ThreatLocker Zero Trust Endpoint Protection Platform Reviews

We provide IT security or cybersecurity services to our customers. ThreatLocker is a key component of our security stack, and we roll it out to every one of our customer's endpoints. It's not an optional component, but a must-have because we are strong proponents of zero trust.

We provide remote monitoring and management services, which can be considered remote IT security for our clients. Our clients have minimal interaction with ThreatLocker Protect directly. It is one of the security tools we install on their systems to secure their networks and end devices. More importantly, it allows us to manage and control the specific applications and services running on their endpoints.

For instance, we can maintain a pre-approved list of applications that are allowed to run in the environment, while preventing unauthorized applications from executing. Even for permitted applications, we implement additional security measures.

ThreatLocker's unique capabilities are particularly evident in its handling of Adobe Acrobat, a common PDF reader. PDFs can be exploited by malicious actors, or hackers, to gain access to systems. Typically, a user clicks on a PDF, it opens, and without their knowledge, malicious code executes on the system, interacting with other components to enable hacker access.

With ThreatLocker, we can restrict Adobe Acrobat to only accessing the official Adobe update servers on the internet, preventing it from accessing any other websites. Additionally, we can restrict Adobe's access to other applications and underlying files on the computer, preventing hackers from utilizing the program to compromise the system.

ThreatLocker is a cloud-based endpoint protection platform that utilizes endpoint agents installed on each device. The deployment of these agents can be automated through Microsoft Intune or RMM, depending on the specific scenario. The ThreatLocker portal is also cloud-based, and once the agent is installed, it communicates directly with the ThreatLocker cloud. One of the key advantages of ThreatLocker is the instantaneous implementation of changes made in the cloud to the endpoints. This ensures that devices are always protected with the latest security policies.

Administration of Allowlisting is incredibly simple, and ThreatLocker provides numerous methods for approving applications and ensuring their legitimacy. One of ThreatLocker's strengths is its dedicated team that continuously monitors applications for changes. For instance, Microsoft's infamous "patch Tuesday" releases require thorough vetting of all patches. If not vetted, ThreatLocker will block them. ThreatLocker's team proactively prevents these issues by adding validated applications to the system. Occasionally, an unpopular application may slip through their team's detection. In such cases, the process for blocking is straightforward. Upon receiving an alert, we can examine the application and its characteristics, including its files. Directly from ThreatLocker, we can verify the application against known repositories that track applications based on their hash or unique Digital DNA to determine if it's a registered application with a known location. Additionally, we can check for any malicious characteristics. Based on this assessment, we can take two actions: either approve the application or utilize ThreatLocker's newly introduced virtual sandbox environment. With a simple click, we can isolate the blocked file in a virtual environment. ThreatLocker creates a separate Windows screen, copies the file over, and executes it within the environment for two purposes. The first is for capturing the file's signatures and any missing elements. The second is for observing the file's behavior in a controlled environment.

Software approval requests for end users are simple. The end user will typically see a small box, which can be customized. We can create a custom appearance or use the ThreatLocker standard box that appears and states that the application has been blocked. There is a box where users can justify the application and explain why they need it. They can then request approval. This is their interaction in terms of requesting approval. On the backend, either the Cyber Heroes or our team will review and approve everything. If the application is approved, the users will receive another small box in the lower right-hand corner of the screen stating that the app has been approved and can now be run. The box will have a button that users can click to run the previously blocked application.

The combination of Allowlisting and Ringfencing is a key advantage of ThreatLocker, particularly in preventing applications from accessing unauthorized internet sources or tampering with sensitive system programs. Allowlisting explicitly permits specific applications to run, while Ringfencing imposes additional restrictions on their behavior. This layered approach ensures that applications can only execute authorized actions and cannot escalate privileges or compromise system integrity. Allowlisting simplifies application control by eliminating the need to define granular permissions for each application. Instead, administrators can simply check a few boxes to whitelist trusted applications. However, for more advanced configurations, ThreatLocker provides granular control over application permissions. Ringfencing acts as a safeguard, akin to guardrails along a mountain road. Just as guardrails prevent vehicles from plunging over the edge, Ringfencing prevents applications from engaging in unauthorized or malicious activities. This additional layer of protection provides peace of mind and enhances overall security.

Establishing trust is crucial, and with Allowlisting, we have a thorough vetting process to ensure applications meet the necessary security criteria. We first evaluate whether the application is truly needed in the environment or what its purpose is. Additionally, we can identify who initiated the request. Furthermore, ThreatLocker's portal provides access to historical data on applications, including file hashes, which act as unique digital DNA. This allows us to verify whether the application is in its original form and check for any known threat advisories. This comprehensive information empowers us to make informed decisions about whether to Allowlist or deny an application based on our findings. Additionally, we can sandbox the application to observe its behavior in a controlled environment and detect any malicious activities. This rigorous vetting process ensures that only trustworthy applications are Allowlisted.

ThreatLocker allows us to maintain consistent environments by providing a central repository that tracks which applications are authorized to run. This simplifies application management and ensures that only approved applications are installed. Additionally, ThreatLocker enables us to control bloatware, which can often contain vulnerabilities. We can prevent bloatware from executing within our environment, further enhancing security. ThreatLocker's zero-trust architecture, including application control, ringfencing, and other features, strengthens our overall security posture. With ThreatLocker, we no longer need to worry excessively about end users clicking on malicious emails, as the embedded code cannot execute due to the restrictions we have implemented. Overall, ThreatLocker's zero-trust architecture is mandatory across all clients in our environment. It is not an optional security measure; it is essential for doing business with us. ThreatLocker empowers us to control our environment and ensure comprehensive security.

