551 ThreatLocker for the win?
551 ThreatLocker for the win?
What went into my decision to pick ThreatLocker over CyberFOX for application control?
Aug. 3, 2023

551 ThreatLocker for the win?

What went into my decision to pick ThreatLocker over CyberFOX for application control?

In this episode, Uncle Marv discusses his choice between Threat Locker and CyberFox Elevate for privileged access management and auto elevation in his IT business. He provides insights into his decision-making process and explains why he ultimately chose Threat Locker due to its zero-trust approach, application whitelisting, and ring fencing capabilities.

Key Takeaways:

  • Uncle Marv shares his experience with renting a vehicle from SIXT and suggests sticking with reliable service providers even if the price is slightly higher.
  • Marvin talks about his decision to choose Threat Locker over CyberFox Elevate for privileged access management due to Threat Locker's zero-trust approach and additional security features.
  • Threat Locker's approval system for running applications provides increased control and security.
  • Marvin plans to implement Threat Locker on his law firm clients' endpoints and may consider using AutoElevate for other clients in the future.
  • The show also mentions the launch of the NaviStack tool by the channel program, which allows MSPs to visualize their vendor stack and streamline operations.

===

Hissing alligator protects nest in Florida backyard: https://tinyurl.com/4fwmvyy6

=== 

#ITBusinessPodcast #ITBusiness #PrivilegedAccessManagement #AutoElevation #ThreatLocker #CyberFoxElevate #Florida #MSP #ManagedServiceProviders #Cybersecurity #ZeroTrust #ApplicationWhitelisting #RingFencing #Navistack #VendorStack #VisualizeStack #ChannelProgram #ITSecurity #ITSupport

Transcript

Hello Friends, Uncle Marv here with another episode of the IT Business Podcast, the show where we try to help you run your IT business better, smarter, and faster. Tonight is Wednesday, August 2nd. This is our weekly live show. And just to give you all a little bit of an update, Florida is dialing back the heat just a little bit.

00:45

Today in my area the temperature only got up to 93 degrees however What you're probably really wondering about is the real feel Which did still get up to? 104 so that is what's happening down here in Fort Lauderdale, Florida That is where I am broadcasting from Studio B in my office. Tonight, If you had paid attention to last week's show, I had given an erroneous update about having a guest on tonight. And I was a week early. She will be on next week, so you are stuck with me. But it'll be a good show tonight. I will be talking about Threat Locker. I have made my choice. And for those that are not keeping score, I was looking at Threat Locker and CyberFOX Elevate to help me with some privileged access management, some auto elevation to help me alleviate having to install all those programs like QuickBooks and stamps.com and those things that we take away admin privileges for but then all of a sudden they still need the access. So I'll tell you a little bit about that. I want to talk about, oh let me go ahead and talk.

02:13

So I had to drive to St. Petersburg, Florida, last Friday, I had a client tell me at the last minute that they were going to consolidate their St. Pete and Tampa offices. That really wasn't the issue. I knew that they were going to be selling the St. Pete office, but they did not tell me they were going to be getting people out of that office by the end of the month, and they wanted everybody to report to the main Tampa office that following Monday. So I had to scramble. And normally I would just drive my vehicle over and take care of that stuff. However, my car went in the shop on Thursday, turns out I needed something like a ball bearing or something in my wheel shaft or something. And my mechanic did not want me driving it to Tampa because he wasn't able to fix it that Thursday.

03:10

I couldn't bring it back until the following Monday, which was this past Monday. So I ended up renting a vehicle and it's been quite a while since I rented a vehicle from someplace other than the airport. And my normal rental agency is Avis. I am an Avis partner or whatever. I don't know what they call them things, but usually I just rent my car from Avis, I show up at the airport, my name's on the board, I walk to the row, get my car and leave, no big deal. However, I did not want to drive to the airport just to get a vehicle, so I looked online and searched for the, I don't want to say the most economical, because I ended up renting an SUV.

03:58

I thought, well, I need something big. I do need to transport some computers and between myself and the tech that was over on that side, we would be able to transport everything in our two vehicles rather than renting a U-Haul. So I decided to go with SIXT as the rental agency, S-I-X-T. First time I had used them, they have been a growing agency down here in Florida. They actually have a corporate office probably about a mile from us at the next business plaza over and they come across as a very reputable, very good car rental agency. And I felt okay, I'll rent from them. It was just a couple of miles from my house, I didn't have to go all the way to the airport, they had an SUV that I wanted. I don't know, it was going to cost me like 150 bucks or something like that. If I had gone through my regular Avis, it would have been just over 200. So I'm like, all right, I'll save 50 bucks. I don't have to drive to the airport. Well, my wife wouldn't have to drive me to the airport, drop me off, all that sort of stuff. So Friday morning, I go to the agency and I have to go early in the morning because I actually had a nine o'clock meeting that I needed to get back to the office for. And at the most I'm thinking, okay, 10, 15 minutes, new agency, it's my first time running from them.

