visited their new office. 

I can walk in there and see how the people are working and I can also see the morale of the people who are working there. To everybody who walks in there, it looks like a fun environment to work in. It's a scary business to be in and yet I see people walking around smiling and saying to me, "Hey. How are you?" You don't see any evidence of people stressed out and working in a job that they didn't like. Probably the best thing that I can say about the leadership at ThreatLocker is that they put their people first.

Their training is very good. They treat their people very well and that makes those people want to help customers and MSPs. It's a very well-run business.

I would rate ThreatLocker at 11 out of 10.

Users submit applications for installation, and I typically review them, granting or denying access as needed. While the volume isn't high, ThreatLocker Protect provides significant peace of mind knowing users aren't installing unauthorized or malicious software. Our biggest challenge has been user errors causing support requests. To address this, I've implemented rules for applications frequently used in daily operations. It's had a learning curve, but the effectiveness has been noticeable.

Making approval or denial decisions on requests is pretty straightforward for me. I haven't encountered any problems. However, I can see how it might be a bit confusing for less technical users. Things like allowing hashes and understanding all the terminology could be stumbling blocks. Still, I believe anyone with a few months to a year of IT experience would find it manageable. And of course, I was able to grasp it myself.

While allowlisting can help verify specific access requests, it doesn't guarantee overall trust as requests can still originate from compromised sources. In my experience, the zero trust model has proven the most effective approach. Its principle of "never trust, always verify" minimizes risk by scrutinizing every access, regardless of origin. We haven't encountered any security breaches with clients who implemented it, suggesting its efficacy. While antivirus remains a valuable layer of defense, I believe the zero trust framework, particularly in conjunction with ThreatLocker, offers the most robust security posture we've encountered. Thankfully, we haven't experienced any issues with this combination so far.

ThreatLocker Protect provides us with peace of mind. It's a game-changer. With it in place, we can be confident that employees are only using authorized applications, minimizing surprises and freeing up our time for other aspects of our work. We used to spend significant time dealing with malware, but that burden has been greatly reduced. Peace of mind is truly the main benefit.

Allowlisting has significantly reduced the number of tickets we receive from compromised accounts. It's eliminated them. However, we still get tickets from users who are confused about the new process, need things approved, or are feeling impatient. While the volume has decreased, these legitimate tickets related to access limitations are still present. Ultimately, we believe this trade-off is worth it for the sake of enhanced security. This is what we communicated to the team.

Implementing an allowlist has not only freed up our help desk staff for other projects but also aligns with my preference for approved application lists on both mobile devices and computers. This approach ensures smooth operation with minimal complications, and a positive outcome overall.

We utilize allowlisting alongside other security measures, with ThreatLocker as an additional layer. This choice stems from the absence of other comprehensive endpoint protection solutions, ensuring ThreatLocker doesn't overlap with existing safeguards. Therefore, it complements our antivirus for all users.

It initially took a couple of months for us to fully appreciate the benefits of ThreatLocker. While we put our people in learning mode for approximately a week to understand normal system processes, it wasn't until the lack of suspicious activity became evident that we truly recognized the impact. This doesn't diminish the importance of our existing security measures, including sound user guidance, phishing training, and other protocols that discourage risky behavior and minimize software installation needs. In essence, it took some time for the benefits of ThreatLocker to become fully apparent due to the effectiveness of our pre-existing security practices.

When new files arrive and people mention they've been tested twice in the virtual environment, I like to double-check for potential malware by scanning them on VirusTotal and other antivirus platforms. This adds an extra layer of security, which is especially helpful when I'm unsure about approving a file and research doesn't provide clear answers. The sandbox functionality is fantastic. It bolsters my confidence considerably, as it can reveal suspicious behavior like registry modifications even if initial scans are inconclusive. Overall, these features have been game-changers for me.

The current process for viewing software approval requests from end users has room for improvement. While it's generally functional, some users find it confusing. This can be due to either unfamiliarity with the process, unexpected appearance of the request window, or lack of clear instructions. Additionally, the notification box might not be sufficiently noticeable, as some users have reported missing it entirely.

