Reviews

We may earn a commission if you make a purchase through the links on our website.

All About ThreatLocker

All About ThreatLocker

Amakiri Welekwe UPDATED: November 1, 2024

Amakiri Welekwe

See Full Bio & All Articles from this Author.

As cyber threats continue to escalate, businesses must prioritize robust security measures to safeguard their data and operations. Among the leaders in this field is ThreatLocker, a company dedicated to providing innovative solutions for application control and endpoint protection. With a focus on empowering organizations to take charge of their IT security, ThreatLocker delivers advanced technology designed to prevent unauthorized access and mitigate the risks of ransomware.

In this post, we will examine ThreatLocker’s distinctive offerings, discuss how their approach sets them apart in the cybersecurity landscape, and highlight the essential role they play in helping businesses navigate today’s complex threat environment.

The Founding of ThreatLocker: A New Era in Cybersecurity

ThreatLocker, founded in 2017 by Danny Jenkins, Sami Jenkins, and John Carolan, was born from a commitment to empower businesses with comprehensive control over their cybersecurity environments. The founding team brought decades of experience in developing cybersecurity tools, including enhancements in email and content security, but their vision for ThreatLocker represented a bold leap into a new paradigm. Their mission was clear: to shift the paradigm from a “default allow” model, where everything is permitted unless explicitly blocked, to a more secure “default deny” approach.

The founding team recognized that traditional cybersecurity models were increasingly inadequate. Many organizations operated on a “default allow” basis, meaning that all software and actions were permitted unless explicitly blocked. This approach left significant gaps in security, allowing malicious software, including ransomware, to exploit vulnerabilities and wreak havoc. Danny Jenkins, a visionary in the field, understood that the industry was on the brink of a crisis. He foresaw that the only viable solution to combat the growing threat landscape was to implement a “default deny” model, where all actions would be blocked by default unless specifically permitted.

The default deny approach would fundamentally change how organizations manage cybersecurity. By blocking all unauthorized software and actions, businesses could significantly reduce their risk of breaches and improve their overall security posture. This innovative concept became the cornerstone of ThreatLocker’s mission. Danny’s foresight and understanding of market trends were crucial in shaping this new model, positioning ThreatLocker as a leader in Zero Trust cybersecurity solutions.

Sami Jenkins, co-founder and COO, played an instrumental role in translating this vision into a tangible product. Her experience in operations and strategic management helped to lay the groundwork for ThreatLocker’s growth. Together, Danny and Sami faced the skepticism of investors, who initially ridiculed their focus on whitelisting technology. Many viewed the notion of blocking all actions by default as impractical. However, their unwavering belief in the necessity of robust cybersecurity measures kept them motivated to push forward.

John Carolan, the third co-founder, contributed his expertise in technology and business strategy. His insights helped to refine the company's offerings and ensure that ThreatLocker could effectively address the challenges faced by organizations in securing their networks.

With a clear vision and a committed team, ThreatLocker officially launched its Zero Trust Endpoint Protection Platform. This platform combines a variety of advanced security features, such as Application Allowlisting, Ringfencing, Network Control, Storage Control, Elevation Control, and Endpoint Detection and Response (EDR). These elements worked together to create a comprehensive security solution that simplified management for IT professionals while enhancing protection against cyber threats.

Now headquartered in Orlando, Florida, ThreatLocker has grown to serve thousands of organizations globally. The founding team's relentless pursuit of a safer digital environment continues to drive ThreatLocker forward, establishing it as a pivotal force in the fight against cyber threats.

