ThreatLocker Zero Trust Platform Reviews

My main use cases for ThreatLocker Zero Trust Endpoint Protection Platform are to manage shadow IT and to prevent the issue of not being able to restrict downloads.

The feature I prefer most about ThreatLocker Zero Trust Endpoint Protection Platform is the Ring Fencing.

Ring Fencing is important because most of the clients I deal with don't have any control over what their employees are doing, and they're downloading and exposing themselves. Shadow IT exists extensively, and this feature helps prevent that.

I have found the allow listing feature of ThreatLocker Zero Trust Endpoint Protection Platform to be quite good. I appreciate that it takes the time to learn the client prior to putting it into secure mode, which helps eliminate the back and forth at the beginning of the relationship with the client.

I have used the Ring Fencing feature, and thankfully, I haven't had any issues with it. It has been straightforward and works well.

I find the health score to be one of the new features I was examining, and I appreciate that it can show people the different scores that they have as a company once everything is installed. This allows them to see many things they didn't even know they had on their computers.

Using the DAC dashboard to identify which security and configuration settings need fixing has been excellent and very insightful.

I believe ThreatLocker Zero Trust Endpoint Protection Platform could be improved with a mobile version, as many clients work off their phones, downloading all kinds of things on their mobile devices. We currently can only protect the workstation versus the actual mobile device.

I have been using ThreatLocker Zero Trust Endpoint Protection Platform for about a year and a half.

I haven't experienced any downtime, crashes, or performance issues with ThreatLocker Zero Trust Endpoint Protection Platform. Everything has been excellent.

ThreatLocker Zero Trust Endpoint Protection Platform scales very smoothly with our growing needs, and my account representative has been very helpful with no complaints at all.

I evaluate the customer service and technical support as great. We have cadence calls, and anytime I have any questions, they help me out very quickly. I would rate the customer service a ten out of ten.

I was not using or working with another product before using ThreatLocker Zero Trust Endpoint Protection Platform. Nothing did what ThreatLocker does.

ThreatLocker Zero Trust Endpoint Protection Platform has helped my company and my clients' companies save on operational costs and expenses. I would estimate we have saved at least thirty to forty percent.

The pricing, setup costs, and licensing of the solution seem quite good. The pricing is not prohibitive, and for the value we're getting, I think it's good.

By using ThreatLocker Zero Trust Endpoint Protection Platform, I haven't consolidated any other tools.

The efficiency of the real-time threat intelligence and category controls employed by Web Control in blocking malicious and non-compliant sites is excellent and fast. The cyber heroes are very quick to answer when I need any help.

My experience with ThreatLocker Zero Trust Endpoint Protection Platform has been very positive overall. I would give this solution a rating of ten out of ten.

Currently, we are utilizing application control with ThreatLocker Zero Trust Endpoint Protection Platform to control what our employees are able to access, but we do plan on moving further into the storage control piece.

We are already seeing some curtailing of shadow IT applications and optimizing the approval process for new applications with ThreatLocker Zero Trust Endpoint Protection Platform.

The biggest thing that we have seen with ThreatLocker Zero Trust Endpoint Protection Platform is the ability to identify applications that employees have not brought before IT or information security to ensure it is an approved application.

We have not really utilized the network control aspect of ThreatLocker Zero Trust Endpoint Protection Platform at this time.

We do not really utilize the real-time threat intelligence and category controls employed by web control in ThreatLocker Zero Trust Endpoint Protection Platform at this time.

ThreatLocker Zero Trust Endpoint Protection Platform allows a lot more control to prevent malware attacks that are trying to identify themselves as different things utilizing the ring fencing capabilities, as well as catching any non-IT approved applications that come through.

The greatest feature that I appreciate about ThreatLocker Zero Trust Endpoint Protection Platform is the unified audit; there is just one screen that I go to where I am able to see everything I need, apply the filters that I require, and see it all.

ThreatLocker Zero Trust Endpoint Protection Platform allows me to go in and see what has been blocked recently, make sure that there is not anything malicious in the field, or that nothing is impacting the day-to-day needs of our employees.

We have used the ring fencing feature with ThreatLocker Zero Trust Endpoint Protection Platform; it has been very handy in basically locking down the access range that our authorized applications have and keeping things where they need to be.

It is very easy to manage the allow-listing feature of ThreatLocker Zero Trust Endpoint Protection Platform; it makes it much easier to look at everything and confirm that I know what that program is and what that application is so I can let it run, versus having to go through a giant list and try to remember what something is called based on file names. This is definitely very user-friendly.

