ThreatLocker Cyber Hero MDR Reviews

We deployed it to every single one of our new customers and moved all our customers into the MDR and EDR platform, ThreatLocker Cyber Hero, about eight months ago.

It is amazing in terms of the ability to block and detect potential indicators of compromise. It is seamless to us as an MSP, and we have a team behind us that lets us know immediately. Also, we do not have all the spam and false positives. We do not get a bunch of false positives because they are handling the backend. They already have the knowledge. They already know that it is a false positive. We do not get alerted every five minutes because something is happening that may be a false positive and then us having to go investigate. They handle the backend, and I can just pull reports and take a look at what is going on.

It has helped to reduce our mean time to detect and remediate. All remediations are done by ThreatLocker at this point. My engineers can focus on the projects and deployments rather than having to do remediations on their own. There is about 90% improvement. My team is happy.

There has been a complete change in our organization. From what we were offering before to what we are offering now is 100% different. Previously, we had to do things in-house and had manual tools that we had to handle 24/7 on our own, whereas we now have a full team behind us. There is a 100% change there. We have a team that is there 24/7 and 365 days. When everything was in-house, our engineers were overworked and trying to do everything on their own. They now have time to put into projects or things that we are trying to implement or onboard new clients. They also have time for their families.

The most valuable feature is ringfencing. It enables us to only allow what needs to be allowed into the environment and keep out anything else. It permits applications to perform without accessing anything they are not supposed to. For instance, if an application tries to utilize the command prompt unnecessarily, it blocks this action while still allowing users to operate the application. Being able to let the user or the customer continue to use that application but block the application from using the command prompt because it is not necessary is great.

Being able to inform customers about enhanced security from a zero-trust standpoint has significantly improved our sales. We are able to walk up to a customer or call a new prospect and let them know that we are going to keep them secure at a level that they have not seen before. We are able to explain to them how cybersecurity works through it.

We have not used it for long enough, but there are some things users have asked for, such as integration with other platforms for reporting. They want a single glass location to use all the tools. It is preferred that everything is seen under one tool rather than multiple platforms requiring multiple logins. We have not figured that out yet, but I think ThreatLocker is on that path.

We have used the solution for around eight months, give or take.

Its stability is amazing.

Scalability is great. I can onboard a new customer in no time, freeing up time for my team to onboard as many as needed without it taking too much time. Once deployed, the 21 days of AI learning and everything else is seamless. If anything needs to be tweaked, nothing has come across my desk indicating a problem.

Customer service is amazing. My team still talks weekly with engineers from ThreatLocker. They hold weekly meetings to discuss questions. I have not received any notification of issues, unlike before when problems were more frequent. It is pretty awesome. I would rate them a ten out of ten.

Positive

We use it on the cloud. We write scripts. When we implement ThreatLocker, we take over the code management. We use scripts to deploy.

The initial setup was easy and seamless. I did not do the deployment, but my team was very satisfied. My engineer received everything he was asking for from another provider. 

We implemented it ourselves.

We saw an immediate return on investment. When we started using ThreatLocker, we moved existing customers to it and also onboarded new ones. Being able to show them the security posture firsthand helped close deals. One customer who previously did not have anything like this mentioned having peace of mind, which is invaluable for a business owner.

It has been excellent.

We evaluated other options, and ThreatLocker was the choice. 

We went for ThreatLocker Cyber Hero MDR because of being able to have the team behind us. The onboarding or the conversation initially was more convincing. There was no comparison between the other MDRs versus what ThreatLocker offered.

It is easy to deploy and manage. From my team's perspective, it requires minimal effort for maintenance or monitoring. Overall, it gives us peace of mind knowing that we have robust protection for our customers. I can confidently tell my customers, and put it on paper, that we are protecting them. 

Overall, I would rate it a ten out of ten.

I'm one of the managers and cofounders at my company, and one of my focuses for our clients is in security and implementing security in such a way that we have the control necessary to be able to tell the client that something can or cannot be done, and to also design a security solution that has a fallback mechanism in case a component of our security solution is somehow bypassed or fails. 

In the past several years, due to the increased demands for security, we've taken the initiative to go into security and provide security-related services and incident response to clients as well.

The most valuable aspect was the ease of onboarding the product, considering that we were already users of other products in ThreatLocker's line, that made it much simpler than a third-party MDR, which we had experience with and found difficulty in keeping the rules well defined to avoid false positive calls for our clients in the middle of the night, suspecting something may be happening. It took a little adjustment period with ThreatLocker Cyber Hero MDR, but that adjustment period was 10% of the amount of time we spent with other MDR and EDR products, getting them tuned well enough to where we were not getting the false positives that we experienced with other products. 

