ThreatLocker Zero Trust Endpoint Protection Platform Reviews

We mostly use ThreatLocker Zerto Trust Endpoint Protection Platform when we install new software and any additional new features in our environment. That's why we monitor it daily as well.

We're using it for four or five clients, and they are still in the testing phase. I'd like to use it for all of our clients. It's brilliant. There's good support and transparency. We've been able to find all of the information we need about threats so we can stop them effectively.

Blocking is done comprehensively. I would say about 70% to 80% of the time, it is mostly effective. 

When we started using ThreatLocker, some of our clients experienced a high volume of installation-related tickets. However, since we moved to ThreatLocker and after utilizing the learning mode, the number of tickets from those clients has decreased significantly. 

It's easy to use, even for someone who's not necessarily in IT. They just need some knowledge of computers.

We're saving a lot of time uncovering solutions and finding threats - and time is the most important aspect.

It's very good at blocking access to unauthorized applications. If there's an unknown device trying to connect, for example, we immediately get an alert.

It helps us reduce help desk tickets by 70% to 80%. This has helped us free up IT teams for other tasks. I would estimate that it saves at least 50% to 60% of our time by eliminating repetitive tasks, allowing us to focus on different things rather than performing the same tasks repeatedly.

I was discussing with someone the other day, and it seems there is currently no solution for mobile users. If ThreatLocker can design or build something for mobile devices, that would be brilliant.

We have been using ThreatLocker for the last few years.

It is stable. Its architecture deals directly with the kernel. This makes it more secure and stable. The kernel is the heart of a computer, so it is really stable.

You just need to install the agent, and that's it. You can deploy the agent through different methods, such as through your ID, your RMM, or your GPO. There are multiple ways, and it's just a matter of installing the agent and placing the computer or device in learning mode for 21 days, and ThreatLocker will handle the rest.

I only have one example, as I only had to discuss a matter with someone from CyberHero. The interaction was extremely quick. I opened the ticket, and within seconds, I received a reply.

Neutral

We did not use previous solutions.

The setup occurred a long time ago, about two and a half years. Initially, access to the portal was limited to senior colleagues; however, for the last two years, I have had access. I have not encountered any difficulties in using ThreatLocker.

I am not very technical, however, everything revolves around time. If a solution saves time and reduces manpower consumption, then ThreatLocker achieves that. There is nothing else we can evaluate.

There were no alternate solutions. It was the only one considered.

I would rate it a ten out of ten. There is no alternative solution currently. It is the best we have right now, although some competition would encourage faster innovation. The zero-trust architecture is impressive. It is an approach opposite to usual systems. 

I use all of the modules except for Detect right now. We use application control because we have many enterprise applications. Many of them require different levels of elevation or different access to various endpoints. Leveraging that, in addition to storage control, has been significant. We have not yet built out our network control but have been using application control.

ThreatLocker Zero Trust Endpoint Protection Platform has not only served well in replacing some other security applications; it has also helped uncover application interactions that we were not aware of with Unified Audit.

ThreatLocker Zero Trust Endpoint Protection Platform has been incredibly useful. I have completed the online Cyber Hero training. After going through that, I feel I have a pretty comprehensive understanding of the product. Using that knowledge, we have been able to uncover some application interactions we were not even aware of before.

ThreatLocker Zero Trust Endpoint Protection Platform has not yet helped us consolidate applications and tools. We brought it on just recently. We previously had a fairly complete suite, but it will be replacing several of the tools. It has not yet helped our organization save on operational costs or expenses, but it will do that soon.

ThreatLocker Zero Trust Endpoint Protection Platform is highly capable of blocking access to unauthorized applications. I am very satisfied with the granularity of control.

ThreatLocker Zero Trust Endpoint Protection Platform has not yet helped reduce help desk tickets. We still use some other applications to manage configurations. We will be using ThreatLocker's Configuration Manager for one point of control. It will help in the future. It has not yet, but I can see it coming. I am really excited about it.

ThreatLocker Zero Trust Endpoint Protection Platform has freed up help desk staff for other projects with Unified Audit. Dynamically adding to the application definitions or modifying policies is quick and easy. We work in health care, so everything is very thoroughly audited. There are times when I lose an entire day because the security auditor does not have access to everything going on. We then have to pull reports from everywhere. With Unified Audit, we have all the information we need in one location. It saves about at least four or five days out of the month, which is pretty significant.

Unified Audit is excellent for identifying our denies and using those to dynamically create rules, as opposed to manually observing the logs and creating them. It saves so much time. It ensures that the Zero Trust Platform functions effectively. Otherwise, the manual labor required would render it unusable.

It combines application control and network control. It brings all the Windows settings that we were previously controlling through GPOs and Intune configuration settings into one place. We have been able to watch all of these critical controls from one place through Unified Audit.

I have not run into any shortcomings yet. To become the best solution, some sort of integration or remote management, like remotely connecting, could be beneficial. I can adjust many configuration settings, but being able to perform remote maintenance when the device is unattended and providing remote support would be helpful.

I have been using it for about a month and a half.

It is 100% stable. I have confidence in it. It has been doing everything that we hoped it would do.

