ThreatLocker Is Locking Out Ransomware, Providing ‘Peace Of Mind’ For MSPs
‘ThreatLocker is peace of mind for me and my customers,’ says Net-Tech Consulting Professional Services Director Zachary Kinder. ‘As far as the Kaseya threat was concerned, I had no worry at all. I feel very insulated from threats like Kaseya. ... ThreatLocker is our last bastion of defense.’
Zachary Kinder, professional services director at Net-Tech Consulting, knew he had found a hot new product to block rapidly increasing ransomware threats when he got his first glimpse of ThreatLocker’s application whitelisting solution last year.
Net-Tech, a seven-employee El Paso, Texas-based MSP, had experience dealing with three ransomware breaches over the last seven years. But now, Kinder knew he had a way to turn the tide on the ransomware cybercriminals.
“It was a mind-melting moment,” said Kinder when he discovered that ThreatLocker was using the tried-and-true application whitelisting security technology to block everything that has not been approved by an MSP to run. “ThreatLocker doesn’t detect anything. It blocks everything. If it is not on the whitelist, it is not going to run.”
Net-Tech Consulting, which was running a cloud version of the Kaseya VSA that was breached in the largest ransomware attack in history in July, sidestepped that threat and others as a result of implementing ThreatLocker, said Kinder.
“We were on Kaseya, but we were on a cloud instance, so we didn’t get attacked,” said Kinder. “But even if we were I wouldn’t have been worried because we have ThreatLocker. ThreatLocker is peace of mind for me and my customers. As far as the Kaseya threat was concerned, I had no worry at all.”
Net-Tech was forced to use other tools to deliver remote support to customers instead of VSA in wake of the Kaseya ransomware attack, but the MSP did not suffer a ransomware breach. Not so fortunate were 60 MSPs and 1,000 customers that were taken down by ransomware from the Kaseya attack.
“I feel very insulated from threats like Kaseya,” said Kinder. “ThreatLocker stops ransomware. It allows you to thwart most application vulnerabilities, and it allows you to gain unprecedented control over your existing applications. ThreatLocker is our last bastion of defense.”
Kinder said he feels like he has nearly 100 percent ransomware protection for his customers with ThreatLocker—barring human error. “ThreatLocker changes the MSP security paradigm,” he said. “It’s a game-changer. My message to other MSPs is if you are not doing application whitelisting, you are doing a disservice to you and your customer and someone else is going to come along and displace you.”
ThreatLocker provides a protective barrier of sorts around applications even when it comes to vulnerabilities that might not even have been discovered yet, said Kinder. “ThreatLocker puts a wall around you,” he said.
Kinder still believes in the power of legacy remote management and monitoring tools like Kaseya VSA to assist customers, but they need to be matched with tools like ThreatLocker to hold MSP platform makers “accountable and to put the control back in the MSP’s hands.”
In a world full of security acronyms like XDR, EDR and AI, there is really only “one way to deliver true maximum security to your clients and that is through application whitelisting,” said Kinder. “ThreatLocker makes it easy and it is channel-driven and focused. The biggest part of this is ThreatLocker cares about MSPs.”
David Stinner, president of US itek, a Buffalo, N.Y.-based MSP that has implemented ThreatLocker for every one of its customers, said he also sees whitelisting technology as one of the “biggest answers” to stopping ransomware and solving the ever-rising number of cyberattacks.
“We’re all running around with our hair on fire,” he said. “Whitelisting is like a bouncer at the bar and if your name is not on the list you are not getting in. I don’t care who you are, you are not getting in. It’s black and white. ThreatLocker prevents applications that shouldn’t be running.”
Stinner said he knows for a fact that ThreatLocker has stopped malware from being executed when it got through other security products. “If I had an EDR we would know the attackers are inside our house,” he said. “But wouldn’t we rather have someone hitting the intruder with a baseball bat before they get in? The biggest benefit of ThreatLocker to me is I don’t have the fear I used to whenever I would hear about ransomware attacks like Kaseya and Exchange on-premises server. That product is one of the first I have seen in years that is completely different from anything in the channel. It is mandatory on every customer we support. It has been a highly profitable and effective service for us.”
Stinner said he discovered ThreatLocker at the start of the pandemic. “We had to get most of our customers that were non- essential to work from home,” he said. “The scary thing is a lot of them were using home PCs. So we found ThreatLocker and vetted it with our chief engineer.”
US itek’s chief engineer, a 17-year US itek veteran who had experience with whitelisting technology from the banking industry, gave the product a five-star recommendation. “He was blown away by it,” said Stinner.
Stinner gave ThreatLocker credit for helping his company roll out the product to all his customers. “Our technical team was scared to death about the work involved in vetting all the software stacks at all our customers,” he said. “When you look at it in the rearview mirror, it was way, way easier than we expected it to be.”
In addition to locking down customer environments to prevent ransomware, ThreatLocker has put a lid on shadow IT projects at customer sites. “Those were always some of our biggest ticket generators and we have eliminated them,” he said. “They now understand the threat of that crap software they were running in their environment could take down the business they work for.”
Stinner said he sees ThreatLocker as a breakthrough product that finally asked the right question. “People have been asking the wrong question, which is how to detect the hackers when they are in the network,” he said. “But the right question is how do you stop them dead in their tracks before they get in. ThreatLocker shows the value of MSPs. If everybody in the MSP channel had whitelisting it would elevate the value of the whole MSP channel, eliminating the cybersecurity fatigue that is setting in with SMB customers.”
Chris Hannifin, chief information technology officer for Silotech Group, San Antonio, said ThreatLocker was the No. 1 product he saw that impressed him at the recent Xchange+ conference, which is run by CRN parent The Channel Company.
“To me ThreatLocker is an easy conversation; it is something that every organization will listen to,” he said. “The price point is valuable to me and my customer base. And the baseline to get it to where it needs to be is a timeframe that makes sense to me and my customers. We’re going to evaluate it. ... It fills a definite need. Ransomware is up 150 percent. So if ThreatLocker can just stop the download of the malware and I have data backups and the ability to recover, ransomware just becomes a nuisance—not a major issue.”