The obvious benefits of using ThreatLocker Cyber Hero MDR include the incredible response that we get from the Cyber Heroes. If something is happening in the environment that is even a little suspicious, we will get a call twenty-four seven if that's what we elect to have happen, and we can also elect to have them take action, such as isolating computers or isolating networks. 

Knowing that they will respond that way, along with the power of the other components of ThreatLocker behind them, allows us to sleep much more easily at night.

ThreatLocker Cyber Hero MDR has absolutely reduced our time to detect anything malicious or potentially malicious. In the past year since we've been using ThreatLocker Cyber Hero MDR, we have received calls about potential malicious activity, and that potential malicious activity is usually detected in under a minute. We see calls come from the time something potentially occurs to us answering a call in less than five minutes. During that time span, had we directed the ThreatLocker Cyber Hero MDR team to do so, we could have completely isolated the entire network or those endpoints if it wasn't already in our playbook with them. This is not something we experienced with other products we've used in the past, and we find it much more helpful, allowing us and our clients to sleep better at night. 

ThreatLocker Cyber Hero MDR has so far eliminated our need to remediate much of anything. In the very beginning, there were plenty of instances where we had tools that were completely our fault, like IP scanners that we had used in the normal course of doing things. Upon deploying the MDR, those things were immediately detected and reported to us. I specifically took action to ensure those tools were removed from the environments because that's the proper thing to do. Since then, there has really been nothing to remediate. The only thing we've really been remediating is what I've referred to earlier—the fine-tuning of setting up the MDR to remediate false positives. So far, there hasn't been anything to remediate, and I think that’s a testament to the product and the setup of the other components within it for our clients. 

Regarding our security posture, it has definitely improved since adopting ThreatLocker Cyber Hero MDR. We did not have our own SOC to monitor those things, which is why we've always used an EDR or MDR product on behalf of our clients. Now, having transitioned from those products of the past to ThreatLocker Cyber Hero MDR, we are getting the alerts and calls we need, and we end up fine-tuning our policies simply to reduce false positives because nearly everything else is stopped at the door. We can tell a client that we have not had any incidents whatsoever since adopting this product, and it is clear that things are immediately stopped at the door before anything can even start. Even when something never got started, we can say that the beginning was detected and forwarded, sending a powerful message to clients who are concerned about their security posture and putting us in a better position to protect them.

As far as an improvement regarding ThreatLocker Cyber Hero MDR, there are still some things that, out of the box, it would be nice to have a more fine-grained ability to create certain exclusions. Currently, that is something we have to work on with them when you get an alert, and we can't define or see some of those exclusions on our end. It has to be done in conjunction with them, and it would be nice to have the improvement where we can see those things in our portal or even define some at a very granular level, such as when a particular user is granted remote access to an environment. 

There were users or new hires that were granted remote access, which then generated an alert from the MDR team. We confirmed that those things were okay, but finding a more granular way to specify that these actions are allowed under very specific circumstances would be beneficial. Again, we are eliminating false positives, but we get very few now anyway since we've been using the product for almost a year.

The stability of ThreatLocker Cyber Hero MDR isn't a topic of conversation; there have been zero stability issues with it. It's a component of their solution that we simply activated, and it's as stable as the rest of the platform, which is incredibly stable. Are there ever issues with things? Yes, but any vendor can have that. 

What's been wonderful about ThreatLocker is when we have found an issue and identified it, the entire team has taken those things seriously and gotten them remediated for us and our clients quickly, and more quickly than I've experienced with other vendors.

I don’t have an opinion on scalability because I have no concerns that they would not scale to our needs. The platform already knows how to scale to tens of thousands of users and devices in an organization, and the team is already supporting hundreds of thousands, if not more, endpoints. For our MSP and our clients, we have zero concerns about scalability issues with the platform.

ThreatLocker's support and Cyber Heroes have the absolute best support in the industry, in my opinion, bar none. There is no other vendor we've worked with that has better, more responsive, and comprehensive support than ThreatLocker.

We have previously used other products, but our experiences with those products were not even remotely close to the positive things we've seen with ThreatLocker Cyber Hero MDR. When using other products, we encountered a mountain of false positives and received little significant help and support. This made it very difficult to sift through alerts, causing a much longer time between an event occurring and us determining it was a nonissue. 

