Threatlocker Protect is a fully cloud based endpoint privilege management solution that needs a steep learning curve from the IT team.
A lot of MSP clients have remote workers in various time zones across the world. Each client with a different job function and application access requirements. Because of this, the IT administrator has to be at the beck and call of Threatlocker requests nearly 24/7.
Threatlocker tries to solve this problem by delegating elevation decisions to their Cyber Hero team. The ‘cyber heroes’ operate on their customers sites – creating endpoint policies, approving/rejecting internal elevation requests and so on. They need to be purchased as a separate service.
While some companies do not mind offboarding their user IT tickets and other application requests – organizations that work with the strict regulatory requirements cannot fully rely on a third-party user having control of what users can and cannot access in internal IT.
Securden offers an endpoint application and privileged access management tool that can be fully configured by the IT personnel with ease. The approval process for applications is straightforward, can be integrated into existing ticketing system workflows and can be fully automated to reduce manual effort and time.
Disclaimer: The comparison is made using the information available on the corresponding vendor's website. The utmost care is taken to ensure the accuracy of the information published. Should you find any discrepancies, write to support@securden.com
Feature | Securden Unified PAM | ThreatLocker Protect |
---|---|---|
Installation and Deployment | ||
Deployment Model | On-Prem (Self-Hosted) / Cloud (SaaS) | Cloud SaaS Only |
Intuitive and easy deployment | Yes | Steep Learning Curve |
High scalability | Yes | Yes |
Light-weight agent on end user machine | Yes | Yes |
Distributed deployment | Yes (In both on prem and SaaS models) | Yes |
Client Management - PAM MSP Edition | ||
Complete client-segregation with multi-tenancy | Yes | No |
Support for fully managed & co-managed setups | Yes | No |
Centralized controls for the Managed IT Service Provider | Yes | Yes |
Devices Management | ||
Discover Windows endpoints | Yes | Yes |
Discover privileged processes (Win) | Yes | Yes |
Discover privileged applications (Win) | Yes | Yes |
Non domain devices support | Yes | Yes |
Mac device support | Yes | Yes |
Linux device support | Yes | No |
User and Application Discovery | ||
Enable/disable computers | Yes | Not Known |
Local admin rights removal | Yes | Yes |
Local user group management | Yes | Yes |
Local admin password rotation (LAPS) | Yes | No |
Endpoint Privilege Management | ||
Flexible approval workflows (end user justification for elevated access) | Yes | Yes |
Automatic approval policies | Yes | Not Known |
Elevate applications for standard users | Yes | Yes |
Elevate through UAC prompt | Yes | Yes |
Elevate control panel items | Yes | Not Known |
On demand application elevation | Yes | Yes |
Time-limited application elevation | Yes | Yes |
Technician access management | Yes (Technician will only get standard user rights) | Limited |
Duration-based application/admin access | Yes | Yes |
Temporary, monitored full admin access | Yes | No |
Windows Security Event Logs Monitoring | Yes | Only in Threatlocker Detect* |
Application Control | ||
Allowlisting and blocklisting (policy-based elevation) | Yes | Yes |
Flexible policy enforcement | Yes | Yes |
Learning Mode and Installation Mode | Yes | Yes |
Notifications | ||
SIEM for syslogs | Yes | Yes (Through APIs) |
Real-time notifications | Yes | Yes |
Offline Scenarios | ||
Policy based elevation | Yes | Yes |
On demand elevation using temporary access codes | Yes | No |
Activity monitoring in elevated offline sessions | Yes | Not Known |
Enforce time restriction when elevating privileges using offline codes | Yes | No |
Allow users to gain offline access by using automatic approvals | Yes | No |
Auditing and Compliance Reporting Capabilities | ||
Centralized privileged management auditing | Yes | Yes |
Centralized user activity auditing | Yes | Yes |
Admin rights analysis | Yes | Yes |
Application and process auditing | Yes | Yes |
Agent on endpoints report | Yes | Yes |
Custom reports | Yes | No |
Scheduled reporting | Yes | Not Known |
Cloud storage export for reports | Yes | No |
Integrations | ||
Active Directory | Yes | No |
Azure Active Directory | Yes | No |
SAML SSO | Yes | Yes |
MFA and TOTP tools | Yes | Not Known |
Ticketing system/Helpdesk Integration | Yes | Limited |
Malware scan - Integrate with third-party tools to vet applications before granting elevated access | Yes | Uses Threatlocker Testing environment in a VDI to check application safety |
Enterprise Ready Capabilities | ||
High Availability settings | Yes | Yes |
Multiple language support | Yes | Yes |
Load balancing | Yes | Yes |
Miscellaneous | ||
Customize email templates for privilege elevation requests and mail OTPs | Yes | No |
Manage the agent via command prompt | Yes | No |
Log out of the web interface using SAML SSO integration | Yes | No |
Mobile, Desktop Applications | Yes | Yes |
Anti-tamper mechanism - Prevent users from tampering with endpoint agents or creating duplicate admin accounts | Yes | Yes |
With a robust security framework, continuous monitoring, and regular audits, Securden adheres to rigorous security benchmarks to ensure data security and privacy.
Explore SecurityTake the first step in deploying access security with Securden Unified PAM MSP software.