Vendor Spotlight: ThreatLocker
ThreatLocker, Inc. is a prominent cybersecurity company specializing in Zero Trust endpoint protection. The company provides advanced cybersecurity solutions designed to enhance the security of servers and endpoints for businesses, government agencies, and academic institutions.
The company’s core offerings include application allowlisting, storage control, and network traffic management. These tools help organizations prevent unauthorized applications and scripts from running, thereby mitigating the risk of cyber threats such as ransomware. ThreatLocker’s Ringfencing technology further enhances security by limiting what legitimate software can do, preventing exploits and attackers from weaponizing these tools.
ThreatLocker has gained significant recognition for its innovative approach to cybersecurity, ranking number 120 on the 2024 Inc. 5000 list of fastest-growing private companies in America. The company’s commitment to providing effective and user-friendly cybersecurity solutions has earned it a strong reputation and a growing customer base worldwide.
With a focus on Zero Trust principles and continuous innovation, ThreatLocker aims to protect organizations from evolving cyber threats and ensure the integrity of their digital environments.
Founding and Background
ThreatLocker, Inc. was founded in 2017 by Danny Jenkins, Sami Jenkins, and John Carolan, with its headquarters in Orlando, Florida. Danny Jenkins, the CEO, has a strong background in cybersecurity and IT management, which has been pivotal in guiding the company’s strategic direction and innovation.
The founders recognized a significant gap in the cybersecurity landscape, particularly in endpoint protection. This insight led to the creation of ThreatLocker’s core solutions, which are built on Zero Trust principles. These solutions include application allowlisting, storage control, and network traffic management. Application allowlisting ensures that only approved applications can run, effectively blocking unauthorized software and scripts. Storage control protects sensitive data by regulating access to storage devices, while network traffic management monitors and controls data flow to prevent malicious activities.
ThreatLocker’s Ringfencing technology is another key innovation, which restricts what legitimate applications can do, thereby preventing them from being exploited by cyberattackers. This innovative approach has made ThreatLocker a trusted name in the industry.
The company has experienced rapid growth and has been recognized for its contributions to cybersecurity. Its simple but effective approach to controlling access to an endpoint’s CPU means that the effort to protect a device uses a lot less processing power.
ThreatLocker continues to focus on innovation and excellence, aiming to protect organizations from ever-changing cyber threats and ensure the security and integrity of their digital environments. The company’s dedication to Zero Trust principles and proactive security measures has earned it a strong reputation and a growing customer base worldwide.
ThreatLocker Funding
ThreatLocker, Inc. has raised a total of $239.4 million over multiple funding rounds. Here’s a detailed breakdown of their key funding milestones:
- Series A (September 2020): ThreatLocker raised $4.4 million from Arthur Ventures to initiate its growth and development.
- Series B (May 2021): The company secured $20 million from Elephant VC.
- Series C (April 2022): ThreatLocker raised $100 million in a round led by General Atlantic, with additional investments from Arthur Ventures and Elephant VC.
- Series D (April 2024): The latest funding round brought in $115 million, led by General Atlantic, with participation from StepStone Group, CR2 Ventures, and the D. E. Shaw Group.
The Series D round valued ThreatLocker at $1 billion. This classifies the business as a unicorn company.
Timeline and Evolution
ThreatLocker has experienced rapid growth, driven by the increasing demand for advanced cybersecurity solutions amid rising cyber threats like ransomware and supply chain attacks. The company’s services are highly regarded by IT professionals for their simplicity, effectiveness, and strong focus on security control.
- April 2017: ThreatLocker, Inc. was founded by Danny Jenkins, Sami Jenkins, and John Carolan in Orlando, Florida.
- October 2018: Launched its first suite of cybersecurity solutions, including application allowlisting and storage control.
- 2019: Introduced Ringfencing technology to restrict what legitimate applications can do, preventing exploitation by cyberattackers.
- August 2019: Appointment of Michael Jenkins as Chief Technical Officer.
- November 2019: Appointment of Ross McIntosh as Chief Financial Officer.
- September 2020: Series A Funding raises $4.4 million.
- May 2021: Series B Funding raises $20 million.
- April 2022: Raised $100 million in Series C funding.
