Storage Control: Protecting Your Data at Every Point

Data on your network is vulnerable, whether it’s stored in SQL databases, file shares, or local computers. It needs to be identified and protected. ThreatLocker’s Storage Control lets you customize how users access different types of storage, including USB drives, network shares, and local folders, as well as what programs they can use when accessing this data.

Storage Control in ThreatLocker has two main components: the device the user is on and the storage control policies. ThreatLocker provides predefined storage policies that can be quickly enabled for immediate protection. For example, you can deny access to C$ and Admin$ administrative shares, USB drives, and network file access. Network file access policies cover all shared and UNC paths. Additional policies can be set up to manage other external storage types, programs, and drives—whether they’re encrypted or not.

Hackers often try to gain access to local PCs and then escalate their privileges to move laterally. Blocking access to administrative shares and critical files in Windows directories can disrupt credential dumping activities, which expose passwords and help attackers gain further control. Additionally, you can prevent users from saving data in unapproved local folders, ensuring that company data is stored only in locations that are backed up.

It’s crucial to deny access to untrusted network shares. Your environment likely has a limited number of trusted network shares, so there’s no reason to allow access to unknown UNC paths. Just as you would restrict applications with Ringfencing, you should limit computers’ ability to connect to untrusted shares. For example, the 2020 Zoom vulnerability allowed users to click on a remote share and unknowingly share their credentials with an untrusted server. By restricting access to unknown paths, you can prevent these types of critical breaches.