ThreatLocker announced new Zero Trust network and cloud access solutions at its Zero Trust World event today, designed to enforce device-based verification and curb unauthorised access to corporate networks and SaaS platforms even when user credentials have been compromised.
Under the new model, access to cloud services and networks is denied by default unless the connection originates from an approved device brokered through the ThreatLocker platform. The company said this approach strengthens defences against credential theft, which remains one of the leading causes of data breaches.
“Our transformative solution gives organisations confidence that their systems are secure even if a credential is stolen,” Danny Jenkins (pictured, on stage at Zero Trust World), CEO and co-founder of ThreatLocker, said in a statement.
“Access now requires three things: valid credentials, an approved device, and connection through a secure, ThreatLocker-managed broker. If one step is missing, access is denied, drastically reducing the impact of phishing attacks.”
MFA no longer enough
According to the company, there is growing concern that multi-factor authentication (MFA) alone is no longer sufficient. Attackers increasingly deploy realistic phishing sites that capture both passwords and MFA codes in real time, enabling them to log into corporate systems undetected. By linking access to a validated device, attackers cannot gain entry without physical possession of a trusted endpoint.
The new controls extend Zero Trust enforcement to popular cloud services and collaboration platforms, including Salesforce, Microsoft 365, Asana, Google Workspace, and GitHub. Even if users are successfully phished, the company said, access to internal resources is blocked unless the connection is made through an authorised device.
In addition, Rob Allen, ThreatLocker’s Chief Product Officer, explained the platform’s threat detection capabilities in the simplest terms while introducing them during the event.
“It detects a problem; it explains the problem; and it offers solutions to that problem,” Allen said.
ThreatLocker argues that user awareness training, long considered the standard frontline defence against phishing, is no longer adequate on its own – AI-powered attacks are simply becoming too sophisticated to train staff to detect. Device-based verification and deny-by-default policies, on the other hand, reduce reliance on human vigilance and minimise the risk of credential misuse.
“Zero Trust network and cloud access completes the vision of a unified Zero Trust Platform,” Sami Jenkins, COO and co-founder of ThreatLocker, said.
“ThreatLocker secures an organisation's entire digital footprint with a single tool, easing the burden on security teams and significantly reducing alert fatigue.”
Cyber Daily was a guest of ThreatLocker at Zero Trust World.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.