05:24

So I get there and it is, let's just say a less than official looking office. It is literally just like an open retail space, no furniture, just the stands where the people that were doing the checking in, where there was a partition board where you could tell that there were people behind them and the parking lot was just a wreck. I mean, potholes everywhere now they had nice vehicles and I'm like, all right, we'll see how this goes. So I have to wait. I have to wait like 15 minutes there's one person ahead of me and there's one agent and then a couple people walking behind me finally a second agent comes around to help me and It takes him literally five minutes after giving him my ID and credit card To pull up my reservation and then he starts doing something and I don't know what he's doing. I'm trying to watch, I'm trying to be patient. And he looks up and he's like, so are you doing anywhere special? That's not how he sounded. He was actually, I don't know Haitian or Jamaican or something. I don't know why I sounded Spanish. And I said, no, I was going to say none-ya, you know, as in none of your business. But I said, no, just running over to the other coast. And then he goes back to typing only to tell me another couple of minutes later that my car is not there and it is on its way from the airport. And I tell him, I said, well, I don't want to wait. My car should have been here. So he says, well, I have this other vehicle you can take. And I'm like, that's fine. Whatever it takes to get me out of here. And I forget what I originally signed up for. I think it was a… And he tells me, well, I've got a BMW i3 available that you can take now. I'm like, fine. It's going to cost an additional 50 bucks. And I'm like, wait a minute, you tell me you don't have my car. You have one here, but you're going to make me pay more. And he's like, oh, and then he starts typing away again. He goes around back, comes back around and yeah, that's all I can do. And I'm like, you know what? At this point, I don't care. So I take the car. Now granted, The BMW was a nice vehicle. It was an SUV. It's a small SUV. But again, the space at six was horrible. The people that were coming in behind me, the lady that was originally checking in, the person had said, oh, you all can all take a seat. And we look over and the seats are basically Ottomans without the seats. I mean, without the, like something you would put in front of a sofa or in front of a you know, I don't even know what the other things you call the, it's not the rocking chair, but you know, the arm chair or the side couch, you know, it's something you put in front of those. That's what they had for us to sit on. And I was just a little frustrated. So between all of that, uh, S I X T, not a good experience. I'm not happy with them. Not that they're going to pay attention and not that any of you really care, but I, All that to say, look, if you have good service from a company, stay with that company. It doesn't matter what the price is. I probably would have ended up paying the same amount of money had I just gone to the airport, gone with Avis, would have had my car in and out, done. I say that because that's kind of how I'm going to go into this threat locker versus cyber fights elevate conversation. And before I do that, you know what, I'll do this later.

09:17

Let me get into that conversation. Cause I know if you're here and you caught the, okay, foot stool is that, I don't know that that's what the name it's, it's just the little square. Maybe it wasn't an Ottoman. I don't know, but you're right. It was just literally a square piece of furniture, faux leather, that that's what they called seating. So, that was just ridiculous. Not even fake, you know, metal chairs that you get from Office Depot or something. It's just a ridiculous place. So, Cyber Fox and Threat Locker. So, most of you know that I really don't trial software throughout the year. I usually wait till the end of the year. I'll pick one thing that I want to trial for the following year and that's where we go. But in this case, I had a client that we needed to update some of their cybersecurity stuff. There's another law firm that got some security requirements from one of their insurance carriers and even though it didn't specifically say what's you know what needed to be done of course they were referencing some of the NIST documents and so the customer called me up and said hey whatever we got to do so that we can meet these requirements and keep this client, we need to do that. I'm like, all right. So we had already taken care of their on-prem encryption. We had already started doing the secure access with TruGrid. We had done a lot of their security protocols with Synology and restricting access to folders. They were already doing all of the other stuff with password complexities. But one of the things that we were not doing was application control. So even though none of the users were admins, I thought, well, at this point, I need to do something with application control and auto elevation, because this is a client where I always need to help them install things like QuickBooks, stamps.com. They have a lot of security footage that they get from insurance providers, they'll get CDs all the time and they need to be able to run those. So a lot of times I have to remote in and install the viewing software for them and it was just getting to be a lot. And I said, well, if we're going to do this, this will be another way that we can, you know, put a checkbox on their security while at the same time relieving me of some, sometime where I have to install the software.