At this point, I have not found anything about ThreatLocker Zero Trust Endpoint Protection Platform that really needs improvement.

Maybe the documentation for ThreatLocker Zero Trust Endpoint Protection Platform could be enhanced, but it would be a minor improvement.

We have been using ThreatLocker Zero Trust Endpoint Protection Platform for about three months.

ThreatLocker Zero Trust Endpoint Protection Platform is stable; we have had zero issues in terms of getting into it, operating it, or making or saving any changes that we have ever needed to make. It is also very quick.

So far, we have had no issues with the scalability of ThreatLocker Zero Trust Endpoint Protection Platform; it has been able to expand and the group and customization we get out of it is quite impressive.

We have not really needed to utilize customer support at this time for ThreatLocker Zero Trust Endpoint Protection Platform; the implementation team and support from that avenue has been more than sufficient for us to keep things up and running and functional.

We did not previously use a different solution with ThreatLocker Zero Trust Endpoint Protection Platform. We did not really evaluate any other options before choosing ThreatLocker Zero Trust Endpoint Protection Platform; we were able to witness a demo and see it in action at a conference at one point and it really intrigued us. We arranged for more of a live demo on our side along with some implementation and review, and it just fit all the needs that we had.

Keep the cadence of the implementation meetings when looking into using ThreatLocker Zero Trust Endpoint Protection Platform; they are your greatest resource in getting things onboarded and everything set up. That is really the key piece. Without our implementation team, it would not be going nearly as smoothly as it does. Give yourself time as well. It is not something that can happen quickly, especially if you have a complex array of systems that touch a lot of different things. Make sure that you do not go too secure too quickly.

With the capabilities and the power that were behind ThreatLocker Zero Trust Endpoint Protection Platform, it came in at a much lower number than what we expected, and the team that helped us get it all lined out was quick, efficient, and very informative.

We are not expecting immediate returns at this time, but we are expecting to see some good returns in terms of risk being brought down due to the fact that malicious software will not be able to be run and shadow IT applications will not be done as well.

At this time, we have not consolidated anything with ThreatLocker Zero Trust Endpoint Protection Platform, but the plan is to consolidate our USB tool management to prevent unauthorized USB devices on the network.

We have not run into too many situations that required workarounds; we have mostly been reviewing the blocked items and selecting the ones that we need to get enabled. This is because we are still in the early implementation phase.

I would rate ThreatLocker Zero Trust Endpoint Protection Platform a 10 overall.

Essentially, ThreatLocker Zero Trust Endpoint Protection Platform is super easy to use, very informative, and it does everything quickly and easily.

Public Cloud

Amazon Web Services (AWS)

My main use cases for ThreatLocker Zero Trust Endpoint Protection Platform include Elevation Control, application whitelisting, and Storage Control.

The feature I like the most in ThreatLocker Zero Trust Endpoint Protection Platform is the application control, as we have many users that have their own opinions on what they should run, and it is good to be able to deny by default.

By using ThreatLocker Zero Trust Endpoint Protection Platform, our company has been able to eliminate or consolidate security tools, such as BeyondTrust PAM, and we removed USB-Lock software by adopting ThreatLocker.

ThreatLocker Zero Trust Endpoint Protection Platform scales well with the growing needs of our company, and when we expand it to all 500-odd practices, the learning mode will make it scale and work really well. It has been smooth so far, and our solutions engineer is always on hand and is really good.

I would like them to focus on integrating with our SIEM tools.

I have been using ThreatLocker Zero Trust Endpoint Protection Platform for about nine months.

I have not experienced any issues, crashes, or downtimes with the stability and reliability of the platform. The speed of deploying policies and the user receiving the notification that the application request has been approved is really quick.

My experience with customer service and technical support is positive as they are always responsive. We have taken products in the past where it has been an extra thing that you pay for, whereas our solutions engineer or whoever it is, is always there, ready to speak to us and will jump on a call in an instant, which has been really good. I would rate the customer service and technical support a 10.

Positive

Prior to adopting ThreatLocker, I was using BeyondTrust PAM and USB-Lock software.

I believe ThreatLocker Zero Trust Endpoint Protection Platform will save our company on operational costs and expenses in the long run with time and manpower, and it will be invaluable if it does stop that one breach that could happen.

My experience with the pricing, setup cost, and licensing of ThreatLocker Zero Trust Endpoint Protection Platform is that it replaced some tools, making it seem more competitive value-wise, but it is the flagship tool doing what it does, which means it is quite expensive.

