ThreatLocker Zero Trust Platform Reviews

We use it as an endpoint protection solution. It pretty much sits on all of our devices. We manage the app control piece through it. 

We use it for elevation requests. Worldwide, we have set Zero Trust, so people need to elevate through applications. We do not want to give them an admin account on the machine, but we need these applications to run with administrator privileges. That is the piece we leverage the most.

The greatest benefit is the ease. The mobile app is great. I get requests in the portal, and I can allow or reject them, and it works almost instantly, getting teams up and running within 60 seconds. That is the best part. We can train global teams in a half-hour meeting. We are able to break down all their permissions. It is done in a few seconds. We are happy with it.

Elevation control has been second to none for us. It has been amazing. We switched off the last product we were using. We did not have a great experience with them, but we have had a great experience with ThreatLocker Zero Trust Endpoint Protection Platform.

We have eliminated our original endpoint app. We will look into consolidating some of the other tools that our Information Security team uses, but at the moment, it is a replacement; it has not cut any other apps out of our environment. We have already started exploring different ways to eliminate or at least add to our security posture. Specifically, we are targeting the storage control and deeper application control with ringfencing and things like that. We have had lots of demos from ThreatLocker. They are always very good about giving demos on the spot. Thanks to Blaine and Jesse for that.

ThreatLocker Zero Trust Endpoint Protection Platform is fantastic at blocking access to unauthorized applications. With our old product, we had so many issues with policies being all over the place. It was not very intuitive, and the product could not even update itself. ThreatLocker has broken it down in terms of how exactly it is run and the science behind it all. That education and their knowledge base have helped us with understanding. It has been a fantastic platform. It has been in our environment for a relatively short period of time. It has been fantastic so far, and I am hoping that it continues to prove itself.

ThreatLocker Zero Trust Endpoint Protection Platform has not helped to reduce help desk tickets, but it has streamlined them. Instead of guessing what the user needs, the elevation requests pretty much tell you the properties or the paths of what needs to run. That may introduce more tickets, but it is so much faster that it outweighs that aspect.

ThreatLocker Zero Trust Endpoint Protection Platform has expedited our ticket resolution. Although we are getting more tickets, we are plowing through a lot faster. We can see them in the console. People no longer have to reach out to us. People can create an elevation request for the entire organization. They could go to the console and see it there and do it themselves. It makes things so much easier. It has been awesome.

ThreatLocker Zero Trust Endpoint Protection Platform allows us to see what the user needs immediately and simply hit the Go or Approve button. We can set the rules we want. Our last solution was trial and error. It would take me up to an hour and a half sometimes to get the rules working exactly the way I wanted, whereas, with ThreatLocker, it is already all there for me. I can even break down and specify exactly what I want or drill down even more. 

In a day, it saves us one to two hours a day depending on what is being elevated and what people need. This time saving is significant for our technicians. The overall savings could be two to three days. We get overtime, but that is still a lot of work. ThreatLocker has been amazing at saving us time. 

We use it most heavily for elevation control, blocking and giving rights only to certain people or devices, and not allowing the rest to access the software. Elevation control has been second to none for me.

It is super easy to use. We could train a team in 30 minutes. If you are in it relatively often, it becomes second nature. The reduction in attack surfaces comes down to the elevation approval. If an app cannot be elevated or run as an administrator, it is not running at all. That is the key part there. It helps ensure that people are not running something that they are not supposed to. It is very trustworthy. It was socialized pretty quickly within our company. It was very quick.

ThreatLocker’s support has been second to none.

Better visualizations of what exactly is happening in our logs would be helpful. There can be more visuals on what has been elevated. Presenting this in a more refined manner would be beneficial. 

One area that needs improvement is the hierarchy of permissions. Sometimes ThreatLocker's built-in elevations or apps overtake, leading to conflicts.

I have used the solution for six months in total, with it being in production for three months.

It is super stable. I have not had any issues yet. Knock on wood. It has been great.

It is simple. As long as you have the licenses, you can scale as far as you like. We scaled it in three months to the entire organization. It is very scalable and fast, reaching 4,000 computers in three months, which is pretty nice.

Cyber Heroes are awesome. I can open a chat with them and probably get my question answered within a few minutes. If they need to elevate, they can, or we have our meetings with our contact, Blaine, every two weeks. Those meetings are for higher-level topics, but he is very easy to work with.