ThreatLocker has helped us reduce our helpdesk tickets by preventing rogue applications from running in our environment. This significantly reduces the overhead associated with managing tickets. With ThreatLocker, we have complete control over which applications are allowed to run, so we don't have to worry about users clicking on something they shouldn't. Occasionally, we do receive requests from end users who are trying to run blocked applications, such as games. These requests are denied and do not become tickets. Overall, ThreatLocker has significantly improved the standardization of our environments and reduced the overhead associated with managing user-related tickets. It has given us complete control over which applications can run in our environment, and we rarely have any end-user-related tickets as a result.

Many tickets are created due to an inconsistent or non-standardized user environment. Users encounter differences in software configurations between systems, leading to curiosity and clicking on unfamiliar items. In the current era where 96 percent of security incidents originate from phishing email clicks, we have clear evidence, supported by metrics, of the impact and consequences of such actions within client environments. By standardizing the environment and utilizing a common system like ThreatLocker, which enables whitelisting, blacklisting, or implementing guardrails, the number of tickets and user-generated noise can be significantly reduced.

Our current security stack is very lean and well-integrated. Whenever I attend a trade show or conference with vendor halls, I'm always approached by vendors trying to sell me something. ThreatLocker already does what they're offering, so there's no need for additional purchases. From a cost perspective, ThreatLocker has allowed us to consolidate and save significantly. Additionally, without ThreatLocker, we would likely need six or seven different tools to achieve the same level of security, further reducing costs.

We use ThreatLocker's Allowlisting to whitelist specific applications and prevent unauthorized software from running.

We utilize Ringfencing to establish guardrails around implementations, ensuring that applications operate within defined boundaries.

We leverage network access control to granularly control interactions between computer systems and servers. This enables us to restrict communication between specific applications, even within a locked-down environment.

We employ storage control to impose additional security measures on data storage. This includes controlling access to network shares, network files, and folders, as well as USB storage devices. We can whitelist specific devices based on their serial numbers or allow access based on predefined conditions.

We rely on ThreatLocker's Cyber Hero support, which provides exceptional assistance and responsiveness. At any time, we can initiate a chat session and receive immediate support. If the issue requires escalation, it is promptly handled.

Cyber Hero support also plays a crucial role in vetting application updates. When a user attempts to install or update an application, and the update has not been approved from a security standpoint, it is blocked by ThreatLocker. A notification is presented to the user, informing them of the block and providing an option to justify the application's need. These requests are then reviewed by ThreatLocker's Cyber Hero support team, who evaluate them against our security criteria and make an informed decision to allow or deny the application.

We utilize ThreatLocker's elevated control feature for applications that require administrator-level access. We avoid granting full administrative privileges to end users, as this elevates the risk of compromise if the device is infiltrated. Instead, elevated control allows us to precisely define the execution conditions for specific applications, such as QuickBooks updates. By verifying the application's signature and certificate, we can enable the update to run with administrative privileges while restricting the user's overall administrative access.

Integrating ThreatLocker with other products is simple and only requires a few clicks. ThreatLocker's deployment is also very straightforward. The company provides extensive and well-written online documentation, which is continuously being improved. They also offer a variety of training resources, including university courses, training videos, webinars, and conferences. I have no complaints about the level of support and knowledge transfer provided by the company. ThreatLocker is also developing a new reporting tool, which I had the opportunity to beta test. The company has also been showcasing the new reporting tool at conferences. The new reporting tool provides a level of detail that is unmatched by any other product on the market.

From a reporting perspective, enhancing the ability to customize reports would be beneficial. This could include the option to export reports to a Word document for further tailoring, allowing users to add their own executive summaries and additional content.

I have been using ThreatLocker Protect for five and a half years.

ThreatLocker's development team is capable of releasing beta versions of upcoming releases. Our organization has a policy against deploying beta code due to potential stability and security issues. We don't want to inconvenience our customers or use them as guinea pigs. Overall, ThreatLocker has been a stable platform. However, the threat landscape changes rapidly, and even vetted releases can have minor glitches, such as applications being categorized differently. This can sometimes have adverse effects. However, ThreatLocker's team is very responsive and quickly addresses any issues we bring to their attention.

I haven't identified any inherent limitations or restrictions, or let's say, a ceiling. I'm aware that ThreatLocker is deployed in large corporations around the world. So, they can accommodate organizations of all sizes, from single-person entities to Fortune 500 companies. It's undoubtedly scalable. When I evaluate scalability, I consider not only the number of endpoints and various supported components but also the ability to adapt to the evolving threat landscape. ThreatLocker has certainly been doing that with the introduction of new products and services, as well as the continuous evolution of the platform as a whole.

ThreatLocker is the only company where, regardless of the time of day or whether it's a holiday, I can get immediate support by just jumping into the portal, clicking on the chat, and having someone respond. And it's not just a bot; it's a real Cyber Hero who is ready to assist. They even offer the option to request a Zoom link so that we can have a face-to-face meeting to explain our scenarios and share our screens. If the Cyber Hero is unable to resolve the issue, there are two additional levels of support available online 24/7. We've dealt with many vendors, but we've never experienced this level of support.

Positive

The implementation process was relatively straightforward. ThreatLocker provides us with granular control over almost every aspect of the system, which is one of its key advantages. Upon initial installation, ThreatLocker enters a learning mode where it identifies and catalogs all applications within the environment. We can then determine when to transition ThreatLocker from learning mode to full secure mode, with options ranging from one day to 30 days. In our case, the transition to full secure mode was relatively seamless. We completed the learning phase and had ThreatLocker fully operational within 30 days.

We utilize Microsoft Azure and Intune to manage the majority of our services. In this instance, we employed a PowerShell script provided by ThreatLocker, tailored to our specific environment, and deployed it via Intune. Intune ensures that every device is enrolled. Upon defining and adding the PowerShell script, Intune automatically distributes it to the endpoints, completing the installation process. The deployment process is simple.

