Endpoints and servers are the primary focus. It provides good insights and peace of mind to end-user customers regarding what's happening on those devices and servers.
We are not the end-users of this solution. We have a large law firm using ThreatLocker. We are managing about 8,000 endpoints.
It adds a really important layer to end-users' security stack. It is very good at blocking and detecting potential Indicators of Compromise. It is more advanced than some of the solutions we have used.
We have seen real use cases where the EDR or MDR the customer was using failed. The bad actors got around their EDR or MDR, but they were unable to bypass ThreatLocker. Very early in the ThreatLocker journey, they told a story where the bad actors had put in a request to get certain software unblocked. It was an amusing story at the time, but we have seen it in real life where the bad actor requested that we unblock the software. It is really good.
Data protection is the most important. The storage control policies and the ringfencing of ThreatLocker give good peace of mind. Good ringfencing and storage control is the secret sauce for stopping things from happening.
The customers who are using MDR have not seen any incidents yet. We have not seen it in action yet, but we are confident. On the other customers that we have managed, it has 100% stopped companies from ransomware. It has prevented those attacks.
It is another layer that we have put in their security stack. It is a very important layer. In Ireland, when companies want to get cyber insurance, it is one of the criteria. It is good from a compliance perspective.
The ability to isolate the device when something is happening and the network access control element are valuable features. The insights provided offer peace of mind as to what's happening on devices and servers.
From an MDR perspective, the solution can have the ability to ingest logs from other sources, such as M365, firewalls, external sources, and even cloud SaaS-based platforms. This way, we can obtain a holistic picture.
I have used the solution for about a year.
The stability is very good. We have never had any issues.
The scalability is amazing.
I believe it is probably the best around. Their response times are in seconds. I cannot speak highly enough of the support.
The senior team at ThreatLocker is also very accessible in case we need any help.
Positive
We still have some other MDR solutions, and it depends on the type of customer or who is the best fit. Once the solution has M365 and the ability to ingest from other log sources, we will start phasing out many of the other MDRs, moving toward ThreatLocker.
We use it on-premises and in the cloud. We mostly use Azure or Equinix Cloud.
The normal whitelisting, ringfencing, and storage control are pretty seamless because we have been down this road many times. We have heard people mentioning that it is noisy and has a lot of problems, but when done properly, it does not cause many issues. The support from ThreatLocker is also great.
It prevents issues from happening. If something bad were to occur, our team would need to be fully engaged, and we would lose tons of man-hours. Luckily, it prevents issues. Although it is hard to measure the return on investment, it certainly gives us good peace of mind.
It is pretty good. We would have been one of the biggest partners in Ireland, so we got pretty good pricing at the start, and it is still competitive. Pricing depends on what we are up against.
I would highly recommend ThreatLocker. The level of support and responsiveness from ThreatLocker is second to none. We have a lot of faith in it. From a sales perspective, it is very easy for us to resell ThreatLocker because we believe in it, whereas we do not fully believe in some other solutions. When discussing ThreatLocker, it feels like everyone should have it.
Overall, I would rate the solution a seven out of ten just based on the fact that a few little things are missing, which they are working on.
