Network Control: Securing Every Connection

Most networks aren’t just filled with Windows machines running security software like ThreatLocker. They often include Linux systems, Smart TVs, printers, DVRs, and other IoT devices. These devices, which don’t always receive regular security updates, can be weak points in your network. When they remain vulnerable, they pose a serious risk, especially if your network isn’t properly segmented.

Internet-connected network devices also create vulnerabilities, whether it’s a VPN without MFA, a remote code execution (RCE) vulnerability granting administrative control, or an unauthorized VPN installed within your network. Once attackers gain access, they begin moving through your network, targeting critical data to steal or encrypt.

Common attack targets include RDP, SQL, FTP, SMB, and other services necessary for network functionality. Restricting access to these services typically requires managing the Windows OS firewall, which can be time-consuming and inefficient, especially if multiple services are involved.

ThreatLocker’s Network Control simplifies this by deploying policies that secure these ports. It does this by allowing connections based on objects, authorized hosts, or keywords. These act like a password on the port, meaning only devices with the correct ThreatLocker configuration can connect. Any device without the proper policy is automatically blocked.

Take RDP, for example. If you have 50 users in an office but only four need RDP access to manage local servers, you can create a Network Control policy requiring a keyword for access on port 3389. Add these four computers to a group with the keyword, and only they can connect—everyone else is denied.