We do not have all of our endpoints locked down yet. With the flexibility of both the stub and the MSI installer, scaling it to the rest of the organization is going to be very easy, likely requiring just two clicks.

Their support has been fantastic. It has been absolutely outstanding. We have Cyber Hero support, and they are always so quick and super knowledgeable. The rest of our representatives have been very friendly and quick to help. I would rate them a ten out of ten. 

Positive

We use a handful of solutions. I have recently been brought onto our security team. We use CrowdStrike as our main security vendor at present.

Deployment is very easy. There are, I believe, three or four different installation options. We use Intune for managing our applications. I was the one who built the installer, and it was a five-minute process. There was no additional scripting involved, which was amazing.

We did it in-house.

There has been more granular control, especially with locking things down by processes and files. There are a lot of gaps that it is filling. It is addressing many of my needs. It gives me more confidence. I have been able to sleep better at night.

I did not consider any alternate solutions.

Overall, I would rate ThreatLocker Zero Trust Endpoint Protection Platform a ten out of ten. 

Every single endpoint and everything that we manage has ThreatLocker on it. We saw how valuable it was, and we went to every one of our customers and told them either we install this on your PCs or we have to just part ways as friends.

We use the basic ThreatLocker product for Zero Trust and we have one client where we're using Elevation Control.

The big benefit is that I can sleep better.

The fact that it stops anything that we don't want from running is the biggest thing. It's also very easy for administrators to physically approve or deny requests. The difficulty is in determining whether they should approve or deny.

We use ThreatLocker Allowlisting with Ringfencing and I would give ThreatLocker a 10 out of 10 on pretty much everything. The establishing of trust for every access request, no matter where it comes from, is the way of the future.

Something we have come up against a couple of times is that we have two clients that are software developers. They create software that doesn't have digital signatures and that's not easy to categorize or whitelist with ThreatLocker. We have to go in and make custom rules to allow them to do their work and be protected from malicious threats. We've gotten really good at it. 

ThreatLocker's support has been absolutely wonderful, you get somebody there very quickly. The danger is when one of my techs calls in with a question about some rules, and he reaches somebody on the other end that has about the same level of technical ability—and I know it says "cyber hero in training"—my concern would be that if the people on both ends of a call are inexperienced, they could inadvertently create a rule that opens up too much. So if I have a concern about that, I usually just get on the call myself.

There is one other big thing. If I want to install a piece of software, and I want everybody in the organization to be able to install that software subsequently, when I put a computer in Learning Mode that disables ThreatLocker. I then install the software and Learning Mode tells ThreatLocker everything that the software just did. 

Every now and then, ThreatLocker will block something, like a web browser update or a web browser plug-in update, and some of that is just not important so I don't worry about whitelisting it. It keeps trying to run, and ThreatLocker keeps causing it to not run, which is okay.

But when I turn on ThreatLocker Learning Mode to install some other piece of software, if there is something that has been trying to install for weeks and hasn't been able, and then attempts to install while ThreatLocker is in Learning Mode, it will allow it to happen.

To summarize, when you put ThreatLocker in Learning Mode, if there's something else that is trying to run at the same time as whatever it is that you're trying to install, it will be allowed to run.

I've been using ThreatLocker Allowlisting for two or three years.

It's completely stable, other than every now and then an agent will stop phoning home and somebody will have to intervene, but that's very rare.

Scaling is super easy. The great thing is that you can deploy policies to other computers. That means I can make a policy in the parent company, which is mine, and I can then deploy it to all computers.

We have 380 users of ThreatLocker from our company, but I just merged my company with another company so the total across all of our endpoints is about 1,300.

Their tech support is the best I have ever come across.

Positive

We never used a Zero Trust solution before ThreatLocker. We use a next-gen antivirus product called SentinelOne. We had deployed that on all PCs and servers. When ThreatLocker came up, it was so valuable and thorough, that we replaced SentinelOne with ThreatLocker across the board.

In the initial deployment, which I did completely, it was a little difficult to understand how the policies and the rules interact together, at first. But it's a complicated subject, so it took a while for us to grasp all of it. And it took even longer to grasp the finer points of it. But they have very good training and their support is absolutely unparalleled, just great. I've never waited longer than a minute for somebody to get online.

ThreatLocker is a cloud solution. We install it on the local machines but it reports back to the portal, which is in the cloud. As a deployment model, that's perfectly fine. It's very easy to roll out. We use a little piece of software called PDQ Deploy and we can push it out to all machines at once. We can also use our RMM solution, which is ConnectWise, to push it out. It's very easy.

Once I understood it a little, I brought on two techs and they sat with me while we did deployments. Periodically, if I have figured out a different way to do rules, we do in-house training where I show my guys what I'm doing and why I'm doing it, and we document it and write down the steps. Now, those guys know how to install ThreatLocker and deploy it.

It doesn't really require any maintenance. Every now and then we have an agent that's not phoning home, but not often.

I did it myself but had help from Colin Ellis who works for ThreatLocker. He helped us take everything out of Learning Mode and make sure that there was nothing malicious that we were missing that might be allowed to run. He is one of the smartest guys I have ever met.

We have very much seen a return on our investment. We have been around as a company for a long time, for fourteen years. And it was really only recently that we figured out what we were worth and what we should be charging. But it's very hard to go back to a customer that you've had for many years and say, "Hey,  you've been paying $45 a month for a long time and we're now charging $120 a month. 

