Startups > ThreatLocker

ThreatLocker

ThreatLocker helps enterprises stop ransomware with zero trust endpoint protection.

Series C $299M total Founded 2017 Maitland, Florida 122 employees

ThreatLocker is a zero trust endpoint protection platform that stops ransomware and cyberattacks by using a deny-by-default application control model—only allowing approved software to run rather than trying to block threats after they appear. The platform includes application control, storage control, privileged access management, network access control, and EDR/MDR capabilities, with a learning mode that automatically catalogs apps and recognizes over 13,000 pre-built applications. It serves mid-market to enterprise organizations across all industries, with a particular focus on MSPs serving their customers. Over 50,000 businesses worldwide have adopted ThreatLocker to shrink their attack surface and reduce security incidents.

Problem solved

Organizations struggle to prevent ransomware and endpoint breaches because traditional reactive security tools generate too many alerts and miss sophisticated attacks.

Target customer

Mid-market to enterprise organizations and managed service providers (MSPs) seeking zero trust endpoint protection and ransomware prevention.

Website LinkedIn Crunchbase Twitter / X

Founders

Danny Jenkins

CEO & Co-Founder

Cybersecurity career since 1997 spanning corporate IT management and entrepreneurship; motivated to build zero trust solutions after witnessing a severe phishing attack that nearly destroyed a business.

Sami Jenkins

COO & Co-Founder

Co-founder and Chief Operating Officer of ThreatLocker.

John Carolan

Co-Founder

Co-founder of ThreatLocker.

Funding history

Series C $100M April 2022 Led by Elephant Venture Capital · Unknown

Series D $115M Unknown Led by General Atlantic · StepStone Group, D. E. Shaw Group

Series E $60M April 2025 Led by Unknown · Unknown

Total raised: $299M

Industries

Information Technology Cyber Security Network Security Software

Pricing

Subscription-based SaaS model calculated per endpoint or per user, with tiered packages based on features. Pricing customized by organization size and needs. 30-day free trial available without payment information required. Contact sales for specific pricing.

Notable customers

TeamLogic IT (MSP), Apex Computing Services (education MSP), Complete Works Inc (MSP), Rumberger Kirk (law firm), Hattiesburg Clinic (healthcare)

Tech stack

jQuery (JavaScript libraries) core-js (JavaScript libraries) Open Graph LottieFiles Linkedin Insight Tag (Analytics) HubSpot Analytics (Analytics) Ahrefs (SEO) Microsoft Clarity (Analytics) Matomo Analytics (Analytics) Leadfeeder (Analytics) Google Analytics (Analytics) Facebook Pixel (Analytics) Crazy Egg (Analytics) HSTS (Security) Typekit (Font scripts) Google Font API (Font scripts) Microsoft 365 (Email) jsDelivr (CDN) jQuery CDN (CDN) Google Hosted Libraries (CDN) 6sense (Marketing automation) HubSpot (Marketing automation) Reddit Ads (Advertising) TVSquared (Advertising) Microsoft Advertising (Advertising) theTradeDesk (Advertising) Google Tag Manager (Tag managers) Adobe Experience Platform Launch (Tag managers) Webflow (Page builders) DigiCert (SSL/TLS certificate authorities) Sendgrid (Email) Mailgun (Email)

Website

threatlocker.com/

Competitors

CrowdStrike Falcon Endpoint Protection Platform

Broader EDR/XDR platform with cloud-native focus; less emphasis on application allowlisting and deny-by-default model.

SentinelOne Singularity Endpoint

Unified XDR platform with broader visibility; ThreatLocker specializes more specifically in application control and attack surface reduction.

Sophos Endpoint

Traditional endpoint protection with threat-hunting focus; lacks ThreatLocker's emphasis on deny-by-default application control.

Check Point Endpoint Security

Enterprise-focused with network integration; less specialized in the zero trust application allowlisting approach.

Why this matters: ThreatLocker has achieved remarkable growth with $299M in funding and 50,000+ customers in just 8 years by solving a critical problem with an elegant approach: instead of fighting an arms race with attackers, the deny-by-default model makes ransomware nearly impossible to execute. The company's focus on MSPs and ease of deployment through automated learning has created strong network effects in the market.

Best for: Managed service providers and enterprises seeking to eliminate ransomware and reduce endpoint breach risk through zero trust application control.

Use cases

MSP Security Simplification

MSPs use ThreatLocker's learning mode to automatically catalog customer applications and dependencies, then deploy pre-built application policies at scale. This reduces onboarding time and support tickets from users accidentally causing security issues.

Healthcare Data Protection

Healthcare organizations enforce strict application behavior and block unauthorized software from accessing patient data. Storage control features prevent sensitive case files and medical records from being copied to unknown USB devices.

Law Firm Case Data Security

Law firms use ThreatLocker to protect sensitive case data by allowing only approved applications to execute and monitor real-time threat activity. This ensures privileged client information remains within controlled application environments.

Alternatives

CrowdStrike Falcon Choose CrowdStrike for broader XDR capabilities and cloud-native architecture if you need integrated threat hunting alongside endpoint protection.

SentinelOne Choose SentinelOne if you prioritize autonomous endpoint protection with behavioral analysis over strict application allowlisting.

Sophos Choose Sophos for a traditional, easier-to-implement endpoint protection solution if deny-by-default application control isn't your primary concern.

FAQ

What does ThreatLocker do? +

ThreatLocker is a zero trust endpoint protection platform that stops ransomware and cyberattacks by using a deny-by-default model—only approved applications are allowed to run. It includes application control, storage control, privileged access management, network access control, and EDR/MDR capabilities. The platform's learning mode automatically catalogs applications and recognizes over 13,000 pre-built apps for quick deployment.

How much does ThreatLocker cost? +

ThreatLocker uses a subscription-based pricing model calculated per endpoint or user, with costs varying by organization size and features selected. A 30-day free trial is available without requiring payment information. For specific pricing, contact ThreatLocker's sales team.

What are alternatives to ThreatLocker? +

Top alternatives include CrowdStrike Falcon (broader XDR platform), SentinelOne Singularity (behavioral analysis focus), Sophos Endpoint (traditional endpoint protection), and Check Point Endpoint Security (enterprise network integration).

Who uses ThreatLocker? +

Over 50,000 businesses worldwide use ThreatLocker, including managed service providers, mid-market enterprises, law firms, healthcare organizations, and education institutions. Notable customers include TeamLogic IT, Apex Computing Services, Rumberger Kirk law firm, and Hattiesburg Clinic.

How does ThreatLocker compare to CrowdStrike Falcon? +

ThreatLocker specializes in deny-by-default application control and attack surface reduction, making it highly effective against ransomware. CrowdStrike Falcon is a broader XDR platform with threat hunting and cloud-native features. ThreatLocker is better for organizations prioritizing application allowlisting; CrowdStrike is better for comprehensive threat detection and response.