ThreatLocker Protect Reviews

Name: ThreatLocker Protect
Brand: ThreatLocker
Rating: 4.5 (17 reviews)

4.5 out of 5

17 reviews
92% willing to recommend

What is ThreatLocker Protect?

ThreatLocker Protect offers zero-trust security, application whitelisting, and software control across endpoints. It blocks unauthorized software, manages application installations, and prevents malicious activity for enhanced cybersecurity.

Get the ThreatLocker Protect Buyer's Guide and find out what your peers are saying about ThreatLocker Protect, CrowdStrike Falcon, Microsoft Defender for Endpoint and more!

ThreatLocker Protect is the #4 ranked solution in top Application Control solutions, #5 ranked solution in top Network Access Control (NAC) solutions, #6 ranked solution in top Ransomware Protection solutions, #8 ranked solution in top Advanced Threat Protection (ATP) solutions, #8 ranked solution in top ZTNA solutions, and #13 ranked solution in endpoint security software. PeerSpot users give ThreatLocker Protect an average rating of 9.0 out of 10. Based on the analysis of the 17 most recent ThreatLocker Protect reviews, the overall sentiment is positive, with a sentiment score of 7.5. ThreatLocker Protect is most commonly compared to CrowdStrike Falcon: ThreatLocker Protect vs CrowdStrike Falcon. ThreatLocker Protect is popular among the small business segment, accounting for 56% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 37% of all views.

Helped 815,854 peers since 2012

Featured reviews

Roy Richardson

Founder, Vice President, Chief Security Officer at Aurora InfoTech

We use ThreatLocker's Allowlisting to whitelist specific applications and prevent unauthorized software from running. We utilize Ringfencing to establish guardrails around implementations, ensuring that applications operate within defined boundaries. We leverage network access control to granularly control interactions between computer systems and servers. This enables us to restrict communication between specific applications, even within a locked-down environment. We employ storage control to impose additional security measures on data storage. This includes controlling access to network shares, network files, and folders, as well as USB storage devices. We can whitelist specific devices based on their serial numbers or allow access based on predefined conditions. We rely on ThreatLocker's Cyber Hero support, which provides exceptional assistance and responsiveness. At any time, we can initiate a chat session and receive immediate support. If the issue requires escalation, it is promptly handled. Cyber Hero support also plays a crucial role in vetting application updates. When a user attempts to install or update an application, and the update has not been approved from a security standpoint, it is blocked by ThreatLocker. A notification is presented to the user, informing them of the block and providing an option to justify the application's need. These requests are then reviewed by ThreatLocker's Cyber Hero support team, who evaluate them against our security criteria and make an informed decision to allow or deny the application. We utilize ThreatLocker's elevated control feature for applications that require administrator-level access. We avoid granting full administrative privileges to end users, as this elevates the risk of compromise if the device is infiltrated. Instead, elevated control allows us to precisely define the execution conditions for specific applications, such as QuickBooks updates. By verifying the application's signature and certificate, we can enable the update to run with administrative privileges while restricting the user's overall administrative access. Integrating ThreatLocker with other products is simple and only requires a few clicks. ThreatLocker's deployment is also very straightforward. The company provides extensive and well-written online documentation, which is continuously being improved. They also offer a variety of training resources, including university courses, training videos, webinars, and conferences. I have no complaints about the level of support and knowledge transfer provided by the company. ThreatLocker is also developing a new reporting tool, which I had the opportunity to beta test. The company has also been showcasing the new reporting tool at conferences. The new reporting tool provides a level of detail that is unmatched by any other product on the market.