However, if we can come in and say, "Look, this is the best tool on the market for keeping you safe, and we feel so strongly about it that we insist that you install it or we just can't work with you anymore." We were able to charge another $25 to $30 a month for that product. We had to explain exactly what it did and how it worked, but we were able to significantly increase our recurring revenue by adding that product because the pricing is reasonable and, when you present it correctly to the customer, it is so valuable that you can charge another $25 to $30 a month, per machine.

I saw the value in it before we deployed it, from the very first presentation I saw about it. I was intrigued enough that I went to the booth, once we were on break at the trade show, and started talking to people there. It was just obvious what its value was going to be. It really does allow me to sleep, in every sense of the word.

It felt as if we were in a losing battle, and then ThreatLocker came along and it
felt like we had a chance. As an industry, we're up against nation-states. All of us as little MSPs are up against people who have endless resources and money and who are either sponsored by their governments or organized crime.

The pricing works fine for me. It's very reasonably priced.

We do have other antivirus products running at the same time. We have Webroot and, in some cases, we have Windows Defender running at the same time. But ThreatLocker just catches everything so we don't have to worry about antivirus signatures being up to date.

We also evaluate other products all the time. Komodo was one as well as something from Trend Micro.

It was obvious, right from the get-go, that ThreatLocker was the most efficient and effective way to stop malware from running. The thing that makes ThreatLocker different and better than all other Zero Trust solutions that I've ever heard of—and I've never tried another one, but I've heard the horror stories —happens in the beginning by turning on Learning Mode and letting that run for three to four weeks. That means that when you turn ThreatLocker on by taking it out of Learning Mode, all of the things that have been running during that time are whitelisted and they're allowed to run.

In the olden days, when you turned on Zero Trust, it blocked everything. And then we had what we used to call the "scream test." We would wait for people to start screaming and then go wherever the screaming was, figure out what was being blocked, and unblock it. But that was horrible because even if you unblocked one file, that one file might be trying to call two or three other files to run and make that software work. And if you don't whitelist those too, you still get problems. So that's the upside of Learning Mode. ThreatLocker takes that initial pain completely out of the equation.

In terms of reducing help desk tickets, at first, it's something of a wash. When you first install ThreatLocker and make it active after a certain time in Learning Mode, the tickets are going to go up because people are going to have software, over the next 60 days or so, that they can't run because it didn't happen to run during the Learning Mode period. So for the first 45 to 60 days, we probably had a small increase in tickets because we had to whitelist things. But since then, it has been significantly better. Once we got all the rules sorted out so that people could do whatever work they need to do, and we still keep them protected, we had very little background noise. There is a ticket increase at first, which is normal and expected. There's no way that you're going to turn this on and have everything be perfect every time. But after that, the tickets go down significantly.

Every now and then, we'll get a call from someone who has gotten a phishing email, and they're suspicious of it. They'll call us and ask us to look at it. But the great thing is that if you get a malicious email and you try to run something, ThreatLocker is not going to let it do anything. It is not going to let anything infect your network.

If somebody takes a look at ThreatLocker and doesn't understand what it can do for them, I don't know if that person should be in the IT business. It sounds like I'm sitting here worshiping at the altar of ThreatLocker, but that's not entirely true. There might be other solutions out there that are similar. I know that there are other Zero Trust solutions, but there's no compelling reason for me to move anywhere else.

They just do a great job across the board. When I merged my company with another company, that company had been playing around with ThreatLocker but had never turned it on. They didn't understand how it worked. They tried turning it on internally and it blew up a bunch of stuff but that was because they didn't follow the instructions. 

When we merged the companies, I was very adamant about this: "Guys, you need to put this piece of software on every PC that you manage—every single one. I simply explained to the one guy who was complaining about it, because he was the one who had turned it on before he had figured out how to whitelist things first, that there was a way to get around the issue that you have. And once you get past that issue, it's really great.

One last point: There is a feature, Elevation Control, that we're only using for one of our clients, but it works so well. It's fabulous, just wonderful.

I have an advantage over many other people and that is that I live 20 minutes away from ThreatLocker's corporate office. I'm fortunate enough to know Danny Jenkins (CEO), his brother, and several other people who are high up in the company. I visited them at their old office, and I went over on opening day and visited their new office. 

I can walk in there and see how the people are working and I can also see the morale of the people who are working there. To everybody who walks in there, it looks like a fun environment to work in. It's a scary business to be in and yet I see people walking around smiling and saying to me, "Hey. How are you?" You don't see any evidence of people stressed out and working in a job that they didn't like. Probably the best thing that I can say about the leadership at ThreatLocker is that they put their people first.

Their training is very good. They treat their people very well and that makes those people want to help customers and MSPs. It's a very well-run business.

I would rate ThreatLocker at 11 out of 10.

We use ThreatLocker Allowlisting for application whitelisting, and zero trust. We utilize the elevation portion to allow access without us having to grant it on an individual basis. We also utilize the Ringfencing portion of the solution to block and protect things that normally we don't want to occur, or could occur on a normal basis.