Adding applications to the allowlist can sometimes feel overwhelming. The numerous fields, coupled with navigating the unfamiliar portal, can be daunting, especially on our first attempt. Even with explanations, recalling the necessary information and understanding the required actions for file inclusion can be tricky. I believe the initial learning curve for allowlisting is relatively steep. However, once mastered, it proves to be a valuable tool. My main concern lies with the initial learning hurdle.

I have been using ThreatLocker Protect for around four months.

ThreatLocker Protect has been mostly stable over the past six months. We did experience a single outage that lasted a day, which was disruptive due to pending approvals. However, this has been the only major incident in that timeframe, suggesting overall good stability.

ThreatLocker scales well and has been successfully deployed on all our required devices. We offer it as part of a premium package, but due to its higher cost, adoption among our clients is currently limited. Nevertheless, it meets our scalability needs effectively.

The implementation was relatively straightforward. We developed components or scripts for deployment to devices, avoiding major complications. Furthermore, we have a remote management tool in place for efficient installation.

Installing on everyone's machines is a fairly quick process, typically taking an hour with online devices. While it doesn't require much time, we recently spent two hours on calls with someone to guide us through it. This was because our previous setup, done by someone else in the company, had some errors. We've rectified them now, but it meant changing a few things. Overall, deployment should be smooth and swift, requiring two people and around an hour if all the devices are online.

The implementation was completed internally by our team. Given our extensive experience deploying vulnerability scanners for assessments, this process was relatively straightforward.

I would rate ThreatLocker Protect a seven out of ten. The learning curve is quite steep, especially for those without extensive IT experience. I found it challenging to master and had to rely on my team for guidance on several occasions. Even my manager isn't completely comfortable with it yet. However, once we overcome the initial hurdle, it truly shines.

ThreatLocker requires minimal maintenance, except for one recent instance where we reviewed its configuration. While it's designed to automatically update on user machines, I noticed some devices hadn't yet received the latest version. I manually initiated the update for these devices. The cause of the delay is unclear, though the devices are online, so it might be a network issue.

Ensure all future ThreatLocker users are thoroughly briefed on its functionality. We've encountered surprises among some users regarding the approval requirement for new activities. To avoid such issues, we recommend comprehensive pre-deployment communication, outlining ThreatLocker's purpose, features, and approval process.

We use ThreatLocker Allowlisting for application whitelisting, and zero trust. We utilize the elevation portion to allow access without us having to grant it on an individual basis. We also utilize the Ringfencing portion of the solution to block and protect things that normally we don't want to occur, or could occur on a normal basis.

We didn't have a solution for this specific security feature or package. So we added ThreatLocker Allowlisting 3 yrs ago when we realized that we need to step up our game with cybersecurity nowadays.

ThreatLocker does something different than our other tools, so we kept our antivirus and other protection. We changed tools over time, but not because of ThreatLocker; it sits on top of all of that and provides the security we're looking for.

With ThreatLocker Allowlisting, training is key. If we properly train our staff and go through product training, knowledge bases, and learning processes, it is relatively easy to approve or deny requests. Without this training, we would be lost, as the product is too powerful to guess at. I have a standing appointment with Cyber Heroes every Tuesday at ten am for an hour, where we go through any issues I see, seek help or advice, and approve or deny requests. This also allows us to take a look at our environment as a whole, and make any necessary fixes, modifications, or improvements for our clients. By doing this, we can get to know the product and ensure we use it properly, leading to successful results.

The visibility into software approval requests is straightforward due to the presence of an approval center. We can view all the necessary approvals for our clients in one place. Additionally, we receive an email that creates a ticket in our ticketing system, allowing us to track and follow up on it. This provides us with two locations to manage the process, making it easy to keep track of.