We don't require many people for the deployment of ThreatLocker.

ThreatLocker has been instrumental in our ability to standardize and secure our environments, enabling us to replicate them consistently. This standardization has significantly reduced overhead, as we no longer need to rebuild the infrastructure for each new client or prospect. Furthermore, the controlled environment that ThreatLocker has facilitated resembles a well-policed community, where crime rates are low, residents are content, and property values are rising. In contrast, an uncontrolled environment akin to one with inadequate law enforcement would result in chaos. Consequently, ThreatLocker has allowed us to operate efficiently and effectively, minimizing support tickets, eliminating security concerns, and ultimately contributing to our profitability.

Today, the term "zero-trust bubble" is used to describe the growing number of vendors offering zero-trust security solutions. However, I've observed that the IT security industry, as a whole, tends to over-hype new technologies with acronyms and buzzwords without fully understanding their implications. When I examine the current zero-trust landscape and compare it to other security bubbles like endpoint detection and response, secure access service edge, and so on, I find ThreatLocker's pricing to be reasonable for the services it provides.

Previously, we had not implemented any solutions for zero trust because it was a relatively new concept at the time. We were exploring various options to gain more granular control over applications running on separate networks within our environment. Our goal was to standardize and normalize these applications while preventing the execution of unauthorized applications or scripts. However, we were unable to find any solutions that met our specific requirements. When we were introduced to ThreatLocker, we evaluated other available solutions and found that ThreatLocker offered the most comprehensive feature set.

There was nothing else in the market at the time that was doing what ThreatLocker was doing or even attempting to do anything with Zero Trust. The CEO and co-founder visited my office and provided me with an in-depth explanation of the product, its vision, and its future plans. This was sufficient for me because, first and foremost, what matters most to me, especially in the security industry, is having personal connections with my vendors. I don't want to be just another customer. I specifically want to know that I have people I can call on my speed dial when something goes wrong. And that's the kind of relationship I have with ThreatLocker.

I would rate ThreatLocker Protect nine out of ten. There are many security products available today that companies like mine utilize, and some of these products could be replaced with ThreatLocker. However, ThreatLocker is one of those tools that I consider indispensable to our security stack. We have such a strong conviction about this because we understand its capabilities and have seen its effectiveness firsthand. While a significant portion of our work is proactive security, we have also been called upon by companies who have experienced ransomware attacks. In these situations, we have been able to assist them in their recovery efforts. If these companies had ThreatLocker in place, they would not have been vulnerable to these attacks. This reinforces our unwavering belief in the value of ThreatLocker.

We implemented ThreatLocker from the outset within our environments. Therefore, it's difficult for me to compare it to previous solutions as it has become an integral part of our security framework. When I interact with colleagues who don't use ThreatLocker, I hear a lot of complaints, particularly regarding ticketing and the time wasted on text-based communications. I would say that the vast majority of these issues could be avoided if they had ThreatLocker in place.

The company as a whole has experienced and addressed all the concerns that have been raised. Firstly, they are continuously developing and enhancing their product offerings, which include not only the product itself but also the accompanying knowledge base and support structure. Most recently, we have been beta testing their latest portal upgrade, which is remarkably impressive. Ultimately, if I were forced to reduce my security stack to just one or two tools, ThreatLocker would undoubtedly be among them.

Occasionally, a less popular application pushed by a publisher may be flagged by ThreatLocker. In such instances, customers may inquire about the issue. However, once the reasoning behind the flag and the importance of our application vetting process to safeguard their environment are explained, the concerns typically subside.

ThreatLocker's user interface has undergone a significant transformation since its inception. The new beta portal, which we now have access to, is a vast improvement over the original portal. It is both aesthetically pleasing and functional, fulfilling all of its intended purposes. In terms of UI customization, I see little room for improvement. One area where I always seek enhancements is integration with third-party products, particularly PSA platforms. We utilize ConnectWise Manage, now known as ConnectWise PSA, and it seamlessly integrates with ThreatLocker. During a recent client audit, I compared the actual numbers to the PSA's reports, and everything matched up perfectly. When I consider ThreatLocker as a whole, I am impressed with not only the product itself but also the company's culture and commitment to innovation. They continuously invest in thought leadership initiatives, such as webinars, training programs, the ThreatLocker University, and their annual conference. These efforts demonstrate their dedication to providing their customers with the best possible experience. I have no specific wishlist items for ThreatLocker. I am genuinely satisfied with their product and overall approach.

We began realizing immediate value from ThreatLocker, as it provided us with the ability to view blocked applications, scripts, or files within the environment through its unified audit feature. This allowed us to quickly identify and eliminate unwanted software from our environment. Additionally, we could revisit applications that had been vetted or cataloged and decide to block them if they were no longer deemed necessary. Overall, the time to value for ThreatLocker was within the first 30 to 45 days.

ThreatLocker is used by all of our clients and on all of our endpoints. We currently have over 250 endpoints protected by ThreatLocker.

From a maintenance standpoint, ThreatLocker is relatively straightforward. While application signatures inevitably change, the most frustrating aspect is the lack of consistent code signing by software publishers. Despite the current cybersecurity emphasis and efforts to minimize risk, it's baffling that reputable software developers often fail to sign their code. This necessitates an additional vetting process to verify the code's authenticity and ensure it hasn't been tampered with. One of ThreatLocker's strengths is its audit service. Upon request, their system engineers conduct a thorough audit of our client's environment via a Webex or Zoom session. They examine what's being blocked, what's not, our configurations, best practices adherence, and potential changes. This proactive approach ensures we're on the right track and adhering to best practices.