- 2023: Continued to innovate with new features and enhancements to existing products.
- July 2023: Appointment of Rob Allen as Chief Product Officer.
- April 2024: Series D Funding raises $115 million.
ThreatLocker has consistently focused on innovation and strengthening its leadership team to drive growth and adapt to the evolving cybersecurity landscape. The company’s commitment to Zero Trust principles and proactive security measures has positioned it as a leader in the industry.
Company Ownership
As it is a private company, ThreatLocker, Inc. doesn’t need to make its shareholder register public. However, it is likely that the three founders all own shares. Also, all the investment funds involved in the will hold shares, as their payments into the business are not listed as debt obligations. This provides a list of owners:
- Danny Jenkins
- Sami Jenkins
- John Carolan
- General Atlantic
- Arthur Ventures
- Elephant VC
- StepStone Group
- CR2 Ventures
- D. E. Shaw Group
The exact holdings of each fund are not known. However, the appointment of partners of each investor as directors of ThreatLocker would indicate which funds have significant holdings. These directors are:
- Craig Ellis of CR2 Ventures
- Ryan Kruizenga of Arthur Ventures
- Jeremiah Daly of Elephant VC
- Gary Reiner of General Atlantic
Key People
- Danny Jenkins, Founder and Chief Executive Officer: Originally from the United Kingdom, Jenkins forged a career in IT in the UK before moving to Ireland to work as a Security and Infrastructure Manager at Kingspan. After more than four years in that position, Jenkins started up his own company, called MXSweep in May 2005. That business focused on email security. In January 2009, he and his wife, Sami (see below) moved to Orlando, Florida to found a new company, Sirrustec, an email management and cloud storage system. That business was sold to CensorNet in September 2015. He started his next enterprise, Threatlocker in 2017, taking the position of CEO.
- Sami Jenkins, Founder and Chief Operating Officer: British-born Jenkins, joined her husband, Danny, at MXSweep in July 2006, providing company management duties. Moving to Orlando with Danny in 2009, she got involved in the creation of Sirrustec. Before leaving Sirrustec, Sami took up consultancy work on a part-time basis and switched to that role full-time when MXSweep was sold in August 2015. She continued in her IT consultancy role at PRD Technology when ThreatLocker was founded in April 2017. Sami ended her employment with PRD Technology in March 2020 to focus on her COO role at ThreatLocker.
- John Carolan, Founder and Chief of Quality Assurance: One of the three founders of ThreatLocker, Carolan keeps a very low profile and little is known about his career. ThreatLocker doesn’t list Carolan as an executive or a director in its SEC filings. So, his role as Quality Assurance leader isn’t classed as an executive position.
- Michael Jenkins, Chief Technology Officer: Michael is the brother of Danny Jenkins and he pursued a career in IT in the United Kingdom before joining ThreatLocker in August 2019. His role as CTO is regarded as an executive position and he is also listed as a Director of the company in SEC filings.
- Ross McIntosh, Chief Financial Officer: McIntosh has a long history as a management consultant, advising businesses on issues such as governance, training, and legal requirements, as well as financial reporting obligations. He also created his own management consultancy firm, InnoVireo LLC in January 2015. He became a partner at C2 Ventures, an investor in ThreatLocker, in 2018. McIntosh was appointed CFO at ThreatLocker in November 2019 while simultaneously still working as a partner at CR2.
Locations
ThreatLocker focuses its activities at its headquarters building in Maitland, which is a suburb of Orlando, Florida. In January 2023, the company opened a second office, which is in Dublin, Ireland. That location is the seat of the company’s sales and support operations in Europe.
Target Market and Customer Base
ThreatLocker, Inc. targets a diverse range of markets and customer segments with its cybersecurity solutions, particularly focused on implementing a Zero Trust architecture. Here’s an overview of ThreatLocker’s target market and customer base:
Target Market
1. Managed Service Providers (MSPs)
ThreatLocker primarily targets MSPs, which are crucial for delivering cybersecurity services to small and medium-sized businesses (SMBs). The platform provides MSPs with a multi-tenant platform that allows them to manage security across multiple client environments efficiently. The application whitelisting and ringfencing features are particularly attractive for MSPs looking to enhance their security offerings.