Read full review

reviewer84727943

Chief Executive Officer at Triada Networks

When we look at security on the endpoint, there are two parts to it. One is blocking known bad things and then setting an allowlist for the things that you want to run. Defining allowlisting reduces the attack surface just to the known good applications. It also reduces the number of false positives that we need to chase when it comes to things that hit our endpoint detection or response, which is more of our known bad or behavioral-based security endpoint. So, we pair the two together. Allowlisting helps to keep the environment clean. More and more applications do not require admin rights to install. Even if you limit the ability for a user to install applications, they can still run some things on their own such as browser plugins. We know that browser plugins can be potentially very dangerous because they sit in a browser, and that is where most people do their work. They can become a problem. Allowlisting helps to put guardrails around what is allowed to run. By keeping the environment clean, the programs perform better. They are more secure, and there is less noise for us to chase when it comes to actual security events. It is easy for administrators to approve or deny requests using allowlisting. They have two ways for administrators to approve or deny requests. They can do it in a managed way, where they do it for you using Cyber Hero. We do not do it that way. We are an old customer of ThreatLocker. We have been using it before they had Cyber Hero in place. Originally, we thought it was going to be problematic because allowlisting tends to be very hard to implement. Most of the other allowlisting systems, such as Microsoft's AppLocker, are very difficult to implement and maintain, but ThreatLocker does two things. When it comes to very common applications, they work with vendors. They are always looking at the new installations and making sure they are constantly up to date, so you do not have to always approve those things. But, of course, things happen, and sometimes they happen in the middle of the night when somebody is doing something and needs help. The nice thing about it is that it is fairly easy to approve. We can approve even with a mobile app. I have had the ThreatLocker mobile app since they introduced it a year or two years ago. If one of our clients in Australia or somewhere else is doing something, I can easily approve it without having to get up from my chair. I can approve it after doing a quick review of what they are installing. If I want to do a little bit deeper check, I can do that, but most of the time, there are just basic things, and we can approve them on the fly. The portal gives us a lot of granularity in terms of not only approvals but also how to approve them. We can choose to approve something for a person, the entire company, or all of our clients. We can choose to approve only the hash or a particular version of a particular executable or any application that is signed by a company. We can define how loose or tight we want to be when it comes to certain applications. They have recently also introduced time-based approval. We can give approval for only a period of time, and then the approval goes away. If somebody needs to run something, but we do not want it to be allowed to run for a long period of time, we can implement that. In terms of access requests, we control what is allowed and what is not allowed. They have curated things on our behalf for Windows, Office, Chrome, Firefox, and a whole slew of other applications, but you do not have to add those. You can curate your own list. For example, we have an engineering company, and the applications that they use are not used by anybody else. They are very bespoke for their specific industry. We get new requests from them all the time. We check if it is something that looks nefarious. Is it on VirusTotal? Are there any other scans that show that it could be potentially malicious? If we are still not sure, ThreatLocker now has a sandboxing feature where we can watch the application execute in a secure environment and see if it is doing anything potentially bad and if it is touching files that it should not be touching. By doing that, we have some more comfort. We know that the program we are allowing is safe. We were able to see some of its benefits immediately and some were over time. We were using an EDR tool before ThreatLocker about six years ago. It was very noisy. A lot of alerts came up on that EDR. We were chasing a lot of ghosts, trying to figure out whether it was malicious or not. A lot of it was not malicious, but we still had to do all that checking. When we put ThreatLocker in place, one of the things that we immediately noticed was that it was blocking everything by default and only allowing things that we approved. It reduced the ticket noise. We mostly had things that needed investigation and more likely were malicious and needed to be reviewed. That was an immediate change. Over time, we got other benefits. We got a better grasp of what is being run on our clients' desktops. In the rare cases where because of the nature of their work, we allow them to have admin rights, we can still control what applications are being installed. Could they bypass it? Potentially and theoretically, yes, but that would be very difficult and require some technical skill. We at least have some verification of what applications are run and what applications are allowed. So, its long-term benefit was much more control over the clients' environments and the short-term or immediate benefit was a reduction in ticket noise that we were having to deal with chasing a lot of false positive alerts. Allowlisting helped us reduce our organization’s help desk tickets. We were able to reduce our security alerts by 75% to 85% after its implementation, and now, it is practically down to zero. We have very few alerts that we need to chase at this point. Allowlisting has technically helped us to free up help desk staff for other projects, but we have not quantified the savings. Because we are not having to do these other things, we are able to work on helping clients and get their work done better rather than just chasing security events. Allowlisting has not helped us consolidate applications and tools because our usage is quite narrow. We are just using allowlisting, ringfencing, and a little bit of elevation. They have other products in their mix, but we already have other products that do some of those things. I do not see us necessarily replacing all of that with other parts of ThreatLocker, so there is no tool reduction. However, it fits nicely into our workflows. In other words, it integrates into our PSA. Tickets come in there, and from there, we can go directly to ThreatLocker and do approvals. We also have the pop-ups on the mobile device.