We didn't have a solution for this specific security feature or package. So we added ThreatLocker Allowlisting 3 yrs ago when we realized that we need to step up our game with cybersecurity nowadays.

ThreatLocker does something different than our other tools, so we kept our antivirus and other protection. We changed tools over time, but not because of ThreatLocker; it sits on top of all of that and provides the security we're looking for.

With ThreatLocker Allowlisting, training is key. If we properly train our staff and go through product training, knowledge bases, and learning processes, it is relatively easy to approve or deny requests. Without this training, we would be lost, as the product is too powerful to guess at. I have a standing appointment with Cyber Heroes every Tuesday at ten am for an hour, where we go through any issues I see, seek help or advice, and approve or deny requests. This also allows us to take a look at our environment as a whole, and make any necessary fixes, modifications, or improvements for our clients. By doing this, we can get to know the product and ensure we use it properly, leading to successful results.

The visibility into software approval requests is straightforward due to the presence of an approval center. We can view all the necessary approvals for our clients in one place. Additionally, we receive an email that creates a ticket in our ticketing system, allowing us to track and follow up on it. This provides us with two locations to manage the process, making it easy to keep track of.

By default, Allowlisting is built-in with Ringfencing, so we would need to take action to turn it off. Ringfencing is enabled for all the major items we would want it for. We can make systems more secure by taking additional steps if desired. Out of the box, Ringfencing is enabled for all the potentially dangerous items that could cause problems if not monitored.

The combination of Allowlisting and Ringfencing helps us block unknown threats and attacks. For example, we allow this application to run, which is fine, but it may try to do something we don't want it to do. By Ringfencing it, we can stop the application from doing anything other than what we intend. We can also prevent other applications from being spawned by previously approved applications. By doing this, we create a container and compartmentalize the application to prevent it from doing anything outside of our intentions.

I believe that ThreatLocker Allowlisting has distinguished us from other MSPs and has allowed us to provide our clients with genuine security in a time when there is no reliable solution for security due to the constant presence of zero-day threats. This is the way we can anticipate a zero-day attack and have the means to prevent it if it does occur, which is what gives me peace of mind.

We have recently (Q 2 & 3 of 2024) are implementing across all of our environments Network Access Control (NAC).  NAC has dramatically improved our endpoint firewall control.  This reduced the access to endpoint to a Zero-trust level.   

We still have some work to do, as we need to approve everything. Once things calm down, Allowlisting will help reduce our organization's help desk tickets. We don't want small changes to be made that we don't plan for. Allowlisting is the best way to set our clients up. Allowlisting requires some effort upfront to get it working the way we want it, but once it's set, Allowlisting will do the work for us.

Allowlisting, once is settled does not add any additional labor or time on our help desk staff.

Since ThreatLocker combined four solutions into one, we saved a significant amount on implementation costs.

When all of these features are combined, we have a strong product. If any of these features were to be used as a standalone product, it would be largely ineffective. However, ThreatLocker Allowlisting has all of these features integrated into one console, making it effective. Without this combination, I would need to use four different products to achieve the same result. The combination of integrated features is the reason why ThreatLocker AllowListing is so powerful.

We are an MSP. One of the benefits of this product is that we can monitor our clients' activities beyond just removing the software. Even if they don't have military privileges, we can still keep track of what is happening in their environment, such as file access, application installation, or network access. We can see what they are doing, and we can allow the activities that they are supposed to be doing and prevent them from doing activities that could be harmful to them or us. This enables us to have a lower cost of management for our clients, which would otherwise require more effort.

We identified several areas that we would like to see improved. We submitted these as feature requests and ThreatLocker has acknowledged them. They are in the process of being implemented and many of them have been completed in the past year and a half, which we are delighted about. For example, I had been asking for the ability to copy a policy for a few months, and then it suddenly became available. This saves us a lot of time because if we set something up for one client, we don't have to do all the work again for another client; we can just copy it.

I have been using the solution for 3 yrs

ThreatLocker pushes the boundaries of technology while also integrating well with the core of the operating system. So far, we have not had any problems, so I would say it is quite stable.

ThreatLocker Allowlisting is highly scalable. We currently have thousands of endpoints on it and could easily have ten times more. There is no limit to ThreatLocker Allowlisting scalability.

The technical support is excellent. I appreciate when a solution has great tech support because I don't have time to spend trying to figure out an issue that needs to be fixed quickly. I don't want to have to talk to someone who doesn't know what they're doing when I reach out to them; they usually resolve the issue within minutes. We can contact them by phone, email, or text and submit a ticket, and they will provide an answer promptly. The technical support is truly remarkable.

Positive

The initial setup is straightforward. I was fully involved in the initial setup for my company and in getting ThreatLocker running. We then passed it on to our certified and knowledgeable techs, who can now do it. When we initially rolled out and deployed, we wanted to make sure we were monitoring ThreatLocker closely. 

ThreatLocker has lots of documentation and explanations on how to deploy it. I strongly recommend using their free concierge service with Cyber Hero to guide you step by step. This eliminates the need for you to figure it out on your own. Their professionals will help you deploy properly and successfully. This is one of the great benefits of this company and product, as they want us to be successful with their product.

The deployment was done primarily myself with a script and we deployed two thousand endpoints over a three to six-month period. 

