Zero Trust World 2023: ThreatLocker Unleashes Ops Threat-Detection Tool
ThreatLocker also will be rolling out a new portal.
![ThreatLocker Zero Trust World Day 2 2023 Feature ThreatLocker Zero Trust World Day 2 2023 Feature](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blte50f5c2512793ea7/652407850624227750ac94f5/ThreatLocker-Zero-Trust-World-Day-2-2023-Feature.jpg?width=700&auto=webp&quality=80&disable=upscale)
Michael Jenkins (pictured with CEO Danny Jenkins on stage) is ThreatLocker’s CTO. He said in terms of alerting to things that are malicious, endpoint detection and response (EDR) and other tools have the ability to alert malicious behavior.
“The way Ops is slightly different is the fact that we’re going to be built purely by the community as well,” he said. “We’ll contribute to it, but (MSPs) build it as well so we can be used in line with an EDR. Or if they don’t have an EDR, they get to check the box of having one. But yes, it’s very much similar to the functions of that of an EDR.”
The Ops community of MSPs will help prevent cyberattacks, Jenkins said.
“The thing is when it comes to cybercrime, what you know might be common to you,” he said. “You might [say], ‘Oh, I always see this.’ But that doesn’t always mean that everybody else sees it. So sharing that knowledge and having that community actually contributing to each other means that the attackers are going to have to work a lot harder.”
With Ops, ThreatLocker still blocks everything the way it normally does, Michael Jenkins said.
“Ops will alert you to the presence of an attacker, because if an attacker is on your server and they’re trying to run things, ThreatLocker is going to block them,” he said. “But knowing that they’re on their server is important — and that’s where Ops comes in. Ops is going to alert you to the potential that somebody has accessed your systems. So if you’re secured, you’re still getting blocked, but you don’t want them on your systems for any longer because they might be able to access something. So knowing that is really half the battle, getting there when they’re on there and locking it down to make sure they can’t do anything.”
MSPs will benefit from Third Wall now being part of ThreatLocker’s platform, said Michael Jenkins.
“Third Wall allows MSPs to easily enhance their security on their endpoints by checking some of the boxes off, like making sure that the local admin accounts are rotating passwords or they’re disabled,” he said. “Also, there’s making sure that if you’ve enabled a firewall, the user can’t just turn it off. So it basically just takes all the security practices that people are doing and enforces those controls. So that’s why we’re calling it configuration management, because it’s about controlling the configuration on your machines, making sure that those settings that you’re setting and need set remain set and nobody can touch them.”
Third Wall previously was limited to ConnectWise Automate, Michael Jenkins said.
“So anyone using Automate could benefit from Third Wall,” he said. “Now that it’s part of ThreatLocker, everybody gets to benefit. We’ve branched out so they can actually open it up and let other users, people who aren’t using ConnectWise Automate, to be able to run Third Wall and have that configuration enhanced and make sure those settings are set.”
ThreatLocker also has been working on a new portal. Users wanted more speed and a new design, Michael Jenkins said.
“It’s redesigned with new technology to make it faster and easier for people to do what they need to do,” he said.
ThreatLocker’s new portal is where the company’s new products are going to be, he added.
The new portal will be available later this month to early next month for MSPs to test.
John Petrozzelli is a director of cybersecurity at Magna5, a Pennsylvania-based MSP. This was his first time attending Zero Trust World.
“Zero trust is essentially the last line of defense,” he said. “I always talk about it in terms of a castle. A hacker might get through the firewall, which might be the castle gates. They might get through the grounds, where the security is. But at the end of the day, they have to get into the keep, which is where the king or the queen are. And ThreatLocker is those guards at the gate, saying you’re either on the king’s list or the queen’s list, or you’re not. It’s the last line of defense when it comes to endpoints, servers, on-premises or remote.”
Petrozelli said he’s looking forward to Ops because “the only limitation I’ve been dealing with ThreatLocker is, for using it with NIST or required frameworks, it didn’t have alerting.”
“It had logging, but there really wasn’t a way of pulling that data out as easily,” he said. “So this is going to be awesome, it’s going to revolutionize it and really bring it to that next tier.”
Nathan Cavalier is a cybersecurity analyst at In-Telecom Consulting, a Louisiana-based MSP. This also was his first time attending Zero Trust World.
“ThreatLocker in general, we use it on a daily basis, we love the software so far, and it’s been a great learning experience here so far,” he said. “We use zero trust in our business pretty much daily. It’s definitely helped out a lot. It’s protected our clients a good bit. We actually had an instance where I was … in the loop on another ransomware attack and we found the same file that was locked by ThreatLocker. So we saw it actively prevent a ransomware attack on one of our clients.”
Ops “looks amazing,” Cavalier said.
“I’m definitely hoping we can get on the beta and give it a good try because that’s something that we would like to implement,” he said. “As of right now, we use Fortinet for our networking solution, so this would definitely help add a second layer of security that would help us really manage the networks better.”
Nathan Cavalier is a cybersecurity analyst at In-Telecom Consulting, a Louisiana-based MSP. This also was his first time attending Zero Trust World.
“ThreatLocker in general, we use it on a daily basis, we love the software so far, and it’s been a great learning experience here so far,” he said. “We use zero trust in our business pretty much daily. It’s definitely helped out a lot. It’s protected our clients a good bit. We actually had an instance where I was … in the loop on another ransomware attack and we found the same file that was locked by ThreatLocker. So we saw it actively prevent a ransomware attack on one of our clients.”
Ops “looks amazing,” Cavalier said.
“I’m definitely hoping we can get on the beta and give it a good try because that’s something that we would like to implement,” he said. “As of right now, we use Fortinet for our networking solution, so this would definitely help add a second layer of security that would help us really manage the networks better.”
On day two of Zero Trust World 2023, ThreatLocker unveiled Ops, a new community-driven threat detection tool. MSPs are looking forward to making use of the tool with their clients.
This new product helps administrators detect attempted breaches or weaknesses in their systems. Zero Trust World, ThreatLocker’s largest ever conference, is happening this week in Orlando.
Ops is a policy-driven system. It uses data received from the ThreatLocker agent to determine good or bad behavior. The data can be used to alert IT administrators of attempted attacks. It can also trigger actions to further harden an environment using other components of the platform.
The Ops platform also integrates into ThreatLocker’s new community, which allows businesses to publish policies that may be relevant to other, similar businesses. That allows for information sharing and a larger set of alerts.
Ops Can Help Companies Dealing with Tight Budgets
As companies scale back resources to become more budget conscious amid economic uncertainty, Ops limits reliance on other IT resources with more security controls, less agent fatigue and no overhead on PCs, ThreatLocker said.
Danny Jenkins is ThreatLocker’s CEO and co-founder.
ThreatLocker’s Danny Jenkins
“Zero trust is the required foundation of security for all organizations,” he said. “By combining controls with Ops, organizations are not only able to benefit from knowledge ThreatLocker has received of attempted attacks, but from similar businesses defending their system from these attacks.”
Also during Zero Trust World, ThreatLocker announced the integration of the Third Wall plug-in in its zero trust platform. This announcement follows the acquisition of Third Wall last November. This configurations manager for Windows consists of 58 lockdown policies and emergency actions to broaden the scope of ransomware prevention, and ensure users are compliant with privacy and security regulations.
See our slideshow above for more from day two of Zero Trust World.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like