Danny Jenkins still has vivid memories of ThreatLocker’s earliest days selling allowlist endpoint protection software straight into enterprises. The company had all of three employees, including Jenkins himself and his wife, when a would-be client asked if he offered 24-hour support.

“At this point I’m going to go bankrupt if I don’t get some customers, so I just turned around and said, ‘yeah, we do 24-hour support,’” he recalls.

Then he had to fulfill that promise despite the fact that, every now and again, he needed to sleep. So he wired his home up with speakers that sounded an alarm whenever a support call came in.

“It was really loud, and then I’d wake up and I’d open live chat and I’d start chatting to the customer,” Jenkins (pictured) says.

Later, when ThreatLocker was big enough to afford a support team, Jenkins continued paying close, personal attention to response times on service calls. “If no one picked up within 60 seconds, it still came through my house,” he says.

The unpleasantness of that experience is one reason Jenkins remembers it so well. The other is that it didn’t happen very long ago.

ThreatLocker was founded in 2017.

Today, the company has about 600 employees safeguarding close to three million endpoints for 50,000 customers worldwide via a large and (as I saw in person this week at the vendor’s Zero Trust World conference in Orlando) fiercely loyal MSP channel. It also has a 2,947% three-year growth rate, a big enough number to land it the 49^th spot on Deloitte’s latest Technology Fast 500 list.

The formula responsible for that success has lessons to teach other, younger security companies, some of which go straight back to when Jenkins was a bleary-eyed solo call center agent fielding support requests at 2:00 a.m.

Lesson 1: You can’t be too fanatical about support. Jenkins no longer gets awakened in the middle of the night every time a caller waits more than a minute for help. But he still hears about it.

“I get a report every day of every chat that took more than 60 seconds to answer and why it took more seconds,” he says.

Those fiercely loyal partners I mentioned before appreciate it too. “The support is really, really good,” says Ann Westerheim, founder and president of Ekaru, a security-oriented service provider in Westford, Mass., who you’ve met here before.

And it needs to be. ThreatLocker’s “deny by default, permit by exception” implementation of zero-trust security blocks everything end users want to do that isn’t specifically authorized in advance. Got a new printer you want to install? Won’t happen until it’s been cleared by your MSP or ThreatLocker itself. Need to upload a bunch of documents to a Dropbox account? Forget about it until permission arrives, which had better happen quickly.

“It could make or break a relationship with a client if they’re constantly getting blocked and you’re not responding quick enough, and they feel like they just can’t get their work done,” observes Brian Weiss, CEO of San Luis Obispo, Calif.-based ITECH Solutions, who you’ve also met here before.

ThreatLocker is obsessed with responsiveness as a result, which is why users with support needs are talking to a live human being within 23 seconds of placing a call on average, and subscription renewal rates are at a steady 99.95%.

Lesson 2: You can’t be too fanatical about customer service. This goes well beyond technical support. As NinjaOne can verify, MSPs appreciate vendors that take collecting user feedback seriously.

“They listen to partners,” Westerheim says of ThreatLocker. They watch out for them too, years after onboarding’s over.

“We still have calls every three weeks with our solutions engineer,” Westerheim says, adding that he studiously monitors Ekaru’s security settings for vulnerabilities between those calls. “He double checks everything we do.”

ThreatLocker has invested heavily in scaling that attentiveness as it’s prospered. “What I love about working with ThreatLocker is while the organization has grown to become really large, they still operate like a nimble company,” says Neal Juern, president of MSP Juern Technology and CEO of MSSP 7tech Cybersecurity, both of San Antonio. “I’ve suggested many features over the years and many of those features have ended up in the product because they actually listen to their clients.”

Lesson 3: It pays to be what Elon Musk would call “extremely hardcore.” Jenkins’s one-time willingness to live chat with customers at any hour of the day or night is still key to how ThreatLocker operates.

“As a company, we have this philosophy where everything gets solved now,” Jenkins says. “If that means bringing in a developer on a call or bringing the C-suite on a call, it doesn’t matter. It doesn’t matter if it’s two o’clock in the morning.”

Partners notice that commitment. “I don’t think anybody can last there if they’re not going to work hard, and that benefits me,” Westerheim says.

Lesson 4: Know your customer. MSPs come in many varieties. ThreatLocker optimizes for those a little more skilled in security and a little less willing to compromise it, even if it means putting in some hard work of their own building out the allowlist.