Our deployment covers approximately fifty companies in multiple countries, with multiple sites across those companies. Some of the companies have more than two hundred endpoints.

The implementation was completed in-house.

There is certainly a return on investment due to the increased control we have over our clients' environments and the peace of mind it provides us and them. ThreatLocker is an additional layer of protection that surpasses our standard security measures.

The price is very reasonable, and we have been able to integrate ThreatLocker with all of our clients. We do not offer it as an option for only some of our clients; it is a standard feature for all of our clients. One of the reasons for this is that the pricing is quite reasonable considering all that ThreatLocker offers.

I attended several conferences and viewed numerous demonstrations, and I found ThreatLocker to be particularly impressive. I was very impressed with the features and product design, which showed that a great deal of thought had gone into it. I believe ThreatLocker is quite advanced in comparison to some of the other products on the market, which are more established but have yet to achieve what ThreatLocker can already do.

I give the solution a ten out of ten.

With any product of this type, we should always maintain ThreatLocker Allowlisting. The more we maintain it, the more successful it will be and the more secure our environment will be. Maintenance should become part of our normal routine to manage our environments.

Potential users should take the time to work with Cyber Heroes in deploying ThreatLocker AllowListing, learning how to use it, and managing it. They will be very pleased with the results. They should not attempt to do this alone; it is not something they should have to do on their own, given the services ThreatLocker provides.

We work with small businesses, and we are slowly rolling it out. We have implemented ThreatLocker for about 30 clients to protect those who are habitual clickers and those with compliance demands. 

ThreatLocker Zero Trust Endpoint Protection Platform provides no-sweat security that we can easily deploy. We do not worry about our habitual clickers because we receive an alert if they try to do something, and we know ThreatLocker has already taken care of it.

We are large for an MSP, but we are relatively new to security. We only have about three people. It helps us because we know that things are automatically going to be blocked. We do not have to worry about somebody at a company downloading Epic Games installers every fortnight or every Ccleaner app they can find. We know that will be taken care of. It just allows us to focus on other areas where we need to be. We are trying to get big clients. It allows us to focus on that and not worry about applications.

The automatic script generation and the number of install methods make it incredibly easy to put out. It automatically adds them to the portal. It is very easy to implement as long as you have tools in place that allow you to access those systems. For example, if you are implementing for the first time and do not have remote access to your system, it could be difficult. For us, it is incredible. We do not have to be hands-on. We just push it out.

ThreatLocker Zero Trust Endpoint Protection Platform has saved operational costs or expenses. Especially with clients who are heavy clickers, the work on remediation has been amazing. Once deployed to a client, we do not worry about them anymore. Manpower reduction has been significant. It is deployed to a small percentage of our clients, resulting in a 30% to 40% reduction in manpower for those clients.

Knowing that it automatically blocks unwanted applications allows us to focus on other areas. The other day somebody downloaded a fake Geek Squad, and I did not have to worry about it. I got the alert. 

ThreatLocker Zero Trust Endpoint Protection Platform has helped a little bit to reduce help desk tickets. It is for our heavy clickers group, but they are still a very small portion. Once we get it out to more and more clients, it will do even more.

ThreatLocker Zero Trust Endpoint Protection Platform allows us to focus on other areas. We are working towards compliance and other things, without worrying about their applications. It saves at least 10 to 15 hours a month, which does not seem like a lot, but we have a very small team. It adds up quickly. 

Currently, we are only using default-deny application control and ringfencing. We are considering implementing elevation control and storage control, but those are in the beta stages. Application control and ringfencing are what we use most, and we rely on them for many of our clients. 

That is challenging to answer because, in the areas we are working, we have been very happy. The improvements we need are more focused on user training than on ThreatLocker itself. They are constantly improving the platform. The Cyber Hero certification exam could use a bit of love, but overall, I have been very satisfied with the platform.

As a company, we have used it for almost four years. I am new to the team, so it has been about eight months for me.

I have not experienced any downtime with it, so I would rate it very high. We thought we had a ThreatLocker issue once, but it turned out to be a Comcast issue blocking ThreatLocker access.

The scalability is very high. It is very easy to scale.

Customer support has been very good. Whenever we have had issues with a couple of scripts, we contacted Cyber Heros support and said, "We need to figure out how to get this blocked without allowing that," and they have always been very quick to assist.

I would rate them a ten out of ten. I have never had an issue with contacting them or them not being able to help.

Positive

We did not use any other solutions for application security before this. It was the first one we implemented after discovering a need.

The setup was pretty seamless. We generate a script and deploy it through our infrastructure and managed service team. We verify that everything is in place, and during the onboarding process, within a few hours, the machines report that it is already implemented.

We implement it in-house.

It has saved time and provided safety. We are also able to work on compliance. We were able to get more business from someone because we could do this. It got us some more work.

I would rate ThreatLocker Zero Trust Endpoint Protection Platform a ten out of ten. It is the only solution we know that does what it does. Customer service is a significant factor. We had a client who was a habitual clicker, and after implementing ThreatLocker, I received a call saying, "I did something," but I could see it was already blocked. The difference in response between reacting to a malware alert and knowing ThreatLocker handled the issue is substantial. 

