More than 800 MSP partners and end users convened in Orlando at ThreatLocker’s Zero Trust World this week, where CEO and Co-Founder Danny Jenkins yesterday revealed the new Cyber Hero Managed Detection and Response service. The add-on service will be available to users of ThreatLocker Ops, a policy-based endpoint detection and response (EDR) solution.
With the Cyber Hero Managed Detection and Response service, “in the event that you see something bad happening or we see something bad happening in your environment, the Cyber Heroes [SecOps team] are going to have your back,” Jenkins told the packed room of attendees.
In a live demo where Jenkins played the hacker and Chief Product Officer Rob Allen the user, ThreatLocker’s security operations team called to alert Allen of suspicious behavior, informing him that they locked down the machine. The service will also provide reports on the incident and remediation recommendations.
Product And Pricing
In a follow-up conversation with MSP Success, Jenkins says they created this service for two reasons. One, because “we had a lot of customers saying that they were frustrated that the first they heard about their event was when something was blocked in ThreatLocker, even though they were sitting on their server and they were using an MDR … and it wasn’t alerting them, or the attacker disabled the MDR and they [the attacker] couldn’t disable ThreatLocker because it’s a much harder solution to disable,” he says.
If the MDR is disabled, an attacker could be in the system for days. This new service will solve that customer problem, he explains.
The second reason they rolled out the service is customers were asking them to include it in ThreatLocker Ops rather than having to use a separate MDR.
Jenkins says the service will have two tiers of pricing, $2 per user per month or $5 per user per month, based on how many devices are in secure mode. “If you are the type of MSP that wants to operate in a high-risk environment, then we know that the number of alerts we are going to get are much higher. Whereas if you’re an MSP that operates in a controlled environment, we’re going to get less alerts, therefore we’re able to lower the price.”
ThreatLocker also demonstrated a new remediate feature in ThreatLocker Ops which is free as part of the product. MSPs can take advantage of this feature if they choose, but Jenkins says it is intended more for enterprise customers.
Today, he says, ThreatLocker’s revenue is about evenly divided between the channel and the enterprise, and he expects it to stay that way. “Our goal is to just protect as many endpoints as possible and making sure we keep the channel [protected]. And the best way to protect small businesses, or even midsize businesses in many cases, is through the MSP. … But in the enterprise world, they don’t have MSPs. And now I will say probably half of our enterprises buy through the channel still, but it’s not the MSP channel, it’s more VAR [value added reseller].”
Next on the roadmap is a mobile app for protecting Office 365, expected at the end of Q2. “We’re going to allow you to monitor and alert on changes in Office 365, but also lock down Office 365,” Jenkins says. “So only your trusted devices’ IP addresses can come connect.”
How ThreatLocker Applies Security Discipline To Its Own Development
In light of the recent high-profile security vulnerabilities reported in ConnectWise ScreenConnect, as well as previous incidents that have occurred in the channel, MSP Success asked Jenkins about ThreatLocker’s own security practices. “I think that there’s two types of vulnerabilities that you get,” he says. “There’s the ones that you should never have got and because you did nothing to protect yourself from. And then there’s the ones that, hey, there’s just a perfect storm of circumstances. When we think about most of the vulnerabilities we are seeing, and I won’t call out any specific vendors, but they are schoolboy errors and they’re showing a lack of actual disciplines in their software environment.”
ThreatLocker’s new remediate tool is a separate service because “we don’t let the software do more than it needs to do. … So we keep our tool set [to a] very narrow focus, and then we make sure we do code reviews. We have independent reviews. We have external vulnerability scans and internal vulnerability scans. And we work with a number of third-party companies to validate what we’re doing. … And they’re the things that everyone should be doing across the board.”
A Look Ahead – The Plan To Go Public
Finally, ThreatLocker announced the launch of its advanced data center in Sydney, Australia, this week, just over a year after the grand opening of their second headquarters in Dublin, Ireland.
“We’ve doubled in size in the last year,” says Jenkins. “We expect to double again this year. We’re protecting 46,000 companies now.”
ThreatLocker has over 300 employees currently. “We opened data centers in Canada and Australia as well as Dubai. We also opened a small office in Australia. So we just keep expecting to expand, but in the U.S. and worldwide as well.”
Jenkins says the plan is to take the company public within three years. “Our plan is to go public and not to be acquired.”