First and foremost, it is crucial to thoroughly understand the clients' environments and develop a tailored strategy for each one before implementing ThreatLocker. A one-size-fits-all approach is ineffective as every client environment has its unique set of applications and requirements. Thorough education is key. When rolling out ThreatLocker, we spend a considerable amount of time educating our customers about its purpose, functionality, and potential impact. We address their concerns and explain the rationale behind the restrictions. This education process should be ongoing for end customers. In the technology industry, there is a tendency to focus on the latest bells and whistles, neglecting the importance of educating end users about the benefits and implications of new technologies. This oversight can hinder the successful implementation of security solutions like ThreatLocker. It is essential to dedicate sufficient time to educating end users to ensure a smooth and effective rollout.
Know the environment. Before implementing ThreatLocker, thoroughly document and understand the client's environment. Initially, run ThreatLocker in learning mode to capture all applications used in the environment. Fine-tune the policy. Before switching to secure mode, collaborate with a Cyber Hero or solutions engineer to identify and address potential application conflicts or redundant applications. Leverage ThreatLocker University. Encourage the team to participate in ThreatLocker University training to gain in-depth product knowledge. Test in the environment first. Before deploying ThreatLocker to clients, thoroughly test it in your own environment to gain familiarity and expertise. ThreatLocker is not suitable for every organization. It is not intended for those who lack a serious commitment to security or are unwilling to invest the time and effort required to properly vet and configure the product for their specific environment. ThreatLocker is most effective for organizations that are willing to take advantage of its comprehensive features and dedicated support to tailor the solution to their unique needs. Remember, the success of ThreatLocker implementation depends on thorough planning, education, and a commitment to security.

Many of our firms are currently using ThreatLocker, and they have been very happy with it. It can block unauthorized software from being downloaded. 

A few years back, we had an attack on one of our biggest clients. After that, we implemented ThreatLocker. For the last couple of years, there have been no issues or attacks. This has been really helpful.

Currently, we are not using the full range of modules, however, we are using ThreatLocker elevation. That's really good. 

The deployment is very easy.

We've been able to save some operational costs and expenses by using this product. However, the main thing is that it protects our customers. 

The zero-trust endpoint availability is good. It can block unknown applications straight away.

We have reduced help desk tickets. It helps with management. We have a good team in place. 

Some reporting areas need improvement. We need to generate more reports. That area should be improved. We'd like reporting on if someone tried to install software, we'd like to be able to generate reports on what was blocked.

I have been using ThreatLocker for the past four years.

Stability is good; it is a growing business. Over the last four years, it has grown significantly.

Scalability is good. There has been no impact in the last couple of years.

Support is good, with very quick support from Cyber Heroes if any staff requires help. From our side, they are really helpful.

Neutral

We did not use another solution previously.

The initial setup is good; deploying is very easy.

We are managing the implementation ourselves.

It's protecting our customers. That is the main thing. That's our ROI.

In the last couple of years, the price has remained the same. Nothing has changed, and it's good. I hope it will not increase soon.

We did not evaluate other options. 

The overall rating of the solution is eight out of ten. We need to improve the reporting side, including reporting and generating reports. That area needs to be improved.

I am one of two internal support staff for our company of approximately 60 employees. We manage roughly 80 devices, including servers and similar equipment, and utilize ThreatLocker Protect for internal support only. We do not resell this product.

Approving or denying software requests is a simple process for administrators. We have a well-defined workflow, and one of the most convenient aspects is how it handles individual user and computer requests. The beauty of ThreatLocker Protect lies in its ability to approve individual requests while also offering broader deployment options. For example, if a work operation requires specific software and John Smith initiates the request, I can not only approve it for him but also wildcard it. This means that if another member of the same team or someone else in the company wants the same software, they don't need to submit a new request; it's automatically approved based on the initial approval for John Smith. This saves everyone time and simplifies the process.

The visibility into software requests from users is perfect.

We leverage ThreatLocker's Ringfencing technology, which has proven highly effective in our security strategy. While it allows us to whitelist specific applications, it critically prevents those applications from exceeding their authorized access. Even if an approved program theoretically could access PowerShell, the command line, Regedit, or other restricted features, Ringfencing intervenes and blocks such attempts. This granular control is crucial for maintaining a strong security posture.

The need for establishing trust for every access request, regardless of its origin, is crucial. Before implementing ThreatLocker, we faced a significant issue. A department member needed a specific program, so he downloaded it from a third-party site instead of the official source. Unfortunately, the site was riddled with malware. Unaware of this danger, he downloaded and installed the program. Three of us spent two days not just cleaning up the mess, but also verifying that the malware hadn't infiltrated our network. This is where ThreatLocker shines. Even if a trusted program like "Program A" is installed from the official source, ThreatLocker can be configured to only allow future requests from the program's parent company with a valid signed certificate. Any request for the same program from an unauthorized third-party source with an unverified certificate gets automatically blocked. This is truly a powerful feature.

ThreatLocker Protect has significantly reduced our help desk tickets. We used to be bombarded with repetitive requests, particularly software update approvals. The ability to use wildcards for both users and versions in ThreatLocker is fantastic. Previously, when new versions of software were released (e.g., Software A version 1.1), we'd receive up to 15 separate requests for approval. Thankfully, ThreatLocker allows us to whitelist both users and versions. Once we approve Software A from the authorized vendor for version 1.0, we can create a wildcard rule that automatically approves future updates (1.1, 1.2, etc.) from the same vendor. This eliminates the need for manual intervention, saving me an incredible 80 percent of my time. ThreatLocker Protect is truly a game-changer!

ThreatLocker Protect helps our staff focus on other projects.