I am currently using it mainly for application control on our endpoints and servers.

Something that I actually really like is that it can block the file extensions for scripting files like Python. Our current tool can't do that. So if somebody had the permissions to actually write code, they could bring it in and just run it without any kind of block. I'm really enjoying that we now have more control over that.

The pre-built policies and the fact that I get notified when a user requests an application are significant. My current tool does not do that, so requests sometimes remain pending for days. 

Additionally, I really like that it can block file extensions for scripting files like Python and bash. My current tool cannot do that, so if someone has permission to write code, they can bring it in and run it without any block. I am really enjoying that particular feature.

It's easy for IT teams to use for reducing attack surfaces. It has a good UI and is easy to use. It's simply blocking items that aren't allowed, however, with the easy to use interface, it makes the process of control easier. 

We are in the process of removing other solutions. For example, we're going to eliminate ManageEngine's app control.

We expect the solution will save costs. For example, in the future, we expect that we won't have to have our IT staff waiting for 90 minutes to finish an installation of a new application or have our employees not be able to use their computer if they're waiting for that installation

It's very good at blocking unauthorized applications. We have a lot of users that don't care about security, and they will download anything that they see from any link that they're given. This helps stop that behavior.

We haven't rolled out production, although it likely will help us reduce help desk tickets. 

One of the things I would really like is the ability to create custom groups and assign machines to them. Right now, I can apply policies, kind of, however, it would be nice to have an 'all users' group and then multiple overlapping groups for application control. That would be a beneficial feature.

I used ThreatLocker for a month or two under the trial version, and I will start rolling it out to our production environment.

I do not see any issues with stability at all.

Scalability it will be fine. It seems to primarily operate on the endpoints rather than at a central location pushing out policies. This setup is advantageous as it will not take an extended amount of time to deploy things.

The customer service is excellent, ten out of ten. They have been very responsive, helpful, and knowledgeable.

Positive

I am going to eliminate Manage Engines App Control. I absolutely hate that product. It has a very unintuitive UI/UX, does not provide notifications, and takes ninety minutes to roll out any change.

The initial setup was straightforward. I encountered a minor issue where it accidentally blocked our DNS server, which is the primary financial server, while I was on vacation. Resolving it took two days. Aside from this small issue, it has been very good.

We are proceeding directly through ThreatLocker.

We will see a significant return on investment since it will reduce the downtime for users waiting for applications.

I considered alternatives. I looked at AppLocker and another solution besides the one I am currently using. AppLocker responded the fastest, and after trying it, I appreciated its UI and features.

Overall, I would rate this solution nine out of ten.

We use ThreatLocker Protect along with ringfencing and elevation. 

We include it as part of our managed service for our clients. Our clients are aware of the tool, but they are not buying it. We package it as a part of a service.

When we look at security on the endpoint, there are two parts to it. One is blocking known bad things and then setting an allowlist for the things that you want to run. Defining allowlisting reduces the attack surface just to the known good applications. It also reduces the number of false positives that we need to chase when it comes to things that hit our endpoint detection or response, which is more of our known bad or behavioral-based security endpoint. So, we pair the two together.

Allowlisting helps to keep the environment clean. More and more applications do not require admin rights to install. Even if you limit the ability for a user to install applications, they can still run some things on their own such as browser plugins. We know that browser plugins can be potentially very dangerous because they sit in a browser, and that is where most people do their work. They can become a problem. Allowlisting helps to put guardrails around what is allowed to run. By keeping the environment clean, the programs perform better. They are more secure, and there is less noise for us to chase when it comes to actual security events.

It is easy for administrators to approve or deny requests using allowlisting. They have two ways for administrators to approve or deny requests. They can do it in a managed way, where they do it for you using Cyber Hero. We do not do it that way. We are an old customer of ThreatLocker. We have been using it before they had Cyber Hero in place. Originally, we thought it was going to be problematic because allowlisting tends to be very hard to implement. Most of the other allowlisting systems, such as Microsoft's AppLocker, are very difficult to implement and maintain, but ThreatLocker does two things. When it comes to very common applications, they work with vendors. They are always looking at the new installations and making sure they are constantly up to date, so you do not have to always approve those things. But, of course, things happen, and sometimes they happen in the middle of the night when somebody is doing something and needs help. The nice thing about it is that it is fairly easy to approve. We can approve even with a mobile app. I have had the ThreatLocker mobile app since they introduced it a year or two years ago. If one of our clients in Australia or somewhere else is doing something, I can easily approve it without having to get up from my chair. I can approve it after doing a quick review of what they are installing. If I want to do a little bit deeper check, I can do that, but most of the time, there are just basic things, and we can approve them on the fly. The portal gives us a lot of granularity in terms of not only approvals but also how to approve them. We can choose to approve something for a person, the entire company, or all of our clients. We can choose to approve only the hash or a particular version of a particular executable or any application that is signed by a company. We can define how loose or tight we want to be when it comes to certain applications. They have recently also introduced time-based approval. We can give approval for only a period of time, and then the approval goes away. If somebody needs to run something, but we do not want it to be allowed to run for a long period of time, we can implement that.

