How ThreatLocker Is Becoming An ‘Ecosystem’ Of Security Tools For MSPs
As many MSPs struggle with ‘vendor sprawl,’ one tells CRN it’s a welcome sign that ThreatLocker continues to expand its portfolio of MSP-focused endpoint security tools.
At Enterprise Data Concepts , an MSP in Louisiana, using tools from MSP-focused endpoint security vendor ThreatLocker over the past two and a half years has helped significantly when it comes to locking down customer devices against malware attacks, according to EDC CISO Roddy Bergeron.
And with the major expansion of ThreatLocker’s portfolio of offerings, the vendor is becoming even more valuable to EDC by providing an opportunity to reduce the rampant “vendor sprawl” that MSPs are dealing with today, Bergeron said.
[Related: ThreatLocker CEO: More Access Controls Are Needed To Improve Overall Security]
“Now they’re encompassing a whole ecosystem of tools,” said Bergeron, whose company has offices in New Orleans and Lafayette, La. “Vendor sprawl is one of the things we struggled with. You don’t want to put all your eggs in one basket with a vendor—but if you could have just a handful of vendors that you can work with, that [largely] complement one another, that’s the sweet spot.”
On Monday, ThreatLocker co-founder and CEO Danny Jenkins showcased for an audience of MSPs at XChange March 2023 how the company has expanded well beyond its flagship “application allowlisting” functionality—which ensures malware cannot run by automatically blocking unsanctioned software—to also offer capabilities in a number of related areas.
For instance, ThreatLocker’s “ringfencing” functionality places limitations on what types of actions an allowed application is able to take. This is a necessary extension of allowlisting because “we can’t block good software,” Jenkins said during XChange, which is hosted by CRN parent The Channel Company and being held this week in Orlando, Fla.
“We can’t necessarily just block PowerShell from running on your computer or block Office from running,” he said. “We need to control what the software can do.”
Ultimately, ringfencing allows organizations to limit the damage an attacker can do when software is compromised, Jenkins said, noting that “most” software will eventually be compromised at some point.
Other capabilities now offered by ThreatLocker include network access control for enhanced control over inbound and outbound network traffic; storage control for protecting against unauthorized access or theft of data; and elevation control so that only certain apps can run as an administrator.
At the end of March, ThreatLocker will also be making available the full integration of technology from its acquisition of the Third Wall automated security plug-in, as well as its recently unveiled threat detection tool, Ops.
The Ops tool audits endpoint data on a daily basis such as network traffic, executions and registry changes, as well as file deletions, moves and copies, Jenkins said. This is powerful because it means ThreatLocker “can take all that data and alert you of potential bad activity happening,” he said.