Stay secure over the holidays with the ThreatLocker Lights-Out Checklist

Ringfencing™

Reduce the chance of a cyberattack by limiting what applications can do, whether it’s interacting with another application, your files, data, or the internet.

What is application containment (Ringfencing™)?

Ringfencing controls what applications can do once they are running. Think of Ringfencing as a barrier and extra security measure that is actively containing software from stepping outside of its lane. By limiting what software can do, ThreatLocker Ringfencing can reduce the likelihood of an exploit being successful or an attacker weaponizing legitimate tools such as PowerShell.

Ringfencing allows you to control how applications can interact with other applications. For example, while both Microsoft Word and PowerShell may be permitted, Ringfencing will stop Microsoft Word from being able to call PowerShell, thus preventing an attempted exploit of a vulnerability such as the Follina vulnerability from being successful.

Why Ringfencing™?

Under normal operations, all applications permitted on an endpoint or server can access all data that the operating user can access. This means if the application is compromised, the attacker can use the application to steal or encrypt files.

Attackers can also use fileless malware which runs in the computer's memory, to evade detection by antivirus or EDR that are focused on detecting changes to files or registry keys. These attacks, often called living off the land attacks, leverage native tools and trusted applications to carry out malicious instructions in the background without ever touching the file system.

How does Ringfencing™ work?

When you first deploy Ringfencing, your device will be aligned with the default ThreatLocker policies. These policies are then automatically applied to a list of known applications such as Microsoft Office, PowerShell, or Zoom.

The aim of the default policies is to provide a baseline level of protection for all endpoints. Each of these policies can easily be manipulated to fit any environment at any time.

Our dedicated Cyber Hero Team is always on hand to support any requests, 24/7/365.

Do you need Ringfencing?

Ringfencing helps protect sensitive data, such as customer information, intellectual property, and financial data, from unauthorized access or data breaches.

‍Ringfencing is a valuable strategy to enhance the security of an organization's digital posture.

Organizations across any industry can benefit from Ringfencing by isolating critical and trusted applications from unintended uses or weaponization, limiting the lateral movement of attackers within their network.

Use Ringfencing to:

  • Protect your important data: Whether that be financial information, customer information, or your invaluable intellectual property.
  • Keep bad actors at bay: Prevent hackers and cybercriminals from accessing your data.
  • Control access: Control what your applications have access to and how they can interact within your environment.

Preventing software exploitation with application containment

Ringfencing was able to foil a number of attacks that were not stopped by traditional EDR. The 2020 SolarWinds Orion attack was foiled by Ringfencing. See how Ringfencing allows you to remove file access permissions for applications that do not need access and even remove network or registry permissions.

Illustration of solarwinds interactions being blocked by ThreatLocker

Frequently asked questions

Can you put these controls on my custom applications?

Yes. Ringfencing can be applied to any application control policy regardless of whether it contains built-ins, custom applications, or both.

Is there an easy way to obtain the domain vs. the learned IP on the network?

Yes. There is an option available to EnableDriverDomainNameParsing that will greatly improve domain name resolution, allowing you to more easily add domains instead of IPs.

Will end users get a popup notification from ThreatLocker when something is ringfenced?

Yes, and it will appear in the blocked items list.

If I put an exception in for an app to not be included in the apps ringfenced from a policy, why do I still see that application ringfenced later on?

That same application can be ringfenced from multiple apps. For instance, both Google Chrome and Microsoft Edge are ringfenced from interacting with CMD.exe.

Do I need Network Control to use the Network portion of Ringfencing?

No, you do not have to enable the Network Control module to Ringfence an application from accessing the network.

Do I need Storage Control to use the File Access portion of Ringfencing?

No, you do not have to enable the Storage Control module to Ringfence applications from interacting with your files.

How frequently do you create or release new ringfence policies?

As we discover new vulnerabilities, we deploy suggested policies to the ThreatLocker community. They are available for download in your environments. You can always manually Ringfence any app for additional security.

How often are you updating ringfence policies?

While this is a rare occurrence, we can adjust our default policies if we detect they are causing unnecessary overhead or denies.

Ringfencing™ (Application Containment) features

ThreatLocker Allowlisting - White Icon

Mitigate against fileless malware

Stop fileless malware by limiting what applications are allowed to do.

Granular Application Policies - White Icon

Granular application policies

Stop applications from interacting with other applications, network resources, registry keys, files, and more.

Limit Application Attacks Feature Icon

Limit application attacks

Limit application attacks like application hopping by limiting what applications can access.

Limit Access to Your Files - White Icon

Limit access to your files

Choose which applications in your environment need to have access to your files.

Take control of your organization's security

Request your 30-day trial to the entire ThreatLocker platform today.

Try ThreatLocker