12:03

So I started looking at auto elevate forgetting that they were purchased by cyber Fox. And if you paid attention to my podcast that I did while at ASCII cyber Fox was one of the vendors there. I interviewed Jackie, over there, a great company. And I will say this before I get too far along cyber Fox and auto elevate wonderful company, lovely people, and actually a good product. So don't take what I'm going to say tonight as a knock against auto elevate. If I had not done what I did with Threat Locker, I probably would have done with auto elevate for the simple fact that it's less expensive and it does exactly what it says it's going to do. So I needed to say that because I don't want people to think, well, if you pick Threat Locker, a Cyber Fox must suck. I don't think that they do. I think in just my situation, ThreatLocker turned out to be the better option for me, and now I will explain a little bit why. So I mentioned that CyberFox's AutoElevate is just simply what it is. It's an auto elevation tool. It allows you to give users access to install programs with admin privileges as needed, blah, blah, blah. ThreatLocker, on the other hand, takes a zero trust approach which at first I didn't really pay much attention to. And my thought was, you know what? I don't need all that extra stuff. However, as I got into the product and looked at the other things that they did with the application whitelisting, with the ring fencing, there was some other stuff that I am not using now but are available through ThreatLocker when it comes to storage control and network control not using those yet, but the fact that those are available as an option is something that actually made me look at ThreatLocker and not taking price into consideration because those are added benefits that all tie towards cybersecurity. So the Zero Trust approach I thought was one of the things where I didn't think I would see a difference in the beginning, but the fact that ThreatLocker

14:31

Everything from running unless you give it permission is a key. Now. I don't know that auto elevate Does that in the same way? my understanding of auto elevate is Everything will still run if it doesn't need admin privileges But if you need admin privileges auto elevate will allow you to give users that Threat locker just says no If it's not in the recognized database of applications that are approved to run then it's not going to run. So in a sense, it does a little bit of what like an antivirus or malware program will do where it's not going to let stuff run. And in fact, when I first started the trial, I had reached out to a couple of peers and asked anybody using either of these products and the people that were using Threat Locker said, yeah.

15:26

And if you use that, you don't need to pay extra for all of the high-end EDR stuff because you can use the built-in windows because ThreatLocker is going to block all that stuff from running, so you don't need that. Now, I don't know if that's 100% true. I just know that I was told that by two different people. I was also told that ThreatLocker is one of those products that you're probably going to hate when you first get it, and they are not lying. If I had not asked people for opinions ahead of time, I might have said, get this out of here. It's too difficult, a lot of work, but it's probably not as much work. Well, I probably said that wrong. It turns out, I don't think it's as much work as they made it out to be. It just takes a lot of training on the networks to know which software is running that you don't know about.

16:23

And again, the difference I think is there's a lot of stuff running on your network that doesn't need admin privileges. And ThreatLocker, you can actually put in there to track those software so that you know what they are and not allow new and unknown programs to run without giving it approval. So that's the big thing there. I will say for the first part of the trial, one of the things that I usually will do at the beginning of a trial is I want to see how much can I figure out on my own before I have to call support. Both cyber Fox and threat locker actually they did not allow me to go too far without. I don't want to say force that's not the right word but there is a lot of onboarding with both of these products and it's not just the demo. It's literally getting you set up in your dashboard and going through all the stuff. And that actually turned out to be pretty good. Now, when it comes to actually installing, I found ThreatLocker to install very easy using my RMM. The script is already written for you. They give you the instructions on how to drop it into your RMM, and that pushes out. The AutoElevate also had a script, but for some reason, it didn't install as smoothly as ThreatLocker. So that was a big thing for the, hey John, you're in the chat, I'm reading your comment now. Where's my mouse? Let me put this on the screen here. You have to educate your customers to use the program, explaining what they need to update and wait about five minutes and they can run it. Yeah, that was a learning for my clients, I did try to send the email ahead of time that explained, hey, this is what we're putting on your computers, here's the reason we're putting it on. And when you try to run something that's not known, you're going to get blocked. Just simply click the button and request approval. This is where I don't know the full process for auto-elevate, so again, I don't want anybody to think that.

18:48

AutoElevate doesn't do what ThreatLocker can do. I don't know, because I just didn't get through the whole trial. I got about halfway through getting set up with them, and I had both running at the same time, and then I chose to continue the trial with ThreatLocker. And ThreatLocker has that approval feature, which is almost instantaneous. When somebody clicks that they need approval to run something or something gets blocked, it's at my...