In terms of access requests, we control what is allowed and what is not allowed. They have curated things on our behalf for Windows, Office, Chrome, Firefox, and a whole slew of other applications, but you do not have to add those. You can curate your own list. For example, we have an engineering company, and the applications that they use are not used by anybody else. They are very bespoke for their specific industry. We get new requests from them all the time. We check if it is something that looks nefarious. Is it on VirusTotal? Are there any other scans that show that it could be potentially malicious? If we are still not sure, ThreatLocker now has a sandboxing feature where we can watch the application execute in a secure environment and see if it is doing anything potentially bad and if it is touching files that it should not be touching. By doing that, we have some more comfort. We know that the program we are allowing is safe.

We were able to see some of its benefits immediately and some were over time. We were using an EDR tool before ThreatLocker about six years ago. It was very noisy. A lot of alerts came up on that EDR. We were chasing a lot of ghosts, trying to figure out whether it was malicious or not. A lot of it was not malicious, but we still had to do all that checking. When we put ThreatLocker in place, one of the things that we immediately noticed was that it was blocking everything by default and only allowing things that we approved. It reduced the ticket noise. We mostly had things that needed investigation and more likely were malicious and needed to be reviewed. That was an immediate change. Over time, we got other benefits. We got a better grasp of what is being run on our clients' desktops. In the rare cases where because of the nature of their work, we allow them to have admin rights, we can still control what applications are being installed. Could they bypass it? Potentially and theoretically, yes, but that would be very difficult and require some technical skill. We at least have some verification of what applications are run and what applications are allowed. So, its long-term benefit was much more control over the clients' environments and the short-term or immediate benefit was a reduction in ticket noise that we were having to deal with chasing a lot of false positive alerts.

Allowlisting helped us reduce our organization’s help desk tickets. We were able to reduce our security alerts by 75% to 85% after its implementation, and now, it is practically down to zero. We have very few alerts that we need to chase at this point. 

Allowlisting has technically helped us to free up help desk staff for other projects, but we have not quantified the savings. Because we are not having to do these other things, we are able to work on helping clients and get their work done better rather than just chasing security events.

Allowlisting has not helped us consolidate applications and tools because our usage is quite narrow. We are just using allowlisting, ringfencing, and a little bit of elevation. They have other products in their mix, but we already have other products that do some of those things. I do not see us necessarily replacing all of that with other parts of ThreatLocker, so there is no tool reduction. However, it fits nicely into our workflows. In other words, it integrates into our PSA. Tickets come in there, and from there, we can go directly to ThreatLocker and do approvals. We also have the pop-ups on the mobile device.

Allowlisting, in general, is valuable because it allows us to have a lot more granular control over what is executed on a desktop. We are also able to ringfence known vectors of attack through Office applications, email, browsers, etc. By doing that, we can also limit the exposure of those applications for the company. This encapsulates how we are trying to protect the clients. We can tell them the applications that they need to run and what they are allowed to do, and that is it. 

It would be beneficial to have a tighter integration into PSA systems so that approvals can be done directly without having to leave the PSA. 

Additionally, having their Cyber Hero support available during non-working hours could improve service for clients. They have a managed version of allowlisting with Cyber Hero so that their Cyber Heroes can approve things. It would be nice if I could implement that during the hours we are not working so that clients who work during our night would have a better experience and do not have to wait till morning to get their applications approved.

I started Triada Networks in 2008, which makes it 16 years. However, we started using ThreatLocker about six years ago.

We have had very few stability issues. Occasionally, the portal has become unresponsive, but the product itself continues to function without interruption. I do not remember the last time that happened. It was maybe about two years ago. They have fairly solidly developed this product.

We have not encountered any scalability issues. I know colleagues with thousands of endpoints on ThreatLocker with no reported problems. I do not anticipate having scalability problems at all.

To contact ThreatLocker, we go through their chat service. They have a live chat where they typically get somebody on in a minute or two. They always have somebody who is available and starts to work with us on any issues. We had to contact them more frequently when we were learning ThreatLocker Protect and ran into weird issues, but we do not contact them too often now just because we are managing it ourselves. Once in a while, we do get their support. They are very fast and helpful regardless of what time it is.

Their support is a ten out of ten. They are one of the best support teams that we run into product-wise. I do not give that rating lightly. Most of our vendors are in the six or seven range. ThreatLocker does an exceptional job when it comes to support.

Positive

The management console is in the cloud, and the endpoint agent is on the device.

Its deployment was very easy. They provided installation scripts for Windows. We were easily able to put it into our RMM tool and deploy it to the devices of our clients. In fact, we do that today when we onboard a new client. As soon as our RMM agent is installed, one of the first things that gets installed in that stack is ThreatLocker, so we have it automated so that as soon as a client is onboarded or we install a new PC, ThreatLocker gets installed.

We deployed it client by client. We were onboarded very early. We would do one client a month and ramp that up until we got to month three, and then we deployed everything else. That was the process. In about three months, we were comfortable enough with the platform that we were able to manage it going forward on our own. After 90 days, we went to town and deployed the rest of our fleet. It was en masse at that point.

The implementation was done in-house with support from ThreatLocker during onboarding. We had a couple of weekly or biweekly sessions to learn troubleshooting and approvals.