By default, Allowlisting is built-in with Ringfencing, so we would need to take action to turn it off. Ringfencing is enabled for all the major items we would want it for. We can make systems more secure by taking additional steps if desired. Out of the box, Ringfencing is enabled for all the potentially dangerous items that could cause problems if not monitored.

The combination of Allowlisting and Ringfencing helps us block unknown threats and attacks. For example, we allow this application to run, which is fine, but it may try to do something we don't want it to do. By Ringfencing it, we can stop the application from doing anything other than what we intend. We can also prevent other applications from being spawned by previously approved applications. By doing this, we create a container and compartmentalize the application to prevent it from doing anything outside of our intentions.

I believe that ThreatLocker Allowlisting has distinguished us from other MSPs and has allowed us to provide our clients with genuine security in a time when there is no reliable solution for security due to the constant presence of zero-day threats. This is the way we can anticipate a zero-day attack and have the means to prevent it if it does occur, which is what gives me peace of mind.

We have recently (Q 2 & 3 of 2024) are implementing across all of our environments Network Access Control (NAC).  NAC has dramatically improved our endpoint firewall control.  This reduced the access to endpoint to a Zero-trust level.   

We still have some work to do, as we need to approve everything. Once things calm down, Allowlisting will help reduce our organization's help desk tickets. We don't want small changes to be made that we don't plan for. Allowlisting is the best way to set our clients up. Allowlisting requires some effort upfront to get it working the way we want it, but once it's set, Allowlisting will do the work for us.

Allowlisting, once is settled does not add any additional labor or time on our help desk staff.

Since ThreatLocker combined four solutions into one, we saved a significant amount on implementation costs.

When all of these features are combined, we have a strong product. If any of these features were to be used as a standalone product, it would be largely ineffective. However, ThreatLocker Allowlisting has all of these features integrated into one console, making it effective. Without this combination, I would need to use four different products to achieve the same result. The combination of integrated features is the reason why ThreatLocker AllowListing is so powerful.

We are an MSP. One of the benefits of this product is that we can monitor our clients' activities beyond just removing the software. Even if they don't have military privileges, we can still keep track of what is happening in their environment, such as file access, application installation, or network access. We can see what they are doing, and we can allow the activities that they are supposed to be doing and prevent them from doing activities that could be harmful to them or us. This enables us to have a lower cost of management for our clients, which would otherwise require more effort.

We identified several areas that we would like to see improved. We submitted these as feature requests and ThreatLocker has acknowledged them. They are in the process of being implemented and many of them have been completed in the past year and a half, which we are delighted about. For example, I had been asking for the ability to copy a policy for a few months, and then it suddenly became available. This saves us a lot of time because if we set something up for one client, we don't have to do all the work again for another client; we can just copy it.

I have been using the solution for 3 yrs

ThreatLocker pushes the boundaries of technology while also integrating well with the core of the operating system. So far, we have not had any problems, so I would say it is quite stable.

ThreatLocker Allowlisting is highly scalable. We currently have thousands of endpoints on it and could easily have ten times more. There is no limit to ThreatLocker Allowlisting scalability.

The technical support is excellent. I appreciate when a solution has great tech support because I don't have time to spend trying to figure out an issue that needs to be fixed quickly. I don't want to have to talk to someone who doesn't know what they're doing when I reach out to them; they usually resolve the issue within minutes. We can contact them by phone, email, or text and submit a ticket, and they will provide an answer promptly. The technical support is truly remarkable.

Positive

The initial setup is straightforward. I was fully involved in the initial setup for my company and in getting ThreatLocker running. We then passed it on to our certified and knowledgeable techs, who can now do it. When we initially rolled out and deployed, we wanted to make sure we were monitoring ThreatLocker closely. 

ThreatLocker has lots of documentation and explanations on how to deploy it. I strongly recommend using their free concierge service with Cyber Hero to guide you step by step. This eliminates the need for you to figure it out on your own. Their professionals will help you deploy properly and successfully. This is one of the great benefits of this company and product, as they want us to be successful with their product.