Any time I have had to put in a ticket, it has been worked on within the same day or the next hour. This support ranks at the top of all the different software I use.

We used CyberArk. It would not update itself and was causing blue screens. It even blocked emails and did other unwanted actions. We had it set up to do the bare minimum, and it would sometimes do vastly different things that we did not want it to do. That was one issue.

The updates were blocked, so we could not uninstall it for machines. The dashboard was outdated. Even with a switch to a cloud solution, it was not intuitive. In this age, it is insane to have a console that is not intuitive and looks out of date. It is probably an out-of-date software, and that definitely reflected in our experience.

The initial setup was extremely easy. I did a lot of the packaging and deployment. Once deployed, it shows up in the console within five to ten minutes whenever the machine checks in. No matter where you are in the world, it just works.

We used Access IT. They have always been great. They are super easy to work with. They streamlined the whole process and got us on board quickly.

ThreatLocker is a little cheaper than our last app, and we could continue to save money as we utilize its other aspects. It is doing so much more for our company, which is amazing. Adding more features and eliminating others could save even more and provide more proven value. It has saved us about 25,000 a year.

We have been using it only for about six months. It has only been in production for three months, but we have been testing it for six months. It is a short time, but it has already saved us so much time.

The pricing is pretty fair, considering other solutions. Licensing-wise, it did not take long. The only long piece was the legal lease. Other than that, the only thing that held us up was the holidays. It was more on our end than on their end. The cost structure and everything else seemed very fair and well laid out.

We evaluated BeyondTrust and a smaller company. BeyondTrust’s presentation ran on Windows 7, whereas in 2024, we were on Windows 11. That was an issue for us. 

A significant issue with the other solution was that the UAC prompts were not working anymore. You had to use their software, which pretty much gave up administrators' ability to elevate when needed.

I would rate ThreatLocker Zero Trust Endpoint Protection Platform a ten out of ten.

My main use case for ThreatLocker Zero Trust Endpoint Protection Platform is to block unwanted software that we have. There are a lot of randomness that people have on their laptops, so we get control over that and make sure they are not doing what they are not supposed to be doing.

My favorite feature of ThreatLocker Zero Trust Endpoint Protection Platform is the approval to elevate a system for an amount of time, which is a nice feature. We can say, 'Hey, we're going to let you elevate this, so if you need to run something you can do that,' without having to have any kind of in-between for IT.

The feature benefits our company by saving us time at the end of the day. If it is something that we know that they can install on their own, it is something that we do not have to worry about. We can just have them do it on their own and save us time. Overall, I am not exactly sure how much time it has been saving with ThreatLocker Zero Trust Endpoint Protection Platform, but it could save up to an hour of time by scheduling meetings to get availability and have it installed.

My impression of ThreatLocker Zero Trust Endpoint Protection Platform's Allowlisting feature in terms of managing which software, scripts, and libraries run on our devices is that it makes it easier overall to have it in a place where you can go and see it all. It is just easier for IT.

We do use the Elevation Control feature. My assessment of the Elevation Control feature's role in facilitating just-in-time administrative access for approved applications is that it is good. If there are things that we know that are safe to have, we can save ourselves time by just having them go out and install it on their own. It definitely makes it easier on us.

We have used the Ringfencing feature of ThreatLocker Zero Trust Endpoint Protection Platform, though I have not personally used it yet. I am still kind of getting into it.

We have partially used the Web Control feature of ThreatLocker Zero Trust Endpoint Protection Platform. Once we got it, we went through and blocked the extensions. There were a lot of random third-party extensions people had installed on their browsers, so we did a full block on all extensions and made people come ask about what extensions they need.

I think the efficiency of the real-time threat intelligence and category controls employed by Web Control in blocking malicious and non-compliant elements has done its job. It is good to see what they have and what they can request, and we can dig down and see what the actual extension is doing and determine if it is good or not.

I have been using ThreatLocker Zero Trust Endpoint Protection Platform for a couple of months now, probably about six to eight months. So not too long.

The stability of ThreatLocker Zero Trust Endpoint Protection Platform has been good. I have not experienced any downtime, crashes, or performance issues. Most of the issues we have had have been on our side, such as internet-based issues. Connection and everything else has been good.

