Help CenterThis article aims to inform users about what Zero Trust Network Access and Zero Trust Cloud Access can view when enabled in your environment. ThreatLocker is committed to data security and privacy, but is required to view some of your information based on the nature of these services. ThreatLocker ensures that all information and configurations are protected using the best standards in the industry. For further information about ThreatLocker Security and Privacy, please refer to the following article:
ThreatLocker Security and Privacy | ThreatLocker Help Center
What do ThreatLocker Zero Trust Network Access and Zero Trust Cloud Access do?
ThreatLocker Zero Trust Network Access (ZTNA) and Zero Trust Cloud Access (ZTCA) use a ThreatLocker-managed secure network broker to control which devices and users can reach specific applications and services.
- ZTNA - Controls access to internal applications and networks without exposing them directly to the internet.
- ZTCA - Controls access to cloud and SaaS services, such as Microsoft 365, so that only trusted, policy-compliant devices can connect.
Connections that match your policies are routed through the secure network to the approved destination.
What traffic is routed through secure network?
Your administrators decide which traffic uses the secure network, including:
- ZTNA - Specific internal applications or networks.
- ZTCA - Selected cloud and SaaS services.
Other traffic, such as local resources, excluded domains, or general internet browsing (depending on configuration), can be sent directly to its destination and does not traverse the secure network. Therefore, ThreatLocker does not view this information.
Can ThreatLocker see what users do inside their applications?
By default, ThreatLocker does NOT view what users do inside their applications:
- Standard HTTPS/TLS sessions are in place and not overwritten by ThreatLocker.
- ThreatLocker does not see what users read or write inside applications, such as email, documents, chat, or internal web apps, when those sessions are end-to-end encrypted.
ThreatLocker sees ONLY what is necessary to route the connection and apply the policies you configure.
What information can ThreatLocker see when traffic is routed through the secure network?
To operate the secure network and enforce your Zero Trust policies, ThreatLocker processes limited connection metadata, such as:
- Source Context - The user, device, or connector identity associated with the connection.
- Destination Context - The application, hostname or IP address, port, and protocol.
- Connection Details - Timestamps, status, and the amount of data being transferred.
- Policy Outcome - Whether the connection was allowed or blocked, and which rule applied.
This information is used to:
- Enforce your organization’s access and security policies.
- Route traffic through the appropriate secure gateways.
- Provide logs and reports to your administrators.
- Maintain the performance and reliability of the service.
Does ThreatLocker see all of our network traffic?
No, ThreatLocker ONLY processes traffic that your administrators configure to use ZTNA, ZTCA, or other Secure Network features:
- Protected applications and cloud services are routed through the secure network for policy enforcement.
- Other traffic can be excluded or split-tunneled, in which case it does not pass through the secure network and is not visible to ThreatLocker.
How is traffic protected when it uses the secure network?
When connections use ThreatLocker Secure Network, ZTNA, or ZTCA:
- Traffic between your device or connector and the ThreatLocker entry point is encrypted.
- Traffic within the secure network remains encrypted.
- Connections from ThreatLocker to your internal or cloud applications use standard secure protocols whenever supported by the destination.
The design goal is to ensure that traffic remains protected in transit while your policies are applied.