It's a solution for software whitelisting. It blocks applications from running. If there is any DLL or something else running on your computer, the admin or admins of the service get an alert. If an end-user is trying to install something that has been blocked by the organization, the admins get alerted.
Help Desk Coordinator at a aerospace/defense firm with 201-500 employees
Well-priced, phenomenal support, and operates in the learning mode in the beginning
Pros and Cons
- "Feature-wise, the learning mode and the fact that it's blocking everything are the most valuable. I don't see why more companies don't use the type of product."
- "If you have a thousand computers with ThreatLocker agents on them, when you approve or create a new policy saying that Adobe Reader that matches this hashtag and meets certain criteria is allowed to be installed, it applies at the top level or the organization level. It applies to every computer in the company. When you make that new policy and push it out and it goes out and updates all of the clients. Unfortunately, at this time, it does not look like they stagger the push-out."
What is our primary use case?
How has it helped my organization?
We can sleep easier knowing viruses aren't installing things, employees aren't installing things, and nothing is running without someone getting an alert and having eyes on it and approving it.
Ringfencing is a great feature. There is grainy clarity. You can get down into the Ringfencing where you can either completely ring-fence something or you can manually choose what you want it to reach out to. The combination of Allowlisting with Ringfencing for blocking unknown threats and attacks is a great combination because you want to allow the software, but then you, as an admin, are not aware of what every piece of software does. So, you wanna start off being strict and just allow the application, but you would want to ring-fence it in case it beacons out to the internet or goes over ports that you don't think it should be traversing across. That's ringfencing, and it blocks that, but then when the end-user reaches back and says that a part of this software isn't working as it should be, then you can get into that granularity where you can look at the ringfencing policy. You can adjust the ringfencing policy from the strictest to allowing certain parts.
Establishing trust for every access request, no matter where it comes from, is a wonderful thing, and it's needed, but it can hinder and slow down. It adds steps for the end-users because they can't just go wild and install whatever they want, but ultimately, that's one of the main reasons why we invested in ThreatLocker and why we love it because it actually works as they say it should.
In terms of Allowlisting helping us reduce our organization’s help desk tickets, it's twofold because if we didn't have this, we would be getting tons of help desk tickets about bad things happening in the company because people are allowed to install whatever they want. They could be watching Twitch, YouTube, etc. They could be installing video games, which in itself would then create tons of help desk tickets for us. On the other hand, anytime someone wants to install something, we would get a help desk ticket for it. So, either way, we'd be getting help desk tickets, but at least the help desk tickets that we're getting for ThreatLocker are the type we want because now we know we're safe and secure and we're ahead of the curve for safety. Instead of being a reactive help desk ticket where you install something, and your computer is broken, now it's more proactive where you raise a ticket to install something, and your computer is not infected. We don't have to spend hours reimaging, tracking things down, being a victim of ransomware, etc.
Allowlisting has helped to free up help desk staff for other projects because now, we can allow elevation, and we can allow the approvals from an admin through it. We don't have to send people physically to go to a person's desk to do installations or set up online meetings with them to share out where we can assist with the installs. It has freed up time for the help desk staff.
Allowlisting has helped to consolidate applications and tools. We now get to see what everyone is trying to install, and we can find out why people are installing a particular application when another one has already been approved to do the same type of thing. Previously, we didn't know about that. One of the big ones would be SolidWorks. A lot of people have looked at three applications for drawing, and when we see that coming through for a request, we can suggest and ask them what about SolidWorks, and then they use that.
What is most valuable?
Feature-wise, the learning mode and the fact that it's blocking everything are the most valuable. I don't see why more companies don't use the type of product.
I like how it blocks everything. The learning mode is another feature that I like. It operates in the learning mode in the beginning. When you first get it set up in your environment, you don't want every computer to not be able to work and not be able to run the normal fresh install of Windows or other operating systems, so when we first got it set up, we were able to put it into learning mode, which was wonderful. The learning mode is a great feature they have where the computer allows everything and just learns about your typical environment and then makes a good baseline from there.
The idea that it can block everything is wonderful because, in our company, we have to follow the cybersecurity requirements of the Department of Defense. They have very strict guidelines. This software helps us meet and cross off the many cybersecurity checklists for the environment, especially for software installs and what's allowed to run in our environment. That's one of the greatest features.