We saw the value of ThreatLocker Protect shortly after deployment, but it's important to understand how the initial stage works. After signing up and installing the program, the machines enter a learning mode. During this period, ThreatLocker observes and analyzes the software on our devices, identifying common applications and their components (DLLs and EXEs). This learning phase typically lasts around 30 days. While we might not see immediate results during learning mode, it's crucial as it lays the foundation for secure operation. Our first audit review, conducted ten days after deployment, revealed a large number of identified applications because the system was still learning. However, our assigned systems engineer provided excellent explanations and handled the back-end processes seamlessly, eliminating the need for manual intervention. This is one of the program's key strengths. While ten days might seem like a short time to realize the value, it's important to remember the learning phase is essential for effective protection. The automatic learning environment and subsequent transition to secure mode ensure a smooth and efficient deployment process.

I'm deeply impressed with ThreatLocker Protect, and I've been in IT for over 40 years, including four years as a school administrator and teacher. The software is incredibly intuitive and easy to use, even for non-technical users. The interface is clean and well-organized, making it simple to navigate and find what we need. The support team is truly exceptional. They are responsive, knowledgeable, and genuinely helpful. Whether it's a quick question or a complex issue, they are always available to assist. My wait time has never exceeded 15 seconds, and resolutions are typically within five minutes. They even offer regular audit reviews to proactively identify and address any potential problems. ThreatLocker University provides comprehensive, self-paced training that is easy to follow and understand. It empowers users to effectively utilize the software and maximize its benefits. Overall, ThreatLocker Protect stands out for its intuitive design, exceptional support, and comprehensive training. It's a fantastic product backed by a remarkable company culture, making it a true pleasure to use.

The snapshots used in the ThreatLocker University portal are outdated snippets and have not been updated in conjunction with the portal itself.

I have been using ThreatLocker Protect for two years.

We have never had stability issues with ThreatLocker Protect.

ThreatLocker Protect is easily scalable.

The technical support is great.

Positive

Deploying ThreatLocker was surprisingly straightforward. Their documentation guides users through the process clearly, offering multiple options for deployment. From traditional MSI installers to EFCs, users have the flexibility to choose the method that best suits their needs.

It took just five minutes to deploy the software on a single machine. However, for the network-wide rollout, we opted for a cautious, phased approach to minimize potential conflicts. Out of our 60 machines, we selected 10-15 users or computers as a test group. After pushing the update to this initial group, we monitored closely for any red flags or issues. As no problems arose, we gradually added more computers to the deployment in 15-user increments until everyone was covered. This approach, while slower, allowed us to identify and address any potential issues before impacting the entire network.

While two of us were involved in the deployment planning, the actual execution was carried out by one individual. Once they started rolling out the machines, I joined in to monitor the results and provide support. It's worth noting that this single person successfully deployed the software to 60 machines.

The implementation was completed in-house.

ThreatLocker's pricing seems justifiable. We get a lot of value for what we pay, with excellent support, the program itself, and everything related to it being top-notch. If my CTO ever suggested dropping it due to budget constraints, I'd be concerned. While I don't have access to the exact cost, even if it was around five thousand dollars annually, I'd suggest reallocating that amount from my salary to keep ThreatLocker Protect. That's how strongly I believe in the program's effectiveness.

I would rate ThreatLocker Protect ten out of ten.

ThreatLocker Protect is not a significant CPU consumer. We've had it for over three years, and while there have been a few minor conflicts with other programs, they were easily resolved. This is to be expected with any software.

I have a biweekly call with an analyst from ThreatLocker, and they treat our organization, which has only 60 computers, the same way they treat businesses with 4,000 computers.

ThreatLocker Protect is incredibly easy to install. I highly recommend engaging their system engineer for assistance. Don't hesitate to reach out with any questions, no matter how simple they may seem. The ThreatLocker support team is known for its patience and willingness to help. They're happy to answer anything you ask, regardless of your initial perception of the question's importance. So, feel free to be open and honest with them; they'll treat you with the utmost respect.

Every single endpoint and everything that we manage has ThreatLocker on it. We saw how valuable it was, and we went to every one of our customers and told them either we install this on your PCs or we have to just part ways as friends.

We use the basic ThreatLocker product for Zero Trust and we have one client where we're using Elevation Control.

The big benefit is that I can sleep better.

The fact that it stops anything that we don't want from running is the biggest thing. It's also very easy for administrators to physically approve or deny requests. The difficulty is in determining whether they should approve or deny.

We use ThreatLocker Allowlisting with Ringfencing and I would give ThreatLocker a 10 out of 10 on pretty much everything. The establishing of trust for every access request, no matter where it comes from, is the way of the future.

Something we have come up against a couple of times is that we have two clients that are software developers. They create software that doesn't have digital signatures and that's not easy to categorize or whitelist with ThreatLocker. We have to go in and make custom rules to allow them to do their work and be protected from malicious threats. We've gotten really good at it. 

ThreatLocker's support has been absolutely wonderful, you get somebody there very quickly. The danger is when one of my techs calls in with a question about some rules, and he reaches somebody on the other end that has about the same level of technical ability—and I know it says "cyber hero in training"—my concern would be that if the people on both ends of a call are inexperienced, they could inadvertently create a rule that opens up too much. So if I have a concern about that, I usually just get on the call myself.

There is one other big thing. If I want to install a piece of software, and I want everybody in the organization to be able to install that software subsequently, when I put a computer in Learning Mode that disables ThreatLocker. I then install the software and Learning Mode tells ThreatLocker everything that the software just did. 

Every now and then, ThreatLocker will block something, like a web browser update or a web browser plug-in update, and some of that is just not important so I don't worry about whitelisting it. It keeps trying to run, and ThreatLocker keeps causing it to not run, which is okay.

