What advice do you have for others considering ThreatLocker Allowlisting?

I would rate ThreatLocker nine out of ten. The agent can be set to update automatically, which is the default setting. ThreatLocker handles the maintenance of the agents. Once in secure mode, the primary maintenance task is approving new application requests from users.

I would rate ThreatLocker Protect a ten out of ten. It is a great product. At times, it might block something, and we are not aware that it is being blocked and are trying to troubleshoot something. It is one of those things that we always have to remember. We bring up ThreatLocker and see if something is going on. In the past, we had to go to the portal, and there was a delay by the time that the agent would report to the portal for that information, but now, we have the ability to, at least on the device, see in real-time what is happening so that we can troubleshoot it and more. We just need to check this, but it is solid. It would probably be one of the last tools that we would remove if we ever remove anything.

We're solution partners. I'd rate the solution seven out of ten. I'd advise new users to just make sure they have good policies in place. Otherwise, they'll find themselves babysitting the product all day long. We've seen a lot of malicious actors trying to get in and execute stuff and with ThreatLocker, we're able to catch them. We're able to see if it's an admin executing a program or not. If we don't know who's doing what, we're able to block it.

I would rate ThreatLocker Protect ten out of ten. ThreatLocker Protect is not a significant CPU consumer. We've had it for over three years, and while there have been a few minor conflicts with other programs, they were easily resolved. This is to be expected with any software. I have a biweekly call with an analyst from ThreatLocker, and they treat our organization, which has only 60 computers, the same way they treat businesses with 4,000 computers. ThreatLocker Protect is incredibly easy to install. I highly recommend engaging their system engineer for assistance. Don't hesitate to reach out with any questions, no matter how simple they may seem. The ThreatLocker support team is known for its patience and willingness to help. They're happy to answer anything you ask, regardless of your initial perception of the question's importance. So, feel free to be open and honest with them; they'll treat you with the utmost respect.

I would rate ThreatLocker Protect a seven out of ten. The learning curve is quite steep, especially for those without extensive IT experience. I found it challenging to master and had to rely on my team for guidance on several occasions. Even my manager isn't completely comfortable with it yet. However, once we overcome the initial hurdle, it truly shines. ThreatLocker requires minimal maintenance, except for one recent instance where we reviewed its configuration. While it's designed to automatically update on user machines, I noticed some devices hadn't yet received the latest version. I manually initiated the update for these devices. The cause of the delay is unclear, though the devices are online, so it might be a network issue. Ensure all future ThreatLocker users are thoroughly briefed on its functionality. We've encountered surprises among some users regarding the approval requirement for new activities. To avoid such issues, we recommend comprehensive pre-deployment communication, outlining ThreatLocker's purpose, features, and approval process.

I rate ThreatLocker eight out of 10. Before implementing ThreatLocker, you should consult one of the company's support engineers. Don't try to do it by yourself because there's a lot of information there. They've got some excellent documentation, but I personally like to be shown how to do it.