The deployment was done primarily myself with a script and we deployed two thousand endpoints over a three to six-month period. 

Our deployment covers approximately fifty companies in multiple countries, with multiple sites across those companies. Some of the companies have more than two hundred endpoints.

The implementation was completed in-house.

There is certainly a return on investment due to the increased control we have over our clients' environments and the peace of mind it provides us and them. ThreatLocker is an additional layer of protection that surpasses our standard security measures.

The price is very reasonable, and we have been able to integrate ThreatLocker with all of our clients. We do not offer it as an option for only some of our clients; it is a standard feature for all of our clients. One of the reasons for this is that the pricing is quite reasonable considering all that ThreatLocker offers.

I attended several conferences and viewed numerous demonstrations, and I found ThreatLocker to be particularly impressive. I was very impressed with the features and product design, which showed that a great deal of thought had gone into it. I believe ThreatLocker is quite advanced in comparison to some of the other products on the market, which are more established but have yet to achieve what ThreatLocker can already do.

I give the solution a ten out of ten.

With any product of this type, we should always maintain ThreatLocker Allowlisting. The more we maintain it, the more successful it will be and the more secure our environment will be. Maintenance should become part of our normal routine to manage our environments.

Potential users should take the time to work with Cyber Heroes in deploying ThreatLocker AllowListing, learning how to use it, and managing it. They will be very pleased with the results. They should not attempt to do this alone; it is not something they should have to do on their own, given the services ThreatLocker provides.

It's a solution for software whitelisting. It blocks applications from running. If there is any DLL or something else running on your computer, the admin or admins of the service get an alert. If an end-user is trying to install something that has been blocked by the organization, the admins get alerted.

We can sleep easier knowing viruses aren't installing things, employees aren't installing things, and nothing is running without someone getting an alert and having eyes on it and approving it.

Ringfencing is a great feature. There is grainy clarity. You can get down into the Ringfencing where you can either completely ring-fence something or you can manually choose what you want it to reach out to. The combination of Allowlisting with Ringfencing for blocking unknown threats and attacks is a great combination because you want to allow the software, but then you, as an admin, are not aware of what every piece of software does. So, you wanna start off being strict and just allow the application, but you would want to ring-fence it in case it beacons out to the internet or goes over ports that you don't think it should be traversing across. That's ringfencing, and it blocks that, but then when the end-user reaches back and says that a part of this software isn't working as it should be, then you can get into that granularity where you can look at the ringfencing policy. You can adjust the ringfencing policy from the strictest to allowing certain parts.

Establishing trust for every access request, no matter where it comes from, is a wonderful thing, and it's needed, but it can hinder and slow down. It adds steps for the end-users because they can't just go wild and install whatever they want, but ultimately, that's one of the main reasons why we invested in ThreatLocker and why we love it because it actually works as they say it should.

In terms of Allowlisting helping us reduce our organization’s help desk tickets, it's twofold because if we didn't have this, we would be getting tons of help desk tickets about bad things happening in the company because people are allowed to install whatever they want. They could be watching Twitch, YouTube, etc. They could be installing video games, which in itself would then create tons of help desk tickets for us. On the other hand, anytime someone wants to install something, we would get a help desk ticket for it. So, either way, we'd be getting help desk tickets, but at least the help desk tickets that we're getting for ThreatLocker are the type we want because now we know we're safe and secure and we're ahead of the curve for safety. Instead of being a reactive help desk ticket where you install something, and your computer is broken, now it's more proactive where you raise a ticket to install something, and your computer is not infected. We don't have to spend hours reimaging, tracking things down, being a victim of ransomware, etc.

Allowlisting has helped to free up help desk staff for other projects because now, we can allow elevation, and we can allow the approvals from an admin through it. We don't have to send people physically to go to a person's desk to do installations or set up online meetings with them to share out where we can assist with the installs. It has freed up time for the help desk staff.