2. Small to Medium-Sized Businesses (SMBs)
While ThreatLocker can serve larger enterprises, a significant portion of its customer base includes SMBs that may lack the resources to implement complex cybersecurity measures. These organizations often seek cost-effective, easy-to-manage solutions that provide strong protection against ransomware, malware, and other cyber threats.
3. Enterprises
ThreatLocker also targets larger enterprises that require scalable and customizable security solutions to protect vast networks of endpoints and sensitive data. Enterprises often face stringent regulatory requirements, making ThreatLocker’s reporting and compliance features appealing.
4. Healthcare Sector
Organizations in the healthcare sector are increasingly targeted by cyberattacks due to the sensitive nature of patient data. ThreatLocker’s solutions help healthcare organizations implement strict access controls and data protection measures to safeguard patient information.
5. Financial Services
The financial services industry has high regulatory standards for data protection and security. ThreatLocker’s focus on application control and monitoring can help these organizations mitigate risks associated with unauthorized access and data breaches.
6. Education
Educational institutions are also at risk of cyber threats and often lack strong security measures. ThreatLocker’s user-friendly interface appeals to educational organizations that may have limited IT resources.
7. Government Agencies
Government entities require strict security protocols to protect sensitive information. ThreatLocker can assist in meeting compliance requirements while enhancing overall security.
Customer Base
ThreatLocker’s customer base spans various industries and includes:
- Managed Service Providers: Many MSPs utilize ThreatLocker’s solutions to enhance their security offerings for clients across multiple sectors.
- SMBs: The company serves a wide array of small to medium-sized businesses that require effective cybersecurity solutions tailored to their needs.
- Enterprise Clients: Organizations of various sizes across industries such as healthcare, finance, education, and government leverage ThreatLocker’s products to enhance their security posture.
ThreatLocker Product Suite
ThreatLocker, Inc. focuses on a core product that can be extended by a library of enhancements. The cloud platform delivers a security service for enrolled endpoints, operating two key methods to protect devices against malicious attacks: allowlisting and ringfencing.
1. ThreatLocker Protect
ThreatLocker Protect is the core product offering, focusing on endpoint security and the implementation of a Zero Trust architecture.
Key Features:
- Application whitelisting: Only allows approved applications to run, preventing unauthorized software from executing. This reduces the risk of malware and ransomware attacks significantly.
- Ringfencing: Controls how applications interact with each other and with the operating system, limiting potential attack vectors and preventing data exfiltration or unauthorized access.
- Storage control: Manages access to external storage devices (like USB drives) and network shares, helping to prevent data breaches and ensuring only trusted devices can connect to the network.
- Elevation control: Enables organizations to manage and control administrative rights on user devices, minimizing vulnerabilities that can arise from unauthorized privilege escalation.
- Comprehensive reporting: Provides detailed logs and reports on application usage and attempts to access unauthorized applications or devices, giving organizations insights into their security posture.
- User-friendly interface: Designed with usability in mind, making it easier for IT teams to manage security policies and monitor compliance.
2. ThreatLocker Enhancements
In addition to ThreatLocker Protect, the company offers a suite of enhancements that augment its core functionalities:
- Integrations with SIEM tools: ThreatLocker can integrate with Security Information and Event Management (SIEM) systems, allowing organizations to consolidate and analyze security events from multiple sources for better threat detection and response.
- Policy management features: Offers advanced policy management capabilities, enabling organizations to define granular security policies based on specific user roles, departments, or device types.
- Advanced security analytics: Provides enhanced analytics capabilities that help organizations assess their security posture, identify trends, and respond to emerging threats more effectively.
- API access: Enables organizations to automate tasks and integrate ThreatLocker functionalities with their existing security frameworks or IT systems.
- Cloud security solutions: Helps secure applications running in the cloud, ensuring that cloud-based services and resources are protected by the same rigorous security measures as on-premises systems.
ThreatLocker Protect is the flagship product of ThreatLocker, Inc., designed to provide comprehensive endpoint security through a Zero Trust approach. Here’s an in-depth review of its key features, benefits, and overall effectiveness:
Key Features:
- Application whitelisting:
- Overview: ThreatLocker Protect operates primarily on an application whitelisting model, which only allows pre-approved applications to run on endpoints.
