Threatlocker
Zero Trust Endpoint Security
How ThreatLocker® Protects Your Business
Businesses rely on the latest technologies such as next-gen antivirus software and threat detection solutions that use machine learning, artificial intelligence, advanced heuristics, blockchain, and more.
However, none of these solutions protect against the latest cyber threats, including ransomware and other forms of malware. Millions of pounds are spent on cybersecurity annually, yet companies that rely on threat detection are still getting compromised.
Most cybersecurity protections are based on looking for, finding, and stopping threats. The problem is, cybercriminals are getting smarter and entering networks undetected. End-users are constantly inviting threats through actions such as downloading various applications without your approval, clicking on links they shouldn’t, and opening attachments in e-mails.
That’s why a new approach of blocking everything that is not trusted and only allowing those applications that are approved is a far cleaner and more comprehensive approach to ensuring malware does not end up on your networks.
What is Allowlisting?
Application Allowlisting denies all applications from running except those that are explicitly allowed. This means untrusted software, including ransomware and other malware, will be denied by default.
When the software is first installed, it operates in Learning Mode. During this period, all applications and their dependencies that are found or running on the computer are catalogued, and policies are created to permit them. After the learning period, the we review the list of applications, remove those that are not required, and secure the computer. Once the computer is secured, any application, script, or library that tries to execute that is not trusted will be denied. The user can request new software from the IT administrator, and it can be approved in 60 seconds.
Application Allowlisting has long been considered the gold standard in protecting businesses from known and unknown malware.
What is Ringfencing™?
Ringfencing™ controls what applications are able to do once they are running. By limiting what software can do, ThreatLocker® can reduce the likelihood of an exploit being successful or an attacker weaponizing legitimate tools such as PowerShell.
Ringfencing™ allows control of how applications can interact with other applications. For example, while both Microsoft Word and PowerShell may be permitted, Ringfencing™ will stop Microsoft Word from being able to call PowerShell, thus preventing an attempted exploit of a vulnerability such as the Follina vulnerability from being successful.
10
the average number of days a ransomware incident lasts
£190,540
was the average ransom demand in 2020
£1,046
the average cost of stolen data on the dark web, per victim
What is Storage Control?
Storage Control provides policy-driven control over storage devices, whether the storage device is a local folder, a network share, or external storage such as a USB drive.
ThreatLocker® Storage Control allows granular policies to be set, which could be as simple as blocking USB drives, or as detailed as blocking access to your backup share except when accessed by your backup application.
Unified Audit provides a central log of all storage access by users on the network and those working remotely, right down to the files that were copied and the serial number of the device.
When a storage device is blocked, a user is presented with a pop-up where they can request access to a storage device. The administrator can choose to permit the storage device in as a little as 60 seconds.
At CSSCloud, we understand that as technology evolves, so do opportunities to evolve your business. In order to ensure your business evolves and thrives in today’s world, we are always a few steps ahead, making security recommendations to fit your needs and mitigate the latest cyber threats. You can rest easy when you put your IT support needs in our hands.