Threatlocker

Tasmania Green · Friday at 9:00 PM

I just watched a video where a guy talked about the advantages of running Threatlocker. I've never heard anything about the program other than its name. What do you guys think about Threatlocker? In a sense the question is moot from an individual point of view as, from what I can tell, they don't sell subscriptions to single users. But I'm still curious how it's viewed by computer users.

antspants · Friday at 10:14 PM

I’d never heard of it. But being an enterprise solution, that isn’t surprising. You’d probably need to hear from a system administrator like andrew129260 or Mr. pseymour or a few others here.

neemobeer · Friday at 10:28 PM

I've also never heard of them and have managed many equivalent products in the enterprise EDR space (Cylance, Sophos, Sentinel One, Crowdstrike to name a few)

hsehestedt · Friday at 10:46 PM

Why not just go to their web site for more info? Also, the search term "threatlocker review" will yield more info.

Enterprise Cybersecurity Solutions | ThreatLocker

We are an endpoint protection platform that offers top enterprise security software and solutions. Keep your business safe with zero trust endpoint security!

www.threatlocker.com

and

https://www.g2.com/products/threatlocker-inc-threatlocker/reviews

Tasmania Green · Friday at 10:59 PM

hsehestedt said:
Why not just go to their web site for more info? Also, the search term "threatlocker review" will yield more info.

Enterprise Cybersecurity Solutions | ThreatLocker

We are an endpoint protection platform that offers top enterprise security software and solutions. Keep your business safe with zero trust endpoint security!

www.threatlocker.com

and

https://www.g2.com/products/threatlocker-inc-threatlocker/reviews

Going to their website was the first thing I did after watching the video. And I did peak at reviews a bit. But given the technical knowledge and experience of the members of this group, I thought I'd ask their opinion in addition to doing my own research. After all, the members have more experience with computers than I do.

andrew129260 · Saturday at 12:10 AM

neemobeer said:
I've also never heard of them and have managed many equivalent products in the enterprise EDR space (Cylance, Sophos, Sentinel One, Crowdstrike to name a few)

Same, never heard of them at all. Windows defender endpoint, crowdstrike and sential one are the only ones I have dealt with.

But I am just a low totem pole guy, not high enough to make the decisions on what product we use.

Tasmania Green · Saturday at 12:23 AM

andrew129260 said:
Same, never heard of them at all. Windows defender endpoint, crowdstrike and sential one are the only ones I have dealt with.

But I am just a low totem pole guy, not high enough to make the decisions on what product we use.

That's okay. I was just curious. There's so much to learn out there. lol.

andrew129260 · Saturday at 12:25 AM

Tasmania Green said:
That's okay. I was just curious. There's so much to learn out there. lol.

There really is. See my tagline

The best advice I can give is many of these products offer free trials. It can't hurt to reach out and try some in a VM and play around with them, or find youtube tutorials about them.

One of the things you can deploy yourself and test is wazuh.

Its completely free and is perfect to tinker around:

Wazuh - Open Source XDR. Open Source SIEM.

Wazuh is a free and open source security platform that unifies XDR and SIEM protection for endpoints and cloud workloads.

wazuh.com

For example, I have it deployed in a VM and then running the agent on my tiny dell OptiPlex server to monitor it. It is a really cool tool.

PDQ is another awesome tool for deployment of software - (pushing out apps and scripts is addicting) and inventory.

Automate Windows device management with PDQ Deploy & Inventory | PDQ

Automate Windows device management with PDQ Deploy & Inventory. Learn how to save time on updates, scripts & maintenance tasks and more for your IT team.

www.pdq.com

Tasmania Green · Saturday at 12:45 AM

andrew129260 said:
There really is. See my tagline The best advice I can give is many of these products offer free trials. It can't hurt to reach out and try some in a VM and play around with them, or find youtube tutorials about them.

One of the things you can deploy yourself and test is wazuh.

Its completely free and is perfect to tinker around:

Wazuh - Open Source XDR. Open Source SIEM.

Wazuh is a free and open source security platform that unifies XDR and SIEM protection for endpoints and cloud workloads.

wazuh.com

For example, I have it deployed in a VM and then running the agent on my tiny dell OptiPlex server to monitor it. It is a really cool tool.

PDQ is another awesome tool for deployment of software - (pushing out apps and scripts is addicting) and inventory.

Automate Windows device management with PDQ Deploy & Inventory | PDQ

Automate Windows device management with PDQ Deploy & Inventory. Learn how to save time on updates, scripts & maintenance tasks and more for your IT team.

www.pdq.com

Brilliant. Thanks Andrew!

hsehestedt · Saturday at 2:43 AM

Tasmania Green said:
Going to their website was the first thing I did after watching the video. And I did peak at reviews a bit. But given the technical knowledge and experience of the members of this group, I thought I'd ask their opinion in addition to doing my own research. After all, the members have more experience with computers than I do.

My apologies. There was no mention of that fact so I was unaware that you had already done so. It certainly does sound interesting. It also sounds expensive

Tasmania Green · Saturday at 4:19 AM

hsehestedt said:
My apologies. There was no mention of that fact so I was unaware that you had already done so. It certainly does sound interesting. It also sounds expensive

Oh gosh. No worries. Yes, it does sound very expensive.

Tasmania Green · Saturday at 4:20 AM

Tasmania Green said:
Oh gosh. No worries. Yes, more than I can afford. Lol.

pseymour · Saturday at 11:24 AM

I haven't used ThreatLocker, only heard it mentioned in podcast ads, but I have used tools of its ilk.

These types of products do work well if you take the time to set them up (like anything else), but they can be a lot of management (like anything else). Do you use them to restrict all your users to no admin rights, and lock down which processes are even allowed to run? Well, you're certainly more secure that way, but that's a lot to manage, and it makes users mad. Do you go to the other end of the spectrum and only lock down things you know to be a problem? Well, you're constantly being reactive and not proactive. Better hope you can stay up-to-date on current threats. And if you barely use the product in that way, then why'd you spend all that money on it? That makes C-suite people mad.

In the end, it's like getting on and off the toilet. It's all about maintaining balance to avoid ending up deep in .... trouble.

But yes, these types of tools can lock down admin rights, automatically elevate certain things by file hash or certificate of the signer, etc. They can also do neato things like, "ok, we're fine with Microsoft Word running, and we're even fine with PowerShell running, but there's no reason for them to communicate with each other, so block that." That's a decent way to keep malicious PowerShell, for example, from attacking your browser, your productivity suite, etc. But again, someone has to manage all that. And if you're a decent sized company, lots of people have to manage all that.

TairikuOkami · Saturday at 11:55 AM

Tasmania Green said:
from what I can tell, they don't sell subscriptions to single users

It is endpoint security, basically admin is AV, if a single PC detects a threat, it alerts him and he can deal with it.
Those products should not concern normal users, they are designed to be used by a network, not individuals.

Threatlocker

Well-known member

My Computer

Like a rolling drone.

My Computers

Well-known member

My Computer

Well-known member

My Computers

Well-known member

My Computer

Well-known member

My Computers

Well-known member

My Computer

Well-known member

My Computers

Well-known member

My Computer

Well-known member

My Computers

Well-known member

My Computer

Well-known member

My Computer

Windows developer and admіn

My Computers

Microsoft 365 Basic

My Computer

Similar threads