The scalability of ThreatLocker Zero Trust Endpoint Protection Platform has been good. It definitely benefits us to have that extra layer of protection and to be able to be more flexible when it comes to the software and approvals.

Customer service and technical support for ThreatLocker Zero Trust Endpoint Protection Platform are good. They make it really easy to submit a ticket or do a quick chat with them to get in contact with somebody quickly and make it easy.

Positive

By using ThreatLocker Zero Trust Endpoint Protection Platform, I do not think we have looked into eliminating or consolidating any security tools or solutions yet. We are just still kind of testing it out and making sure it is good.

We have not purchased the Network Control feature of ThreatLocker Zero Trust Endpoint Protection Platform. We have not purchased the Storage Control feature either. We have the DAC Dashboard feature of ThreatLocker Zero Trust Endpoint Protection Platform, but we probably have not used it.

My learning process of applying ThreatLocker Zero Trust Endpoint Protection Platform involves figuring out how to set up the pathings for the Allowlist, knowing what to wildcard, and understanding what ThreatLocker looks for and what you need to address when you are making those approvals.

The main learning curve for me at the start was just kind of figuring out what they look for. I think once you get into it and learn it, it is pretty good and simple.

From one to ten, I would probably rate ThreatLocker Zero Trust Endpoint Protection Platform overall a nine. I would say probably just to try it out because it does not hurt to see what it is about, and more than likely they would probably be impressed by how beneficial it is for an IT team.

I am still learning how ThreatLocker Zero Trust Endpoint Protection Platform is used; I am still in orientation, but we mostly use it for application allowances and blacklist whitelist.

My only experience with ThreatLocker Zero Trust Endpoint Protection Platform is with the allowance and disallowance of applications, so I am still very new.

We really consolidate security tools by using ThreatLocker Zero Trust Endpoint Protection Platform, as we use some other security products as well, and ThreatLocker Zero Trust Endpoint Protection Platform is really just a big enhancement for us.

As a new person, I appreciate the Allowlisting feature of ThreatLocker Zero Trust Endpoint Protection Platform; it is intuitive, which makes it easy for me to navigate. I am getting more experience with it, but so far it has all been positive.

The allowance application is important for our company because it really allows our clients to control what is in their environment without having to constantly audit, which is beneficial.

My assessment of the Elevation Control feature's role in facilitating just-in-time administrative access for approved applications is that it is excellent because it is easy; you can do approvals live, which is quite quick. You do not have impatient clients waiting for approvals for a long time, or you do not have to go through a whole process. As long as we have a process on our end to vet these, or if it is already something we know about, it is easy to do without stressing out our client.

ThreatLocker Zero Trust Endpoint Protection Platform has helped my company save on operational costs or expenses because it allows our techs to be much more efficient. If we have already whitelisted products, we do not have to spend time on the phone with the client or a ticket every time for a similar application. We can approve it by policy or provide a quick approval or temporary approval, and our team can move on. It is efficient on both ends for the client and for us.

It could be anywhere from saving fifteen minutes to, if it is an application we have vetted a couple of months ago and it took an hour, when we have a company that needs to install it on a bunch of machines, we can whitelist it, saving ourselves that much time every time.

From my experience until now, I think ThreatLocker Zero Trust Endpoint Protection Platform can be improved by constantly making sure to keep up with the development of new threats every day. As long as ThreatLocker Zero Trust Endpoint Protection Platform is keeping up with that, it gives me the confidence that I can deploy it to my clients.

I have been using ThreatLocker Zero Trust Endpoint Protection Platform for about three months.

I have not experienced any downtimes, crashes, or performance issues with ThreatLocker Zero Trust Endpoint Protection Platform.

From my experience, ThreatLocker Zero Trust Endpoint Protection Platform scales well with the growing needs of my company; we already have a lot of clients in there, and I have not seen any issues with scaling or adding clients. I have added a couple since I have started and I think it is excellent.

I have insights for ThreatLocker Zero Trust Endpoint Protection Platform to work on when training new people, particularly that I really appreciate how the training modules are laid out; it is really easy to navigate and they are not in huge chunks. I appreciate it because it is something I can do between tasks throughout the day and kind of chip away at it, which I really appreciate.

My advice to other companies considering ThreatLocker Zero Trust Endpoint Protection Platform is to go through the training so you fully understand it; you can make sure that you are serving your client the best you can with the product. It is a very powerful product.