Timeline of Key Events and Milestones

  • Seed Funding (September 2017): ThreatLocker officially launches, securing initial seed funding (amount undisclosed) to kickstart its mission of transforming cybersecurity with its innovative Zero Trust endpoint protection model.
  • Series A Funding (September 2020): The company raises $4.44 million in Series A funding, marking a significant step in expanding its reach and developing its Zero Trust cybersecurity solutions.
  • Series B Funding (May 2021): ThreatLocker secures $20 million in Series B funding, further solidifying its position in the cybersecurity landscape and enabling the enhancement of its product offerings.
  • Series C Funding (April 2022): The company raises $100 million in Series C funding. This capital is aimed at bringing Zero Trust endpoint security to a broader array of organizations, supporting their mission to enhance cybersecurity measures worldwide.
  • Series D Funding (April 2024): ThreatLocker announces the successful completion of a $115 million Series D funding round. This milestone allows the company to continue its growth trajectory and expand its Zero Trust endpoint security solutions to even more organizations globally.

Throughout its journey, ThreatLocker has achieved significant milestones that reflect its dedication to enhancing cybersecurity practices. From its initial seed funding to subsequent rounds of investment, the company has consistently focused on innovation and expanding its reach. As it continues to grow, ThreatLocker is well-positioned to influence the future of cybersecurity, helping organizations navigate an increasingly complex threat landscape.

ThreatLocker Flagship Product: Zero Trust Endpoint Protection Platform

ThreatLocker Zero Trust Endpoint Protection Platform

The ThreatLocker Zero Trust Endpoint Protection Platform is an advanced cybersecurity solution designed to enhance the security posture of organizations by adopting a zero-trust approach. ThreatLocker's uniqueness lies in its innovative Zero Trust architecture, which shifts the security paradigm from a “default allow” model to a “default deny” approach, effectively blocking all untrusted actions while allowing only explicitly permitted applications.

Key Features:

  • Application Allowlisting: Blocks all untrusted applications by default, allowing only explicitly permitted software to run, thereby preventing malware execution.
  • Ringfencing: Defines what permitted applications can access and interact with, preventing unauthorized actions and mitigating exploit risks.
  • Network Control: Acts as an endpoint firewall, controlling network traffic with customizable permissions based on port, source IP, and dynamic ACLs.
  • Elevation Control: Enables specific applications to run with local admin rights without granting full administrative access to users.
  • Storage Control: Manages access to storage devices with granular policies, ensuring that only authorized applications and users can interact with sensitive data.
  • ThreatLocker Detect: Monitors for unusual activities and indicators of compromise, alerting administrators and triggering automated responses to potential threats.
  • Cyber Hero Team: Provides 24/7/365 managed detection and response support, ensuring rapid incident response and threat mitigation.
  • ThreatLocker Community: Facilitates policy sharing and collaboration among administrators, enhancing knowledge and best practices across organizations.
  • Configuration Manager: Allows centralized management of security policies, ensuring consistent enforcement and compliance throughout the organization.

This proactive strategy, combined with features like allowlisting, Ringfencing, and other control and monitoring capabilities, offers organizations robust protection against both known and unknown vulnerabilities, including ransomware and fileless malware. Its streamlined onboarding and customizable policies set it apart from traditional enterprise security solutions, making it particularly suitable for medium to large enterprises that require advanced cybersecurity measures without the complexity and overhead typically associated with such systems. Organizations in regulated industries or those managing sensitive data can especially benefit from ThreatLocker’s comprehensive visibility and control over data access.

Pros:

  • Effective Protection Against Data Theft: Prevents unauthorized copying and access to sensitive data, safeguarding valuable information against potential threats.
  • Fileless Malware Mitigation: By limiting application actions, ThreatLocker effectively prevents fileless malware attacks, enhancing overall security.
  • Enhanced Network Security: The platform employs dynamic ACLs to ensure rogue devices cannot access sensitive servers and endpoints, bolstering network integrity.
  • Customizable Policies: Users can set tailored thresholds for alerts and responses based on the specific threat level, helping to reduce alert fatigue.
  • USB Control: Simple USB blocking policies allow for detailed access management based on device serial numbers, vendors, and file types, improving data security.
  • Canaries for Monitoring: The use of bait files (canaries) simulates real data access, enabling proactive monitoring for unauthorized changes or access attempts.
  • Prevent Breaches: The combination of allowlisting, Ringfencing™, and Network Control offers robust defenses against ransomware, viruses, and other malware, regarded as the gold standard in cybersecurity.