- Benefit: This significantly reduces the attack surface by preventing unauthorized applications, including malware and ransomware, from executing.
- Ringfencing:
- Overview: This feature restricts how applications interact with each other and with the operating system, ensuring that even legitimate applications can only access specific resources and functionalities.
- Benefit: It minimizes the risk of data exfiltration and lateral movement within the network, thereby enhancing overall security.
- Storage control:
- Overview: ThreatLocker Protect manages access to external storage devices (such as USB drives) and network shares.
- Benefit: This feature helps organizations prevent data breaches and ensures that only trusted devices can connect to the network.
- Elevation control:
- Overview: Allows organizations to manage and control administrative rights on user devices, providing granular control over which users can elevate their permissions.
- Benefit: It reduces the risk of unauthorized privilege escalation, protecting against insider threats and accidental misuse.
- Comprehensive reporting:
- Overview: ThreatLocker Protect offers detailed logs and reports on application usage, attempts to access unauthorized applications, and changes to security policies.
- Benefit: Organizations gain insights into their security posture, enabling them to respond proactively to potential threats.
- User-friendly interface:
- Overview: The product is designed with usability in mind, making it easier for IT teams to manage security policies and monitor compliance.
- Benefit: A straightforward interface helps streamline operations, reducing the burden on IT staff.
Pros:
- Enhanced security: By implementing a Zero Trust model, ThreatLocker Protect provides invincible security against various cyber threats, including ransomware, malware, and insider attacks.
- Cost effective: For small and medium-sized businesses, the solution offers a powerful security framework without the complexity typically associated with enterprise-level security products.
- Scalability: The platform is scalable, making it suitable for organizations of all sizes, from small businesses to large enterprises.
- Integration capabilities: ThreatLocker Protect can integrate with other security solutions, enhancing its effectiveness as part of a broader cybersecurity strategy.
- Positive reviews: Many users praise ThreatLocker Protect for its ease of use, effectiveness in preventing unauthorized applications, and extensive reporting capabilities. MSPs, in particular, highlight its value in managing multiple client environments.
- Support and documentation: Customers have noted that ThreatLocker provides excellent customer support and thorough documentation, helping organizations implement and manage the product effectively.
Cons:
- Learning curve: While the interface is user-friendly, organizations may experience a learning curve during initial setup and configuration, especially if they are new to application whitelisting concepts.
- Policy management complexity: In larger organizations, managing and updating application whitelisting policies can become complex and may require dedicated IT resources.
ThreatLocker Protect stands out as an effective endpoint security solution that leverages a Zero Trust approach to significantly reduce the risk of cyber threats. Its combination of application whitelisting, ringfencing, and comprehensive reporting makes it a compelling choice for organizations looking to strengthen their cybersecurity posture.
With strong customer feedback and a focus on usability, ThreatLocker Protect is particularly well-suited for Managed Service Providers and SMBs seeking an effective yet manageable security solution. Overall, ThreatLocker Protect is a valuable asset for organizations looking to implement proactive and effective cybersecurity measures.
Other Notable Products
ThreatLocker doesn’t bundle all the units on its cloud platform into its Protect product. There are a number of additional units and services that can be added on and are called ThreatLocker Enhancements. Here are two of the most important offerings that are available.
1. ThreatLocker Detect
ThreatLocker Detect is an advanced cybersecurity solution designed to enhance threat detection and response capabilities within an organization’s IT environment. Building on the foundation of ThreatLocker Protect, ThreatLocker Detect leverages real-time monitoring and behavioral analysis to identify potential threats before they can cause harm.
The product focuses on detecting anomalies in application behavior, user activity, and system changes, enabling organizations to respond proactively to suspicious activities. By integrating seamlessly with existing security frameworks, ThreatLocker Detect provides organizations with comprehensive visibility into their environments, empowering security teams to investigate and remediate incidents quickly.
