ThreatLocker
By Blain Curtis, ThreatLocker Solutions Engineer Manager
Every day, cybercriminals lurk in the shadows, searching for an opening. They don’t kick down the door; instead, they slip in through the cracks, hijacking the very applications you trust. But what if you could create an impenetrable ring around these applications to stop cybercriminals in their tracks? That’s exactly what ThreatLocker® Ringfencing does, acts as your first line of defense against threats that turn your own tools against you.
Ringfencing adds an extra layer of security, boxing in approved applications and preventing them from interacting with critical system components like the registry, the internet, sensitive files, and even other applications. It’s the security solution you didn’t know you needed, but once you have it, you won’t want to be without it. And ThreatLocker is the only company in the world to offer it.
We spoke to our customers to see how they leverage Ringfencing to safeguard their businesses.
Real-world wins: How customers leverage Ringfencing to stay protected
Mitigating fileless malware:
Fileless malware operates directly in a system’s memory, leaving no trace on the file system. This makes it difficult for traditional antivirus and endpoint detection systems to spot. Our customers use Ringfencing to counter this risk by blocking unauthorized actions that exploit trusted applications.
Limiting application attacks:
You’ve likely heard of the SolarWinds Orion breach, where a single compromised software update gave attackers access to over 250 organizations, including Fortune 500 companies. For ThreatLocker customers, the story played out differently. Ringfencing stopped malware downloads and blocked access to the internet.
Controlling data access:
Because many applications have the same level of access as the logged-in user by default, trusted programs like PowerShell and tools like 7-Zip could inadvertently become a vulnerability. With Ringfencing, our customers control what data applications can access.
Preventing unauthorized registry changes:
The Windows Registry is a common target for malware, hiding there to avoid detection. ThreatLocker Ringfencing prevents applications from making unauthorized changes to the registry, so malicious software can’t embed itself.
A real-life scenario: Stopping a ransomware attack others missed
A recent case highlighted the power of Ringfencing when a phishing campaign targeted the hospitality industry, using a fake email to impersonate Booking.com.
The email led users to a cloned website with a fake CAPTCHA that triggered remote code execution. The attackers used mshta.exe, a legitimate Windows tool, to execute scripts, while PowerShell attempted to download a malicious file from a Russian server.
Ringfencing’s default PowerShell policy blocked the attack, stopping the ransomware from being downloaded. In contrast, other cybersecurity providers either flagged the system as breached—causing unnecessary disruptions—or failed to detect the attack altogether.
Next-level cybersecurity
ThreatLocker Ringfencing takes cybersecurity to the next level. By shrinking the attack surface and restricting application capabilities, it becomes increasingly difficult for cybercriminals to succeed. Even if hackers manage to infiltrate a trusted application, they quickly find themselves at a standstill.