Cons:

  • Complex Initial Setup: Implementing ThreatLocker may require a detailed configuration process that can be complex for some organizations.
  • Potential Overblocking: The strict allowlisting can lead to legitimate applications being blocked if not properly configured, affecting productivity.
  • Dependency on Configuration: The effectiveness of ThreatLocker largely relies on the proper setup and ongoing management of policies, which may require dedicated resources.

ThreatLocker Endpoint Protection Platform integrates seamlessly into existing IT environments, minimizing disruption during implementation. A key feature of the ThreatLocker platform is its Unified Audit system, which records all denied and allowed actions in real time. This detailed logging supports compliance efforts, providing organizations with the necessary documentation to demonstrate their security practices and respond to regulatory requirements. Another key capability known as ThreatLocker Detect leverages this real-time data to alert IT teams to any blocked malicious activities, allowing for rapid incident response and remediation. A free 30-day trial is available upon request.

Overview of ThreatLocker’s Key Capabilities and its Evolution 

The evolution of ThreatLocker’s product suite and its key capabilities reflects advancements in network technologies and the increasing complexity of cybersecurity challenges. When ThreatLocker launched in 2017, traditional antivirus solutions dominated the landscape, often falling short against sophisticated attacks. By introducing allowlisting as a core defense mechanism, ThreatLocker positioned itself at the forefront of a shift toward stringent access controls.

As the threat landscape evolved, the need for deeper application-level security became apparent, prompting the introduction of Ringfencing. This innovation addressed the risks associated with interconnected applications, aligning with the rise of microservices and complex application environments.

The emergence of remote work and cloud technologies necessitated robust data and network security measures. Storage Control and Network Control were developed in response, providing essential tools for safeguarding sensitive information and managing network traffic in decentralized environments.

Lastly, the integration of ThreatLocker Detect underscores a commitment to proactive threat management. By leveraging insights from network activity and enabling real-time anomaly detection, ThreatLocker continues to adapt to the evolving cybersecurity landscape.

Here’s a breakdown of the ThreatLocker’s key capabilities: 

  • Allowlisting: At the foundation of ThreatLocker’s offerings is allowlisting, a proactive security mechanism that restricts software execution to only those applications explicitly permitted by the organization. This approach effectively blocks unauthorized and potentially harmful programs, including ransomware and other malicious software. By ensuring that only known, trusted applications can run, allowlisting minimizes the risk of cyber threats penetrating the network.
  • Ringfencing: Building on the principles of allowlisting, Ringfencing™ provides an additional layer of security by controlling how approved applications interact with one another and access system resources. This component is essential in preventing malicious behaviors within allowed applications, offering fine-grained control over resource interactions. Ringfencing helps protect against fileless malware and software exploits by defining rules that dictate application behavior and resource access, thereby mitigating the risk posed by compromised applications.
  • Storage Control: Storage Control addresses the critical need for data protection in today’s complex IT environments. This component allows organizations to dynamically manage access to storage devices, including USB drives and network shares. By specifying which applications and users can access specific data, Storage Control helps safeguard sensitive information. It also supports features like temporary access approvals and restrictions based on file types, ensuring that data remains secure while still being readily accessible to authorized users.
  • Network Control: As remote work and cloud environments have become more prevalent, Network Control has emerged as a vital component of the ThreatLocker suite. This cloud-managed firewall solution enables organizations to define precise policies for inbound and outbound network traffic. With granular control based on IP addresses and specific keywords, Network Control enhances security by ensuring that only authorized traffic is allowed to access protected devices. This seamless integration allows organizations to maintain secure network operations without the complexities often associated with traditional VPN solutions.
  • Elevation Control: Elevation Control focuses on managing user permissions effectively within an organization. This component empowers IT administrators to grant temporary elevated access to specific applications while removing broader administrative rights. By limiting the scope of admin access, Elevation Control reduces the potential attack surface associated with user permissions. It streamlines permission requests, allowing users to request elevated access for particular applications while ensuring that their movements are monitored and controlled.
  • ThreatLocker Detect: To complement its proactive security measures, ThreatLocker introduced ThreatLocker Detect, a component dedicated to identifying and responding to anomalies within an organization’s environment. This module monitors for suspicious activities that could indicate potential cyber threats, alerting administrators to vulnerabilities. With the ability to analyze data from other ThreatLocker components, ThreatLocker Detect enables automated responses to detected threats, helping organizations mitigate risks before they escalate.

