ThreatLocker

We use Threatlocker to analyze the most frequently used programs by users and block any unauthorized programs for more automated control and security. It is a good way for us not to have to worry about any unknown software in our client environments and shows that we are actively monitoring such things.

• It allowed us to bundle it with our security bundle.
• Allows us to show activity of hours worked monitoring systems.
• Allowed us to show higher ups users who try to install unauthorized programs.

Webroot Antivirus + Internet Security Complete (SecureAnywhere) and Windows Server

Microsoft Entra ID, Webroot Endpoint Protection, Microsoft Defender Threat Intelligence

ThreatLocker is used on every endpoint and server in our business. The software's functionality allows us to apply a zero-trust principle to all areas of our internal systems. We use the software to block any applications outside of the scope of our pre-approved applications. Further, we use network control to block client-to-client or client-to-server connections on unnecessary protocols. We also use the config manager to apply policies into our environment that we would have traditionally had to build manually in group policy, allowing us to roll out policies company-wide or to specific groups. Anything that tries to breach these policies immediately alerts us, and as such, we can understand what is going on behind the scenes on our network and what users are trying to run versus what they are allowed to run. The picture this paints is invaluable for our confidence in a smooth operation.

• Saves hours of technician time.
• Is a good price for the value it brings.
• Prevents unwanted applications from running in our environment.

Cybereason Managed Detection & Response (MDR)

We use ThreatLocker setup to provide Application control, Storage control and Elevation Control. App control allows to prevent the execution of non-approved applications. Storage control provides the ability to require that only encrypted USB devices are used unless otherwise allowed. Elevation control lets us dictate which applications can be run as administrator meaning we no longer have to allow a given user to have local admin rights.

• ThreatLocker has significantly increased our security posture by blocking execution of unwanted software.
• Not having to make end users local admins limits an attackers ability to conduct malicious activity.

Tanium

We use ThreatLocker to allow us to deploy application control and network hardening. especially for backup hosts. we use it to comply with essential 8. Without it we would greatly struggle, and ThreatLocker has made its really easy to achieve the required maturity level the client requires.

• easy sell to clients
• great addition to cyber security stack

N-able N-central, NinjaOne, Datto RMM, Keepit, Sendmarc, dmarcian

We are an MSSP that needed an Application Control tool for a good price since we offer this tool to all size companies. This tool met our requirements both on price and on function of what it offers. It provides a solid replacement for UAC and provided a way to limit what users install on their devices.

• Applications that are new to the environment can be blocked even if they are wanted. Which can cause strain on the environment if not properly tuned or prepped.
• We have this deployed onto around 7700 endpoints at this moment with less than 0.01% of issues with the agent or its functionality being noted. It's incredibly stable and the Vendor support further helps if it does break, and they can usually fix it without 15 mins.
• We have had this tool on customers, and it has single handedly stopped Ransomware attacks by itself when the customers previous EDR failed to catch threat actor attacks. I can remember 3 separate instances where someone did something to cause an attack and ThreatLocker brought it to a screeching halt due to the application control and built-in ringfencing it provides.

SentinelOne Singularity

SentinelOne Purple AI, Cisco Umbrella, Datto Workplace