“You’re not ready to go out of the gate,” Weiss observes. “It’s a lot of heavy lifting because you’re literally shaping everything that’s allowed to happen.” Daniel Mitchell, CEO of Alt-Tech Inc., a security and IT management service provider headquartered in Alberta, Canada, agrees.

“To implement ThreatLocker is an undertaking,” he says. “To be successful, you need to buy in.”

ThreatLocker agrees too. Support engineers can ease the deployment load for partners, but not eliminate it, and ThreatLocker has no problem saying as much. “You’re going to need to put a little bit of work into it,” says Rob Allen, the vendor’s chief product officer.

Lesson 5: Conviction, clarity, and discipline are indispensable. ThreatLocker has had the same mission since its inception. “It’s to change the paradigm of security from default allow to default deny,” says Jenkins, who has refused to waver from that goal no matter how much he might make doing so.

“When we started ThreatLocker, every single investor we spoke to said, ‘pivot, pivot, pivot, pivot. Don’t do this.’ And I was like, well, why? There’s already 100 companies doing it wrong. Maybe one company should try and do it right,” Jenkins says. “We just kept saying, if it’s easy, if it’s simple, if it works, people will adopt it.”

And they have.

From product to platform

ThreatLocker’s product strategy has stayed true to the company’s “default deny” mission even as its product portfolio has grown from allowlist endpoint protection into storage security, network control, EDR, MDR, and beyond.

“Back in 2020, 2019, it was an allowlisting tool, but we’ve expanded on the concept of deny by default and we’ve applied it to different areas,” Allen (pictured) says. “Now it’s an entire endpoint protection platform.”

That platform both grew and evolved in interesting ways this week with the simultaneous release of five new solutions. All are worth reading about, but two stand out for what they say about where ThreatLocker is taking deny by default next.

One is a DNS security system called ThreatLocker Web Control. The other is a Microsoft 365 security system called ThreatLocker Cloud Control. Both make clear that at a time when more and more of what matters to SMBs happens in the cloud, ThreatLocker (like Kaseya among many others) is moving there with them.

“We see ourselves as a full endpoint platform expanding into a cloud platform quite aggressively, but more importantly, focusing on zero-trust principles,” Jenkins says.

Three other facts worth noting about this week’s product news:

1. ThreatLocker Cloud Control won’t be M365-only for long. “Within the next two months, we’ll have G Suite, AWS, GitHub, and other platform components, and we’re going to keep expanding that,” Jenkins says.

2. ThreatLocker Web Control marks a first-ever deviation from the deny-by-default vision. Because it had to. Realistically, you can’t allowlist the web.

“You could say block all sites and allow only these ones,” Allen says. “Most organizations are not going to do that. Most organizations just want to block dangerous websites, inappropriate websites, gambling, that kind of stuff that they don’t want people to be doing on their work computers.”

As a result, ThreatLocker users can now blacklist for the very first time.

3. The two letters most conspicuous by their absence in everything ThreatLocker announced this week are “A” and “I”. Unlike pretty much everyone else in security, ThreatLocker is not part of the artificial intelligence stampede.

That’s consistent with how the company has always approached threats, Mitchell notes. “They’re not relying on AI and machine learning to learn those behaviors and then determine whether or not it is or isn’t a risk,” he says. “They’re just not going to trust it to start with.”

Follow Me on LinkedIn

Is it just me, or is it getting hot out there?

Fans of the podcast I so relentlessly plug here may recall a surprising fact shared by Peter Kujawa, the vice president and general manager of ConnectWise’s Service Leadership consulting unit, during a recent interview: service provider revenue growth tends to slow in the runup to presidential elections.

“We got approached early in the summer by a reporter who asked us if there’s any correlation between U.S. presidential election years and revenue growth for MSPs,” Kujawa says. “We talked about it internally and we thought that’s a ridiculous premise. There’s no possible way that there’s a correlation on these two things. But being curious about it, we decided to run the data set.”

And sure enough…

“In the last four presidential election years, revenue growth for MSPs—and this is not just managed service revenue, but project revenue, product, all of it—revenue growth was down from the previous year between five and a half and 11.5 percent.”

Service Leadership has yet to finalize the numbers, but it looks like the trend held in 2024. Kujawa’s currently forecasting a roughly 8.5% year-over-year decline in revenue growth last year. So what does history teach us to expect in 2025?

“We don’t have a crystal ball, but the best predictor of the future are patterns from the past and after each of those slowdown years, the presidential elections, we’ve seen a nice lift the following year,” Kujawa says.