We looked at a couple of other solutions in the evaluation process, but I cannot think of anything that did everything that ThreatLocker does, so there was not really a comparison.

I assess the Elevation feature's role in facilitating just-in-time administrative access for approved applications as really good because a lot of dental software is legacy and written before people cared about security in IT, so it requires being run as admin or it will not work unless the user is admin on the machine. Therefore, it is really good to elevate just the application rather than having everybody at the practice be an admin.

My thoughts on the Storage Control feature in ThreatLocker Zero Trust Endpoint Protection Platform when it comes to enforcing policy-driven access over various storage devices are that we get patient scans, x-rays, and dental notes from other practices or from NHS emergency appointments on USBs and CDs. I would personally love to block and ban all of them, but we cannot, so being able to whitelist by file type or by user group is good.

My impression of the allowlisting feature in ThreatLocker Zero Trust Endpoint Protection Platform in managing which software, scripts, and libraries run on our devices is that there is an initial learning curve, but once you get your head around how it works, it is fairly simple. At the beginning, the learning mode does most of the heavy lifting for you, but when you get to a monthly update that is outside of the learning mode and you have to go back in and do it yourself, I found it difficult to begin with, but now that I have done it a few times, it is really simple.

In regards to the ringfencing feature in ThreatLocker Zero Trust Endpoint Protection Platform, I do not feel like we have used much of that. If it is happening in the background, it is great. I think there was something to do with a user running PowerShell to connect to Azure, which we knew was happening, but it was good to get sight of who did it.

We have not gotten to the Network Control feature stage yet. I have only been using the product for nine months, so we have not gotten around to the DAC Dashboard yet. There are some reds on there. Web Control is not something that we took.

For ThreatLocker Zero Trust Endpoint Protection Platform, I cannot think of any feature improvements that I would like them to add in their next release because for what we use it for at the moment, it is great. I would rate this review a 10.

My main use case for ThreatLocker Zero Trust Endpoint Protection Platform is to secure the server.

A specific example of how I use ThreatLocker Zero Trust Endpoint Protection Platform to secure my server is that nobody can install any application without my permission, which is helpful.

I use ThreatLocker Zero Trust Endpoint Protection Platform by installing it on every server to monitor it from the portal, where I can grant access if an application needs to be installed or deny it if it does not. This approach is helpful for us.

In my opinion, the best features that ThreatLocker Zero Trust Endpoint Protection Platform offers are that it is a zero trust solution that will not trust any application until I give access and will not install a single application without my permission. This is valuable because if any viruses attack my server, it stops them, making it very helpful to prevent ransomware attacks.

ThreatLocker Zero Trust Endpoint Protection Platform has positively impacted my organization by ensuring that as soon as we implement it on the server, new employees or new colleagues cannot install anything without our permission.

It has reduced the number of unauthorized software installations.

ThreatLocker Zero Trust Endpoint Protection Platform can be improved by providing admin rights that allow us to manage it from the server by providing some token IDs or any kind of OTP if someone has rights and is on leave. This would be helpful so we do not need to wait for someone or for admin rights; they can easily generate the OTP, and then we can use it.

I have been using ThreatLocker Zero Trust Endpoint Protection Platform for about four years.

I do not have any issues with the stability of ThreatLocker Zero Trust Endpoint Protection Platform.

ThreatLocker Zero Trust Endpoint Protection Platform is definitely scalable and can grow with my organization easily.

Customer support has been awesome; I can reach them by email, and they give me a response very quickly.

We were using McAfee as well, and we replaced it with ThreatLocker Zero Trust Endpoint Protection Platform.

We decided to consolidate those tools because ThreatLocker Zero Trust Endpoint Protection Platform provides EDR, which aligns with the zero trust model.

ThreatLocker Zero Trust Endpoint Protection Platform is deployed in my organization using multiple methods, such as on-premises and hybrid cloud.

The cloud provider I use for my deployment is Microsoft Azure.

My experience with pricing, setup cost, and licensing for ThreatLocker Zero Trust Endpoint Protection Platform is good because it has a nominal price.

I would say ThreatLocker Zero Trust Endpoint Protection Platform offers good value for money because if you are pursuing security, you should consider ThreatLocker Zero Trust Endpoint Protection Platform. Money is saved because it is not costly, and I would suggest it for other companies. I would definitely recommend it to new companies if I had the opportunity.

As soon as someone tries to install an application, ThreatLocker Zero Trust Endpoint Protection Platform quarantines and denies it, blocking it effectively, which is helpful.

It is helpful for us to find out which application is being blocked or which user is trying to install something using the DAC dashboard, as it is clear and helpful.