There were steps or things that ThreatLocker could have and would have blocked from happening in the first place, leading to fundamentally less to investigate. That increases the speed and effectiveness of everything compared to any product we've used in the past that did similar tasks, even those with a SOC that would call and respond.

It was wonderful to implement ThreatLocker Cyber Hero MDR because we already had the previous components of ThreatLocker in place, making it simply a matter of activating that aspect of the product. There was literally no rollout for us; it was just onboarding and defining the playbook and some basic rules for what should be done in certain conditions by the ThreatLocker MDR team and how they were to escalate issues. That whole process took us less than ninety minutes to implement.

As an MSP and provider myself, we work directly with ThreatLocker and our account management and SE team as necessary to do any of those deployments if we aren't handling them one hundred percent ourselves.

The absolute largest return on investment comes from the reduced amount of time we spend looking at potential incidents and investigating them, especially since ThreatLocker blocks things effectively by default. You can imagine a giant stack of paperwork taller than my head versus a stack of paper as tall as my shoe; that is the difference that has been made for us in just a few months’ time.

These things are stopped at the door, and most of the smaller stack of paperwork that I mentioned consists simply of false positives that we needed to fine-tune the platform to eliminate.

We evaluate the products we use annually, if not more often, to deliver security services to our clients. That is one of the reasons we switched to ThreatLocker Cyber Hero MDR, as it allows us to reduce our time to respond and time to remediate. There is essentially nothing to remediate. We have evaluated a number of products and have transitioned to and away from those that were not as effective for us and our clients as where we are now with ThreatLocker Cyber Hero MDR.

ThreatLocker Cyber Hero MDR is the perfect solution for us, and it is the perfect solution for any ThreatLocker partner that already has the other components of ThreatLocker in place. If you don't have those components, it may be a little more difficult to manage because you will get just as much noise from it as you would from any other product that isn't stopping things from being executed or allowed onto the network. It's a wonderful component and addition to this suite of products, and I would highly recommend that direction for any ThreatLocker client needing advanced detection and response in their environments. 

It's hard to say how many incidents we have been protected from because we've seen numerous attempts, but we don't know to what extent we are looking at a port scan versus a bad actor looking to do something further. With any of those attempts, they are stopped at the door. You can think of it as there being someone coming to knock on your front door to sell you something, but ThreatLocker never answers the door. We know there were attempts, but we don't know what they were selling. 

The fact that we don't even have to bother finding out because of the zero trust principles and applications in the ThreatLocker suite of products has not been of grave concern. We see those denies, and it's normal to see those denies, which is what we want. There is a lot less noise in the environment because things that don’t need to happen are stopped to begin with, so it has been a much smoother, nicer experience once everything was configured and fine-tuned properly to get rid of false positives.

I would rate ThreatLocker Cyber Hero MDR a ten out of ten.

They take care of everything that we do. They manage all of our residential, consumer, and business clients, including small, medium, and large enterprise businesses. It is on all computers, and they monitor everything 24 hours a day, seven days a week. They call me at three o'clock in the morning to tell me that they found a Windows Defender certificate out of date. I very much appreciate it.

It is fantastic in its ability to block and detect potential Indicators of Compromise. They claim 99.8% accuracy, but to be that accurate, you have to lock down the computers to a level where they cannot be used, so 97% accuracy is the best that I can provide to them. It is way higher than other solutions, which are about 45% to 65% accurate in protection.

In terms of bad actors or threats that ThreatLocker has protected our organization from, we have had eight instances in the last six months, but they were all false positives. That does not make it any less important because, without these false positives, we would not have anything at all. We would have no idea if they were working or doing anything. I appreciate the fact that they do that.

It has not reduced our mean time to detect, but it has changed the way things are done. In 24 years, I have had only one customer that got breached. The customers are trained to contact me immediately upon any emails or anything out of the ordinary so that I can take care of that right away. The same thing applies to the technicians. That is why they stay with us because they know they do not have to put a ticket in for six weeks. ThreatLocker, while they prevent it and call us immediately, they still have to detect it. I am no longer relying directly on the customer. I am now relying on ThreatLocker. The protocols have changed. We no longer have to rely on untrained people. We are now relying on trained people. We are now relying on a team of people who watch and look over things. It is just different. Similarly, we have not seen any reduction in the mean time to remediate.