Challenges and How They Were Addressed

ThreatLocker, like many technology solutions, has encountered several challenges in its journey to become one of the leading providers of Zero Trust endpoint protection solutions. Here are some of the key challenges the company has faced, along with the strategies it employed to tackle them:

  1. Market Skepticism: Initially, there was skepticism from investors and potential clients regarding the effectiveness of its whitelisting approach. Many were accustomed to traditional antivirus solutions and hesitant to adopt a new methodology. To address this, ThreatLocker focused on educating the market about the advantages of application allowlisting and its superior protection against both known and unknown threats. They showcased case studies and success stories to demonstrate real-world efficacy.
  2. Evolving Cyber Threats: As cyber threats continuously evolve, maintaining up-to-date protection becomes a challenge. ThreatLocker responded by regularly updating its platform and features to counter emerging threats. This included enhancements to its Ringfencing technology, which provides granular control over how applications interact, thereby reducing vulnerability to new exploits.
  3. Implementation Complexity: Transitioning to a Zero Trust model can be complex for organizations used to traditional security frameworks. ThreatLocker addressed this by offering a user-friendly onboarding process, including its Learning Mode, which simplifies the initial setup by automatically cataloging applications and creating policies. The availability of 24/7 support from the Cyber Hero Team further aids organizations in navigating the transition smoothly.
  4. Compliance Requirements: Many organizations face stringent compliance regulations. To support these needs, ThreatLocker integrated robust auditing and reporting features, allowing organizations to demonstrate compliance easily and effectively.

Through education, continual product evolution, user-friendly solutions, and strong support, ThreatLocker has successfully navigated these challenges, establishing itself as a leading solution provider in the endpoint security space.

Wrap-Up

In conclusion, ThreatLocker represents a significant evolution in cybersecurity, founded in 2017 by Danny Jenkins, Sami Jenkins, and John Carolan. Their vision of creating a comprehensive security solution led to the development of the Zero Trust Endpoint Protection Platform, which emphasizes proactive measures like application allowlisting and granular access control. This innovative approach addresses the limitations of traditional antivirus solutions, providing organizations with the ability to manage and monitor application behavior, thereby minimizing the risk of malware and other cyber threats.

The journey of ThreatLocker has been marked by notable milestones, including multiple funding rounds that reflect growing confidence in its unique approach to cybersecurity. With the successful launch of its flagship product, the Zero Trust Endpoint Protection Platform, ThreatLocker has established itself as a leader in the market. Key capabilities such as Ringfencing, Storage Control, and ThreatLocker Detect have evolved to meet the demands of an ever-changing threat landscape, making it easier for organizations to protect their data and maintain compliance.

While ThreatLocker has faced challenges, including initial skepticism from investors and the complexities of adopting a zero-trust model, it has effectively addressed these issues through education and continuous improvement. Looking ahead, ThreatLocker is well-positioned for future growth, with a clear focus on enhancing its product offerings and expanding its reach within the cybersecurity market. As organizations increasingly prioritize robust security measures, ThreatLocker's innovative solutions will play a critical role in shaping the future of endpoint protection.