19:17

I have it set up to go to my email and to the app, which I have the mobile app on there. And of course, what they call the approval center inside of ThreatLocker. And it comes literally within a minute or two. And if you are watching it, you can open it up and see the file. You can have it run through Virus Total. You can see what other files are associated with, you can give approval with elevation, without elevation, you can ring fence that program so that it only runs within that station, within that network, doesn't go out to the internet. So those were the things that once I saw that and how much it does, in my opinion, over auto-elevate, that's when I'm like, you know what, this is it. And the fact that I can add on those other features down the road, that is what put me over the edge Threat Locker University, yes, that's mentioned in the chat. It is a great tool. I have been playing around with that But I'll start putting my notes here Both offer elevation control the quick start guide But the difference again threat locker literally will block unwanted or known application and ring fences them

20:39

So that was good there. So yeah, if anybody has any additional, now what I've not done is I've not put together my set of best practices or my procedures for if I need to have somebody else start looking at ThreatLocker for me. Right now it is just me. Many of you know I am in all purposes a solo tech. I do have somebody that works in the office with me. I do have subcontractors but I do not have the subcontractors do anything in my dashboard. I do all of that myself, and they are just available as boots on the ground, extra hands. If I need them to install something, I'll send them the instructions that they need. I'll set up temporary permissions for them on the network, and then I remove them. So this is basically me running this program along with all my other stuff. So I'm setting this up. Sorry, I'm reading something else in the chat.

21:37

John writes, I pay the additional $1 for the cyber heroes to approve all my clients, which takes a load of work off of you. You're right, John, they did offer that. And I told them at this point in time, no, only because I don't like things running in my business where I don't know what's happening. And I figure, you know, listen, I'm going to be with them for a year. You have to sign up for a year commitment which reverts to a month to month. So I'm going to be with them for a year. So I figured the first 90 days, I'm going to run this, I'm going to check it out. I have it installed. I think it's on, it's on almost 100 clients. 100 clients is the minimum that you have to have. Once I install it on my other law firm, I think it's going to be on about 250 endpoints out of my 600 and something I've got which by the way, 666 was the number of endpoints I had in my dashboard about a week ago and I had to, I deleted one temporarily because I didn't want to have that 666 number going. So I think it's up to 668 right now. But, so I'm only going to put it on the endpoints that need it, which are mainly my law offices. And I've got a couple of clients that I'll probably put it on after I see how this first 90 days go, and it's just going to be built in my pricing going forward. So just wanted to give everybody, I know that I had kind of hinted a couple of weeks ago that ThreatLocker was in the lead, but the decision is official, and I have chosen ThreatLocker. Obviously I am committed for a year, and we'll see how it goes. But I have reached out to somebody at CyberFOX to say, hey, still want to have you all come on the show. CyberFOX is still a good product in the channel. Other people might be wanting to use them. So I want to do that. And I've also reached out to ThreatLocker because believe it or not, ThreatLocker has never been on the IT Business Podcast. So hoping to get both of them on at some point and we'll dive a little bit deeper. So that was pretty much it for my choosing ThreatLocker and my process. If any of you all have any comments, any tips, any best practices, throw them in the chat here or email them to me, send them to me in a message. Remember we are on all the platforms, I streaming on the YouTube, LinkedIn, and the Facebook. And oh, got a message from the beach, Ms. Allie.

24:28

AutoElevate fan here, Marv, I get it. ThreatLocker is awesome. And for this use case, it definitely makes sense. And yes, we will be in touch soon. So yeah, so AutoElevate, like I said, I thought AutoElevate was going to be the product that I chose. Part of it was based on price. ThreatLocker is obviously more than AutoElevate, but it does more. And I think that the price is justified.

24:56

And most of you know, I don't really choose based on price if something costs more but is better. And when I say better, not like always, you know, better. Better for me in this case, just meant the more options and the more specified control with the ring fencing and stuff. I actually read a thread in Reddit a while back that was talking about auto elevate versus threat locker. And some of the people were talking about, they actually use both in their environment where they use ThreatLocker on servers and AutoElevate on workstations. And I thought, ooh, if I had thought of that before, I wondered if I could do it. The only downside is, is I think for both products, you have to do a minimum of 100 endpoints. And I don't know very many people now that have hundreds of servers anymore. Everybody's trying to push to the cloud.

25:54

I've only got, I'm under 30 now, so I think I'm down to 27 servers that I've managed. So that would not have reached the 100 endpoint minimum for me. So that was a thought. Maybe I will consider that where I would do ThreatLocker on my law firms and auto-elevate on everyone else. And thank you for that mention, Ali and John.

