ThThreatLocker Ops is a policy-based Endpoint Detection and Response (EDR) solution. This EDR addition to the ThreatLocker Endpoint Protection Platform watches for unusual events or Indicators of Compromise (IoCs). ThreatLocker Ops can send alerts and take automated actions if an anomaly is detected.

ThreatLocker Ops leverages the vast telemetry data collected from other ThreatLocker modules and Windows Event logs. This info gives essential insights into an organization's security, enabling them to identify and remediate possible cyber threats.ThreatLocker Ops' automated responses can give information, enforce rules, disconnect machines from the network, or activate lockdown mode quickly. When Lockdown mode starts, it blocks all activities, including task execution, network access, and storage access, ensuring maximum security.
?When conditions are met, ThreatLocker Ops will automatically respond based on the rules created. These policies are constantly evaluated in real-time by the ThreatLocker agent on your endpoint, which means your policies are enforced in milliseconds whether or not your endpoint is connected to the internet. 

Features

Alerts and Detects
Using industry-known indicators of compromise, ThreatLocker Ops can detect and alert IT professionals that their organization may be under an attempted attack based on customizable thresholds and notification methods.

Respond
Set policies to enable, disable, or create Application Control, Storage Control, or Network Control policies in response to specified observations.

Set Custom Thresholds
Policies can be tailored to alert and respond differently based on the threat level to reduce alert fatigue.

Leverage Knowledge
IT admins can easily share their own ThreatLocker Ops policies or “shop” for vetted policies shared by their industry peers and the ThreatLocker team.