Our view on security is the same even after having ThreatLocker. We get training, but the training is based on how ThreatLocker is used, not about the threats out there, so our view on security is still the same. I still get my information online. I still get it from different hacking websites. I still look on the dark web and see what's out there. I still get all that information and share it with the technicians. We then train the customers on it in terms of what is out there, what to look out for, and what the most common things are.

There are so many valuable aspects. The entire ThreatLocker series is fantastic. I did a detailed search for two years, and ThreatLocker Zero Trust is the only one that does what it says it can do. There is a tremendous amount that is helpful, such as their recording, watching the systems, locking down the systems, and their training. 

The training moves extremely fast, and I do not fully understand it. I have been training with them every week for six months. I only missed one training session, and I still do not understand.

The Cyber Hero Support is not as effective as it is portrayed. There is a lot of miscommunication in notes, which are very buried and not easy to find. They had two sets of instructions about which nobody could clearly tell how they got them. I know that there are two sets of instructions out there because I have seen them, but I do not have enough time to research that on my own.

I have used the solution for six months.

There are no stability issues. I have never seen any instability. I have seen training issues and incorrect solution issues, but I have never seen any instability.

It scales with you. I would rate it a ten out of ten.

98% are phenomenal. They are knowledgeable and fantastic, but 2% are insanely awful. 

We get on the chat, and within 30 seconds, somebody is on the chat with us. It is amazing. We love it.

Positive

We have MSP software, and that is how we deploy ThreatLocker. We use Enable for that. We push out ThreatLocker. ThreatLocker agent goes onto the computer. ThreatLocker agent talks to the ThreatLocker servers. That is it.

It was quite complicated. It took us, through Cyber Hero support, almost four to six hours to get the first one deployed. Once we had it, it was fine. We did not have to go through that again, but getting it set up was not an easy task.

I used Cyber Hero support.

The money that we can charge our clients is the biggest benefit. We now have enough to support technicians and bring someone else on board, which we could not do before because we were very inexpensive.

We charge a lot for this value-added service. When we see the returns, that money goes to the technicians or to buy software. It is not that we are making a lot of money on it, but we are charging a lot more for the services that we offer because of it.

The pricing is not so bad. My clients do not like it, but they are following our pricing.

For two years, I tried everything. I tried free, consumer-grade, small business, medium business, large business, and enterprise business solutions. I tried them all before ThreatLocker. I chose ThreatLocker because of Zero Trust. It does not trust anything, and that is exactly what my clients need. Scammers are the biggest threat out there. The biggest threat is not a virus or malware. There are millions of scams in the Scammer Playbook, and when you read them, they sound ridiculous. They sound like you would never fall for that, but people do fall for it. About 95% of the scams require access to the computer, so I wanted something that blocks remote access. ThreatLocker blocks remote access.

To a colleague who already has another MDR solution but is considering switching over to ThreatLocker Cyber Hero MDR, I would advise not to hesitate. There is no doubt in my mind.

It has a beautiful setup. ThreatLocker has done everything right. There is no doubt in my mind. We will continue pushing it onto our customers and onto new customers that come in. I am not going anywhere. 

 Overall, I would rate it a nine out of ten.

We use ThreatLocker to manage some of the noise it can create since our users try to use new applications or plugins for existing applications that are not communicated with us. These applications and plugins are safe but require the attention of our help desk.

It's reduced ticket load from ThreatLocker to our help desk.

I find their ability to review the approval requests coming in to take the load off of my help desk valuable. It has reduced the ticket load from ThreatLocker onto my help desk so that we can maintain the benefit of the ThreatLocker product without the additional noise that can come into our help desk and create additional work.

They do a good job of blocking and detecting potential indicators of compromise.

When the update rolled out for version 18, it was able to catch a 3CX Supply Chain attack where a client had downloaded a DLL file that was trying to steal the authenticated Office 365 or authenticated G Suite tokens so a remote attacker could log in to those accounts and exploit data. ThreatLocker saw that as strange behavior that was not compliant with the previous application definition and blocked the application from running. That was quite impressive.

It's an important solution to have in order to maintain a strong security posture, especially as we're seeing things like supply chain attacks, where people are accidentally downloading malware from our vendors. We need a product that can detect different behaviors that are not typical of that application.

We've been able to reduce mean time to detect. It's always the first product to detect something going wrong with an application or an application behaving in a way that we don't want - for example, trying to access something that we don't want them to. For example, Google Chrome plugins trying to access Command Prompt or PowerShell, and it's just not required for the function of the application. So ThreatLocker will block that, or we have the ability to ring fence it, so it can only run specific things through the command prompt. It's always the first product that detects things based on the nature of how it runs versus the other software that we use. ThreatLocker will always block the process before it runs.