Allowlisting has helped to consolidate applications and tools. We now get to see what everyone is trying to install, and we can find out why people are installing a particular application when another one has already been approved to do the same type of thing. Previously, we didn't know about that. One of the big ones would be SolidWorks. A lot of people have looked at three applications for drawing, and when we see that coming through for a request, we can suggest and ask them what about SolidWorks, and then they use that.

Feature-wise, the learning mode and the fact that it's blocking everything are the most valuable. I don't see why more companies don't use the type of product.

I like how it blocks everything. The learning mode is another feature that I like. It operates in the learning mode in the beginning. When you first get it set up in your environment, you don't want every computer to not be able to work and not be able to run the normal fresh install of Windows or other operating systems, so when we first got it set up, we were able to put it into learning mode, which was wonderful. The learning mode is a great feature they have where the computer allows everything and just learns about your typical environment and then makes a good baseline from there.

The idea that it can block everything is wonderful because, in our company, we have to follow the cybersecurity requirements of the Department of Defense. They have very strict guidelines. This software helps us meet and cross off the many cybersecurity checklists for the environment, especially for software installs and what's allowed to run in our environment. That's one of the greatest features.

Its graphical user interface is very intuitive. It's very well laid out and detailed, and it's very easy to find things. I don't have anything to suggest to them in that regard. I've made other suggestions to their company for some features, but for the way its interface is or for proving things or how to use it, I've had no suggestions.

A great thing is that you have to be their customer, but with no extra add-on, you can have access to their ThreatLocker university, where you can learn and watch videos on how to do everything.

Another great thing is that they have online cyber heroes, and I have never created a ticket and waited more than five minutes until a live person was on my check. They're immediately able to get into my tenant. They can set up a Zoom call and share their screen and show me exactly what I'm missing or where to go.

You need to have ThreatLocker agent software on every client or every computer that you want to be protected by the ThreatLocker Allowlisting application. If you have a thousand computers with ThreatLocker agents on them, when you approve or create a new policy saying that Adobe Reader that matches this hashtag and meets certain criteria is allowed to be installed, it applies at the top level or the organization level. It applies to every computer in the company. When you make that new policy and push it out and it goes out and updates all of the clients. Unfortunately, at this time, it does not look like they stagger the push-out. If your company only has a 100-megabytes internet line and you send out that update of 1 megabyte to a thousand computers, because it's sending that out to a thousand at the same time, you're using up a thousand megabytes right there. So, you could saturate your network. We have suggested they stagger it. If the system sees that there are a thousand computers, it should just try to send out to a hundred, and after that's completed, send out to the next hundred. That way, it's not saturating your network.

Other than that, feature-wise, it's a great solid product. I have not come up with anything that they should do. Even when I thought I had an issue, they showed me that I have to look here to adjust that setting. For example, when you first join a computer, it automatically puts that computer in learning mode. You can set the time for how long it automatically stays in the mode. I believe the default setting was a month or something like that, and we thought that was too long. Their cyber heroes helped me find the area to adjust that. They already had the solution for that. I just wasn't aware of it.

We have been using it since September 2021.

The part that can cause bandwidth issues is one of the only things where I see companies not going with them, but they probably wouldn't know that until they finally get to use the product. That would be the only downfall to it.

It grows with your company, and it learns with your company. It's very good with scalability. They're always pushing updates. It's learning all the newest software that comes out. It's picking up. I'd rate it a 10 out of 10 in terms of scalability.

It's required on every computer and every server in our company nationwide. We're pretty small. Our computer count is 225. We have 120 users, but we have servers. Some people have multiple computers. We have lab computers. We have computers that are just stationary set up to 3D printers. Every computer has to have it. That's why we have more computers than employees.

Their support is phenomenal. I rarely say that about customer support. We all have had our nightmares with certain customer support scenarios, but I've not run into any issues with ThreatLocker. They are one of the best. I've been in this industry for over eighteen years. Not just in this industry, but also as a person, you deal with customer service everywhere you go, such as McDonald's, Target, Comcast, Verizon, etc. ThreatLocker support is one of the best I've ever experienced. I'd rate them a 10 out of 10.