26:23

All right, so that is it for Threat Locker versus Auto Elevate. I did get a little press release that I want to mention. I should probably do my little in the news segment. So, the channel program, the homepage destination for every managed service provider is thrilled to announce the launch of its groundbreaking product NaviStack, otherwise known as Navigate Your Stack. NaviStack empowers MSPs to visualize their custom vendor stack all in one spot, enabling seamless communications and updates from all vendors within a single secure portal. This game-changing tool not only streamlines operations and identifies stack gaps, but it also transforms the channel, enhancing customer relationships for MSPs and unlocking new opportunities for vendors. So that was the press release from yesterday, August 1st, from the channel program. And actually I'm going to have them on the show.

27:37

Next Tuesday, we are going to be doing an audio podcast with Matt Sullivan and Kevin Lancaster. I believe it is talking about this, so we're going to talk about NaviStack and basically something that will allow you to visualize your vendor stack all in one dashboard. I believe that there is also going to be a way for you to rate your stack Against others in the channel to see if you are below above or below. I don't know. I'll ask them but that was something that I think got mentioned in a sidebar that I wasn't allowed to talk about until the date was released that I could talk about this so I think that's what we're going to talk about CEO and founder Kevin Lancaster and here's a quote from him. This is a game changer for the channel. NaviStack allows MSPs to visualize their vendor stack in one spot, simplifying their operations and enable them to focus on building meaningful relationships with customers. It's an exciting development that truly transforms how MSPs and vendors interact within our community and demonstrates our commitment to changing the industry. I don't have the link here, but I will have it in the show notes when this is published. You can sign up and start building your NaviStack today at channelprogram.com. So that will be available to you and we'll hear more about that next week as I interview them on the audio podcast. Okay, so I should probably now go ahead and do this, let you all know the IT Business Podcast is presented by Net Ally, your number one ally for network diagnostic handheld tools in the channel.

29:30

If you were watching the video from the beginning, you saw the promotion for the brand new CyberScope. I did announce last week, I was actually notified. Mine is on the way and should be here soon. And when it is, we will be setting up a very special demonstration and showing you everything that the CyberScope does, I believe. And this is, I'm only guessing because I haven't gone through and dug for all the details on it.

29:58

but it looks to me like it is literally an ether scope with cybersecurity features built in. So we'll see about that. And I believe that we have talked about doing a joint show with Mr. Fluke himself, Mike Pennacchi.  Don't know when that'll happen, but I will obviously let you know when I get that tool and see how it can help us in troubleshooting, diagnosing our networks, not just for network issues now but for cybersecurity issues as well. Our livestream tonight is presented by Computers Done Right, managed service provider over on the other coast over in Venice, Florida, doing managed support, website support, social media management, great friend to the show, I thank you very much. And also instanthousecall.com.

30:55

I did speak last week about all the features that you can do with Instant House Call that pretty much is just like all the big boys in the industry. You can do all the same things like unattended access, multiple monitors, transfer files, there's even some built-in diagnostic tools, but you're just simply paying for a technician license. Comes with three, I believe, and I don't have the sheet in front of me, so that's it. But You can try it free for 15 days without having to put in your credit card. Instant house call.com. Tell Corey that uncle Marv sent you his way. Okay. And as we start to close out the evening, I mentioned earlier that for those that watched last week and you heard me mention, uh, the guest that I thought was this week, but is actually next week, she is a wonderful person. I actually chatted with her earlier today for something else, just to give you an idea of what we will be talking about. It's going to be basically a better way to say thank you to your clients. A lot of us do things where, we'll send out the thank you cards, we'll send out cookies and blah, blah, blah, but it's really not done out of a place of gratitude.

32:19

So we're going to talk about really showing gratitude to your clients. And I think that that is going to be a great show. So we will see you live for that. I am going to end this note.

32:37

My next Florida Man story this evening is actually going to be a video and I was toying with the idea of giving you again, two stories to see which one you all would like. And when I went to go look at the clicks from last week's stories to get the full details, the story about the man who dunked his girlfriend's head in a tar vat. And the other one that got arrested from spraying his girlfriend with a water hose, I thought, I want to see which story gets the most traction. I thought it would be the black tar story, but no. You all clicked on both stories, literally the same amount of times. I thought that is just ridiculous. But I'm going to close out tonight with a Florida man story that really isn't about a Florida man. Some of you are just enthralled with gators. Whether they're being thrown through Wendy's drive-thrust or whether people are doing stupid things with them. So I'm going to end off tonight's show with a video from a Florida gator. I will bid you all good night. Thank you for watching. We'll see you next week and until then, Holla!