The meantime to remediation has mostly improved. Previously, our time to remediation would be 40 to 45 minutes. Now, with ThreatLocker, we're alerted a lot faster, and we can respond faster. 

The security posture has been very good. It's always a concern as an MSP that we're going to be compromised and that our clients will be compromised along with us. ThreatLocker helps to protect our clients from us, and it protects us from ourselves as well. As the IT people, we always think we know best. Sometimes, we're eager to download that plugin and try that new piece of software, and ThreatLocker locks down our environment and our company to keep us safe from those use cases. We sell it to our clients in a manner where we explain to them that it's a product that's going to save users from us if we are compromised. If we get hit, the threat won't have the ability to exfiltrate data or run malicious applications. They're going to have to compromise us in multiple places simultaneously to complete a successful attack. I don't want to say that it's impossible, however, the skill level that will be required to do that is something that we haven't really seen in the cybersecurity landscape yet.

The ultimate, most amazing solution in the market could be less pricey and more transparent. There could be more awareness of how some things that are not full applications and just plugins for applications can still pose a risk in our network. Sometimes, I need to push to get things moved to a different cyber hero to avoid taking the easy, lazy way out to resolve the customer's machine, ensuring it's done in a secure manner.

For example, we have seen a couple of approval requests come through where if the user types in a reason for why they need it, they'll get approved based on the reason versus the application that is actually required. A good example is an engineering company that we support uthat ses plugins for Notepad++. Some of them are going to be malicious or dangerous to run their DLP files, however, when users put their approval request in, they will make a justification that without this plugin, they cannot do the job. And that's not true. We, as their support company, know that. The Cyber Heroes don't. The Cyber Heroes will always approve those types of requests. And then we have to go back and deny them.

There have been some complicated instances where we've really struggled to ring fence things correctly and have them locked down - as well as working with the Cyber Heroes, sometimes we do have to keep an eye on them since they will use bad practice. For example, they will create path rules to a lot of things where we really should be using signatures and patches. Or we do it in a path rule with additional conditions to allow somebody to run. We do have a pretty good time to remediation, however, sometimes we do need to push to get things moved to a different Cyber Hero so that we're not just taking the easy, lazy way out.

I have been using it for about a year now.

The solution is stable. We haven't had any issues, which is a good sign.

The solution seems pretty scalable. We have it deployed to about 400 endpoints right now, however, we plan to do more.

The customer service is really good. We had someone from their side that was a rock star for us and helped us through a lot of our onboarding and getting us to where we are. 

Positive

There wasn't really a solution comparable to ThreatLocker at the time. We had looked at CrowdStrike. It's a little bit different in the way that it runs, especially with the kernel-level access, which is something that I'm not a fan of.

The initial setup has been pretty easy, especially since we trialed it internally for several months before pushing it to clients. We knew what headaches to expect, and we had the processes to overcome them.

We have definitely seen a return on investment for that product.

ThreatLocker allowed us to change how we sell to our clients. We have an essential users package where we charge per head, and then we have an advanced security offering that we charge per head, and we've baked ThreatLocker into that advanced offering for our clients. We see more and more of them taking it, especially with the marketing angle of "you can protect yourself from your IT company." It's been a fairly easy sell.

We had looked at CrowdStrike. It's a little bit different in the way that it runs, especially with the kernel-level access, which is something that I'm not a fan of.

I would recommend that companies trial it in their environment for a long time ahead of deployment. It is important to work with their account manager to fully understand the product and get their technicians to do the university courses. 

I have seen a lot of companies transition over to ThreatLocker. We are a ThreatLocker evangelist. We promote the product to our other clients or partners that we used to work with. The ones that have had a negative opinion have not done their homework. They haven't trained their staff. 

It is a very different product than the other solutions out there. It's very much on those companies to make sure that they understand it before deployment, since the complaint I hear all the time is it's such a noisy product. It can be if not configured correctly. 

We rate it eight out of ten. 

It scores better than SentinelOne, however, Huntress was really good as well, especially with the built-in SIEM product. There should probably be just an improvement on the customer service side. Just so that every time I'm dealing with the technician in the high-security product, they should always know more than me, but that's not the case right now.

My use case for ThreatLocker and EDR is to protect our customers' endpoints in case of ransomware attacks or installing malicious software. For instance, when someone clicks on a phishing email and inadvertently downloads a threat. We have had clients face ransomware scares and attacks, however, ThreatLocker has helped in preventing and mitigating these incidents. 