My main use case for ThreatLocker Zero Trust Endpoint Protection Platform is the full platform. I use the full platform in my daily work within my organization with application control, network control, security control, and I utilize the Cyber Hero offer.

The best features ThreatLocker Zero Trust Endpoint Protection Platform offers is that the entire platform is perfect. It is very user-friendly and helps us manage our endpoints easily. The parts that stand out for my team are elevation, password rotation, and application control.

Regarding the features, I would add that response time is quicker, there are fewer problems on problematic end users, and there are fewer weekend calls.

ThreatLocker Zero Trust Endpoint Protection Platform has impacted my organization positively overall, with approximately 99% positive and 1% negative impact on people who are accustomed to having local admin rights, but since it is a security risk, it helps us in the long run.

I see measurable improvements in security incidents and operational efficiency, and it gives us one pane of glass to see all of our clients at once. We can see endpoints, observe what is going on, and we see what is red and what is green.

ThreatLocker Zero Trust Endpoint Protection Platform improves every day on its own, so I have no complaints regarding how it can be improved. I do not want to add more about the needed improvements, even if it is something small or a wish list item for the future.

I have been using ThreatLocker Zero Trust Endpoint Protection Platform since 2019, and I started using the endpoint protection two and a half years ago.

The Network Control feature impacts my ability to manage network traffic across my endpoints and servers by giving us a small problem, but now it is stable with the new build. The main issue I experienced with Network Control before it became stable was related to the network control itself. The platform and the user were good.

By using ThreatLocker Zero Trust Endpoint Protection Platform, my organization eliminated three security tools: Blackpoint, Huntress, and SentinelOne. Consolidating those tools with ThreatLocker impacted our operations as we have fewer portals to view.

I have not seen a return on investment yet, but there is a small amount of time saved because of fewer dashboards.

My experience with pricing, setup cost, and licensing is that they made it very easy to implement with them and gave us time to pay it off.

I do not have anything else to add about how I use ThreatLocker Zero Trust Endpoint Protection Platform, perhaps something unique to my organization.

It is difficult to identify which security and configuration settings need fixing using the DAC dashboard since we do not use the DAC dashboard yet. I do not assess the efficiency of the real-time threat intelligence and category controls employed by Web Control in blocking malicious and non-compliant sites because we do not use Web Control.

I use the Ringfencing feature with ThreatLocker every day. The Network Control feature impacts my ability to manage network traffic across my endpoints and servers by giving us a small problem, but now it is stable with the new build. The main issue I experienced with Network Control before it became stable was related to the network control itself. The platform and the user were good.

I use the Elevation Control feature in ThreatLocker every day, which facilitates just-in-time administrative access for approved applications. I appreciate the Storage Control feature being locked down and controlled through us, and no one can infiltrate and take our data. I have given this review a rating of 10.

In terms of use cases, there are quite a few good ones that come to mind. One instance is when people unexpectedly download items, especially in the downloads folder or the documents folder, and try to run them. It is effective at blocking those. We need to vet them to ensure they are legitimate and intended, not just random malicious downloads. 

Another scenario involves items in the Windows folder itself, where sometimes an update might get blocked, requiring us to verify its legitimacy. 

Occasionally, we receive help from Cyber Heroes as well. Those are the three use cases I can think of.

It helps keep track of shadow IT activities. We have more compliance because we know who is doing what. Previously, we did not know who was doing what, especially at the application control level. Some people had some administrative rights that we did not know about. We now have got more into compliance. We have everything in a single pane of glass. Everything has to be approved before it can be run. It helps our company become more secure and more compliant.

We have more consolidated security. We are three to four times more secure than before using the solution. It helps us be more compliant with what we do on a daily basis, even though sometimes it can be confusing, such as a whitelisted app getting blocked. That is probably because of fine-tuning. We will have to fine-tune that policy to make it run more smoothly.

It helped us consolidate security tools. We are now focused on this rather than looking into other tools we had in the past. We just go to ThreatLocker, look at the path, look at the hash, and see whether it is vetted. If yes, we just allow it. We had ManageEngine Application Control, and we thought we did not need that anymore. It was like an add-on. We had Endpoint Central. On top of that, we had Application Control and other things. Now, with ThreatLocker, we do not need them anymore.

