ThreatLocker Goes From Product to Platform
Like so many others in security and beyond, ThreatLocker is turning what was once an allowlisting solution into the foundation of an increasingly broad platform.
Per separate coverage, ThreatLocker’s product strategy has stayed true to the company’s “default deny” mission even as its product portfolio has grown from allowlist endpoint protection into storage security, network control, EDR, MDR, and beyond.
“Back in 2020, 2019, it was an allowlisting tool, but we’ve expanded on the concept of deny by default and we’ve applied it to different areas,” Allen (pictured) says. “Now it’s an entire endpoint protection platform.”
That platform both grew and evolved in interesting ways this week with the simultaneous release of five new solutions. All are worth reading about, but two stand out for what they say about where ThreatLocker is taking deny by default next.
One is a DNS security system called ThreatLocker Web Control. The other is a Microsoft 365 security system called ThreatLocker Cloud Control. Both make clear that at a time when more and more of what matters to SMBs happens in the cloud, ThreatLocker (like Kaseya among many others) is moving there with them.
“We see ourselves as a full endpoint platform expanding into a cloud platform quite aggressively, but more importantly, focusing on zero-trust principles,” Jenkins says.
Three other facts worth noting about this week’s product news:
1. ThreatLocker Cloud Control won’t be M365-only for long. “Within the next two months, we’ll have G Suite, AWS, GitHub, and other platform components, and we’re going to keep expanding that,” Jenkins says.
2. ThreatLocker Web Control marks a first-ever deviation from the deny-by-default vision. Because it had to. Realistically, you can’t allowlist the web.
“You could say block all sites and allow only these ones,” Allen says. “Most organizations are not going to do that. Most organizations just want to block dangerous websites, inappropriate websites, gambling, that kind of stuff that they don’t want people to be doing on their work computers.”
As a result, ThreatLocker users can now blacklist for the very first time.
3. The two letters most conspicuous by their absence in everything ThreatLocker announced this week are “A” and “I”. Unlike pretty much everyone else in security, ThreatLocker is not part of the artificial intelligence stampede.
That’s consistent with how the company has always approached threats, Mitchell notes. “They’re not relying on AI and machine learning to learn those behaviors and then determine whether or not it is or isn’t a risk,” he says. “They’re just not going to trust it to start with.”