ThreatLocker Ops is a policy-based Endpoint Detection and Response (EDR) solution. This EDR addition to the ThreatLocker Endpoint Protection Platform watches for unusual events or Indicators of Compromise (IoCs). ThreatLocker Ops can send alerts and take automated actions if an anomaly is detected.
ThreatLocker Ops leverages the vast telemetry data collected from other ThreatLocker modules and Windows Event logs. This info gives essential insights into an organization's security, enabling them to identify and remediate possible cyber threats.
ThreatLocker Ops has an edge over other EDR tools in detecting and responding to potential threats. Its advanced technology identifies and addresses known malicious activities while providing extensive coverage of events beyond just known ones.
ThreatLocker Ops' automated responses can give information, enforce rules, disconnect machines from the network, or activate lockdown mode quickly. When Lockdown mode starts, it blocks all activities, including task execution, network access, and storage access, ensuring maximum security.
With the capability of detecting remote access tools or PowerShell elevation, ThreatLocker Ops also identifies events such as abnormal RDP traffic or multiple failed login attempts. Furthermore, the platform can determine if an event log is erased or if Windows Defender finds malware on a device. This proactive approach enables organizations to swiftly identify and respond to potential threats before they can cause significant damage.
TheatLocker Ops continuously monitors the behavior of trusted and untrusted applications across all devices where the ThreatLocker Agent is installed. IT Experts can make custom rules and policies for decision-making instead of relying on AI or undisclosed criteria. These policies can have a set of conditions or responses that look for behaviors based on a threshold that indicates a compromise may have occurred.
When conditions are met, ThreatLocker Ops will automatically respond based on the rules created. These policies are constantly evaluated in real-time by the ThreatLocker agent on your endpoint, which means your policies are enforced in milliseconds whether or not your endpoint is connected to the internet. IT experts can have complete control over their priorities and event responses. This level of automation and control ensures that incident response actions align with the organization's overall security strategy.
Additionally, ThreatLocker offers recommended policies based on frameworks such as MITRE and CISA Indicators of Compromise. ThreatLocker has introduced a platform known as "ThreatLocker Community". IT experts can share policies they created with other members of the ThreatLocker Community on the platform.
Using industry-known indicators of compromise, ThreatLocker Ops can detect and alert IT professionals that their organization may be under an attempted attack based on customizable thresholds and notification methods.
Set policies to enable, disable, or create Application Control, Storage Control, or Network Control policies in response to specified observations.
Policies can be tailored to alert and respond differently based on the threat level to reduce alert fatigue.
IT admins can easily share their own ThreatLocker Ops policies or “shop” for vetted policies shared by their industry peers and the ThreatLocker team.