I am not the finance person, but I believe it has helped our organization save on operational costs because we got this product with other security products from our managed service provider. They gave us a good rate when we combined multiple solutions together. We purchased Huntress for antivirus and other security tools from them.

I would rate it highly in its ability to block access to unauthorized applications. It works and does its job. It does what it is supposed to do, especially if you train it well. If we fine-tune the policies, it works the best. Some of the policies might be confusing, but it works well.

I am not sure if it has helped reduce help desk tickets. We still get help desk tickets here and there. We are a small company. We do not have a whole lot of applications running in our environment. In a large organization with thousands of employees, it might reduce helpdesk tickets.

We can now shift the gear and focus on other things, such as server logs or security logs, more firewall rules, etc. It saves us at least three hours every day. 

The most valuable feature is its learning capability. Not every application it learns is allowed to run, so my involvement is necessary. Those based on path and certification are particularly important. When an application is on a specific path in our network and has a valid certificate or hash, it assures me that the application is safe to run and offers comfort that it is probably 100% okay to proceed. It locks a threat.

This is my first Zero Trust conference, and so far, it has been good. The only thing I have noticed is that sometimes they encounter technical issues. For example, in one of the demo labs, the laptop trying to connect to the projector was not working, which affected the demonstration of the victim versus attacker laptop scenarios. It would be helpful to fix these issues. 

Additionally, when people come to the hacking lab, presenters should ensure their fonts are larger. With 500 to 600 people in the room, it is difficult to see everything clearly, especially when there are only two projectors. Improving the sound quality and similar aspects would be beneficial.

It has been over three years now since we have been using it. We got it through our MSP. They have given us access as admins, though not with full control, to allow the whitelisting of some applications and paths if needed.

It is pretty stable. It is doing its job well. The algorithms and coding, developed by smart individuals, ensure the app performs its tasks effectively.

It is quite scalable. From what I understand and have learned, we can manage as many environments as we want. It remains scalable and manageable from one portal.

Customer service is pretty good. I would rate it highly. Their response is almost instantaneous when issues arise. I just communicate my concern, and within minutes, I get a response. 

Positive

We previously used ManageEngine Application Control, but we eliminated it. It was doing a similar thing, but it was a little bit different.

By switching, we were getting a better discount, and the consultants or the advisor also said that this solution is better based on the previous experience with the solution. 

We have a cloud version when it comes to the portal. The agents are installed on every machine and server. For the most part, we use the Azure cloud. We also have AWS. 

The initial setup was pretty easy since we received assistance from a third party. Everything is deployed via GPO, so once a computer joins, it installs by itself. However, we have limited access to the portal as of now, and I hope this will change.

From a technical perspective, it does its job by saving our team time and reducing confusion. It saves effort working on people who engage in shadow IT by preventing unauthorized applications from running on their computers. The installation of the ThreatLocker agent has ceased such activities. With only three IT personnel, it has proved efficient, assisting us in managing and streamlining our workload.

I do not know about the licensing and price as it comes bundled from our MSP. However, it seems fairly reasonable for us, which is why we chose it.

We did not evaluate other solutions.

It is not easy to use. I am still learning. I highly recommend finishing the Cyber Hero course to understand the solution, the way it works, and the secret behind each tool. This course is available in ThreatLocker University. It has a lot of modules that you can go through. Once you can master those, you will have a good idea of what is going on. After that, it is easy to implement.

I would rate it a nine out of ten. At the Zero Trust conference, eliminating some technical difficulties in future iterations could raise this to ten. Overall, everything is excellent, and everything is well-prepared, from the laptops provided to the overall setup. These minor issues could happen anywhere, not just here. If resolved, it would be a perfect ten. It is not a huge issue.

When we assessed application whitelisting and ringfencing controls, we decided to sign on with ThreatLocker. The way we operate our business is that it is deployed across all our clients. Once we identified the benefits of application whitelisting, we knew it belonged in every client's setup, and we implemented it for all our clients.

When we adopted ThreatLocker Zero Trust Endpoint Protection Platform, there were frustrations among clients as everybody was learning and getting used to it. We were learning how to administer it, and our customers were learning what it was, but it ended up becoming a fantastic thing where we now get referrals from our customers to other companies. Over time, it transformed into a positive experience, leading to customer referrals and advocacy for ThreatLocker. Although some clients overstate it by claiming it makes them ransomware-proof, the product's impact is undeniable. The contributions of Ben and Garrett were pivotal in this success, resulting in enthusiastic customer recommendations.

