Latest News

Ringfencing adds an extra layer of security, boxing in approved applications and preventing them from interacting with critical system components like the registry, the internet, sensitive files, and even other applications. It’s the security solution you didn’t know you needed, but once you have it, you won’t want to be without it. And ThreatLocker is the only company in the world to offer it.

We spoke to our customers to see how they leverage Ringfencing to safeguard their businesses. Here are some takeaways from them.

Real-world wins: How customers leverage Ringfencing to stay protected

Mitigating fileless malware:

Cybercriminal’s latest trick is fileless malware—an attack that operates directly in a system’s memory, leaving no trace on the file system. This makes it difficult for traditional antivirus and endpoint detection systems to spot. Our customers use Ringfencing to counter this risk by blocking unauthorized actions that exploit trusted applications, stopping the attack before it can cause harm.

Limiting application attacks:

You’ve likely heard of the SolarWinds Orion breach, where a single compromised software update gave attackers access to over 250 organizations, including Fortune 500 companies. 

For ThreatLocker customers, the story played out differently. Ringfencing limited what SolarWinds’ application could do, stopping malware downloads and blocking access to the internet. While others scrambled to contain the fallout, ThreatLocker customers were already protected. Ringfencing contained the attack, preventing the full-scale breach.

Controlling data access:

Do all your applications need access to your entire system? The reality is that many applications have the same level of access as the logged-in user by default. That means trusted programs like PowerShell and tools like 7-Zip, could inadvertently become a vulnerability. With Ringfencing, our customers control what data applications can access, ensuring that only the necessary applications are given permissions, greatly reducing the risk of exploitation.

Preventing unauthorized registry changes:

The Windows Registry is a common target for malware, which often hides there to avoid detection. ThreatLocker customers use Ringfencing for an extra layer of protection by preventing applications from making unauthorized changes to the registry, ensuring that malicious software can’t embed itself and compromise your systems.

A real-life scenario: Stopping a ransomware attack others missed

A recent case highlighted the power of Ringfencing when a phishing campaign targeted the hospitality industry, using a fake email to impersonate booking.com.

The email led users to a cloned website with a fake CAPTCHA that triggered remote code execution. The attackers used mshta.exe, a legitimate Windows tool, to execute scripts, while PowerShell attempted to download a malicious file from a Russian server. Ringfencing’s default PowerShell policy blocked the attack before it could spread, preventing PowerShell from accessing the internet, stopping the ransomware from being downloaded and halting the attack before it could do any damage. In contrast, other cybersecurity providers either flagged the system as breached—causing unnecessary disruptions—or failed to detect the attack altogether.

Next-level cybersecurity

ThreatLocker Ringfencing takes cybersecurity to the next level. By shrinking the attack surface and restricting application capabilities, it becomes increasingly difficult for cybercriminals to succeed. Even if hackers manage to infiltrate a trusted application, they quickly find themselves at a standstill. The ring holds firm, and the attack comes to a halt.

To learn more about Ringfencing and other ThreatLocker solutions, book a demo today:
Book a ThreatLocker demo