ThreatLocker

ThreatLocker’s core mission is to revolutionize cybersecurity by shifting the industry from a reactive “default allow” model to a proactive “default deny” framework. The company aims to create a future where organizations of all sizes can operate without the threat of cybercrime by providing them with direct control over their digital environments. This is achieved by ensuring that only explicitly approved applications and scripts are permitted to run, effectively blocking unauthorized software.

A primary goal for ThreatLocker is to accelerate the adoption of Zero Trust technologies, providing enterprise-level security tools that are accessible to a wide range of businesses. The company is committed to educating the market on the evolving threat landscape and providing exceptionally responsive, 24/7 customer support. ThreatLocker has established a strong market reputation as a leader in endpoint protection, recognized for its innovative “default deny” approach and granular control features. This focus on proactive defense and customer support has resulted in strong customer loyalty and industry recognition.

Offerings, Capabilities, and Integrations

ThreatLocker provides a Zero Trust endpoint protection platform with enterprise-level cybersecurity solutions. Its approach focuses on blocking anything not explicitly trusted, rather than relying on detecting threats. This “default deny” methodology gives ThreatLocker a competitive edge by controlling what software, scripts, executables, and libraries can run on endpoints and servers. The platform’s core philosophy extends to controlling the actions of permitted applications, regulating access to storage, and managing network connections. All actions, whether denied or allowed, are recorded in a Unified Audit for compliance purposes. ThreatLocker also offers a Testing Environment, which is a cloud-based virtual desktop infrastructure (VDI) that allows administrators to safely evaluate unknown applications before approval. The company provides 24/7/365 support through its Cyber Hero Support Team to assist with implementation and management.

ThreatLocker integrates with a variety of tools commonly used by IT professionals and Managed Service Providers (MSPs). These integrations include Professional Services Automation (PSA) solutions like HaloPSA and Kaseya BMS, as well as Remote Monitoring and Management (RMM) platforms such as N-able N-sight and N-central. It also integrates with identity and access management services like Auth0 and Okta, and security information and event management (SIEM) platforms like Splunk. Other notable integrations include ConnectWise ScreenConnect, IT Glue, and Datto SaaS Protection.

Products and Services

ThreatLocker’s flagship offering is its Zero Trust Endpoint Protection Platform, which encompasses a suite of security tools. The core products and services include:

• Application Allowlisting: This is the primary feature, which denies all applications from running unless they are explicitly on an approved list. This helps to block both known and unknown malware.
• Ringfencing: This capability restricts the actions that even approved applications can perform, limiting their ability to interact with other applications or access sensitive data.
• Storage Control: This allows for the creation of granular policies to control access to network shares, local folders, and external storage devices by specific users or applications. It can also enforce encryption on external storage.
• Network Control: This acts as an endpoint and server firewall, enabling control over network traffic based on port, IP address, or dynamic access control lists.
• Elevation Control: This feature manages user permissions, allowing for temporary administrative access for specific tasks without granting permanent elevated privileges.
• ThreatLocker Detect: This is a policy-based Endpoint Detection and Response (EDR) solution that uses real-time data to alert administrators to blocked malicious actions.
• ThreatLocker Insights: Introduced to leverage data from millions of endpoints, this solution provides intelligence to help organizations make faster security decisions about applications.
• ThreatLocker Cloud Control: This tool is designed to protect Microsoft 365 tenants from phishing attacks and token theft by assessing the trustworthiness of network connections.
• Cyber Hero Services: ThreatLocker provides 24/7 support services, including Cyber Hero MDR (Managed Detection and Response) and Cyber Hero Approvals, to assist customers with security management and incident response.

Target Customers

ThreatLocker’s primary target customers are small to medium-sized businesses (SMBs) and Managed Service Providers (MSPs). These organizations are often more vulnerable to cyber threats due to having fewer resources. ThreatLocker provides these customers with enterprise-level security controls that are typically more common in large corporations. The company’s solutions are designed to be cost-effective and efficient for these market segments.

Cloud Integrations and Marketplaces

ThreatLocker has a presence on the Microsoft Azure Marketplace and offers several cloud-based integrations, primarily within the Microsoft ecosystem.

• Microsoft Azure Marketplace: ThreatLocker is available on the Microsoft Azure Marketplace, which allows for procurement and deployment within a customer’s Microsoft environment.
• Microsoft Entra ID: The ThreatLocker Cloud Detect service integrates directly with Microsoft Entra ID. This integration allows Cloud Detect to collect and analyze Microsoft Entra logs, enabling the creation of custom rules for specific events.
• Microsoft Sentinel: ThreatLocker Detect integrates with Microsoft Sentinel. This functionality permits selected events from the ThreatLocker Unified Audit to be sent to Sentinel, providing security teams with enhanced visibility across their environment.
• Microsoft 365: An integration with Microsoft 365 was announced to bring Office 365 logs into a unified audit.

ThreatLocker does not have a listed presence on the Amazon Web Services (AWS) Marketplace or the Google Cloud Marketplace.

Key People

• CEO & Co-Founder: Danny Jenkins
• COO & Co-Founder: Sami Jenkins
• Co-Founder: John Carolan
• CTO: Michael Jenkins
• CFO: Ross McIntosh
• CPO: Rob Allen
• Chief Revenue Officer: Shane Deegan
• Chief Information Officer: Martin Olivo

Key Facts

• Headquarters Location: Orlando, Florida.
• Number of Employees: Over 600.
• Annual Revenue: Estimated to be in the hundreds of millions.
• Parent Company: None.
• Subsidiary Companies: Thirdwall, HyperCube.
• Publicly Listed: No.

Analyst Recognition

Gartner has recognized ThreatLocker in the Endpoint Protection Platforms category. In 2024, Gartner named ThreatLocker a Strong Performer in the Gartner Peer Insights Voice of the Customer for Endpoint Protection Platforms. ThreatLocker was also included in the Gartner Vendor Spectrum for Endpoint Protection Platforms report.

Forrester Consulting was commissioned by ThreatLocker to conduct a Total Economic Impact™ (TEI) study, published in March 2025, that analyzed the potential return on investment for enterprises deploying the ThreatLocker platform. This study is not a comparative market analysis of vendors.

Based on available information, ThreatLocker is not featured in recent IDC MarketScape reports or Everest Group PEAK Matrix assessments for relevant cybersecurity categories.