ThreatLocker Ops: Your Questions Answered

After our recent “What is ThreatLocker Ops” blog, we wanted to take a deeper dive into the technical aspects of ThreatLocker Ops and collected our audience’s burning questions. This blog addresses the most frequently asked questions and shares the answers with you.

Are the ThreatLocker Ops Policies That Are Shared by Other Contributors Tested by Threatlocker?

The ThreatLocker Ops team will be reviewing all policy submissions. Community members will be able to rate policies. Highly rated policies will be highlighted, and policies with low ratings will be moved closer to the bottom of the catalog.  

Will There Be Built-In, Templated Policies for ThreatLocker Ops?

Yes. The ThreatLocker Ops team will create and maintain policies for many of today’s prevalent cyber threats. The ThreatLocker Ops team will maintain these policies, and if any published IOCs change, the policies will be updated accordingly. The changes will automatically apply to anyone using that policy.  

How Would ThreatLocker Ops Complement an Mdr Service Someone Is Already Using?

ThreatLocker Ops is powered by ThreatLocker, so it benefits from all the data being collected on every endpoint, meaning that ThreatLocker Ops has visibility of data that is not available to traditional MDR services. In addition, Ops can react instantly to malicious behavior detected anywhere in the enterprise. The ThreatLocker Community harnesses the power of the collective, allowing admins to share and adopt ThreatLocker Ops policies used by industry peers to tailor their protection based on their specific vertical. IT professionals set their alert thresholds according to their organization's threat appetite, reducing the number of false positive alerts to eliminate alert fatigue.

Can ThreatLocker Ops Monitor Windows Events for User Login Attempts to Log and Alert Based on Unsuccessful Login Attempts?

Absolutely! ThreatLocker Ops can monitor the Windows event log and alert on any event, including unsuccessful login attempts. Set the threshold to the number of unsuccessful attempts acceptable to you and receive a notification when that number is reached.

If ThreatLocker Ops Isolates a Machine in Response to a Perceived Threat, Is There a Way to Make Exceptions to Allow My Specific Remote Access Tool to Connect to the Isolated Machine to Investigate?

Yes. ThreatLocker Ops policies can be configured to isolate the offending machine but permit connection to it only by a specific machine, IP address, or tool. ThreatLocker Ops empowers admins to create the policies they require to meet their cybersecurity goals.  

Does ThreatLocker Ops Have Any Additional Agent Component Requirements or Is All the New Monitoring Based on the Current Threatlocker Driver?

ThreatLocker Ops does not have any additional agent component requirements. It will be included in the ThreatLocker Driver that powers the rest of the ThreatLocker modules. Current customers can simply enable the ThreatLocker Ops product from within the ThreatLocker portal to add ThreatLocker Ops to their security stack.

Have a burning question not answered above? Schedule a call with a member of our Cyber Hero Team to learn more about ThreatLocker Ops

‍