Of course, things have changed since then, so you learn those along the way. One good thing they do is that once a quarter, they do a check-in with their technical account manager. We go over any issues or things that we would like to bring up. They do a nice job of taking that information back to their development team or their product teams to make adjustments in the solution over time.

Its price is fair. They have added some additional things to it beyond allowlisting. They are up-charging for them, but in terms of the value we get and the way it impacts us, we get a bang for our buck with ThreatLocker than a lot of our other security tools. We have a few tools that would fit into that category, but then there are some that are more expensive than they need to be. ThreatLocker is definitely not one of them. 

It is one of the reasons why we have eliminated other tools, but ThreatLocker has not necessarily replaced them. It was because ThreatLocker and some of our other things were doing so much that we did not necessarily need them. We were able to remove that redundancy. So, its price is fair. Hopefully, they do not take this to raise their prices.

We looked at Microsoft AppLocker but found it difficult to manage and maintain. We also considered Airlock Digital and other security tools but found that they lacked the ability to manage at scale. That is what ThreatLocker does very well. We are a small team. We are managing 400 or so computers with a small staff, and we are still able to do that because the tools do a lot of the heavy lifting for us. If we had to do that with AppLocker, AirLock Digital, or any other security tools, it would have been a lot more time-consuming. We probably would have needed more staff to do that.

When we went with ThreatLocker, there were not a lot of allowlisting companies out there. Some of them were more enterprise and mid-market. The concept of ringfencing was not the one that the others were even talking about. 

When we are at a conference or business meeting, a lot of times we do a hacker demo. Usually, the demo involves a Word document that downloads something malicious or runs something malicious that gives you backdoor access. Ringfencing is designed to prevent that from happening. When you have a Word document, Word does not need to execute other programs. Chrome does not need to execute other programs. Excel does not need to execute other programs. Excel does not need to beacon out and connect to the Internet. Locking these little avenues greatly diminishes your chances of getting compromised. Nothing is 100%, but controlling what each application can do can make everything work better.

I would rate ThreatLocker Protect a ten out of ten. It is a great product. At times, it might block something, and we are not aware that it is being blocked and are trying to troubleshoot something. It is one of those things that we always have to remember. We bring up ThreatLocker and see if something is going on. In the past, we had to go to the portal, and there was a delay by the time that the agent would report to the portal for that information, but now, we have the ability to, at least on the device, see in real-time what is happening so that we can troubleshoot it and more. We just need to check this, but it is solid. It would probably be one of the last tools that we would remove if we ever remove anything.

We use this solution for Zero Trust application installations, as well as ringfencing those applications and elevating administrative rights.

ThreatLocker Zero Trust Endpoint Protection Platform cuts down on ticket times for a couple of my employees. They are able to get tickets done faster. Elevation helps with that, and throwing a computer in learning mode is super easy for them, so it just works in their workflow.

They are able to get the work that they need to do faster because they are not being bogged down with needless tickets.

It has helped free up our IT team’s time for other projects or tasks. On average, it has saved about two hours a week of work time.

ThreatLocker Zero Trust Endpoint Protection Platform is not difficult. It is easy for IT teams to use. They just need to install an agent.

ThreatLocker Zero Trust Endpoint Protection Platform has not consolidated any of our tools. It has just added to our stack and helps us sleep at night.

ThreatLocker Zero Trust Endpoint Protection Platform has not saved us costs because purchasing the agents costs money, but it helps in generating revenue because it is another thing that we can add to contracts to help our clients be more secure. I do not do the finances for the company, but I know it produces revenue because we are keeping the product.

ThreatLocker Zero Trust Endpoint Protection Platform is great for blocking access to unauthorized applications. We test it for when we need it. We have never come across any issues. Cyber Heroes are great. They resolve many issues that we find in a matter of minutes.

I really enjoy ringfencing and elevation features. It makes my life easier because I do not have to get on a computer to elevate a prompt to allow users to run something they run every day as an admin. 

They have a good foothold in the game right now. They are doing everything right, and as long as they keep improvising and adapting, they will continue to overcome. I cannot suggest anything that they are not already doing. They should keep adding features as they have been.

We have used the solution for a little bit over a year.

It is excellent. They are constantly pushing out updates. They are always putting out webinars and keeping everyone informed. They are great.

Scalability is easy. Their policies, the grouping of the policies, and the way the hierarchy works for all of their policies are excellent.

The customer service is a ten out of ten. It cannot get better.

Positive

We did not use any previous solutions.

We have a hybrid environment. We are an MSP, and we have 40 different clients. We adopt the environment they come with. We use Microsoft Azure Cloud.

The setup was easy. It was just deploying the agent and letting it learn for 21 days. It then just goes, and you do not hear much from it after that. It is super simple. The only time you hear from it after that is when there is a new application or it is not a built-in.

We have a technical representative from ThreatLocker who assists us.

It is the fact that I am sleeping at night. I know that my systems are secure. They are not going anywhere. Nothing is happening to them. Any policy I put in place is a policy that stays in place, and it knows it is going to protect my system.

It is a great platform all around. It has great support. People developing it know what they are doing. They see a future. They see a path, and they are going down it. I like it. I like what I see. 

Overall, I would rate ThreatLocker Zero Trust Endpoint Protection Platform a ten out of ten.