I would rate ThreatLocker Protect nine out of ten. There are many security products available today that companies like mine utilize, and some of these products could be replaced with ThreatLocker. However, ThreatLocker is one of those tools that I consider indispensable to our security stack. We have such a strong conviction about this because we understand its capabilities and have seen its effectiveness firsthand. While a significant portion of our work is proactive security, we have also been called upon by companies who have experienced ransomware attacks. In these situations, we have been able to assist them in their recovery efforts. If these companies had ThreatLocker in place, they would not have been vulnerable to these attacks. This reinforces our unwavering belief in the value of ThreatLocker. We implemented ThreatLocker from the outset within our environments. Therefore, it's difficult for me to compare it to previous solutions as it has become an integral part of our security framework. When I interact with colleagues who don't use ThreatLocker, I hear a lot of complaints, particularly regarding ticketing and the time wasted on text-based communications. I would say that the vast majority of these issues could be avoided if they had ThreatLocker in place. The company as a whole has experienced and addressed all the concerns that have been raised. Firstly, they are continuously developing and enhancing their product offerings, which include not only the product itself but also the accompanying knowledge base and support structure. Most recently, we have been beta testing their latest portal upgrade, which is remarkably impressive. Ultimately, if I were forced to reduce my security stack to just one or two tools, ThreatLocker would undoubtedly be among them. Occasionally, a less popular application pushed by a publisher may be flagged by ThreatLocker. In such instances, customers may inquire about the issue. However, once the reasoning behind the flag and the importance of our application vetting process to safeguard their environment are explained, the concerns typically subside. ThreatLocker's user interface has undergone a significant transformation since its inception. The new beta portal, which we now have access to, is a vast improvement over the original portal. It is both aesthetically pleasing and functional, fulfilling all of its intended purposes. In terms of UI customization, I see little room for improvement. One area where I always seek enhancements is integration with third-party products, particularly PSA platforms. We utilize ConnectWise Manage, now known as ConnectWise PSA, and it seamlessly integrates with ThreatLocker. During a recent client audit, I compared the actual numbers to the PSA's reports, and everything matched up perfectly. When I consider ThreatLocker as a whole, I am impressed with not only the product itself but also the company's culture and commitment to innovation. They continuously invest in thought leadership initiatives, such as webinars, training programs, the ThreatLocker University, and their annual conference. These efforts demonstrate their dedication to providing their customers with the best possible experience. I have no specific wishlist items for ThreatLocker. I am genuinely satisfied with their product and overall approach. We began realizing immediate value from ThreatLocker, as it provided us with the ability to view blocked applications, scripts, or files within the environment through its unified audit feature. This allowed us to quickly identify and eliminate unwanted software from our environment. Additionally, we could revisit applications that had been vetted or cataloged and decide to block them if they were no longer deemed necessary. Overall, the time to value for ThreatLocker was within the first 30 to 45 days. ThreatLocker is used by all of our clients and on all of our endpoints. We currently have over 250 endpoints protected by ThreatLocker. From a maintenance standpoint, ThreatLocker is relatively straightforward. While application signatures inevitably change, the most frustrating aspect is the lack of consistent code signing by software publishers. Despite the current cybersecurity emphasis and efforts to minimize risk, it's baffling that reputable software developers often fail to sign their code. This necessitates an additional vetting process to verify the code's authenticity and ensure it hasn't been tampered with. One of ThreatLocker's strengths is its audit service. Upon request, their system engineers conduct a thorough audit of our client's environment via a Webex or Zoom session. They examine what's being blocked, what's not, our configurations, best practices adherence, and potential changes. This proactive approach ensures we're on the right track and adhering to best practices. First and foremost, it is crucial to thoroughly understand the clients' environments and develop a tailored strategy for each one before implementing ThreatLocker. A one-size-fits-all approach is ineffective as every client environment has its unique set of applications and requirements. Thorough education is key. When rolling out ThreatLocker, we spend a considerable amount of time educating our customers about its purpose, functionality, and potential impact. We address their concerns and explain the rationale behind the restrictions. This education process should be ongoing for end customers. In the technology industry, there is a tendency to focus on the latest bells and whistles, neglecting the importance of educating end users about the benefits and implications of new technologies. This oversight can hinder the successful implementation of security solutions like ThreatLocker. It is essential to dedicate sufficient time to educating end users to ensure a smooth and effective rollout. Know the environment. Before implementing ThreatLocker, thoroughly document and understand the client's environment. Initially, run ThreatLocker in learning mode to capture all applications used in the environment. Fine-tune the policy. Before switching to secure mode, collaborate with a Cyber Hero or solutions engineer to identify and address potential application conflicts or redundant applications. Leverage ThreatLocker University. Encourage the team to participate in ThreatLocker University training to gain in-depth product knowledge. Test in the environment first. Before deploying ThreatLocker to clients, thoroughly test it in your own environment to gain familiarity and expertise. ThreatLocker is not suitable for every organization. It is not intended for those who lack a serious commitment to security or are unwilling to invest the time and effort required to properly vet and configure the product for their specific environment. ThreatLocker is most effective for organizations that are willing to take advantage of its comprehensive features and dedicated support to tailor the solution to their unique needs. Remember, the success of ThreatLocker implementation depends on thorough planning, education, and a commitment to security.