Its graphical user interface is very intuitive. It's very well laid out and detailed, and it's very easy to find things. I don't have anything to suggest to them in that regard. I've made other suggestions to their company for some features, but for the way its interface is or for proving things or how to use it, I've had no suggestions.
A great thing is that you have to be their customer, but with no extra add-on, you can have access to their ThreatLocker university, where you can learn and watch videos on how to do everything.
Another great thing is that they have online cyber heroes, and I have never created a ticket and waited more than five minutes until a live person was on my check. They're immediately able to get into my tenant. They can set up a Zoom call and share their screen and show me exactly what I'm missing or where to go.
What needs improvement?
You need to have ThreatLocker agent software on every client or every computer that you want to be protected by the ThreatLocker Allowlisting application. If you have a thousand computers with ThreatLocker agents on them, when you approve or create a new policy saying that Adobe Reader that matches this hashtag and meets certain criteria is allowed to be installed, it applies at the top level or the organization level. It applies to every computer in the company. When you make that new policy and push it out and it goes out and updates all of the clients. Unfortunately, at this time, it does not look like they stagger the push-out. If your company only has a 100-megabytes internet line and you send out that update of 1 megabyte to a thousand computers, because it's sending that out to a thousand at the same time, you're using up a thousand megabytes right there. So, you could saturate your network. We have suggested they stagger it. If the system sees that there are a thousand computers, it should just try to send out to a hundred, and after that's completed, send out to the next hundred. That way, it's not saturating your network.
Other than that, feature-wise, it's a great solid product. I have not come up with anything that they should do. Even when I thought I had an issue, they showed me that I have to look here to adjust that setting. For example, when you first join a computer, it automatically puts that computer in learning mode. You can set the time for how long it automatically stays in the mode. I believe the default setting was a month or something like that, and we thought that was too long. Their cyber heroes helped me find the area to adjust that. They already had the solution for that. I just wasn't aware of it.
Buyer's Guide
ThreatLocker Protect
November 2024
Learn what your peers think about ThreatLocker Protect. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,875 professionals have used our research since 2012.
For how long have I used the solution?
We have been using it since September 2021.
What do I think about the stability of the solution?
The part that can cause bandwidth issues is one of the only things where I see companies not going with them, but they probably wouldn't know that until they finally get to use the product. That would be the only downfall to it.
What do I think about the scalability of the solution?
It grows with your company, and it learns with your company. It's very good with scalability. They're always pushing updates. It's learning all the newest software that comes out. It's picking up. I'd rate it a 10 out of 10 in terms of scalability.
It's required on every computer and every server in our company nationwide. We're pretty small. Our computer count is 225. We have 120 users, but we have servers. Some people have multiple computers. We have lab computers. We have computers that are just stationary set up to 3D printers. Every computer has to have it. That's why we have more computers than employees.
How are customer service and support?
Their support is phenomenal. I rarely say that about customer support. We all have had our nightmares with certain customer support scenarios, but I've not run into any issues with ThreatLocker. They are one of the best. I've been in this industry for over eighteen years. Not just in this industry, but also as a person, you deal with customer service everywhere you go, such as McDonald's, Target, Comcast, Verizon, etc. ThreatLocker support is one of the best I've ever experienced. I'd rate them a 10 out of 10.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We didn't use a similar solution before. The closest solution we ever used was to whitelist the internet. So, you cannot go out to any website unless you've requested it, and it has been approved. Once we approve it, anyone can go to that website. We used a proxy for our internet traffic.
How was the initial setup?
I personally don't physically deploy it. It gets pushed out by our software center. Any new computer gets the client installed, and then that client with API package and everything else reaches back to and joins our tenant, and then we see it in the dashboard. My role is to make sure that every new machine has it. I am the admin for our company for ThreatLocker. I do audits on what the system sees as how many computers we have connected to ThreatLocker, and make sure that I'm deleting any computer that was removed from our domain. If any new computer joins, I have to make sure that it does register in ThreatLocker because sometimes, because of an internal networking error or something else, computers get the client, but it doesn't beacon out and get associated with our tenant. So, I have to do that.