Additionally, it prevents senior-level staff from installing unapproved programs that could lead to trouble.

Our clients feel a bit more secure when using their equipment now, and they can feel confident that we have their backs kind of when they're when they either get compromised. We have got their backs.

The Cyber Hero response team, which handles some of the detections, has been invaluable. It has significantly reduced our workload. We only receive about ten percent of the tickets, mostly escalations or suspicious activities that require our review. This has been a great time-saver. 

Additionally, our clients feel more secure and confident in using their equipment, knowing we support them in case of issues, ensuring that any compromise is isolated to a single user without affecting the entire company.

ThreatLocker's ability to block and detect potential indicators of compromise is good. Earlier, when we started out, we had to dial it in and get that tuned with them. We've come a long way, and they're pretty good at detecting any potential threats now.

The solution can protect from bad actors or threats. We get one or two every couple of months or within a single month. It just depends on when the work is done. I know tax season is in right now, and we may have a higher influx. We've not seen too many in the past couple of months. It's been doing its job or at least preventing people from downloading stuff that would give bad actors access to their systems. Our customers now have the confidence that they can work without being impeded, losing access or getting compromised.

It's helped us reduce mean time to detect. It's very responsive and quick when something unauthorized happens. The response time is under one minute. It's reduced mean time to detect by 30% to 40%.

We've been able to reduce mean time to remediation. In the past, we would have to wait till users call in. Now, since ThreatLocker gives us the notification, we can take proactive remediations rather than having to wait for the full compromise and move from there. We've seen an 80% to 90% improvement in remediation.  

It's increased security posture. It's the base of infrastructure now. It is the de facto thing that gets installed on every new computer and workstation that we service.

It's a bit difficult to answer as I'm not usually the one configuring the MDR aspect, which is typically handled by my support team. However, I have no major points for improvement. The Cyber Heroes are usually responsive within a minute or up to a day for serious issues. 

If there is any aspect to improve, perhaps affordability for small businesses could be considered.

I have been using ThreatLocker overall for just over a year and MDR for about six to seven months. Our experiences have been pretty good so far.

Regarding stability, I haven't seen it fail yet. I would rate it around nine out of ten.

Scalability is great; I would rate it a ten out of ten. It is easy to scale from small to large clients. The main difference is small businesses' willingness to pay for it.

The ThreatLocker team has been fantastic, assisting us at every step. They resolved any questions we had, and they helped with some beta functionalities we were eager to use.

Positive

Previously, we used SentinelOne, which is a heuristics-based solution. We didn't like it as we still experienced compromises, prompting us to switch to either a tandem solution with both systems or solely ThreatLocker.

Setup was initially shaky. We dealt with many false positives and basic alerts. We tuned it as we went along, turning it into a learning experience. At least the alerts were being acknowledged. It provided a solid baseline for further refinement.

ThreatLocker was acquired through certain team members, however, I'm unsure of the specific details of their roles.

We have seen significant ROI in terms of work hours saved. It saves us from extensive remediation when a compromise occurs and aids in proactive measures before threats arise.

I don't have information on setup costs. However, it is reasonably priced since most of our clients use it, though you would need someone else's insight for clarity on this.

As far as I know, SentinelOne is the only other solution we've tried. My superiors would have more information on trialing other products. We only see the fully deployed options.

ThreatLocker has become the base of our infrastructure, getting deployed on every new computer and workstation. It is effective at detecting indicators of compromise. We have fine-tuned it over time, and it now effectively identifies potential threats, significantly reducing compromise incidents. In terms of security posture, it is crucial for protecting client data and ensuring their confidence. 

I would suggest colleagues with different MDR solutions try ThreatLocker, as its features and response times are exceptional. Give it a try first and see how you like it. It may be better than what your threat solution has as there are a lot of features ThreatLocker has to offer. For example, the Cyber Hero response times are really nice. You can chat with a live person, and they can give you answers if you have any questions and help you get the confidence you want to back up those claims. 

Plus, their detection and remediation are really on point. They typically deny anything, so you can feel safe about loading stuff willy-nilly and not being compromised in that regard.

My overall rating for ThreatLocker is ten out of ten.

Our company made a decision regarding the possibility of being hacked, and although we did not want to invest, we believed it was wise to invest ahead of a problem rather than after one occurs. We wanted to take preventive measures to avoid any issues.