But when I turn on ThreatLocker Learning Mode to install some other piece of software, if there is something that has been trying to install for weeks and hasn't been able, and then attempts to install while ThreatLocker is in Learning Mode, it will allow it to happen.

To summarize, when you put ThreatLocker in Learning Mode, if there's something else that is trying to run at the same time as whatever it is that you're trying to install, it will be allowed to run.

I've been using ThreatLocker Allowlisting for two or three years.

It's completely stable, other than every now and then an agent will stop phoning home and somebody will have to intervene, but that's very rare.

Scaling is super easy. The great thing is that you can deploy policies to other computers. That means I can make a policy in the parent company, which is mine, and I can then deploy it to all computers.

We have 380 users of ThreatLocker from our company, but I just merged my company with another company so the total across all of our endpoints is about 1,300.

Their tech support is the best I have ever come across.

Positive

We never used a Zero Trust solution before ThreatLocker. We use a next-gen antivirus product called SentinelOne. We had deployed that on all PCs and servers. When ThreatLocker came up, it was so valuable and thorough, that we replaced SentinelOne with ThreatLocker across the board.

In the initial deployment, which I did completely, it was a little difficult to understand how the policies and the rules interact together, at first. But it's a complicated subject, so it took a while for us to grasp all of it. And it took even longer to grasp the finer points of it. But they have very good training and their support is absolutely unparalleled, just great. I've never waited longer than a minute for somebody to get online.

ThreatLocker is a cloud solution. We install it on the local machines but it reports back to the portal, which is in the cloud. As a deployment model, that's perfectly fine. It's very easy to roll out. We use a little piece of software called PDQ Deploy and we can push it out to all machines at once. We can also use our RMM solution, which is ConnectWise, to push it out. It's very easy.

Once I understood it a little, I brought on two techs and they sat with me while we did deployments. Periodically, if I have figured out a different way to do rules, we do in-house training where I show my guys what I'm doing and why I'm doing it, and we document it and write down the steps. Now, those guys know how to install ThreatLocker and deploy it.

It doesn't really require any maintenance. Every now and then we have an agent that's not phoning home, but not often.

I did it myself but had help from Colin Ellis who works for ThreatLocker. He helped us take everything out of Learning Mode and make sure that there was nothing malicious that we were missing that might be allowed to run. He is one of the smartest guys I have ever met.

We have very much seen a return on our investment. We have been around as a company for a long time, for fourteen years. And it was really only recently that we figured out what we were worth and what we should be charging. But it's very hard to go back to a customer that you've had for many years and say, "Hey,  you've been paying $45 a month for a long time and we're now charging $120 a month. 

However, if we can come in and say, "Look, this is the best tool on the market for keeping you safe, and we feel so strongly about it that we insist that you install it or we just can't work with you anymore." We were able to charge another $25 to $30 a month for that product. We had to explain exactly what it did and how it worked, but we were able to significantly increase our recurring revenue by adding that product because the pricing is reasonable and, when you present it correctly to the customer, it is so valuable that you can charge another $25 to $30 a month, per machine.

I saw the value in it before we deployed it, from the very first presentation I saw about it. I was intrigued enough that I went to the booth, once we were on break at the trade show, and started talking to people there. It was just obvious what its value was going to be. It really does allow me to sleep, in every sense of the word.

It felt as if we were in a losing battle, and then ThreatLocker came along and it
felt like we had a chance. As an industry, we're up against nation-states. All of us as little MSPs are up against people who have endless resources and money and who are either sponsored by their governments or organized crime.

The pricing works fine for me. It's very reasonably priced.

We do have other antivirus products running at the same time. We have Webroot and, in some cases, we have Windows Defender running at the same time. But ThreatLocker just catches everything so we don't have to worry about antivirus signatures being up to date.

We also evaluate other products all the time. Komodo was one as well as something from Trend Micro.

It was obvious, right from the get-go, that ThreatLocker was the most efficient and effective way to stop malware from running. The thing that makes ThreatLocker different and better than all other Zero Trust solutions that I've ever heard of—and I've never tried another one, but I've heard the horror stories —happens in the beginning by turning on Learning Mode and letting that run for three to four weeks. That means that when you turn ThreatLocker on by taking it out of Learning Mode, all of the things that have been running during that time are whitelisted and they're allowed to run.

In the olden days, when you turned on Zero Trust, it blocked everything. And then we had what we used to call the "scream test." We would wait for people to start screaming and then go wherever the screaming was, figure out what was being blocked, and unblock it. But that was horrible because even if you unblocked one file, that one file might be trying to call two or three other files to run and make that software work. And if you don't whitelist those too, you still get problems. So that's the upside of Learning Mode. ThreatLocker takes that initial pain completely out of the equation.

In terms of reducing help desk tickets, at first, it's something of a wash. When you first install ThreatLocker and make it active after a certain time in Learning Mode, the tickets are going to go up because people are going to have software, over the next 60 days or so, that they can't run because it didn't happen to run during the Learning Mode period. So for the first 45 to 60 days, we probably had a small increase in tickets because we had to whitelist things. But since then, it has been significantly better. Once we got all the rules sorted out so that people could do whatever work they need to do, and we still keep them protected, we had very little background noise. There is a ticket increase at first, which is normal and expected. There's no way that you're going to turn this on and have everything be perfect every time. But after that, the tickets go down significantly.

Every now and then, we'll get a call from someone who has gotten a phishing email, and they're suspicious of it. They'll call us and ask us to look at it. But the great thing is that if you get a malicious email and you try to run something, ThreatLocker is not going to let it do anything. It is not going to let anything infect your network.

If somebody takes a look at ThreatLocker and doesn't understand what it can do for them, I don't know if that person should be in the IT business. It sounds like I'm sitting here worshiping at the altar of ThreatLocker, but that's not entirely true. There might be other solutions out there that are similar. I know that there are other Zero Trust solutions, but there's no compelling reason for me to move anywhere else.