Positive

We didn't use a similar solution before. The closest solution we ever used was to whitelist the internet. So, you cannot go out to any website unless you've requested it, and it has been approved. Once we approve it, anyone can go to that website. We used a proxy for our internet traffic.

I personally don't physically deploy it. It gets pushed out by our software center. Any new computer gets the client installed, and then that client with API package and everything else reaches back to and joins our tenant, and then we see it in the dashboard. My role is to make sure that every new machine has it. I am the admin for our company for ThreatLocker. I do audits on what the system sees as how many computers we have connected to ThreatLocker, and make sure that I'm deleting any computer that was removed from our domain. If any new computer joins, I have to make sure that it does register in ThreatLocker because sometimes, because of an internal networking error or something else, computers get the client, but it doesn't beacon out and get associated with our tenant. So, I have to do that.

Its implementation was very quick. Once we got it, it took maybe a week to work with the team to get everything staged. When it was first introduced, we left our computers in learning mode for several months, which is highly recommended. That's how we worked with ThreatLocker support and how they helped us get it all set up. After six months of learning our environment in terms of what's normal, what's allowed, and what they shouldn't block, the keys were handed over. We were told that this is our baseline and to go from there.

Its maintenance includes receiving updates on a new package. I also audit it because even though employees see a request pop up, not every employee would click on it because they won't know. So, I still need to audit. For example, a bad virus wants to run on Bill's computer. Bill will see a ThreatLocker popup saying this thing is trying to run. A lot of times, end-users think that they didn't run anything, so they just hit cancel, and I won't get alerted for that. So, I do have to physically go into the audit. Often, I look and just pull up an audit since the last time to see everything that got blocked. I go through it, and I still look for anything that was malicious because we still have to be aware of that so that we can take action.

The other part that I have to do maintenance on is just making sure that the license count is correct, and that the number of computers that the user interface says are registered is similar to what we have. I go in there and make sure that there are truly that many.

We have seen an ROI. Knowing that ransomware or viruses have been stopped and can't process, the savings pay for it.

Its time to value was within one week. In the first week, we got to see what was getting blocked. It was very eye-opening to see what was happening on all the computers with the processes that we were trying to run or install. It was definitely within the first week.

Considering what this product does, ThreatLocker is very well-priced, if not too nicely priced for the customer.

I know my manager did evaluate other options. I don't recall which products were looked at, but their features were very similar. Their price was extremely high, especially compared to ThreatLocker. 

Before you buy, you need to educate your employees and let them know this is adding a safety step to the process of installing software. You also need to be prepared because if the admin isn't around, then you're going to slow down. The person is not going to be able to install the software. That is something you do need to be aware of.

It's extremely easy for an admin to approve or deny requests using Allowlisting. The only caveat to that is that because of the way that ThreatLocker is set up and how minutely you can dive down into a software install, there could be issues with some pieces of software. For example, I approve of you installing Adobe Reader. If you run that install from your desktop, and I approve it, there's a certain way to say I want it to approve this exact installation. What that means is that I approve it for that one person. If someone else tries to run that exact same install package, but it, for example, is not from the desktop and is from a shared drive or from a USB, because of that one tiny change, it will technically get blocked. To some people, it's a little confusing. If you understand how the system works, it's easy. You can use a wildcard to say this install package can be installed from any location. So, when you learn those little tips and tricks, it gets a whole lot easier, but in the very beginning, if you're fresh getting into this, or it was thrown in your lap and you were told that you're the administrator for ThreatLocker, it can be a little confusing. The great thing is that ThreatLocker has something called the install mode. Basically, you're putting a computer in a mode for a temporary amount of time, which the admin can control. When a computer is put into the install mode, ThreatLocker won't block anything. You can go ahead and run any executable. It'll allow the installation, and it'll apply it to that application or policy name that you wanna apply it to. If you're doing it for Adobe, you could add it to the Adobe Reader policy. So, it's very easy. Even if you had any issues, their support is phenomenal.