Based on anecdotal evidence from the MSPs I quoted earlier in this piece, that lift is already underway. January, according to Westerheim for example, was an unusually good month for Ekaru.

“We’re delighted with the number of new prospects that came in,” she says. “That’s a small data set, but I think there’s some optimism in the market.”

She heard the same thing from peers at ThreatLocker’s conference this week. “I spoke to one guy who’s onboarding five customers now,” she says. “Maybe there’s some pent-up demand out there.”

Weiss (pictured left) is feeling it too. Co-managed clients, who account for about 60% of his top line, have been green-lighting projects more readily lately, he says. “Things are moving faster now.” And given that interest rates haven’t dipped a bunch recently, and post-inflation prices are still relatively high, he sees only one likely explanation.

“I don’t know how it wouldn’t have something to do with the election,” Weiss says.

There’s a hole in that theory, though. Canada hasn’t had an election recently, yet Mitchell’s numbers are up too.

“Our 2025 started off real strong,” he says, adding a cyclical theory of his own to the picture. Businesses, he notes, spent a lot of money on technology after Covid hit.

“Then inflation came, massive retraction happened, and now what’s happening is we’re seeing those that survived and those that made it out are now taking over the market of those that didn’t,” Mitchell says. “That’s leading to some expansion and some weird opportunities that are occurring.”

Of course, we’re not even two months into the year yet, so who knows how long that lasts. Westerheim isn’t waiting to find out.

“We’re going to double down on it,” she says, by ramping up sales and marketing.

Share

About that podcast…

I told you that I plug it relentlessly, didn’t I? So don’t say you’re surprised to see me do it again here. The latest episode, posted earlier today, features an interview with Syncro CEO Michael George on AI on managed services and much more, including the mystery product I wrote about here. Listen in and then let me know your theory on what Syncro’s got coming in April.

Also worth noting

• If you weren’t at Zero Trust World this week you were probably at the Right of Boom conference instead. The big news there (aside from Austin McChord’s new venture) is an alliance among the Right of Boom community, the Center for Internet Security, and Antisyphon Training to help MSPs learn all about implementing CIS controls.

• Attack surface management vendor Liongard has put real-time visibility functionality for changes to Microsoft 365 environments into beta testing.

• The Sophos security portfolio is now available on the Pax8 marketplace.

• Remember the AI pin that Marques Brownlee called “the worst product I’ve ever reviewed”? The company responsible for it has sold the good parts to HP for $116 million.

• Extreme Networks has shipped an MSP edition of its Platform ONE networking and security solution.

• HPE VM Essentials is now available exclusively from HPE channel partners.

• Insight’s new device-as-a-service program uses near-real-time telemetry rather than calendar refresh cycles to determine when it’s time for new hardware.

• Hiperwall’s new conference room solution lets up to six people share their screen at once without cables or dongles.

• Ingram Micro has officially combined its SMB Alliance and Trust X Alliance communities under the Trust X Alliance brand.

• FinOps pays dividends. Leaders in that discipline report higher profitability and faster time to market than peers, according to SoftwareOne.

• OpenText’s new Core Threat Detection and Response solution uses hundreds of AI algorithms to spot danger sooner and more accurately.

• 1Password has shipped an MSP edition of its Enterprise Password Manager solution.

• The new version of Keeper Security’s privileged access management solution features a universal encrypted vault for passwords, passkeys, and corporate secrets.

• Sectigo now offers “certificates as a service,” a subscription-based, pay-per-domain certificate management solution.

• Aryaka’s SASE-as-a-service offering features AI-powered observability functionality for threat detection and prevention.

• Cloud storage vendor Backblaze and Apple endpoint management vendor Kandji have forged an integration pact.

• Managed security vendor Deepwatch has acquired threat intel vendor Dassana.

• GoTo has added three AI features to its LogMeIn Resolve RMM platform, including one for automating workflows.

• The LastPass partner program has new reporting capabilities, a new portal, and a clarified, standardized tiering structure.

• Peter Alexander is the new CMO at Barracuda.

• Ben Lee is the new Head Nerd at N-able.

• Christopher J. Luise is the new COO at New Charter Technologies.

• Kathy Durfee, Michael Goldstein, Felicia King, and Ken Wong are the newest appointees to The ASCII Group’s Member Advisory Committee.

• The acquisitions continue at UPSTACK. This time they’ve bought IT advisory firm V3 Technology.