Previously, users needed to contact IT for software updates, which wasted time. When users needed to update their software, they needed to call IT, and IT would remote into their computers. Remoting into the computer is easy, but having the software update done by the user is even easier. It saves both the IT department's time and user time, enhancing overall efficiency. Users do not have to call and talk to us and wait for us to be available.

In their detect module, they have predefined detections that can be enabled for troubles specified by the MITRE framework. If you are regulated and you want to be protected in a way specified by that framework, you can go through and carefully turn on all those detections. The MDR portion of the system will give you the required protection level.

We have 105 employees, and we have not had any detections that were clearly attacks. Our company has relationships with other companies. Other companies have had cyber issues related to hacking or a CryptoLocker event, which took their business down for two weeks. We really do not want that.

ThreatLocker Cyber Hero MDR has helped reduce our organization’s mean time to detect. It went from not detecting at all to detecting in minutes.

ThreatLocker Cyber Hero MDR has helped reduce our organization’s mean time to remediation. The ThreatLocker service that we use has Cyber Heroes on call to respond to things detected by ThreatLocker. 30 seconds or less is my experience. The reduction is from infinity to 30 seconds.

Our security posture is much improved with ThreatLocker Cyber Hero MDR in place.

The most valuable feature, in terms of protection, is the allowlist, which ensures that only IT-approved applications run. The convenience of application elevation stands out, enabling users who are not administrators to install approved software and process updates. 

It would be great if they handled patch management, and I am aware that they are currently working on it.

I have used the solution for about eight months.

I have not had a single problem, so it is 100% stable.

We have 150 computers, and there has not been an issue.

Customer service and technical support are better than any I have experienced.

Positive

We did not have a similar solution before. We only had antivirus software.

We have servers and file servers in-house. Email and cloud storage are not used as much for everything, but it has Microsoft Azure and 365.

The initial setup was easy because we had help. We worked with a solutions engineer every other week for about six months.

In our case, we went directly to ThreatLocker for the implementation.

It acts as insurance for us. It is better than insurance because if I can guarantee that my car will not crash, I am much happier than knowing that if my car does crash, I can get it paid for. It is more about prevention, I suppose. ThreatLocker helps us all sleep better at night, knowing that it stops things from happening before they occur, not just detecting them. If we do have an incident, we have the ThreatLocker Cyber Hero team there to assist us.

ThreatLocker is worth every penny and a couple more.

I evaluated several solutions before deciding on ThreatLocker as my first choice. ThreatLocker stops things, whereas other systems detect them after they have happened or while they are happening.

A regular MDR is to manage, detect, and respond. ThreatLocker adds a B to that sequence. It is to manage, block, detect, and respond. If you see a kid with a water balloon filled with paint about to throw it against the wall, would you rather stop them ahead of time or after the paint has already been thrown? I would rather have ThreatLocker and stop them ahead of time. 

I would rate it a ten out of ten. They have the software. The management interface looks a lot better than it used to, and they are always making improvements with a team to back you up if there are any troubles.

We are an engineering company, and we use it for zero trust. Many users are set up as administrators for local PCs, and we control them through ThreatLocker by changing administrative privileges. Unwanted software or anything else, really, is locked down.

We have stopped two attacks so far. Most importantly, I can sleep better.

The network module and the app control module are the most used ones. We also use Cyber Hero. If anything comes up, we just open a ticket to a chat. It's resolved within five minutes, which is a big help. 

Productivity improves because downtime is costly for engineers. When a project isn't completed, it's about productivity and not losing money. 

It's secure, and we know it's secure. I don't have to do anything initially except create an incident report. Remediation-wise, everything happens simultaneously. I'm sleeping better knowing it's secure. Two attacks so far have been stopped, which is a lot of money saved.

It can block and attack potential indicators of compromise. It has been doing well. It's stopped PowerShell scripts. It's been able to stop things within a couple of minutes.

So far, we've had two external threats and a few other internal bad actors that have been stopped. We have the power to block and control now to protect the whole network.

The protection leads to better productivity. If it's down, we can lose a lot of money, and projects can back up. It's all about keeping productivity up. 

We've been able to reduce our mean time to detect. It's down to minutes. Sometimes, in less than a minute, we'll be notified.

It's reduced mean time to remediation. It stops everything within a couple of minutes without me having to do anything. 

So far, our organization's security posture has improved. We're much more secure. 

Sometimes, it takes a lot of time to figure out when contacting them if I have a Cyber Hero. A more straightforward authentication process would help. Although an SMS is sent, it would be better for the technician to be aware immediately when they reach out to someone with Cyber Hero status. 