Overall, I'd rate ThreatLocker Allowlisting a 9 out of 10.

Our clients require a zero-trust solution for their servers. They need to ensure that nothing happens to the server without authorization — nothing comes in, goes out, or gets corrupted. We put ThreatLocker on the server to block anything that attempts to run without permission. We use ThreatLocker across our whole platform. We continue to pound the table on how great it is and tell our customers that they need it. It is currently deployed for multiple MSP and MSSP clients on their servers and workstations. 

I don't know if ThreatLocker has improved the organization itself, but it has prevented a few clients from doing the dumbest things possible. Our clients are sleeping better at night. I was at dinner with a rep from ThreatLocker when my client accidentally fell for a scam and contacted a fake number for Apple support. She got a message saying that her IP had been stolen. She tried to let them access the system, but ThreatLocker wouldn't allow anything to load. My phone blew up with alerts. 

Meanwhile, my client called, asking me to give "Apple Support" access. I told her to hang up because her IP couldn't be stolen. She was arguing about fake support, and I told her to Google "Stolen IP address scam." She looked it up and realized it was fake, so she hung up with him. She was mad at me for a bit but apologized the next day. If she didn't have ThreatLocker, they would be holding her files for ransom, or she would be leaking data.

It hasn't reduced our help desk tickets so far, and this is something they warn you about. They told us that it was going to be messy in the beginning. They didn't beat around the bush. They said we should expect some dust when we break ground. There will be dust and dirt everywhere, and we'll track it in many places. However, we will clean it up, put some sod down, and make it look beautiful. Until then, the house will be muddy. We expected some pain initially, which is why they do weekly calls with us until we get it to run correctly.

They provide fast access to Cyber Hero support, so they can help you at the drop of a hat. They also put a secure app on your phone to approve things on the fly if the clients are trying to do an update over the weekend. ThreatLocker provides everything you need to get the plane off the ground, and it flies well. Sometimes, clients get annoyed because they can't access something, but I tell them it's a necessary evil. 

I tell them that their network is like flying on a plane. I say, "I know that you want TSA precheck and to be right at the front of the line, but your network doesn't have that. You didn't pay for it with the government." I point out that their security is more important than speed and access. We don't live in a fast-network world anymore. Everything has to be checked and double-checked.

I think it will free up help desk staff after we get past the initial stage, but the clients need to be trained the same way they do with emails. They need to understand that we won't blindly allow anything to work on their network. We will look at it first and ensure everything is how it should be. Finally, we will let it in, but everything will be ring-fenced or limited once it's in. We won't run that program until we figure out how to do that. If my clients are expecting an update, they can't keep that information to themselves. They need to let me know so we can arrange an upgrade time, and I can provide them with a window. We'll run it with some restrictions to ensure they're okay. 

Allowlisting hasn't enabled us to consolidate tools. It's another tool in the toolbox, and everything has its place. After the Colonial Pipeline cyber attack, the president issued an executive order requiring zero trust. ThreatLocker fills that gap. You still have other blind spots, though. We need an email security solution and network monitoring to identify suspicious devices on our network searching for a vulnerability. You can't have ThreatLocker on everything. You can't have it on a printer or a specific firewall, but you can have it on an operating system. There are other blind spots that require attention.

Using ThreatLocker is effortless because I can access it from an app on my phone, so I can help clients after hours. My client had an issue while I was at dinner, and I didn't have a tech on the problem, but I could deal with it from my phone. I can see what the client is doing and approve or deny it. It helps me deliver better service to my clients when they need it.  

ThreatLocker also has a service where one of their techs can call you on Zoom and go through anything denied for the last week. They will train you until you feel comfortable enough to do it yourself. I've dealt with one of their techs from the UK, who was knowledgeable, friendly, and an excellent teacher.