We have not used the storage control feature for enforcing policy-driven access over various storage devices because we are using Wasabi storage.

I would advise someone that if they need a zero trust platform, they can switch to ThreatLocker Zero Trust Endpoint Protection Platform.

My impression of the allow-listing feature in ThreatLocker Zero Trust Endpoint Protection Platform is that we can add the application .exe file or the path so it will not block useful applications, such as the call recording application, track applications, and sometimes the Wasabi cloud platform.

I already explained why we are switching to ThreatLocker Zero Trust Endpoint Protection Platform; it gives quick resolution and quick action. I would rate this review a 10.

Hybrid Cloud

Microsoft Azure

It's for Application Control and Elevation requests, so just locking down computers.

The application allowlisting feature of ThreatLocker Zero Trust Endpoint Protection Platform has been the most valuable to us, so Application Control.

The application allowlisting feature prevents random software from running. If a user clicks a link or downloads something malicious or potentially an unwanted program that could give away sensitive information or is inappropriate for them to have on their computer, it just prevents it from even running in the first place.

The Ringfencing feature of ThreatLocker Zero Trust Endpoint Protection Platform stops applications from being able to open up other applications and do things beyond what they were controlled to do. A great example is with PowerShell scripts or web browsers opening up a command prompt or something. It stops all of that.

We do use the Elevation Control feature of ThreatLocker Zero Trust Endpoint Protection Platform. That allows us to create a policy. If we know that a user needs to be able to install a program themselves or update a program themselves, we can give them the rights to do that without having to get a hold of IT. The Elevation Control, even for a brand new user on a brand new computer, if they have the policy, they can install it without having to contact IT as well. Then we can get rid of local admin, even on the IT side, so we are not running around as local admins ourselves.

The Just-in-Time administrative access feature of ThreatLocker Zero Trust Endpoint Protection Platform is a great way to have it work. It only works for running the application it has been approved for, and it just gives them the permission to run it with those elevated permissions. Then there's a built-in expiration, so either the user has to request it again or rerun the program. They don't just keep the admin rights.

Now that we've been learning a lot more about what all the other modules of ThreatLocker Zero Trust Endpoint Protection Platform can do, the modules we don't have right now could be eliminated and help us consolidate costs and tooling. So we are considering it, but we're in the middle of contracts, we just got it, and we're just getting used to it. So we're not at that stage yet.

The allowlisting feature of ThreatLocker Zero Trust Endpoint Protection Platform is really good. It's very, very strict. So in some ways, it can be frustrating because you have to explicitly allow each individual thing. Some applications are actually five applications in one, so each little component you have to allow. There has been some friction with the end-users and ourselves just trying to use our computers. But that level of control and granularity really increases my confidence that this is keeping us safe.

I've been using ThreatLocker Zero Trust Endpoint Protection Platform for about six months.

ThreatLocker Zero Trust Endpoint Protection Platform has been really stable. I haven't noticed any issues.

ThreatLocker Zero Trust Endpoint Protection Platform scales pretty well with the growing needs of my company. We rolled it out division by division, group by group, so it was pretty smooth on that end.

ThreatLocker Zero Trust Endpoint Protection Platform's customer service and technical support has been pretty solid.

Positive

It is the first solution of this kind that I'm using.

I'm not in purchasing or managing contracts. From the setup side, ThreatLocker Zero Trust Endpoint Protection Platform rolled out pretty smooth, as smooth as blocking people from running a bunch of applications can go. You get a lot of users complaining that things aren't working, but it turns out they were just using some weird browsers or apps they maybe shouldn't have been. So I don't have too much sympathy for those complaints, but there was a flood of tickets for support, and it was hands-on. But I would say ThreatLocker themselves, onboarding us, were very hands-on.

There have been tons of meetings, and they still meet with us regularly.

We do not use the Network Control feature of ThreatLocker Zero Trust Endpoint Protection Platform. We don't have that.

We have not used the Storage Control feature of ThreatLocker Zero Trust Endpoint Protection Platform. It's not a module we have.

We have peeked into the DAC dashboard. We have the Configuration Manager, but we have not fully deployed all of that. I get a monthly and weekly report on configurations, but we haven't deep-dived into it and started cleaning up some of that.

The only thing we do with Web Control is the browser add-ons. We are not using ThreatLocker Zero Trust Endpoint Protection Platform to filter web traffic.

I would like a feature in the next release of ThreatLocker Zero Trust Endpoint Protection Platform, but I don't know because of a lot of the modules we don't have. So maybe what I'm asking for is a module we would just need to add.

