Register for Zero Trust World 25!
Use Case:

SolarWinds Orion Attack

A malicious cyberattack was perpetrated against SolarWinds, a U.S.-based software firm that produces and maintains IT tools utilized by large companies and government entities, which exploited the SolarWinds Orion software.

Zero-Day Vulnerability and SolarWinds Orion Attack

SolarWinds Orion was the target of a software supply chain attack against American software company SolarWinds, which develops and maintains network monitoring tools used by major corporations and governments. The hack was carried out by threat actors outside of the nation and exploited SolarWinds’ Orion software updates. The updates that were exploited ended up being installed by more than 250 of SolarWinds’ customer base, including Fortune 500 businesses.

How ThreatLocker® Mitigated This Exploit

ThreatLocker® mitigated the SolarWinds Orion attack by limiting what the application was able to do, which was accessing the internet. The code that was placed in the SolarWinds Orion software would reach out to the internet, which happened to be an A-to-B server in the United States. By using the Ringfencing™ solution, the SolarWinds Orion application was unsuccessful because the attack was blocked from interacting with the internet or browser applications that hindered its ability to download the intended malware.
See Ringfencing™
Illustration of ThreatLocker blocking solarwinds from interacting with PowerShell, files, and internet

ThreatLocker® Key Uses

Proactive Approach to Cybersecurity

Unlike antivirus or traditional EDR, ThreatLocker Allowlisting solution puts you in control of what software, scripts, executables, and libraries can run on your endpoints and servers. This approach stops not only malicious software in its tracks but also stops other unpermitted applications from running. This process greatly minimizes cyber threats and other rogue applications from running on your network.

Preventing the Weaponization of Legitimate Tools

ThreatLocker Ringfencing™ controls what applications are able to do once they are running. By limiting how software can interact on your devices, ThreatLocker® can reduce the likelihood of an exploit being successful or an attacker weaponizing legitimate tools such as PowerShell.

Limiting Application Hopping for Administrators

Elevation Control puts IT administrators in the driver’s seat, enabling them to control specific applications that can run as a local admin without giving users local admin rights.

With applications such as Quickbooks that need to run with local admin access; Elevation control can limit that access without impacting operational workflow, which can prevent the further spread of an attack, like application hopping, in case there is a breach in the endpoint.

Control Over Storage Devices and Data Access

ThreatLocker Storage Control provides policy-driven control over storage devices, whether the storage device is a local folder, a network share, or external storage such as a USB drive. Storage Control allows you to set granular policies, such as blocking USB drives or blocking access to your backup share except when your backup application is accessed.

ThreatLocker Benefits

Increased Security

Increasing endpoint security coverage and reduce the risk of potential security breaches

24/7 Cyber Hero Support

Resolve any questions or issues with our ThreatLocker Cyber Heroes, who are available within 30 seconds via the admin portal chat or telephone 24/7/365

Save Time & Money

Reduce time dedicated to endpoint security by 25% and reevaluate annual spending on multiple licensing for antivirus and EDR solutions.

Seamless Onboarding & Deployment

ThreatLocker Learning Mode and Unified Audit simplifies setting up your Zero Trust environment during the initial onboarding and deployment.