Its implementation was very quick. Once we got it, it took maybe a week to work with the team to get everything staged. When it was first introduced, we left our computers in learning mode for several months, which is highly recommended. That's how we worked with ThreatLocker support and how they helped us get it all set up. After six months of learning our environment in terms of what's normal, what's allowed, and what they shouldn't block, the keys were handed over. We were told that this is our baseline and to go from there.
Its maintenance includes receiving updates on a new package. I also audit it because even though employees see a request pop up, not every employee would click on it because they won't know. So, I still need to audit. For example, a bad virus wants to run on Bill's computer. Bill will see a ThreatLocker popup saying this thing is trying to run. A lot of times, end-users think that they didn't run anything, so they just hit cancel, and I won't get alerted for that. So, I do have to physically go into the audit. Often, I look and just pull up an audit since the last time to see everything that got blocked. I go through it, and I still look for anything that was malicious because we still have to be aware of that so that we can take action.
The other part that I have to do maintenance on is just making sure that the license count is correct, and that the number of computers that the user interface says are registered is similar to what we have. I go in there and make sure that there are truly that many.
What was our ROI?
We have seen an ROI. Knowing that ransomware or viruses have been stopped and can't process, the savings pay for it.
Its time to value was within one week. In the first week, we got to see what was getting blocked. It was very eye-opening to see what was happening on all the computers with the processes that we were trying to run or install. It was definitely within the first week.
What's my experience with pricing, setup cost, and licensing?
Considering what this product does, ThreatLocker is very well-priced, if not too nicely priced for the customer.
Which other solutions did I evaluate?
I know my manager did evaluate other options. I don't recall which products were looked at, but their features were very similar. Their price was extremely high, especially compared to ThreatLocker.
What other advice do I have?
Before you buy, you need to educate your employees and let them know this is adding a safety step to the process of installing software. You also need to be prepared because if the admin isn't around, then you're going to slow down. The person is not going to be able to install the software. That is something you do need to be aware of.
It's extremely easy for an admin to approve or deny requests using Allowlisting. The only caveat to that is that because of the way that ThreatLocker is set up and how minutely you can dive down into a software install, there could be issues with some pieces of software. For example, I approve of you installing Adobe Reader. If you run that install from your desktop, and I approve it, there's a certain way to say I want it to approve this exact installation. What that means is that I approve it for that one person. If someone else tries to run that exact same install package, but it, for example, is not from the desktop and is from a shared drive or from a USB, because of that one tiny change, it will technically get blocked. To some people, it's a little confusing. If you understand how the system works, it's easy. You can use a wildcard to say this install package can be installed from any location. So, when you learn those little tips and tricks, it gets a whole lot easier, but in the very beginning, if you're fresh getting into this, or it was thrown in your lap and you were told that you're the administrator for ThreatLocker, it can be a little confusing. The great thing is that ThreatLocker has something called the install mode. Basically, you're putting a computer in a mode for a temporary amount of time, which the admin can control. When a computer is put into the install mode, ThreatLocker won't block anything. You can go ahead and run any executable. It'll allow the installation, and it'll apply it to that application or policy name that you wanna apply it to. If you're doing it for Adobe, you could add it to the Adobe Reader policy. So, it's very easy. Even if you had any issues, their support is phenomenal.
Overall, I'd rate ThreatLocker Allowlisting a 9 out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
IMS ENGINEER at a tech vendor with 1,001-5,000 employees
Comprehensive endpoint security with real-time protection
Pros and Cons
- "ThreatLocker's most valuable feature is its scanning capability, which executes all types of executable files."
- "ThreatLocker has significantly improved numerous techniques that mitigate vulnerabilities and viruses initiated on the back end of a network."
- "ThreatLocker would benefit from incorporating an antivirus feature or comprehensive 24-hour log monitoring, a valuable enhancement for both business and enterprise-level users."
- "ThreatLocker's technical support process could be streamlined by reducing the number of steps required to reach a human agent."
What is our primary use case?
We are a managed service provider offering comprehensive network and security monitoring for other service providers. We remotely monitor our clients' systems, many of which utilize ThreatLocker. This application allows us to provide end-to-end technical support, including proactive protection against malicious scripts and applications. ThreatLocker prevents unauthorized installations and execution of potentially harmful programs, such as PowerShell or CMD scripts, by blocking them in real-time. Essentially, it's a comprehensive security application that logs events, captures data, and aids in recovery and analysis, enabling us to understand and respond to security incidents effectively.