It has not helped eliminate or consolidate any security tools or solutions. We do not see ThreatLocker as a replacement for any of the current base functionality of existing tools; we see it as augmenting it. We see it as something that is important to have. One of the philosophies at our company is that we do not believe there should ever be an all-in for any security product. There should always be a check and a balance in place. One of our main checks on ThreatLocker is Huntress, so we use them in combination. It is something that maintains a balance. They are not overlapping by any means. Even though ThreatLocker has an MDR product now, we are electing not to use it because we want to have a separation and those checks and balances in place.

We initially anticipated a reduction in ticket hours through elevation control, but rather than a decrease, over the years, the nature of the tickets changed. Instead of broad, permissive policies, we now focus on diligent policy creation, accompanied by an increase in technical costs. I do not see that as a negative. While it increased our overall technical costs on an average basis, the benefits that come with it make it completely worthwhile and something that I would recommend to every MSP.

It has not decreased help desk tickets. It has changed the nature of the tickets, and that is not a bad thing. It means that we are using ThreatLocker properly, and we are not making broad sweeping policies that are overly permissive. It requires us to do our job a little more diligently.

It has increased our operational costs, but it is entirely worth it to increase those operational costs.

It can block access to unauthorized applications. It is very dependent upon the implementation and the access that is allowed. If you are giving this to your technicians without the appropriate training, it can be dangerous and not helpful. It can be a false sense of security, but if you implement it properly and are willing to make the investment in training your team properly on how to manage ThreatLocker, it is fantastic.

It has changed what our IT team is working on. Instead of working on old-style things, such as GPO or CryptoLocker policies and reviewing enforcement and deployment of that GPO and linkage, they are now spending their time reviewing policies within ThreatLocker. There is a shift in focus, but it is far more worthwhile. Every hour that has been replaced with ThreatLocker time is a much more effective use of their time.

Application whitelisting is significant, though it may seem obvious. What sets ThreatLocker apart from competitors offering similar solutions is ringfencing. The ringfencing controls, along with the application elevation features, keep it out of the user's line of sight while still protecting them. This protection is unobtrusive but effective, as users are protected without their awareness. 

I find that the learning mode is too accessible. Technicians sometimes default to it instead of manually building policy controls. I would prefer the learning mode to be harder to access, ideally hidden behind a layer that requires creating at least one policy first before using the learning mode as a supplement. 

Because of the accessibility of things like the learning mode, it moves towards defeating the purpose. The level of learning and the processes required to use ThreatLocker properly is high. You require a very high-tech person to truly understand its in-depth nature. We have tried it with our junior techs, and they just default to throwing learning mode on everything. It is too easy and allows techs to push through things that they should not. When you are using it properly, it has a high learning curve and a high difficulty level.

It requires quality-of-life enhancements from an administrative perspective. Currently, there is a strong technical focus but less emphasis on the business aspects, such as billing and portal administration.

I believe we have been with ThreatLocker for about three years.

The platform's stability is solid, but I have concerns over their rapid expansion into areas like the endpoint solution acting as an EDR. They might be trying to become an all-in-one solution instead of focusing on their niche of augmenting other solid solutions. Companies like SentinelOne and Huntress have strong offerings, and ThreatLocker excels in complementing them instead of competing directly.

It is quite scalable. This scalability is partly due to our implementation strategy, where every client receives it without exception.

It has been fantastic. The feedback from our technicians working with Cyber Heroes has been positive, and my experience with our account managers, Ben, Lansard, and Garrett, has been exceptional. The service has been outstanding.

I would rate their customer support a ten out of ten.

Positive

We had no application whitelisting platform prior to ThreatLocker.

The agents are on-premises. The deployment of ThreatLocker agents has been very smooth and clean. Our challenge has been the maintenance of the accounts. As devices go offline and are retired, there are no automated falloff methods, and that has caused some challenges for us.

We had a sales engineer provided by the ThreatLocker team to assist us. I want to specifically acknowledge Garrett, our second sales engineer, who made the product work effectively and built our trust and confidence in ThreatLocker.