If we were going to consolidate tools, we would want to get ThreatLocker Detect, and then we would need the Network Control so you could lock down the network. If you detect a virus or something malicious actually happening on the computer, you can lock it down just using ThreatLocker. But we don't have that. We're not set up to do that yet. We have other things that do that at this time. So we're not necessarily missing that feature, but if I was going to consolidate, I would want to make sure ThreatLocker Zero Trust Endpoint Protection Platform could do that.

I would give ThreatLocker Zero Trust Endpoint Protection Platform a rating of nine out of ten. I would consider, from the start, figuring out how much you want ThreatLocker Zero Trust Endpoint Protection Platform to do for you because I think it could really take over a lot of security functionality in our company. But between renewals and contract length terms when we picked up ThreatLocker Zero Trust Endpoint Protection Platform, it kind of fell in between all of that, and we could have maybe really optimized our costs and deployment. But also, there is something to be said because of how complicated it is, how much it can do, and how much there is to master about it. Doing a more limited Application Control, Ringfencing, Elevation Control, and then slowly expanding as you learn and become more comfortable with it, there is some value to be said there.

My use case for ThreatLocker Zero Trust Endpoint Protection Platform involves monitoring about 2,000 endpoints as an MSP, using it as the default deny on the workstations to prevent malicious applications from being downloaded and run.

My favorite features about ThreatLocker Zero Trust Endpoint Protection Platform are that it gives us so much specific control, especially in application policy creation. The ability to make policies for just a single user, a single computer, a work group, or however wide or narrow I want it to be allows me to narrow in on precisely what I need.

ThreatLocker Zero Trust Endpoint Protection Platform benefits my company by allowing us to be preventative instead of being retroactive or reactive. Instead of having thousands of untrained or minimally trained users downloading and running whatever they come across, things that are already allowed go through, and things that need to be vetted can be looked at before they get run.

To improve ThreatLocker Zero Trust Endpoint Protection Platform, I think the biggest addition would be to ThreatLocker University. Training has been our biggest hurdle, and getting people on board or having active integration with modules that maybe we don't have access to would help. We don't use the web control or the network control, but having a sandbox to get an idea of what they could do for us would not only potentially lead us to purchasing more of the suite, but it would make us more confident in our ability to train those using it.

I have been using ThreatLocker Zero Trust Endpoint Protection Platform for about six months.

I have experienced no downtime, crashes, or performance issues with ThreatLocker Zero Trust Endpoint Protection Platform. It has always been operational, with no issues with maintenance or anything of that nature. It has always been available to us.

ThreatLocker Zero Trust Endpoint Protection Platform scales very well with the growing needs of my company. We have been expanding usage, and it has been very easy. As an MSP, our child organizations are increasing constantly, and onboarding or offboarding has been very easy to get new devices and endpoints into the fold.

I evaluate the customer service and technical support as very helpful. The Cyber Hero and the support online have been great. I have not used it very much personally, but people that I work with have had need for it. Whenever they have a question, by the time I get there, Cyber Hero is already chatting with them and helping them through their issue.

Positive

Prior to adopting ThreatLocker Zero Trust Endpoint Protection Platform, we were overlapping in our use of Huntress. It was not exactly the same thing, but it was in a similar vein. We use that now more for just training purposes rather than monitoring or getting ahead of potential threats.

I purchase ThreatLocker Zero Trust Endpoint Protection Platform directly from ThreatLocker.

My impression of the solution's allowlisting feature is that it is a powerful tool, but it requires either considerable practice or training to get it right because you can set it up so specifically, and it is then also susceptible to making a mistake, having to re-allow something on a different person's computer when I really wanted it on everybody's. This comes down to training and experience, and it has its pitfalls, but it has been positive.

I have used the ringfencing feature with ThreatLocker Zero Trust Endpoint Protection Platform. I assess the impact of the ringfencing feature on controlling the behavior of approved applications as very positive. We had a specific user who had to run software through a storage device, and we were able to use the ringfencing feature to allow that specific storage to run that specific program and interact with nothing else. It was an older program that had to be from a CD, so we were able to use the ringfencing to allow it through instead of having to approve it every time it came in.

Regarding the storage control feature when it comes to enforcing policy-driven access across various storage devices, we have found it to be very positive. We only have the restrictions for specific customers, so much of it is just the default deny to read and write off of the admin or the C shares. When it is enforced, we have seen it make protections against people who obtained something they should not have and possibly something personal, tried to connect it, and it disallows them from being able to run that.

