ThreatLocker sees MSP market as key growth vehicle for their flavour of application whitelisting

ThreatLocker CEO Danny Jenkins talked with ChannelBuzz at the recent ConnectWise Explore event about the company’s technology and how the expansion of their go-to-market strategy has seen recent strong growth among MSPs.

Danny Jenkins, ThreatLocker CEO

Orlando-based cybersecurity startup ThreatLocker is making a major push into the managed services space. Founded in 2015, the company is emphasizing the suitability of their application whitelisting to the needs of the MSP market, as being a better fit than other approaches to the issue. They recently announced a new partnership with ConnectWise, joining an existing one with Kaseya, and with others to come.

Application whitelisting, a rule-based system that prevents applications that have not specifically been approved from executed on the network, is a key part of the ThreatLocker solution. The solution also includes Storage Device Control, to protect external devices, and RingFencing, which is designed as anti-ransomware protection,  which stopped the EternalBlue exploit, and which is about to get a lot more powerful.

Application whitelisting has been around for many years, but ThreatLocker CEO Danny Jenkins said that it is cumbersome for most customers to use, and has limitations to its effectiveness.

“There have been two approaches to application whitelisting, epitomized by Microsoft and McAfee,” Jenkins said. “The Microsoft approach is that whitelisting is needed to lock down systems, but they do it at a top-level only, while the threats are mainly down at the level of the user. The other approach, pioneered by McAfee, and then by Bit9, takes a snapshot of the computer, and nothing is allowed to change. McAfee does very well in IoT devices because they never change, and it works well on servers that typically don’t change. But it doesn’t work on PCs and laptops.” If a snapshot has to be uninstalled and updated with this approach it typically takes a couple of hours. Jenkins said that while this is simpler with Microsoft, it’s still a 50 minute job.

Jenkins said that ThreatLocker brings a different approach to the table.

“Our system is designed to run on every endpoint – not just static systems,” he stated. “We also focus on making it easy. One of the flaws with whitelisting has been that it has been very hard to deploy. Every computer has 60,000 executables. The result is that one bank took two years and six people to deploy it. A big bank could justify that, but most companies really can’t.”

Given that widely used companies like Microsoft and Google do frequent updates, ThreatLocker focuses on managing this process so that it’s seamless for the customer.

“We transfer the overhead to make whitelisting easy,” Jenkins said. “We have a team to update daily whitelists so that all the heavy lifting is done. We have 17 people on our app team. Their job is to download updates, and make the deployment easy with ThreatLocker catalogues that add them in real time.”

Jenkins said that McAfee is the leader in the IoT space, while Carbon Black, which was purchased by Bit9, who then renamed the company after the acquired asset, is the leader in the larger enterprise space.

“When we entered the market, Carbon Black was hitting the global enterprises -and government where application whitelisting is mandated,” Jenkins said. “So we targeted the 500-10,000 seat market – regional banks, healthcare, schools, law firms, construction, call centres. As a new company, we pushed heavily on direct to get deals, but in the last couple of years we have begun to sign up VARs, especially internationally, in places like Hong Kong and Australia. Right now, it’s tier one distribution for partners, but we are talking with cloud distribution.”

The MSP channel is even newer, but Jenkins said that it is really taking off.

“Over half our sign-ups today are MSPs,” he said. “Last November, we had two MSP customers. By December, we were doing five MSP setups a day. Something just exploded in that market, because MSPs haven’t had good whitelisting options, and when their clients get ransomware, they have to pick up the pieces.”

ThreatLocker announced a new partnership with ConnectWise in May, in advance of the ConnectWise Explore event

“We also have a partnership with Kaseya,” Jenkins said. “We have an integration agreed to with SolarWinds, but the integration isn’t complete. We are talking with  Datto.”

ThreatLocker sees the MSP market as a market of enormous potential for them.

“MSPs are the way forward, and MSSPs are another big area,” Jenkins said. “While other products in this space are software, updates are now so common, that this can be offered most effectively as a service. At the Explore show, MSPs we have talked to have been genuinely excited about this because this hasn’t been an opportunity they could have gotten in to in the past. Their alternative has been to add more monitoring and threat hunting in the hope that it will pick some things up and save their bacon. Time will tell how many of these MSPs actually sign up with us, although we are finding that once they sign up, they stay on.”