It is less about a tangible dollar return on investment and more about risk management and peace of mind for both our MSP and our clients. Feedback from technically inclined clients indicates that having this solution in place allows them and their teams to feel secure, helping us all sleep more soundly at night. For an MSP, it has been one of the most effective solutions.

We have encountered a few challenges regarding pricing, contract renewals, and additions. As we explored adding features like Cyber Hero, it proved to be an increased expense for our clients. This was primarily a mistake on our part due to how we initially priced it to clients. After conversations with other partners, it became clear we underpriced it initially, which caused most of our issues, rather than any fault with ThreatLocker.

We evaluated multiple solutions beforehand such as SentinelOne, CyberFOX's AutoElevate solution, and others. We evaluated these options before adopting ThreatLocker and continue to reevaluate them annually, but ThreatLocker has consistently remained in our stack because they do it right. ThreatLocker stands out because they understand application whitelisting and elevation controls deeply, addressing real issues effectively.

A lot of companies get into application whitelisting and elevation control, but they lack a true understanding of the real issues and how to properly address them. ThreatLocker does a great job of knowing what they do well, and in a good way, staying in their lane and excelling at what they do. A lot of the other people who have similar products either are vastly overpriced or try to do it all. When you try to do it all, you end up not doing it all well. ThreatLocker excels in knowing its strengths and not overextending.

I would rate the product a nine out of ten. More emphasis on the business aspects, such as billing and portal administration, would push the rating to a ten.

Our main use case for ThreatLocker Zero Trust Endpoint Protection Platform is to protect our Linux endpoints.

The feature I prefer most about ThreatLocker Zero Trust Endpoint Protection Platform is the default deny because our endpoints are mirror machines, and we do not expect any behavior other than the expected. Blocking everything by default is the best solution that we found in ThreatLocker Zero Trust Endpoint Protection Platform.

ThreatLocker Zero Trust Endpoint Protection Platform benefits our company because we can be secure while remaining relaxed, as we are only expecting normal behavior and nothing unusual. Every action that is not expected will be locked by default.

My impression of the allow-listing feature in ThreatLocker Zero Trust Endpoint Protection Platform in terms of managing which software, scripts, or libraries run on our device is that it is amazing because we can block everything and only allow the things that need to be executed to work. It is a ten out of ten for us.

We use the Ringfencing feature. I would assess the impact of the Ringfencing feature in controlling the behavior of approved applications as perfect, but I do not know how well it performs overall because we do not use it extensively. We only use it for one application, and it is only to control which server it connects to.

ThreatLocker Zero Trust Endpoint Protection Platform can be improved by making the installation easier. We have one policy applied for all devices, and that policy was created for the first device. Since they are mirror machines, we can copy and paste the policy on all machines, and we do not need to do a manual deploy for each new device that we add to ThreatLocker Zero Trust Endpoint Protection Platform.

One thing I would improve in ThreatLocker Zero Trust Endpoint Protection Platform is the time it takes to apply a policy. Although it is very short, it can be improved. Additionally, I think there should be more options for Linux distributions because I am a penetration tester, I use Kali Linux, and it is not available for Kali Linux. I need to execute some tricky commands to be able to install ThreatLocker Zero Trust Endpoint Protection Platform on my machine, and I think this is something that needs improvement.

I have been using ThreatLocker Zero Trust Endpoint Protection Platform for the last two months, and we are very new to it.

Regarding the reliability and stability of ThreatLocker Zero Trust Endpoint Protection Platform, it is a ten out of ten. I have never experienced a problem or downtime with ThreatLocker Zero Trust Endpoint Protection Platform, and everything runs correctly.

ThreatLocker Zero Trust Endpoint Protection Platform scales well with the growing needs of our company, and we are planning to expand the usage, so I think it will be expanded.

I did consider other solutions before choosing ThreatLocker Zero Trust Endpoint Protection Platform. We considered Huntress, but it was not very accurate for our solution.

We were thinking of a solution based mostly in Linux, and Huntress is more for Windows. The principal device was a Linux machine, so we decided to select ThreatLocker Zero Trust Endpoint Protection Platform for that.

This is my first experience with a solution of this kind in this area. I do not use the Network Control feature. I do not use the Elevation feature. I do not use the Storage Control feature. I do not use the DAC Dashboard. I do not use the Web Control feature. I would rate ThreatLocker Zero Trust Endpoint Protection Platform a nine out of ten, only because it does not have compatibility with Kali Linux. My advice to other companies considering ThreatLocker Zero Trust Endpoint Protection Platform is to use it and create great policies because it is amazing.