It is very easy to identify which security and configuration settings need fixing using the DAC Dashboard. The DAC Dashboard shows what is out of date or what is misaligned, and it gives you the specific ones that need changing, so I am not going through looking for it manually. It does a good job of gathering what it already can find, and then I can make the adjustments if I see fit.

I rate this solution an 8 overall.

We have been using the solution for about five years now. We started shortly after our company was acquired by an ISP that was looking for a managed services provider solution. I was looking at our stack and deciding which one would answer the pressing questions, which usually involved cyber insurance questions, such as if we have application whitelisting. I happened to call ThreatLocker and fell in love with the offerings. At the time, it had application control, ringfencing, and elevation. They have, of course, advanced their platform a lot since then.

The biggest benefit is application whitelisting. We have customers who have a set of products that they expect their users to use, and we have the ability to enforce that policy by restricting them from adding additional software on their own. It helps reduce the risk of the shadow IT type of solutions being brought in by users who think they know better or do not realize the risks.

In the beginning, it was almost an augmentation to antivirus, but now, antivirus is almost an augmentation to Zero Trust. If the applications do not run, the antivirus does not have to block them, so the antivirus is almost the second layer. With the layered protection approach, it is one of our key layers at the endpoint to keep the endpoint from running ransomware or unknown software packages.

A number of times, we have had customers who did not see the need for it until the first time we called them and said, "Hey, did you realize so-and-so wants to run this application?" and they went, "Why would they be doing that?" The ability for us to let the end-users or customers know the things going on in their environment and to stop attacks dead in their tracks has been great. We have seen it multiple times where a bad actor would have gotten a whole lot further along if they had been able to run the software they wanted to. ThreatLocker stopped that.

It is not hard to use, but it also depends on the customer base that you are working with. It can be a challenge to educate the end user and the customer with regard to why this is the right answer. A lot of times, if you have customers who have older applications, custom-written applications, and things like that, dealing with updates and dealing with changes can be time-consuming. It is not hard. None of it is particularly difficult, but it can be a bit of a draw on time.

We have been able to do consolidation primarily in the antivirus realm. Because of the fact that the applications are never allowed to run, we have been able to reduce some of our costs by not having to go to top-line AVs. We can go to Windows Defender, which is a good antivirus, but it is not centrally-managed SentinelOne or something like that. We have been able to see some big advantages in cutting back. Some of the other tools do not have to carry the heavy load. ThreatLocker carries a heavier load of protection.

I do not know if it has helped our organization save on operational costs or expenses. It has to be manned by people. We are not using the functionality where ThreatLocker Cyber Heroes respond to the tickets. Instead of hiring two people, if we let ThreatLocker manage that, we would see some definite advantages cost-wise.

It is priceless in its ability to block access to unauthorized applications. We have had everything from attacks on financial institutions to shutdown holds where the attacker was about to exfiltrate four years of data, but the PowerShell script was still sitting on the screen, unable to run because ThreatLocker blocked it. It is well worth it.

It has helped reduce help desk tickets because we get a lot fewer situations where end users are running software that they should not be and are causing conflicts with the business protection software. There are a lot fewer situations where someone is compromising the machine.

We run on a very lean team, and we have been able to maintain that status reasonably well because, with ThreatLocker, we do not have to chase things that cannot happen.

All the features are very useful. The biggest one that we focus on is the application control with ringfencing. That combination is very beneficial. We have had some recent benefits. Especially with the elevation functionality, we could remove the local admin requirement for applications that constantly required us to make users local admins on their machines. We take that risk away with elevation control, where we can elevate applications that need elevation instead of all of them. 

Their product is solid. I have a hard time complaining much about it because when we do find little things, they are usually interface-related or related to things that would be nice to have. Their idea portal, unlike so many other vendors we deal with, shows movement. At least four to eight features of ThreatLocker exist because I made a request in the last five years, and it became a feature of the actual product. When it comes to improvements, we moved the product as customers, and we got to move the product by making suggestions. They seem to be very reactive to it, so there is not a whole lot that they actively need to change right now. It is one of those situations where when we run into something that would be nice to have, it happens. They make it work.

We have used the solution for about five years.

The product is highly stable. Obviously, as they add features, every once in a while, there is something that catches us off guard, and we will have to get support. They have the answers right then and there. As a result, it has never been something that has brought us down. We have never had a customer who is down because ThreatLocker is not working. By the nature of what it does, it could be a big problem for a customer, but we have never had it. It has been stable. For five years, we have not had a problem. Customers cannot do what they want to be able to do within reason, and we have never had ThreatLocker be the cause of that.

