I'm looking at some of the various whitelisting solutions out there for endpoints. Carbonblack, Airlock Digital, etc...
We've had a few clients hit by ransomware despite user education, group policies to prevent files running in temp locations, Antivirus, etc...
Fortunately we usually have continuity things in place, BDR's and such, so restoring files isn't a problem, just an annoyance.
But I have a few terminal servers I'd like to limit.
I could go the route of making an allowed application list via group policy, but I've seen several third party programs out there for a more comprehensive solution.
Has anyone tried any of these? If so, what has your opinion been? Worthwhile, or throwing away money?
Thanks for any information.
John
John