One of the standout features of ThreatLocker Detect is its ability to offer context-aware alerts that prioritize critical threats, minimizing alert fatigue for security teams. This helps organizations focus their resources on genuine threats rather than being overwhelmed by false positives. Additionally, ThreatLocker Detect supports integration with other security solutions, allowing for a more cohesive security strategy.
ThreatLocker Detect serves as a vital component of a tough cybersecurity posture, complementing application whitelisting and endpoint protection by providing advanced detection capabilities that address the evolving threat landscape.
2. Cyber Hero MDR
Cyber Hero MDR (Managed Detection and Response) is a comprehensive cybersecurity service designed to enhance organizations’ ability to detect, respond to, and recover from cyber threats. It combines advanced threat detection technologies with expert human oversight to provide a comprehensive security framework tailored to meet the needs of various businesses.
With Cyber Hero MDR, organizations benefit from 24/7 monitoring, which includes continuous analysis of network traffic, endpoint behavior, and user activities. This proactive approach helps to identify potential threats in real time, enabling immediate response actions to mitigate risks before they escalate into significant security incidents.
A key feature of Cyber Hero MDR is its focus on rapid incident response, which is crucial in today’s fast-paced cyber threat landscape. The service includes detailed incident reporting and analysis, helping organizations understand the nature of the threats they face and how to improve their overall security posture. Additionally, Cyber Hero MDR emphasizes collaboration with internal IT teams, providing them with actionable insights and recommendations to strengthen defenses.
This service not only alleviates the burden on in-house security teams but also enhances the organization’s overall resilience against cyber threats, making it a valuable asset for businesses of all sizes looking to bolster their cybersecurity measures.
Major Competitors
Here are some of the major competitors to ThreatLocker, Inc., each offering various cybersecurity solutions:
- CrowdStrike A leading cybersecurity company known for its cloud-native endpoint protection platform. Its Falcon platform utilizes artificial intelligence and machine learning to detect and respond to threats in real time. With features like endpoint detection and response (EDR), threat intelligence, and proactive hunting, CrowdStrike is highly regarded for its effectiveness against advanced threats.
- SentinelOne Provides an autonomous endpoint protection platform that combines AI-driven detection with automated response capabilities. Its Singularity platform offers real-time visibility into endpoint activity, enabling organizations to identify and remediate threats rapidly. With a focus on machine learning and behavioral analysis, SentinelOne aims to simplify cybersecurity while effectively addressing complex attack vectors.
- Palo Alto Networks A prominent player in the cybersecurity landscape, offering a wide range of solutions, including next-gen firewalls, endpoint protection, and cloud security. Their Cortex XDR platform integrates endpoint and network data to provide advanced threat detection and response capabilities. Palo Alto Networks is recognized for its effective security architecture and comprehensive approach to protecting organizations.
- Microsoft Defender for Endpoint An integrated security solution that protects organizations against cyber threats across devices and networks. It combines endpoint detection and response (EDR), automated investigation, and remediation capabilities. With seamless integration into the Microsoft ecosystem, it provides organizations with a unified security approach, leveraging the power of cloud intelligence and machine learning.
- Sophos This provider specializes in cybersecurity solutions for businesses of all sizes, including endpoint protection, firewall solutions, and cloud security. Their Intercept X platform uses deep learning technology to detect malware and ransomware, while also providing comprehensive threat intelligence and response capabilities. Sophos emphasizes ease of use and effective management for IT teams.
- McAfee A well-established cybersecurity provider known for its antivirus and endpoint protection solutions. The McAfee MVISION platform offers integrated security that includes data protection, threat intelligence, and advanced threat detection. With a focus on providing comprehensive security across various environments, McAfee aims to protect organizations from evolving cyber threats while ensuring user-friendly management.
Spotlight Wrap-Up
ThreatLocker, Inc. is a prominent player in the cybersecurity landscape, specializing in endpoint protection through its flagship products, ThreatLocker Protect and ThreatLocker Detect. The company’s focus on implementing a Zero Trust model enhances application security and threat detection for Managed Service Providers and various organizations.
ThreatLocker’s continuous innovation is expanding its product suite and international presence, addressing evolving cybersecurity challenges. Its emphasis on user-friendly solutions and comprehensive reporting enhance ThreatLocker’s marketability.
Source link