The solution is very scalable. We started with just our office, and now we have over 3,000 endpoints on it. It scales up very easily. Once again, cloud deployment of the agents and everything else makes it very easy to add new computers to it. It is literally a matter of buying licenses, and it does not seem to care how big our environment is for the most part. The product just handles it.

Their support is world-class. You cannot beat ThreatLocker support. I started a request at eleven at night, and someone started to chat within 30 seconds to a minute. They can easily go to Zoom for conferences and have conversations. Their answers are usually immediate, and if not, it is because they have to go to the engineering team for answers or solutions. If it is an actual feature problem or something like that, it is very fast. We have said more than once that if all of our vendors would act and support us like ThreatLocker does, we would be happy. It would be a perfect world. I would rate them a ten out of ten.

Positive

This is the first time we have done application whitelisting. We brought it in about five years ago looking for an application whitelisting solution, so it was the start of our experience.

We use our own RMM solution for deployment. The setup was definitely easy. Tech support provided us with the scripts and resources needed to push it. It is all pushed from PowerShell scripts, and that downloads straight from ThreatLocker, so we do not have to ever be on-site to do anything. When we are offboarding customers, it is just as easy. We can turn off the self-defense in ThreatLocker and run scripts to uninstall it. Generally, there is no on-premises requirement for it. From an MSP standpoint, it is truly cloud-managed.

We contacted ThreatLocker directly.

From the reputation capability or the ability to show customers that we are doing what we say we do, the return on investment is immense. We also have customers who are frustrated because they cannot do what they used to do, which was run anything they wanted to. However, the first time we save them from something that would have been really bad had we not been there, that instantly changes.

We have not had any real issues with the pricing. As they have added more features, due to the way our contracts are structured with our customers, we have had to hold off on adopting the new features because they do add costs. We have to be able to price them into our contracts. That has probably been our biggest challenge. Once we are in with a customer for one to three years on a contract, bringing in those new features at an additional cost is a challenge. 

We are moving towards the Unified solution, where they basically bundle everything together, providing us better stability with the ability to bring in new product offerings without having to go back to the customer and say, "This is going to cost you."

We looked at a few others. A customer we had many years ago had brought a solution that I helped them with to some degree. I do not remember the name of it, as it was fifteen years ago. It was one of the early ones and was a management nightmare. The amount of effort and work it took to make it work and keep it working was a lot. Compared to that, ThreatLocker is amazing.

Overall, I would rate it a solid nine out of ten. It is a complex solution if you are like me and do not necessarily want to call for help frequently. They have help available all the time and will walk you through the process of setting it up if you are trying to figure it out on your own. That is not going away, in my opinion. It is not really a bash against it; it is just a fact about ThreatLocker Zero Trust Endpoint Protection Platform.

Public Cloud

Other

We use it as an endpoint protection solution. It pretty much sits on all of our devices. We manage the app control piece through it. 

We use it for elevation requests. Worldwide, we have set Zero Trust, so people need to elevate through applications. We do not want to give them an admin account on the machine, but we need these applications to run with administrator privileges. That is the piece we leverage the most.

The greatest benefit is the ease. The mobile app is great. I get requests in the portal, and I can allow or reject them, and it works almost instantly, getting teams up and running within 60 seconds. That is the best part. We can train global teams in a half-hour meeting. We are able to break down all their permissions. It is done in a few seconds. We are happy with it.

Elevation control has been second to none for us. It has been amazing. We switched off the last product we were using. We did not have a great experience with them, but we have had a great experience with ThreatLocker Zero Trust Endpoint Protection Platform.

We have eliminated our original endpoint app. We will look into consolidating some of the other tools that our Information Security team uses, but at the moment, it is a replacement; it has not cut any other apps out of our environment. We have already started exploring different ways to eliminate or at least add to our security posture. Specifically, we are targeting the storage control and deeper application control with ringfencing and things like that. We have had lots of demos from ThreatLocker. They are always very good about giving demos on the spot. Thanks to Blaine and Jesse for that.

ThreatLocker Zero Trust Endpoint Protection Platform is fantastic at blocking access to unauthorized applications. With our old product, we had so many issues with policies being all over the place. It was not very intuitive, and the product could not even update itself. ThreatLocker has broken it down in terms of how exactly it is run and the science behind it all. That education and their knowledge base have helped us with understanding. It has been a fantastic platform. It has been in our environment for a relatively short period of time. It has been fantastic so far, and I am hoping that it continues to prove itself.

