The company is extending its platform to new security categories while bringing its ‘deny-by-default’ approach deeper into the enterprise, executives and solution providers tell CRN.
ThreatLocker is delivering massive new opportunities to MSP partners while driving more broadly into the enterprise segment with its increasingly crucial “deny-by-default” approach to cybersecurity, solution and service provider partners told CRN.
Partners discussed the endpoint security vendor’s latest moves — which notably include an expansion into categories such as patch management and web filtering — during the vendor’s Zero Trust World 2025 conference in Orlando this week.
[Related: Why Ransomware Groups Are Now Much Scarier Than State Actors: Security Experts]
Without a doubt, “they’ve been growing very quickly,” said Art Ocain, vice president of incident response and disaster recovery at Lewisburg, Pa.-based Airiam. “To me, ThreatLocker just feels like a rocketship.”
The company has excelled at supporting partners and customers while picking its new territory for expansion wisely, solution providers said.
All in all, “you just don’t see vendors that are doing everything well” like ThreatLocker is, Ocain said.
In an interview with CRN, ThreatLocker co-founder and CEO Danny Jenkins said the vendor’s growth pace is accelerating, with faster growth toward the end of last year than at the beginning.
“We’re really just scaling at such an incredible level,” Jenkins said.
Founded in 2017, ThreatLocker was recognized in November on the Deloitte Technology Fast 500 list, ranking at No. 49 with roughly 30X revenue growth between 2020 and 2023.
The product announcements at Zero Trust World this week, meanwhile, bring ThreatLocker into closer competition with vendors in a number of categories beyond its core area of endpoint security.
Providing capabilities in areas such as patch management and web filtering are potentially “huge” for partners because ThreatLocker has such a strong track record — and it may be possible to consolidate more with the vendor going forward, according to Ken George, president and founder at NetSmart, a Cary, N.C.-based MSP.
With web filtering, for instance, “it looks like we’d be able to replace multiple products,” George said.
If the company’s new capabilities prove to be as reliable and effective as ThreatLocker’s existing offerings, that should mean “less angst” at renewal time with customers, he said.
With other vendors, “when the renewal comes up, we have to go back and forth [with the customers] to decide, ‘Are we going to renew this product?’” George said. “We’ve never had that question with ThreatLocker.”
ThreatLocker’s core “application allowlisting” technology ensures that unsanctioned software — including malware — cannot run in customer devices. Other key ThreatLocker capabilities include “ringfencing,” which places limitations on what types of actions an allowed application can take.
Driving Preventative Security
The expansion by ThreatLocker of its preventative mindset to new segments is also timely given the intensifying threat landscape, which increasingly demands a more proactive stance from MSPs and security teams, partners told CRN.
Sean Verezhensky, security specialist at Mandeville, La.-based Microland Computer Center, said his biggest message to clients in 2025 is simple: “You have to be preventative.”
“You can’t be complacent and say, ‘We haven’t been breached, we’re not a target.’ Everyone’s a target,” Verezhensky said. “If you’re making money, you’re a target.”
Ted Flittner, principal at Aditi Group, a Torrance, Calif.-based MSP, agreed that preventative security is a more “critical” aspect of cyber defense than even just a few years ago.
“We have to lock everything down,” Flittner said, noting that ThreatLocker is the rare vendor that “allows us to do it in a way that doesn’t require a whole IT team, just to manage a small group of computers.”
Scaling Up
As part of gaining greater scale, ThreatLocker is also increasingly working with larger MSPs, with the average MSP now ranging between 5,000 and 10,000 endpoints — compared to an average of fewer than 1,000 endpoints under management just a few years ago, Jenkins said.
Meanwhile, ThreatLocker is also moving aggressively to add large enterprise customers, he said. “Some of the biggest financial companies in the world are now using ThreatLocker.”
Notably, ThreatLocker is now eyeing an initial public offering in coming years, potentially as soon as 2027, Jenkins said. The company has begun working with investment banks and is aiming to go public once it reaches $500 million in annual recurring revenue, he said.
ThreatLocker has not disclosed specific figures for its ARR so far, but it is “in the hundreds” of millions, Jenkins said.
‘Capable Of Anything’
Airiam’s Ocain said he sees tremendous potential in the market for ThreatLocker, whether it’s around moving into new security categories or going deeper in the enterprise segment.
In enterprise, for instance, it’s clear that “they are getting that momentum now,” he said. “I think the word is getting out.”
ThreatLocker also has an opportunity to take on vendors in segments such as remote monitoring and management (RMM), based on its newly announced patch management capabilities, Ocain said. “If they wanted to edge out RMM, they could.”
A main reason is that ThreatLocker’s culture around development and support has focused on the most important priorities for partners and customers, under the leadership of Jenkins, according to Ocain.
“The culture there is just so responsive. And Danny’s a perfectionist — so if he gets any feedback, he wants everything to be right,” Ocain said.
Ultimately, he said, “between that responsive support culture, that customer service culture and Danny’s perfectionist [approach] driving the dev organization — I think they’re capable of doing anything.”