Read full review

Marc Caruso

CEO at TechFox, LLC

When all of these features are combined, we have a strong product. If any of these features were to be used as a standalone product, it would be largely ineffective. However, ThreatLocker Allowlisting has all of these features integrated into one console, making it effective. Without this combination, I would need to use four different products to achieve the same result. The combination of integrated features is the reason why ThreatLocker AllowListing is so powerful. We are an MSP. One of the benefits of this product is that we can monitor our clients' activities beyond just removing the software. Even if they don't have military privileges, we can still keep track of what is happening in their environment, such as file access, application installation, or network access. We can see what they are doing, and we can allow the activities that they are supposed to be doing and prevent them from doing activities that could be harmful to them or us. This enables us to have a lower cost of management for our clients, which would otherwise require more effort.

Read full review

ThreatLocker Protect mindshare

Product category:

As of November 2024, the mindshare of ThreatLocker Protect in the Endpoint Protection Platform (EPP) category stands at 0.7%, down from 0.8% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Endpoint Protection Platform (EPP)

Key learnings from peers

Last updated Nov 11, 2024

Valuable Features

ThreatLocker Protect offers intuitive mobile access, strong allowlisting with ring-fencing, and robust application control for granular security. Users praise its easy learning mode, detailed interface, and selective elevation feature for admin privileges. Cyber Hero support provides immediate assistance while ThreatLocker University offers extensive training. Comprehensive visibility into user activities reduces management costs. The combination of zero trust, storage, and network control ensures strict adherence to cybersecurity guidelines, enhancing both operational efficiency and security compliance.

"ThreatLocker Protect has improved my organization greatly."
"The application whitelisting feature allows us to block and manage approved applications effectively. It ensures that no one can install an application on our systems unless it is approved by me, which is very efficient."
"Allowlisting, in general, is valuable because it allows us to have a lot more granular control over what is executed on a desktop. We are also able to ringfence known vectors of attack through Office applications, email, browsers, etc."

Room for Improvement

ThreatLocker Protect requires improvements in training flexibility, network update management, and user interface. Users experience challenges with custom rule creation, request handling, and the learning curve. Reporting and ticket visibility need enhancement. Integrating VirusTotal scores and better PSA system integration is recommended. Support should be available during non-working hours, and portal information needs updating. Audit review processes can be cumbersome, and there is a need for staggered policy updates to avoid network saturation.

"The support could be quicker."
"The support could be quicker. There are times when there is a delay in getting a response. This is problematic when immediate attention is needed."
"It would be beneficial to have a tighter integration into PSA systems so that approvals can be done directly without having to leave the PSA."

ROI

Utilizing ThreatLocker Protect enhances perceived value in security, enables significant cost savings by stopping cyber threats, and strengthens client relationships. Its implementation improves efficiency and productivity by preventing unauthorized installations, enhancing security measures, and standardizing environments. Users report substantial returns through increased control, reduced overhead, avoidance of malware attacks, and predictable environments. The tool achieves measurable ROI swiftly and boosts revenue streams while requiring additional monitoring efforts.

Pricing

Enterprise buyers find ThreatLocker Protect pricing fair and reasonable, though some perceive it as a bit high but justified for the value received. Flexible, tiered pricing based on devices allows customized arrangements, with opportunities for discounts through module commitments. The pricing structure supports easy scalability, appealing to growth-focused businesses. While some inconsistencies in contract communications were noted, generally, the costs align with market standards, enabling broad client integration without the need for alternative solutions.

"The pricing is reasonable and normal. I do not have any problems with the cost."
"Its price is fair. They have added some additional things to it beyond allowlisting. They are up-charging for them, but in terms of the value we get and the way it impacts us, we get a bang for our buck with ThreatLocker than a lot of our other security tools."
"Although the pricing seems good, there have been inconsistencies in contract negotiations."

Popular Use Cases

Organizations primarily use ThreatLocker Protect for zero-trust security, application whitelisting, and access control. It prevents unauthorized software from executing on servers and workstations across various platforms. Administrators receive alerts for unapproved activities, enhancing protection against malware and ensuring compliance with the principle of least privilege. ThreatLocker Protect allows automatic implementation of security policies, integrates with other cybersecurity tools, and is valued for managing specific application interactions, like those with Adobe Acrobat, in diverse environments.