We have deployed ThreatLocker in the Azure and AWS clouds for some of our customers, while others utilize it in a hybrid model.
How has it helped my organization?
Administrators can easily approve or deny requests using their ThreatLocker allow list. With full access, an administrator can enable learning mode or create exclusions for any user, allowing them to execute specific files or actions within their user space.
The software provides superior visibility into end-user software approval requests compared to other EDR applications I've encountered. Real-time scanning is available when an exclusion occurs, and the software captures comprehensive logs of all activity on the machine.
We use allowlisting once a user access request is submitted. We verify the reason for the request and, once verified, we send an email notification to the requesting user. After approval through the ThreatLocker console, the user can access and execute the requested resources.
ThreatLocker has significantly improved numerous techniques that mitigate vulnerabilities and viruses initiated on the back end of a network. This prevents recurring attacks that utilize script files or various hacking methods by stopping them at the network level.
Previously, users with installation privileges often installed various third-party applications without oversight. ThreatLocker prevents unauthorized application execution, requiring users to submit installation requests. Since most users are reluctant to request third-party applications, this policy significantly reduces the volume of help desk tickets related to software installation and troubleshooting.
ThreatLocker helps consolidate applications and tools.
What is most valuable?
ThreatLocker's most valuable feature is its scanning capability, which executes all types of executable files. Rather than denying specific applications, it denies all applications originating from the back end, providing comprehensive protection.
What needs improvement?
ThreatLocker would benefit from incorporating an antivirus feature or comprehensive 24-hour log monitoring, a valuable enhancement for both business and enterprise-level users.
For how long have I used the solution?
I have been using ThreatLocker Protect for approximately seven to nine months.
What do I think about the stability of the solution?
I haven't experienced any performance or stability issues with ThreatLocker.
What do I think about the scalability of the solution?
ThreatLocker is highly scalable and useful for real-time protection.
How are customer service and support?
ThreatLocker's technical support process could be streamlined by reducing the number of steps required to reach a human agent. Currently, users must navigate through multiple chatbot interactions before being connected, which can be time-consuming and frustrating.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial setup involves deploying the solution through an agent procedure within cloud platforms. Configuration is done according to system administrator instructions, and policies are set accordingly.
What about the implementation team?
A team of five is involved in deploying and configuring ThreatLocker, as well as monitoring its use.
What was our ROI?
The measurable benefits of using ThreatLocker include ensuring real-time protection of organizational resources and maintaining user authentication and protection levels to reduce risks. It fosters business growth by securing the business module.
What other advice do I have?
I rate ThreatLocker Protect eight out of ten.
There is no maintenance required by the customers.
The endpoint value typically falls within the range of 300 to 450 per MSP, although this can vary depending on the client. Larger enterprise-level clients may have up to 500 endpoints.
I recommend purchasing the exact number of agent subscriptions needed for the environment to avoid unnecessary expenditures.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: MSP
Last updated: Nov 24, 2024
Flag as inappropriateBuyer's Guide
Download our free ThreatLocker Protect Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Endpoint Protection Platform (EPP) Network Access Control (NAC) Advanced Threat Protection (ATP) Application Control ZTNA Ransomware ProtectionPopular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
SentinelOne Singularity Complete
Fortinet FortiClient
Cortex XDR by Palo Alto Networks
VMware Carbon Black Endpoint
BlackBerry Cylance Cybersecurity
Deep Instinct Prevention Platform
GravityZone Business Security
Sophos EPP Suite
Buyer's Guide
Download our free ThreatLocker Protect Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between EPP and EDR products?
- Can Cylance be used with Symantec or Kaspersky endpoint solutions without conflict?
- When evaluating Endpoint Security, what aspect do you think is the most important to look for?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- Which Endpoint Protection Solution offers Zero Trust (ZTN) as a feature?
- What to choose: an endpoint antivirus, an EDR solution or both?
- Are you aware of SIEM platforms that integrate both Active Directory auditing and security monitoring tools?
- Which ransomware is the biggest threat in 2020?
- What is the best solution for ransomware attack?
- What are the best on-premise Endpoint Security solutions for a Tech Services company with 10,000 employees?