Table of Contents
After our recent “What is ThreatLocker® Detect” blog, we wanted to take a deeper dive into the technical aspects of ThreatLocker® Detect and collected our audience’s burning questions. This blog addresses the most frequently asked questions and shares the answers with you.
Are the ThreatLocker® Detect Policies That Are Shared by Other Contributors Tested by ThreatLocker®?
The ThreatLocker® Detect team will be reviewing all policy submissions. Community members will be able to rate policies. Highly rated policies will be highlighted, and policies with low ratings will be moved closer to the bottom of the catalog.
Will There Be Built-In, Templated Policies for ThreatLocker® Detect?
Yes. The ThreatLocker® Detect team will create and maintain policies for many of today’s prevalent cyber threats. The ThreatLocker® Detect team will maintain these policies, and if any published IOCs change, the policies will be updated accordingly. The changes will automatically apply to anyone using that policy.
How Would ThreatLocker® Detect Complement an MDR Service Someone Is Already Using?
ThreatLocker® Detect is powered by ThreatLocker®, so it benefits from all the data being collected on every endpoint, meaning that ThreatLocker Ops has visibility of data that is not available to traditional MDR services. In addition, Ops can react instantly to malicious behavior detected anywhere in the enterprise. The ThreatLocker® Community harnesses the power of the collective, allowing admins to share and adopt ThreatLocker® Detect policies used by industry peers to tailor their protection based on their specific vertical. IT professionals set their alert thresholds according to their organization's threat appetite, reducing the number of false positive alerts to eliminate alert fatigue.
Can ThreatLocker® Detect Monitor Windows Events for User Login Attempts to Log and Alert Based on Unsuccessful Login Attempts?
Absolutely! ThreatLocker® Detect can monitor the Windows event log and alert on any event, including unsuccessful login attempts. Set the threshold to the number of unsuccessful attempts acceptable to you and receive a notification when that number is reached.
If ThreatLocker® Detect Isolates a Machine in Response to a Perceived Threat, Is There a Way to Make Exceptions to Allow My Specific Remote Access Tool to Connect to the Isolated Machine to Investigate?
Yes. ThreatLocker® Detect policies can be configured to isolate the offending machine but permit connection to it only by a specific machine, IP address, or tool. ThreatLocker® Detect empowers admins to create the policies they require to meet their cybersecurity goals.
Does ThreatLocker® Detect Have Any Additional Agent Component Requirements or Is All the New Monitoring Based on the Current ThreatLocker® Driver?
ThreatLocker® Detect does not have any additional agent component requirements. It will be included in the ThreatLocker® Driver that powers the rest of the ThreatLocker® modules. Current customers can simply enable the ThreatLocker® Detect product from within the ThreatLocker® portal to add ThreatLocker® Detect to their security stack.
Have a burning question not answered above? Schedule a call with a member of our Cyber Hero Team to learn more about ThreatLocker® Detect
