Cloud-managed deny-by-default control
Stop unauthorized software before it becomes an incident.
ShadowLatch gives IT and security teams a practical way to enforce application, device, and network policy from one console without giving up clarity, speed, or control over telemetry.
No hardware requiredPilot in one afternoonBuilt for real operators
BlockedUnsigned launch
PowerShell attempted to launch an unknown support binary from Downloads.
ShadowLatch matched the parent process, user-writable path, and unsigned payload before execution.
Rule explanation
Standard users cannot launch unsigned tools from Downloads.A product like this only works if the reason behind a block is obvious the moment it happens.
Why teams switch
Most teams do not need more alerts. They need a way to decide what is allowed.
01
Prevent unknown execution at the point it matters
Detection after launch still leaves a cleanup problem. Enforcement before launch changes the conversation.
02
Give operators evidence they can act on
Matched rules, parent context, file location, and device identity should be visible without digging through logs.
03
Buy the visibility model you actually want
Some customers want local evidence only. Others want centralized history. The plan structure should support both.
Product pillars
One system for execution, devices, network, and review.
ShadowLatch works best when the policies that shape endpoint behavior are managed in one place, with one vocabulary, and one clear path from event to action.
Application control
Decide which software may run and enforce it before execution begins.
Device control
Restrict removable media and peripherals with policy that stays reviewable.
Network enforcement
Apply outbound control based on the process making the connection, not just the port.
Operator workflow
Give admins a fast path from first pilot to daily use without turning the console into clutter.
See the product
The product should look like the job it is meant to do.
Dashboard overview
Start with device state, subscription usage, and meaningful signals instead of a wall of charts.Global search: devices, users, apps, rules, domains, hashes...
Top New ApplicationsLive signal
codex18
trustd23
node.exe28
powershell.exe33
Top Risky ApplicationsLive signal
powershell.exe18
apsd23
node.exe28
codex33
Recent IP DestinationsLive signal
172.64.155.20918
17.57.147.423
142.251.16.8328
150.171.27.1133
Activity review
Review the event, the device, the user context, and the next action from one screen.Global search: devices, users, apps, rules, domains, hashes...
ActivityShowing live event context from network and application controls.
NetworkApplicationUSBAllowedDenied
TimeTypeActivityDeviceRiskAction
4/2/26, 8:36 PMNETWORKcom.apple.WebKit.Networking -> bl-in-f83.1e100.netMacbook Pro18Create
4/2/26, 8:32 PMNETWORKtrustd -> a184-29-90-156.deploy.static.akamaitechnologies.comMacbook Pro18Create
4/2/26, 6:12 PMAPPLICATIONmsedge.exeWindows PC36Create
4/2/26, 6:11 PMAPPLICATIONpowershell.exeWindows PC45Create
Why it reads better
Consistent navigation and readable status cues reduce hesitation when operators need to move quickly.How rollout works
Evaluate it the way real teams adopt software.
Enroll a pilot group
Start with a small set of systems so policy questions stay manageable and visible.
Review what happened
Look at blocked launches, matched rules, and device context before making exceptions.
Refine the policy set
Convert real operator feedback into tighter rules instead of permanent one-off allowances.
Scale the rollout
Expand by team, tenant, or business unit once the model is proven and repeatable.