Partners: ThreatLocker’s Move Into MDR Shows It Is ‘Owning The Endpoint’

The MSP-focused vendor is continuing to make the right bets as it expands to become a comprehensive endpoint security platform, MSP executives tell CRN.

ThreatLocker’s expansion into managed detection and response (MDR) shows that the MSP-focused vendor is continuing to make the right bets as part of becoming a comprehensive endpoint security platform, executives at MSP partners told CRN this week.

The move comes as customers and partners of all sizes continue to seek a reduction in the number of security vendors and tools that they are working with to help with curtailing unnecessary spending and complexity.

With the launch of ThreatLocker’s MDR service, “at this point, we are an end-to-end, comprehensive endpoint security platform,” ThreatLocker co-founder and CEO Danny Jenkins (pictured) said in an interview with CRN.

[Related: The 20 Coolest Endpoint And Managed Security Companies Of 2024]

Unveiled during the vendor’s Zero Trust World 2024 conference this week in Orlando, Fla., the ThreatLocker service will stand out in the crowded MDR market because it’s paired with the company’s existing advantages from automatically preventing malware on devices, according to the company.

For instance, when suspicious activity is detected by the service, “we have this benefit of time because we block [malware] in the first place,” Jenkins said. “Normally when you’re responding with an MDR, you’re responding in a position of weakness. We’re responding in a position of strength.”

The new MDR service will be delivered by ThreatLocker’s “Cyber Hero” team and is a managed version of the company’s detection tool, Ops, which recently moved into general availability.

Other recent moves that have bolstered the vendor’s position as a complete endpoint security platform have included its expansion into protecting Apple macOS devices. The company now has a fully functional agent for macOS devices, Jenkins said.

“The amount of revenue we collect from Mac is going to be very small,” he said. “However, it [enables] a complete solution for customers.”

'Single Source’ For Endpoint Security

ThreatLocker’s moves are a huge benefit to MSPs that are increasingly looking for one central place to see everything that’s happening on the endpoints that are being managed, said Atul Bhagat, president and CEO of BASE Solutions, a Vienna, Va.-based MSP.

“They’re simplifying it to the point where security from the desktop perspective is now completely handled by one solution. I don’t think we’ve had that in a long time,” Bhagat said. “It’s becoming a single source for that protection.”

It’s clear that ThreatLocker is listening to its MSP partners and making smart choices about where to expand its offering, said Matt Disher, president and CEO of Southwest Networks, a Palm Desert, Calif.-based MSP.

“It is becoming a platform,” Disher said. “They know their lane, and they’re doing a good job of sticking to the lane and providing more value. I think a lot of that comes from partner feedback.”

Orlando-based ThreatLocker is best known for its “application allowlisting” functionality that prevents malware from running in a customer’s IT systems. Other key capabilities on the company’s platform include “ringfencing,” which places limitations on what types of actions an allowed application is able to take.

ThreatLocker also offers network control for enhanced control over inbound and outbound network traffic; storage control for protecting against unauthorized access or theft of data; and elevation control so that only certain apps can run as an administrator.

Responding To ‘Attempted Threats’

With ThreatLocker’s expansion into detection and response, with Ops and with the new Cyber Hero MDR service, “it really completes the protection solution that a lot of the MSPs out there are interested in seeing,” said Antoine Jones, vice president of MSP sales at ThreatLocker.

And the fact that ThreatLocker’s MDR service is responding to attempted threats—not successful attacks—is a major advantage for MSPs and their small-business customers, Jones said.

With ThreatLocker’s MDR, the attack “hasn’t been successful and you can use that to learn about how that attempted attack happened,” he said. “You are strategically taking your time to deal with an issue that could have been disastrous but was not because you have ThreatLocker deployed. I think that’s a big differentiator.”

As ThreatLocker has added new capabilities over the years, the platform has continued to perform effectively without generating voluminous alerts, said Dawn Sizer, CEO of 3rd Element Consulting, a Mechanicsburg, Pa.-based MSP.

“The important part is that it’s working well with the other pieces of our stack. So we’re not getting additional noise. We’re not getting crazy alerts,” Sizer said. “It’s been really, really good for everything else that we have inside of our organization.”

The expansion into MDR is a wise move in terms of extending what ThreatLocker is already providing for endpoint security, she said.

“They’re owning the endpoint at the end of the day,” Sizer said.

Hardening Office 365

Looking ahead, ThreatLocker is aiming to bring functionality for protecting the use of Microsoft Office 365 applications to its more than 4,000 MSP partners.

For many partners and customers, Office 365 is the “big area of fear” right now, given the ubiquity of the system and the massive focus on targeting Office 365 by attackers, Jenkins said.

What ThreatLocker can do security for Office 365 differently is by bringing its deny-by-default approach in the form of conditional access policies, only allowing access to Office 365 from certain IP addresses, he said.

For MSPs and customers, “making sure we can harden your Office 365 [could be] very important,” Jenkins said.