They just do a great job across the board. When I merged my company with another company, that company had been playing around with ThreatLocker but had never turned it on. They didn't understand how it worked. They tried turning it on internally and it blew up a bunch of stuff but that was because they didn't follow the instructions. 

When we merged the companies, I was very adamant about this: "Guys, you need to put this piece of software on every PC that you manage—every single one. I simply explained to the one guy who was complaining about it, because he was the one who had turned it on before he had figured out how to whitelist things first, that there was a way to get around the issue that you have. And once you get past that issue, it's really great.

One last point: There is a feature, Elevation Control, that we're only using for one of our clients, but it works so well. It's fabulous, just wonderful.

I have an advantage over many other people and that is that I live 20 minutes away from ThreatLocker's corporate office. I'm fortunate enough to know Danny Jenkins (CEO), his brother, and several other people who are high up in the company. I visited them at their old office, and I went over on opening day and visited their new office. 

I can walk in there and see how the people are working and I can also see the morale of the people who are working there. To everybody who walks in there, it looks like a fun environment to work in. It's a scary business to be in and yet I see people walking around smiling and saying to me, "Hey. How are you?" You don't see any evidence of people stressed out and working in a job that they didn't like. Probably the best thing that I can say about the leadership at ThreatLocker is that they put their people first.

Their training is very good. They treat their people very well and that makes those people want to help customers and MSPs. It's a very well-run business.

I would rate ThreatLocker at 11 out of 10.

I deploy ThreatLocker to my clients who sign up with my service agreement. I coordinate the deployment and monitoring of the software and programs. 

Periodically, I manage the alerts and respond to requests by either approving or denying them, depending on the case.

ThreatLocker provides a lot of peace of mind. We don't have to worry something is going to get in and run in the background in the night hours. It's more so for our control and monitoring purposes.

The application control is highly valued by me. The ring fencing and storage management are also important, however application control is my go-to feature. The solution helps provide me with peace of mind and control. It assists me in reducing help desk tickets by automating processes and allows IT teams to focus on other projects. 

ThreatLocker saves me a couple of hours per day dealing with threats and encrypting efforts elsewhere. It helps me run reports ahead of time to avoid wasting time.

It's easy for IT teams to use. Cyber Hero Support is always there is we get stuck.

We've been able to save operation costs. With the automation and policies that are in place for application control, we're not finding ourselves wasting time monitoring or resolving issues. Our efforts are now being deployed elsewhere. 

It's very good at blocking unauthorized applications. We had to manage policies through the server and it was more tedious. With ThreatLocker, we definitely see the benefits.

We have reduced our help desk tickets with the help of automation. There's a lot of reporting to help us block and avoid wasting time. Our IT teams can use the time on other projects. Agents can handle other phone calls. We have more resources available. 

Without ThreatLocker, responding to threats might take an hour or two. With the solution, this is sped up. We can save hours a day since threat response has been sped up.

It's only been a short amount of time. We do need more time with it and be more acquainted with the software. 

We use other vendors for other components. I'd like one vendor to control all aspects of the business, including backup, EDR solutions, email monitoring, and control, rather than using multiple vendors.

I have been using it for about ten months.

It is stable.

It is scalable.

Customer service is excellent, with Cyber Hero Support being responsive within a minute or two. There are regular communications with an account manager and a support agent.

Positive

There was no Zero Trust solution before this, however, I had other EDRs and vendors.

The setup was pretty easy for me. I use another tool, an RMM tool, that helps me automate deployment. Setting up the organization on the portal was straightforward due to built-in applications and policies.

The deployment was supported by an RMM vendor. I found no issues.

It frees up my time for technicians to focus on other projects, providing me with an overall definite benefit.

The cost is very competitive. The pricing model works for me and can be passed to clients as part of their monthly service agreement.

I did not evaluate other solutions before picking this one.

ThreatLocker's modules, knowledge base, ThreatLocker University, and resources are very helpful for me. Policies and policy auditing formats are clear and easy to use. 

The overall product is rated ten out of ten.

I have a lot of clients, and I am responsible for protecting them by ensuring their environments are safe and up-to-date.

The major benefit is just fewer breaches overall. No one can run anything without it being approved first. ThreatLocker is helping companies protect themselves.

Being able to protect and trust nothing by default, known as zero trust, is the most important feature to me. The major benefit is fewer breaches overall, as nothing can be run without prior approval. This helps my company protect its data and secure itself effectively.

Attack surfaces are easy to control. It's easy to deploy and protects very well.

We've been able to consolidate security tools using ThreatLocker. We used to use SentinelOne and it wasn't doing exactly what we wanted. It wasn't detecting anything. 

It's great at blocking access to unauthorized applications. By default, it trusts nothing. 

We do get more tickets for application requests, however, that's not a bad thing, since it's protecting our environment. 

The user experience could be improved. Most complaints we get are based on users wanting certain functionality. For the most part, built-in applications are pretty good, however, having more would be beneficial.

I have been using it for about two to three years now.

It has great stability without any negative aspects.

I believe it's scalable, whether the client is small or large. It is beneficial regardless of the size.

I have experienced amazing support. Whenever I have an issue, I click the chat button, and someone is always available to assist me. Escalations go smoothly, and I have never encountered support issues.

Positive

I used to use a tool called SentinelOne before switching to ThreatLocker. SentinelOne was not meeting my needs and did not detect issues effectively. I now also use Huntress, but ThreatLocker has been a huge help by blocking anything unapproved.

I deployed it with our RMM, which made it really easy. It was much simpler than it would be with a different program. I set up the tenant, changed a few settings, checked a box, and deployed it. The process was fast and efficient, with the devices appearing quickly and no slowness.