I deploy it on every endpoint that I can, primarily focusing on application control, ring-fencing, and elevation control.

The ring-fencing and elevation control are the most valuable features for my use cases. The benefits, specifically regarding elevation control, allow me to enable an end user to complete tasks independently. They can install the software by requesting access, saving time and empowering them while maintaining necessary controls.

It's very easy to use, implement, and deploy. The caveat is that you do need to dedicate resources and effort that are focused on the product, and you need to truly understand it. You can't just deploy it and forget about it. 

The tickets that we get are more actionable. When ThreatLocker blocks something or when there is an elevation request, we can do more with the request. We are more actionable. The requests come with more data and information about what's going on so that we can react. If it's a proactive request like installing software, we can provide access to the person without having to manually do it ourselves.

ThreatLocker helps with cost saving. It's not an operational cost. It saves on reactive and recovery costs by preventing it in the first place.

ThreatLocker Zero Trust Endpoint Protection Platform has helped us protect our environments and have more meaningful requests for access as well as meaningful logging for response.

I don't see ThreatLocker as a time-saving platform. The caveat is specifically with things like control. It allows us to save time on the elevation controls allows or helps us to save time when it comes to monitoring and getting on a user's computer and watching them install something or going through the steps with them when they are capable on their own. We can empower them to have that access as needed in a controlled way. That saves our time by giving them the access rather than having to go do the action for them.

For the space that it's in, it's already there. I don't know of another product that compares to its level. Even recently, with the addition of the detect module is a very nice add-on to the packet we already have. We have all that auditing, logging, and visibility for which we don't need to go to an endpoint. 

Adding more direct integrations with cloud platforms and services would greatly improve it. When managing file control or storage control, having the capability to manage more granular access within platforms such as SharePoint or OneDrive would be beneficial. Controlling the cloud environment, not just endpoints, is crucial.

I have been using it for about two months. Previously, in a different company, I used it for one or two years.

I have not encountered any issues with the stability of the platform. I have not experienced any failure, degraded service, or functionality. It has been very stable, reliable, and accessible.

Scalability is challenging, not due to the platform. Scaling ThreatLocker Zero Trust Endpoint Protection Platform usage requires dedicated resources for maintenance. Improper management can complicate scalability, though the platform retains its functionality and performance. It is well-structured to handle scaling.

The support and service from the team for ThreatLocker Zero Trust Endpoint Protection Platform are excellent. Their cyber hero team is very responsive and knowledgeable, and all the engineers and team members I worked with have been great.

Neutral

I did not use other solutions for application and network control. I have used other solutions for tasks like firewall management, policy management, and maybe even data loss prevention. ThreatLocker Zero Trust Endpoint Protection Platform fills those gaps. I moved control of those functions to this platform.

Deploying the ThreatLocker Zero Trust Endpoint Protection Platform offers several methods to deploy the software. It is well integrated, with excellent instructions for specific use cases, and the guidelines and guides are very clear.

I haven’t, thankfully, encountered a situation where significant cost or response was prevented, and hopefully never will. I know what it does for my endpoints daily. Honestly, the return on investment is the peace of mind that it provides.

Pricing, setup costs, and licensing have been pretty accessible and manageable. It was not too expensive to get started, especially at a small scale for a smaller MSP. It is very accessible, easy to enter into, and scalable. As the product scales out, my ROI can also increase. ThreatLocker teams have worked with me to make it fit.

I didn’t switch to ThreatLocker Zero Trust Endpoint Protection Platform for this specific function. However, for functions I adopted from it, outside of application whitelisting, I evaluated it against other products and chose to use ThreatLocker Zero Trust Endpoint Protection Platform for those purposes.

My tasks and job function within the company focus on cybersecurity, managed IT services, and overall platform support for customers. The ThreatLocker Zero Trust Endpoint Protection Platform has helped me control client environments and prevent unauthorized applications and access. It does not cut costs but saves on reactive and recovery costs by preventing issues initially. It has not reduced help desk tickets significantly, but it has helped protect environments and foster more meaningful requests for access and comprehensive logging for response. Elevation control allows me to save time by granting users controlled access as needed. The overall product rating is ten out of ten.