ThreatLocker Chief Product Officer: ‘Turn Off VPNs’

On any given day, ‘there’s probably a vulnerability out there in some firewall or VPN. Turn them off,’ says ThreatLocker Chief Product Officer Rob Allen.

The surge in cyberattacks exploiting vulnerabilities in VPN devices should prompt MSPs to reconsider continuing to use the technology, according to Rob Allen, chief product officer of cybersecurity vendor ThreatLocker.

While speaking to an audience of MSP executives Monday, Allen offered a checklist of recommended security actions that many service providers should explore—including one that he acknowledged would be “controversial.”

That recommendation is to “turn off VPNs,” he said.

“I’m sure we all know that there have been a number of high-profile attacks recently that have involved VPNs being leveraged,” Allen said during a session at XChange August 2025, an event hosted by CRN parent The Channel Company being held this week in Denver.

“And no point in picking on any particular firewall or VPN vendor because it’s pretty much happening to all of them,” Allen said.

On any given day, “there’s probably a vulnerability out there in some firewall or VPN,” he said. “Turn them off.”

Less controversial—but not necessarily universally practiced—is a recommendation to ensure that devices such as servers and printers are updated with the latest patches, Allen said.

Allen recounted hearing of an organization that never patched its servers because, “‘If it ain’t broke, don’t fix it.’”

Somehow, he said, the organization did not realize that “they are broke. That’s why there are patches."

Printers, meanwhile, are more regularly overlooked for patches, according to Allen.

During past conversations with penetration testers, Allen said he learned that “their favorite thing to see in the network is a printer,” which can often sit for five to 10 years on a network without receiving an update.

“So if the penetration tester likes to see it, you can be guaranteed that [the hacker] does, too,” he said.

Allen made the comments in the context of discussing ThreatLocker’s expansion into patch management, announced in February. Other launches this year for ThreatLocker—whose core product offers a zero-trust “allowlisting” approach to endpoint security—have included new capabilities in areas such as web filtering and cloud control.

Other key areas for ThreatLocker include application ringfencing, network control, storage control, endpoint detection and response, elevation control, and managed detection and response.

ThreatLocker has excelled at offering endpoint security that is relevant to many MSPs and their customers and is making some major moves to broaden its platform, according to Tanaz Choudhury, president of TanChes Global Management, a Houston-based MSP and ThreatLocker partner.

“They’re very good at what they do with zero trust and endpoint security,” Choudhury said, noting that TanChes Global Management uses ThreatLocker’s endpoint product internally as well as for key clients.

“We use it very actively. We’ve got a lot of confidence in the product,” she said.

At the same time, Choudhury said she has a request for ThreatLocker amid the company’s ongoing expansion: “Don’t lose the essence of who you are.”

Ultimately, “I just want to ensure that as they continue diversification on the product, they don’t lose the essence of what it started off with,” she said.