I only needed about six or seven sessions before I didn't need him anymore, but the training didn't stop. They continue to train until you can handle each client request, see what was blocked, and determine why. You can understand why something was blocked and how to dive deeply into it. You can also click "Chat With a Cyber Hero," and somebody will help. It has been a wonderful experience overall. 

We typically use ThreatLocker with ring-fencing when requested. You only ring-fence applications. For example, Microsoft Office doesn't ever need to open PowerShell. It will get flagged automatically if that happens. We know what programs should and should not have access to. The printer should never open an FTP port. Allowlisting automatically sets those policies and says this device has printing functions but can't access an FTP port. 

Allowlisting establishes trust for every access request regardless of origin. In light of new regulations about zero trust, compliance issues, and litigation risks, we must be careful about what gets out and what doesn't get out. Ring-fencing and zero-trust strategies are two ways to do that. We have to run applications, but we don't want them to do anything except what we want. We get the best of both worlds. An application doesn't run if we don't know what it does, and necessary applications will only run with specific rules.

ThreatLocker could offer more flexible training, like online or offline classes after hours. The fact that they even provide weekly training makes it seem silly to suggest, but some people can't do it during the day, so they want to train after work. They could also start a podcast about issues they see frequently and what requires attention. A podcast would be helpful to keep us all apprised about what's going on and/or offline training for those people who can't train during the week.

I have used ThreatLocker since July 2022.

ThreatLocker is highly stable.

ThreatLocker has been very scalable so far. 

I rate ThreatLocker support ten out of ten.  Everyone else should follow their support model. ThreatLocker has a built-in help desk feature. It's one of the best I've seen. An icon in the bottom right corner says "Chat With a Cyber Hero." When I first clicked on it, someone responded in eight seconds. I was like, "Holy cow, that's fast!" They've solved every issue in under five minutes. 

Positive

We rolled out Allowlisting from their portal and then deployed it on servers and critical workstations. It was straightforward and reassuring. We have Kaseya, and we didn't know if we had been affected by the breach. ThreatLocker was there with boots on the ground on a Saturday to help us get secure. They reassured us everything was okay. 

Using ThreatLocker has made us look like real players in the security space. That's a huge deal. You have a seat at the table when you look like a real player. You see value in everything they do. You understand the program and can see what they're pre-populating it with. You can get training from a Cyber Hero almost immediately. 

Most importantly, you can get weekly training to teach you along the way. You can stop and pick it up whenever you need. They are that good. I'm going to have some of my other techs go through the training so everybody can be trained to do a ThreatLocker assessment.

Others say ThreatLocker is too expensive, and I tell them they're dreaming. It's well-priced for what it does.

Before adopting ThreatLocker, we didn't even know this type of solution existed. We were affected by the Kaseya ransomware attack and forced to shut our server down. We were scared, so we called up ThreatLocker and asked if they could help us. 

They asked to get into our server and see if we were hit. They also looked at the program agent mod to help other people who were impacted. They dropped everything to work with me on a Saturday. Who does that?  

I rate ThreatLocker AllowListing 11.5 out of 10. It's one of the best products on the market, and every MSP needs it because of the zero-trust rules imposed by the executive order. The product does what it says, and the support is fantastic. The training is excellent. They take care of you. You'll know what's happening, and your client will sleep better at night.

In this industry, companies often promise they will help you when you run into trouble. However, they aren't there more often than not. For example, Microsoft tested its software in the beginning and put out a beta version. When they release a new operating system, everyone knows is the beta version, and we're all beta testers. We have to be the ones to tell Microsoft about our issues through the built-in error reporting, and we don't want to report it to Microsoft because we know they won't do anything with it.

We know that they no longer take it seriously. They let us do their work as testers for their beta product. It's refreshing to deal with a product like ThreatLocker where I get support in eight seconds. As soon as I open the chat, they're there typing away. When I start a chat with AT&T, Spectrum, or any of those, I get a message saying, "Support will be with you momentarily." You see the three little dots don't move, and you need to wait five to twenty minutes to get support. ThreatLocker puts out a great product backed up with excellent support and training. What else do you need?