Service and Support

ThreatLocker Protect support is highly regarded for its speed, efficiency, and knowledgeable staff. Customers praise the quick response, with many stating issues are resolved within minutes. The chat feature connects users to live support swiftly, often within seconds. The support team is noted for their professionalism and ability to handle complex problems without wasting time. Some users noted occasional rushed responses, while most rated their support a perfect or near-perfect score, highlighting its distinction from other vendors.

Deployment

ThreatLocker Protect's initial setup is generally straightforward. Many users successfully implement ThreatLocker using provided scripts and documentation, achieving deployment across multiple endpoints with minimal issues. They often take advantage of ThreatLocker support and resources, finding the learning mode helpful in adapting to their environment. Users commonly report deploying ThreatLocker through various software tools, achieving large-scale deployment efficiently, sometimes requiring minimal team effort. Feedback highlights the flexibility and ease of the overall deployment process.

Scalability

ThreatLocker Protect consistently demonstrates high scalability across diverse environments. Users report easy deployment to numerous endpoints without limitations and effective adaptation to new technologies. Seamlessly scaling from small to large organizations, it accommodates various needs, supporting both Windows and Mac environments with continuous updates. Users have successfully managed thousands of endpoints, praising ThreatLocker Protect for its ability to grow alongside their organizational requirements and adaptation to an evolving threat landscape.

Stability

ThreatLocker Protect is generally stable with occasional minor issues, like bandwidth concerns and rare agent disruptions. Some users report delays with cloud agents and momentary portal unresponsiveness. ThreatLocker integrates well with operating systems, has minimal downtime, and any emerging issues are quickly resolved by its team. While a few have experienced a minor ticket-related agent issue, most find ThreatLocker Protect to maintain a good stability record despite rare disruptions.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our ThreatLocker Protect Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

37%

Retailer

Government

Financial Services Firm

Healthcare Company

Manufacturing Company

Comms Service Provider

Educational Organization

Real Estate/Law Firm

Outsourcing Company

University

Insurance Company

Construction Company

Legal Firm

Wholesaler/Distributor

Non Profit

Media Company

Energy/Utilities Company

Hospitality Company

Consumer Goods Company

Recreational Facilities/Services Company

Aerospace/Defense Firm

Logistics Company

Performing Arts

Transportation Company

Compare ThreatLocker Protect with alternative products

Learn more about ThreatLocker Protect

ThreatLocker Protect enhances security by blocking unauthorized software and managing application installation across endpoints. Admins receive alerts for attempts to run unapproved applications, ensuring secure environments. Utilized by MSPs, MSSPs, and IT service providers, ThreatLocker Protect integrates into security stacks to improve access control and inventory management. While the solution provides remote management through a mobile app and offers comprehensive training and support, it requires improvements in training flexibility, policy update performance, the reporting system, and custom rule management for software developers.

What are the most important features?

Mobile App Access: Enables remote management of security functions.
Comprehensive Training: Offers extensive training resources for users.
Excellent Support: Provides robust support to address user concerns.
Ring-Fencing: Controls application behaviors and prevents risks.
Intuitive Interface: Simplifies navigation and usage.
Selective Elevation: Allows specific applications to run with elevated permissions.
Allowlisting and Zero Trust: Blocks unapproved software and enforces security policies.
Application and Storage Control: Manages software and storage to prevent unauthorized access.
Learning Mode: Adapts to system needs for enhanced security compliance.
Unified Alerts and Reporting: Streamlines alerts and reporting processes.

What benefits or ROI should users look for in reviews?

Enhanced Security: Provides robust protection against unauthorized software and malicious activities.
Administrative Oversight: Offers comprehensive alerts for attempts to run unapproved applications, ensuring secure environments.
Easy Integration: Integrates smoothly into existing security stacks.
Operational Efficiency: Improves access control and inventory management.
Remote Management: Facilitates security management through a mobile app.
Scalability: Suitable for MSPs, MSSPs, and IT service providers.

ThreatLocker Protect is commonly implemented across industries like healthcare, finance, education, and retail to maintain strict access controls, manage application installations, and ensure endpoint security. In healthcare, it prevents unauthorized software from compromising patient data. Financial institutions use ThreatLocker Protect to guard against unauthorized transactions and data breaches. Educational institutions rely on it to manage software access for staff and students, while retail businesses use it to secure point-of-sale systems and inventory management.

ThreatLocker Protect was previously known as ThreatLocker Allowlisting, ThreatLocker Network Control, ThreatLocker Ringfencing.