I would stress the importance of saving companies from breaches. The cost versus benefit of ThreatLocker is significant, as its small cost offers great advantages. If something were to happen without ThreatLocker, the cost would be huge, and thus, having it is definitely worth it.

In meetings, they mention 'set it and forget it.' While this can be efficient, it might leave applications unaudited over time, possibly opening vulnerabilities. Regular auditing and reviews would enhance security. 

I give it a nine out of ten overall, recognizing there is room for improvement.

I have a security service that I sell to my customers, which I provide along with ThreatLocker to deploy one of the essential eight controls.

We've helped to reduce overhead while managing at a large scale. 

The application control is a key feature of ThreatLocker. By using ThreatLocker, I have reduced the overhead of managing application control, eliminating the need for my engineers to manually add applications. 

ThreatLocker automates this process efficiently, allowing me to manage it on a large scale for all of my clients, as well as internally. It helps me produce greater efficiency.

It's easy for IT teams to use regarding reducing attack surfaces. It's easy for us. We can manage everything quite easily.

It's been able to help us eliminate and consolidate security tools. We were using a lot of Windows components and have since gotten rid of them.

We have saved on operational costs. We were spending about four to six hours a week managing requests and now were down to about two hours. 

ThreatLocker Zero Trust Endpoint Protection Platform's ability to block access to unauthorized applications has been excellent. It's also helped us to provide efficiencies elsewhere and, therefore, invest our time in other things that could benefit us tremendously. It has freed up time by 10% to 20%.

Initially, the learning curve was slightly high for me, however, that has been resolved now. They made a lot of improvements. When I first came on board, it was trickier to learn. Besides that, I can't see much else needing improvement at this stage. ThreatLocker University might offer more now, with additional learning and certifications. Previously, I only had a few demo and engineering sessions and had to learn the rest by myself.

It would be nice if they provided more than an EDR and have an antivirus component to go along with it.

I have been using the solution for about a year and a half now.

The stability had a few hiccups at the start, however, they've worked through a lot of their issues and are pretty responsive in fixing them.

I find scalability quite good.

Customer service has been great. I don't have much experience directly with them, however, I would rate it a nine out of ten.

Positive

I used just Windows Defender Application Guard control.

My experience with deployment was straightforward, easy to do, and worked well. I initially rolled it out to one or two clients as a trial and then expanded it to all clients. 

I did not use an integrator, reseller, or consultant for deployment.

The time efficiency I gained has allowed me to invest in other areas of the business. Additionally, I provide a lot of compliance services and communicate my processes to customers efficiently and safely.

The setup cost has been great. I had a really good deal at the time, and it continues to be cost-effective.

I considered Blackpoint as one of the options.

The overall product rating is nine out of ten. 

Our use case involves endpoint protection, ensuring that nothing harmful reaches any of our clients' workstations.

ThreatLocker Zero Trust Endpoint Protection Platform has helped mitigate security threats and reduce the risk of ransomware and data breaches.

ThreatLocker Zero Trust Endpoint Protection Platform has not helped replace any solution, but with most things in security, there are different layers. It is definitely the front of the shield. It does what it needs to do and is a very good product.

ThreatLocker Zero Trust Endpoint Protection Platform is very good at blocking access to unauthorized applications. I have seen it block several different types of nasty exploits. It is always interesting to see stuff come through that. It is also about how you manage your environment. At the end of the day, you have to make sure you set your filters correctly. If you do not set your filters correctly, you are going to have a hole somewhere. Right off the back, the way it works is great.

ThreatLocker Zero Trust Endpoint Protection Platform has helped reduce help desk tickets. It has helped reduce the incidents of clients getting exploits or ransomware put on their devices by 110 times.

Reducing help desk tickets using ThreatLocker Zero Trust Endpoint Protection Platform has helped free up our IT team’s time for other projects or tasks. It probably saves a couple of hours a day. Having ThreatLocker on our devices does help protect all our clients and our organization, and that allows us to review and remediate other security concerns.

The application management on any workstation with the solution is valuable. I find it valuable that it indicates whether the software is part of our pre-approved list, adding a nice layer of protection. It works great because people cannot just install or download any app from the web. Anything unapproved gets blocked.

ThreatLocker University offers many good training modules, but more in-depth training for advanced platforms would be beneficial. I believe having more detailed information would be great. There could be a portal where others can provide suggestions that we can review.

I have been using this solution for about two years.

It is very stable. I would rate it a nine out of ten for stability.

Its scalability is great. They have many other services included, and I believe we are only using one or two. Personally, I would like to see us use more, but it is about having layers and more than one solution to back us up. I would rate it a ten out of ten for scalability.

ThreatLocker's support is great. We have a good response time and a strong conversation with Rob and all the other team members there. I would rate them a ten out of ten.

Positive

The main return on investment is peace of mind, knowing that with ThreatLocker on any endpoint, it will almost always block all malicious code or exploits, even zero-day exploits. If an unknown or unapproved program is run, it is blocked for review, making us better at our job. If the client is trying to run something that is not in our system and the hash does not exist, it will be blocked for us to review, which then makes us better at our job.

It is easy to use, but you need to understand how it works from a high level. It requires an in-depth understanding of IT teams. A lot of time, people think they know what they are doing, but they set things that should not be set in the learning mode. They then have to go back and find them and remove them.

I have not seen any security defense solution quite like ThreatLocker Zero Trust Endpoint Protection Platform. There are other companies trying to achieve the same. With recent third-party issues, I have not observed ThreatLocker causing outages. It works very well, providing peace of mind. It is a great product. 

Overall, I would rate ThreatLocker Zero Trust Endpoint Protection Platform a ten out of ten.