Cloud-managed deny-by-default control

Block the unknown. Control what runs.

ShadowLatch gives IT and security teams fast, precise control over applications, network behavior, and devices without turning policy management into a full-time job.

No hardware required Deploy in minutes Built for real-world IT teams
Deny by defaultStop unknown software before it executes.
Readable rulesMake policy understandable to operators and reviewers.
One control planeKeep onboarding, policy, billing, and admin together.
Live policy event preview
Unknown launch detected

PowerShell tried to launch an unsigned remote support tool.

Device: ACCT-LAP-17 - User: standard_user - Parent: powershell.exe

Blocked
Processsupporttool.exe from Downloads
TriggerUnsigned binary launched by PowerShell
Rule explanation

Why it matched

The launch was unknown, user-writable, and inherited a blocked parent context.

Review
PolicyStandard users cannot launch unsigned tools from Downloads.
Next stepApprove by hash, path, or publisher only after review.
Deny-by-default controlKnown-good first, not retroactive cleanup.
Granular policy engineUse process, user, path, parent, device, and network context together.
Cloud-managedOperate policy, onboarding, and billing from one place.
USB and network controlsShow clear allowed, blocked, and review states.
Fast deploymentBuilt for pilots that need to move quickly.
Why buyers switch

Built for teams that want control without the drag.

Serious enforcement, practical policy creation, and a cleaner control-plane feel than most buyers expect in this category.

01

Stop unknown software before it runs

Deny-by-default execution control blocks unauthorized launches immediately.

02

Create precise rules without policy chaos

Explainable policy helps teams stay fast as the environment grows.

03

Control apps, devices, and network behavior together

Keep the story unified instead of split across disconnected tools.

04

Operate fast without losing visibility

Events stay tied to the rule that made the decision.

How it works

Simple enough to use. Powerful enough to matter.

Step 1

Observe execution context

Capture process, user, parent, path, and device state immediately.

Step 2

Evaluate policy

Check process, parent, user, device, and network context together.

Step 3

Enforce instantly

Block unknown launches, device events, or disallowed network behavior fast.

Step 4

Review and tune

Keep every decision understandable and reusable as policy.

Allow Chrome, block risky launch paths

Stop script-driven launches while preserving normal user access.

if process == "chrome.exe"
and parent.process == "powershell.exe"
then block

Limit accounting software to approved destinations

Restrict outbound behavior to the systems the app actually needs.

if process == "acctsuite.exe"
and destination not_in approved_finance_hosts
then block network access

Block new USB storage until approved

Keep removable media policy explicit and reviewable.

if device.type == "usb-storage"
and device.approved != true
then block mount
Use cases

Different teams. Same need for control.

  • Standardize enforcement across customer environments without unmanaged exception sprawl.
  • Move faster on onboarding with reusable templates and a cleaner operator experience.
  • Explain blocked behavior before every ticket becomes an escalation.

Outcomes

Fewer emergencies.

Less sprawl.

Faster onboarding.

  • Keep endpoint control understandable for admins who already own too many tools.
  • Reduce overhead by keeping application, device, and network policy connected.
  • Make decisions easier to explain to help desk and leadership.

Outcomes

Cleaner rollouts.

Less firefighting.

More policy confidence.

  • Use deny-by-default control to shrink attack surface before execution starts.
  • Pair enforcement with readable evidence analysts can review quickly.
  • Keep usability high enough that operations teams will live with it.

Outcomes

Reduced exposure.

Better investigations.

Fewer compromises.

  • Show that application, device, and network restrictions are enforced consistently.
  • Maintain reviewable audit context without creating an audit-only workflow.
  • Support stronger controls around removable media and approved destinations.

Outcomes

Clearer policy control.

Better evidence.

Less ambiguity.

Comparison

Control without the clutter.

CapabilityShadowLatchThreatLockerTraditional AV / EDRGeneral endpoint platform
Deny-by-default application controlYesYesUsually noInconsistent
Human-readable rule creationDesigned to be clearPowerful but heavierLimitedVaries
Device restrictionsUSB-aware control pathAvailableOften partialNot always central
Network-aware enforcementIntegratedAdjacent controlsDetection-firstFragmented
Product pillars

One platform, six critical control layers.

AC

Application Control

Control what runs with deny-by-default enforcement and practical exception handling.

DC

Device Control

Restrict new USB storage and other device events with approval-aware policy.

NE

Network Enforcement

Apply destination-aware restrictions where application identity alone is not enough.

RB

Role-Based Administration

Separate owner, billing, security admin, analyst, and read-only responsibilities cleanly.

PT

Policy Templates

Give teams a faster start for common app, device, and network controls.

AV

Audit & Visibility

Keep policy outcomes visible enough for review, onboarding, and executive confidence.

Pricing

Six plans built around privacy, visibility, and control.

Choose how much telemetry, enforcement, and ownership you want without forcing every customer into the same data posture.

Entry

Foundation

Lightweight enforcement with no cloud logging by default.

  • Cloud-managed network rules
  • Real-time enforcement
  • Minimal security events
Visibility

Sight

Network visibility plus control for teams that need short retention and search.

  • Network rules
  • Cloud logging for network events
  • Basic search and filtering
Privacy app control

Lock

Application control for privacy-sensitive environments.

  • Application allow and deny rules
  • Local enforcement only
  • SIEM export and local logs
Most teams

Command

Full control with centralized visibility for the broadest customer fit.

  • Network and application control
  • Cloud logging for all events
  • Centralized dashboard and alerts
Privacy premium

Stealth

Full control while keeping data in your environment instead of ours.

  • Security events only
  • SIEM export
  • Local logging and short retention buffer
Complete platform

Sentinel

The full security platform tier with visibility, export, retention, and analytics headroom.

  • Full cloud logging
  • SIEM export and local logging
  • Longer retention and analytics path
AnnualMonthly

Start a trial, then move to billing when you are ready.

Use your account email to start checkout. Billing management is available after login.

Resources

Keep evaluators moving.

2-minute product tour

Show exactly what gets blocked, why it matched, and what the operator sees next.

Quickstart deployment guide

Help teams get the first endpoint enrolled and the first useful policy in place quickly.

First 10 policies to create

Give evaluators a practical next step instead of a blank dashboard.

FAQ

Common questions before rollout.

Where do I manage devices, rules, billing, and downloads?

Operational management lives in the ShadowLatch customer console at shadowlatch.com/Manage, while the public site handles marketing and trial entry.

How does billing work?

Trial checkout starts from this site, and ongoing payment methods, invoices, subscription changes, and cancellation handling are designed to stay simple through Stripe-backed customer flows.

What platforms are supported today?

The current production path is centered on Windows endpoints, with the broader customer experience organized to support onboarding, downloads, billing, and account management cleanly.

Take back control of what runs in your environment.

ShadowLatch helps teams stop unauthorized execution, create precise policies quickly, and manage app, network, and device control from one clean platform.

Company / trust

Security buyers judge legitimacy fast.

Product

Application ControlDevice ControlNetwork Enforcement

Solutions

MSPsInternal IT TeamsRegulated Environments

Resources

DocumentationQuickstartRelease Notes

Company

TrustStatusSecurity

Legal

PrivacyTermsChecksums

Customer Portal

LoginBillingDownloads
ShadowLatch is designed to feel like a premium security control plane: serious enforcement, clear policy outcomes, polished account management, and a faster path from evaluation to daily use.