After our recent “What is Allowlisting?” blog, we wanted to take a deeper dive into the technical aspects of ThreatLocker Allowlisting tool and asked our social media audience for their burning questions. In this blog, we address six of the frequently asked questions received to share the answers with you!
Can ThreatLocker Allowlisting Run in Conjunction with My Existing Antivirus Solution?
Yes, all Applications are treated the same way in Allowlisting, whether it’s an Antivirus or Microsoft Word, meaning if a policy is created for said application, it will run.
Why Use an Allowlisting Tool Rather than a Deny-Listing Tool?
With ThreatLocker Allowlisting, you must create policies that allow an application to run. If an application is not on your allowlist, it simply will not run. With a deny-listing tool, you create policies on what is not allowed to run. Although within ThreatLocker, there is the availability to add a denylisting policy in which you can 100% block an application, it is a secondary aspect of the platform. This is because the list of vulnerable applications to block is ever-growing and evolving. Keeping up with adding a deny policy for each would be never ending.
Does Allowlisting Meet the Federal Zero Trust Compliance Requirements?
According to the White House’s Executive Order on Improving the Nation’s Cybersecurity (EO 14028), agencies are required to develop their own plans for implementing a Zero Trust
Architecture. The Federal ZTA strategy is further outlined in the Office of Management and Budget Memorandum (M-22-09) which designates a timeline for the implementation of Zero Trust controls in your organization.
ThreatLocker is already NIST compliant and its Allowlisting feature enables application control and testing which is outlined in Section D of the OMB’s M-22-09. Other ZTA strategies given in this memorandum that are in line with ThreatLocker’s security offerings include:
- Identity and access management
- User authorization
- Inventorying assets
- Network monitoring
- Data Security (Storage Control)
- And others.
What Is the Level of Commitment Required for the Product from the Helpdesk?
Allowlisting is not a set-it-and-forget-it solution. Your organization may need to train those at the Help Desk to approve applications that users may request outside of the learning period. In addition, you may also decide that Help Desk personnel follow an escalation approval process to arrive at a decision if an application can be approved. For example, having an adequate license for the specific application being installed.
When you become a ThreatLocker partner you gain access to ThreatLocker University where there is full training on application approvals. Alternatively, ThreatLocker has a team of Cyber heroes that can assess and approve or deny any new application requests.
What Is the Level of Engagement Required for the Product from the Infrastructure Team?
In most cases, the infrastructure team will not need to be engaged when deploying ThreatLocker in the environment. However, customers may need to alert their infrastructure team about allowing ThreatLocker through their firewall if they utilize any kind of internet filtering or proxy. This will allow the ThreatLocker Agent access to our ThreatLocker Datacenters. Important to note that we only require port 443 for all traffic to ThreatLocker.
Is Application Allowlisting a Necessary Tool?
Allowlisting is not a necessary tool but a solution that all organizations, regardless of size or industry, should add to their stack. Allowlisting is considered the first line of defense in your security stack by protecting businesses from known and unknown executables. Unlike antivirus, Allowlisting puts you in control over what software, scripts, executables, and libraries can run on your endpoints and servers.
Interested in learning more? Schedule a call with the Cyber Hero Team today.