The team is knowledgeable, although the night shift is sometimes slower. 

Pricing is a bit high, with a minimum of 50 devices. Lowering that for small companies would be great.

I have been using it for about six months now.

So far, I haven't had any issues, so stability is pretty good.

The scalability is at a ten. It hasn't had any problems and can do whatever is needed. It's really good.

We have about 100 users.

Customer service is really good. 

Neutral

We used a simple solution that I didn't like. It was very buggy and complicated. We used Sophos or another product for cyber-like control, but we prefer this one.

It's my second time deploying the solution. I used to work for the government, and we deployed it there. It took about three months to get it all done. It's easy and follows a schedule, which is a slow yet nice way to do it rather than rushing. I like how they deploy.

We just directed our implementation without a team.

Two attacks were stopped, which is a lot of money saved. We made money using it. 

Pricing is a bit high, with a minimum of 50 devices. Lowering that for small companies would be great.

We used PC Matic and another company, Cybernet.

I'd advise people to get it and don't go without it. You don't need a full team. You just need one person to manage it. It's a few dollars extra, however, it's well worth it.  

It's everything we need and is easy to use. People who aren't knowledgeable are doing it and helping us. Except for the price, which I wish would come down a bit. I would rate the product a ten out of ten.

Positive

Endpoints and servers are the primary focus. It provides good insights and peace of mind to end-user customers regarding what's happening on those devices and servers.

We are not the end-users of this solution. We have a large law firm using ThreatLocker. We are managing about 8,000 endpoints.

It adds a really important layer to end-users' security stack. It is very good at blocking and detecting potential Indicators of Compromise. It is more advanced than some of the solutions we have used.

We have seen real use cases where the EDR or MDR the customer was using failed. The bad actors got around their EDR or MDR, but they were unable to bypass ThreatLocker. Very early in the ThreatLocker journey, they told a story where the bad actors had put in a request to get certain software unblocked. It was an amusing story at the time, but we have seen it in real life where the bad actor requested that we unblock the software. It is really good.

Data protection is the most important. The storage control policies and the ringfencing of ThreatLocker give good peace of mind. Good ringfencing and storage control is the secret sauce for stopping things from happening.

The customers who are using MDR have not seen any incidents yet. We have not seen it in action yet, but we are confident. On the other customers that we have managed, it has 100% stopped companies from ransomware. It has prevented those attacks.

It is another layer that we have put in their security stack. It is a very important layer. In Ireland, when companies want to get cyber insurance, it is one of the criteria. It is good from a compliance perspective.

The ability to isolate the device when something is happening and the network access control element are valuable features. The insights provided offer peace of mind as to what's happening on devices and servers.

From an MDR perspective, the solution can have the ability to ingest logs from other sources, such as M365, firewalls, external sources, and even cloud SaaS-based platforms. This way, we can obtain a holistic picture.

I have used the solution for about a year.

The stability is very good. We have never had any issues.

The scalability is amazing. 

I believe it is probably the best around. Their response times are in seconds. I cannot speak highly enough of the support.

The senior team at ThreatLocker is also very accessible in case we need any help.

Positive

We still have some other MDR solutions, and it depends on the type of customer or who is the best fit. Once the solution has M365 and the ability to ingest from other log sources, we will start phasing out many of the other MDRs, moving toward ThreatLocker.

We use it on-premises and in the cloud. We mostly use Azure or Equinix Cloud.

The normal whitelisting, ringfencing, and storage control are pretty seamless because we have been down this road many times. We have heard people mentioning that it is noisy and has a lot of problems, but when done properly, it does not cause many issues. The support from ThreatLocker is also great.

It prevents issues from happening. If something bad were to occur, our team would need to be fully engaged, and we would lose tons of man-hours. Luckily, it prevents issues. Although it is hard to measure the return on investment, it certainly gives us good peace of mind.

It is pretty good. We would have been one of the biggest partners in Ireland, so we got pretty good pricing at the start, and it is still competitive. Pricing depends on what we are up against.

I would highly recommend ThreatLocker. The level of support and responsiveness from ThreatLocker is second to none. We have a lot of faith in it. From a sales perspective, it is very easy for us to resell ThreatLocker because we believe in it, whereas we do not fully believe in some other solutions. When discussing ThreatLocker, it feels like everyone should have it. 

Overall, I would rate the solution a seven out of ten just based on the fact that a few little things are missing, which they are working on.