ThreatLocker Zero Trust Endpoint Protection Platform has not helped to reduce help desk tickets, but it has streamlined them. Instead of guessing what the user needs, the elevation requests pretty much tell you the properties or the paths of what needs to run. That may introduce more tickets, but it is so much faster that it outweighs that aspect.

ThreatLocker Zero Trust Endpoint Protection Platform has expedited our ticket resolution. Although we are getting more tickets, we are plowing through a lot faster. We can see them in the console. People no longer have to reach out to us. People can create an elevation request for the entire organization. They could go to the console and see it there and do it themselves. It makes things so much easier. It has been awesome.

ThreatLocker Zero Trust Endpoint Protection Platform allows us to see what the user needs immediately and simply hit the Go or Approve button. We can set the rules we want. Our last solution was trial and error. It would take me up to an hour and a half sometimes to get the rules working exactly the way I wanted, whereas, with ThreatLocker, it is already all there for me. I can even break down and specify exactly what I want or drill down even more. 

In a day, it saves us one to two hours a day depending on what is being elevated and what people need. This time saving is significant for our technicians. The overall savings could be two to three days. We get overtime, but that is still a lot of work. ThreatLocker has been amazing at saving us time. 

We use it most heavily for elevation control, blocking and giving rights only to certain people or devices, and not allowing the rest to access the software. Elevation control has been second to none for me.

It is super easy to use. We could train a team in 30 minutes. If you are in it relatively often, it becomes second nature. The reduction in attack surfaces comes down to the elevation approval. If an app cannot be elevated or run as an administrator, it is not running at all. That is the key part there. It helps ensure that people are not running something that they are not supposed to. It is very trustworthy. It was socialized pretty quickly within our company. It was very quick.

ThreatLocker’s support has been second to none.

Better visualizations of what exactly is happening in our logs would be helpful. There can be more visuals on what has been elevated. Presenting this in a more refined manner would be beneficial. 

One area that needs improvement is the hierarchy of permissions. Sometimes ThreatLocker's built-in elevations or apps overtake, leading to conflicts.

I have used the solution for six months in total, with it being in production for three months.

It is super stable. I have not had any issues yet. Knock on wood. It has been great.

It is simple. As long as you have the licenses, you can scale as far as you like. We scaled it in three months to the entire organization. It is very scalable and fast, reaching 4,000 computers in three months, which is pretty nice.

Cyber Heroes are awesome. I can open a chat with them and probably get my question answered within a few minutes. If they need to elevate, they can, or we have our meetings with our contact, Blaine, every two weeks. Those meetings are for higher-level topics, but he is very easy to work with.

Any time I have had to put in a ticket, it has been worked on within the same day or the next hour. This support ranks at the top of all the different software I use.

Positive

We used CyberArk. It would not update itself and was causing blue screens. It even blocked emails and did other unwanted actions. We had it set up to do the bare minimum, and it would sometimes do vastly different things that we did not want it to do. That was one issue.

The updates were blocked, so we could not uninstall it for machines. The dashboard was outdated. Even with a switch to a cloud solution, it was not intuitive. In this age, it is insane to have a console that is not intuitive and looks out of date. It is probably an out-of-date software, and that definitely reflected in our experience.

The initial setup was extremely easy. I did a lot of the packaging and deployment. Once deployed, it shows up in the console within five to ten minutes whenever the machine checks in. No matter where you are in the world, it just works.

We used Access IT. They have always been great. They are super easy to work with. They streamlined the whole process and got us on board quickly.

ThreatLocker is a little cheaper than our last app, and we could continue to save money as we utilize its other aspects. It is doing so much more for our company, which is amazing. Adding more features and eliminating others could save even more and provide more proven value. It has saved us about 25,000 a year.

We have been using it only for about six months. It has only been in production for three months, but we have been testing it for six months. It is a short time, but it has already saved us so much time.

The pricing is pretty fair, considering other solutions. Licensing-wise, it did not take long. The only long piece was the legal lease. Other than that, the only thing that held us up was the holidays. It was more on our end than on their end. The cost structure and everything else seemed very fair and well laid out.

We evaluated BeyondTrust and a smaller company. BeyondTrust’s presentation ran on Windows 7, whereas in 2024, we were on Windows 11. That was an issue for us. 

A significant issue with the other solution was that the UAC prompts were not working anymore. You had to use their software, which pretty much gave up administrators' ability to elevate when needed.

I would rate ThreatLocker Zero Trust Endpoint Protection Platform a ten out of ten.

Hybrid Cloud

Other