We're a partner. We have witnessed an immediate time to value using this solution. I'd rate the solution ten out of ten. I'd advise others to pull the trigger and get it. They'll love it. The solution provides a level of security that is unmatched.

We have noted time to value. It's easier than ever to approve very quickly rather than having to talk with clients to see what they are trying to install. The virtual deployment allows you to see what's going on super quick. The onboarding was pretty extensive. It took us a solid six to eight months before seeing time to value. I'd rate the solution eight out of ten. I'd advise others that if they use the product they have lots of peace of mind and sleep better knowing your clients are better protected.

I would rate ThreatLocker Allowlisting ten out of ten. The alert board for maintenance requires monitoring. Potential users should expect to dedicate resources to ThreatLocker Allowlisting. It is not a set-and-forget solution. There is a learning curve, but Cyber Hero support is available to help users through it. Unlike some other products that onboard users and then leave them to the ticketing system, ThreatLocker provides continued support. It is important to note that ThreatLocker Allowlisting cannot be simply turned on and left alone. It requires in-house resources to properly manage at scale.

Before you buy, you need to educate your employees and let them know this is adding a safety step to the process of installing software. You also need to be prepared because if the admin isn't around, then you're going to slow down. The person is not going to be able to install the software. That is something you do need to be aware of. It's extremely easy for an admin to approve or deny requests using Allowlisting. The only caveat to that is that because of the way that ThreatLocker is set up and how minutely you can dive down into a software install, there could be issues with some pieces of software. For example, I approve of you installing Adobe Reader. If you run that install from your desktop, and I approve it, there's a certain way to say I want it to approve this exact installation. What that means is that I approve it for that one person. If someone else tries to run that exact same install package, but it, for example, is not from the desktop and is from a shared drive or from a USB, because of that one tiny change, it will technically get blocked. To some people, it's a little confusing. If you understand how the system works, it's easy. You can use a wildcard to say this install package can be installed from any location. So, when you learn those little tips and tricks, it gets a whole lot easier, but in the very beginning, if you're fresh getting into this, or it was thrown in your lap and you were told that you're the administrator for ThreatLocker, it can be a little confusing. The great thing is that ThreatLocker has something called the install mode. Basically, you're putting a computer in a mode for a temporary amount of time, which the admin can control. When a computer is put into the install mode, ThreatLocker won't block anything. You can go ahead and run any executable. It'll allow the installation, and it'll apply it to that application or policy name that you wanna apply it to. If you're doing it for Adobe, you could add it to the Adobe Reader policy. So, it's very easy. Even if you had any issues, their support is phenomenal. Overall, I'd rate ThreatLocker Allowlisting a 9 out of 10.

I rate ThreatLocker AllowListing 11.5 out of 10. It's one of the best products on the market, and every MSP needs it because of the zero-trust rules imposed by the executive order. The product does what it says, and the support is fantastic. The training is excellent. They take care of you. You'll know what's happening, and your client will sleep better at night. In this industry, companies often promise they will help you when you run into trouble. However, they aren't there more often than not. For example, Microsoft tested its software in the beginning and put out a beta version. When they release a new operating system, everyone knows is the beta version, and we're all beta testers. We have to be the ones to tell Microsoft about our issues through the built-in error reporting, and we don't want to report it to Microsoft because we know they won't do anything with it. We know that they no longer take it seriously. They let us do their work as testers for their beta product. It's refreshing to deal with a product like ThreatLocker where I get support in eight seconds. As soon as I open the chat, they're there typing away. When I start a chat with AT&T, Spectrum, or any of those, I get a message saying, "Support will be with you momentarily." You see the three little dots don't move, and you need to wait five to twenty minutes to get support. ThreatLocker puts out a great product backed up with excellent support and training. What else do you need?