Stay secure over the holidays with the ThreatLocker Lights-Out Checklist
Use case:

Microsoft Exchange Server attack

The Microsoft Exchange Server on-premises editions were attacked using several zero-day exploits discovered by Microsoft in 2021.

Zero-Day vulnerability and Microsoft Exchange Server attack

The Microsoft Exchange Server on-premises editions were attacked using several zero-day exploits discovered by Microsoft in 2021. Due to these exploits, over 30,000 organizations in the US were targeted, which gave cybercriminals access to email accounts where they were able to install web shell malware, giving them ongoing administrative access to the victims’ servers.

How ThreatLocker® mitigated this exploit

ThreatLocker was able to mitigate this attack with its Ringfencing solution. By using the Ringfencing solution to limit the Internet Information Services (IIS), ThreatLocker was able to stop the execution of the remote web shells by blocking/limiting access to other applications, the internet, and user files, mitigating the damage the threat attacker had intended to do post-exploitation.

ThreatLocker key uses

Proactive approach to cybersecurity

Unlike antivirus or traditional EDR, ThreatLocker Allowlisting solution puts you in control of what software, scripts, executables, and libraries can run on your endpoints and servers. This approach stops not only malicious software in its tracks but also stops other unpermitted applications from running. This process greatly minimizes cyber threats and other rogue applications from running on your network.

Prevent the weaponization of legitimate tools

Normally, applications have access to all the same data as the end user. If an application is absolutely necessary, ThreatLocker Ringfencing can implement Zero Trust controls comparable to, but more granular than, traditional application containment tools. ThreatLocker Ringfencing controls what applications are able to do once they are running. By limiting how software can interact on your devices, ThreatLocker can reduce the likelihood of an exploit being successful or an attacker weaponizing legitimate tools such as PowerShell. These controls can prevent applications from interacting with another application, your files, data, or the internet.

Limit application hopping for administrators

Elevation Control puts IT administrators in the driver’s seat, enabling them to control specific applications that can run as a local admin without giving users local admin rights. With applications such as QuickBooks that need to run with local admin access, elevation control can limit that access without impacting operational workflow, which can prevent the further spread of an attack, like application hopping, in case there is a breach in the endpoint.

Control storage devices and data access

ThreatLocker Storage Control provides policy-driven control over storage devices, whether the storage device is a local folder, a network share, or external storage such as a USB drive. Storage Control allows you to set granular policies, such as blocking USB drives or blocking access to your backup share except when your backup application is accessed.

ThreatLocker® benefits

Increased security

Increasing endpoint security coverage and reduce the risk of potential security breaches

24/7 Cyber Hero® support

Resolve any questions or issues with our ThreatLocker Cyber Heroes, who are available within 30 seconds via the admin portal chat or telephone 24/7/365

Save time and money

Reduce time dedicated to endpoint security by 25% and reevaluate annual spending on multiple licensing for antivirus and EDR solutions.

Seamless onboarding and deployment

ThreatLocker Learning Mode and Unified Audit simplifies setting up your Zero Trust environment during the initial onboarding and deployment.

Take control of your organization's security

Request your 30-day trial to the entire ThreatLocker platform today.

Try ThreatLocker