As endpoint security and threat prevention become core to managed services and enterprise infrastructure alike, few vendors have made as much impact in recent years as ThreatLocker. Founded with a strong technical ethos and a zero trust-first mindset, the company has grown rapidly across both the MSP and enterprise security sectors.
IT Europa sits down with CEO and co-founder Danny Jenkins to discuss ThreatLocker’s growth journey, why he’s resisted distribution norms, the realities of MDR, and how a deeply hands-on approach has helped carve out a unique place in the cybersecurity ecosystem.
From startup to scale-up
"We blew past $100 million in the last year," Jenkins says. "We’re doubling every year. We’ve got 54,000 businesses that use our product." That growth, he explains, has been remarkably consistent for three years running.
While ThreatLocker began with a strong enterprise focus, the balance shifted dramatically in 2021. "In 2020 we were majority enterprise," Jenkins recalls. "By the end of 2021 we were majority MSP." Now, he says, enterprise is again accelerating. "Our enterprise growth is probably a little bit faster now. Some of the biggest financial companies, banks, hospitals—that’s coming in very aggressively."
He breaks the business down into several components: a robust MSP partner channel, a growing base of enterprise deployments, and a third segment defined by internal IT teams purchasing through partner transactions. In Europe, he estimates that "80% of it passes through a partner of some description."
Rejecting traditional distribution—and putting the IT pro first
ThreatLocker has consciously avoided the traditional two-tier distribution model. "We don’t do distribution," Jenkins says. "Our goal is, at the end of the day, the consumer of the product is the IT professional."
Even in enterprise, the line between partner and end-user can blur. "Whether it's the MSP or the IT manager, that's who we're building for," he adds. "We educate the IT professional. How we transact becomes irrelevant."
In markets with more complex procurement requirements, such as the Middle East, ThreatLocker occasionally uses agents or sub-distributors for compliance reasons. But the focus remains on a direct relationship with the technical consumer.
Why no one has copied them (yet)
Asked whether it surprises him that ThreatLocker hasn’t yet faced a direct, like-for-like competitor, Jenkins is candid: "Yes and no. This is not easy." He goes on to describe an operation that has become as much about research as development.
"I have 150 people that do nothing 24 hours a day but check for Windows updates, Chrome updates, Office updates. We support 8,000 different apps," he says. "Another 40 people do nothing but research where apps are developed, who owns them, who funds them."
Then there's what he jokingly calls "category two" analysts: "It’s someone’s job to look at adult sites." Most applicants are keen, he notes, until they actually have to do it. "They never want to do it again."
It’s part of a broader philosophy that places emphasis on internal culture and capability. "Building software is 15% of it," Jenkins says. "The rest is building the team, the processes, the validation." Even now, he spends hours on performance tuning and sits with the development team regularly. "Leadership has to get their hands dirty."
Smart use of AI, but never a replacement for people
ThreatLocker uses AI extensively, but always as a way to amplify rather than replace human oversight. "AI can categorise websites with about 78% accuracy. A human, if they’re caffeinated and well-rested, can do 99.6%," Jenkins explains.
"If your product can be replaced by AI, quit your business right now. It means it wasn’t that great to begin with."
Instead, Jenkins sees AI as a way to speed up research, flag inconsistencies, and enrich the customer experience. "If there's a discrepancy between what the AI says and what the human says, we can get a second validation and push our accuracy up to 99.9%."
Why the messaging to MSPs must evolve
Jenkins believes MSPs often sell security the wrong way. "Business owners don’t care about whether you're $80 or $100 a seat. They care that the laptop works Monday morning."
He describes a failed MSP pitch to ThreatLocker itself, back when the company was struggling to get laptops provisioned fast enough. "I didn't care about price. I needed someone to convince me that my team would be up and running."
That experience helped shape how ThreatLocker trains its partners. "Our salespeople will train MSPs. We’ll do demos for their customers. But we don’t talk about DLLs or ring-fencing to the end user. We talk about risk. We tell them: your employees can download anything—malware, backup tools that steal your data. We want to change that."
Product innovation rooted in operational use
While the core pillars of application control, ring-fencing and network policy remain, Jenkins highlights new features that reflect real-world usage.
One is "defense against configurations," which checks endpoints daily for weak settings—everything from open Windows directories to missing screen locks. Internally, it has another name: "dumbass configurations."
"We want you to get one report once a week that tells you where you've got failures," he says. "We're not just checking ThreatLocker settings. We check your whole environment."
MDR with teeth, not just alerts
Jenkins says MDR should mean more than detecting threats—it should enforce change. He recounts the case of an MSP in Kansas repeatedly warned about an open RDP port. "Eventually, someone gets on the server, starts scanning the network. So now we send a network policy to the MSP’s phone. Accept or reject. If you reject it, tell us why."
"Most of MDR isn't about someone attacking your server. It's about stopping the misconfigurations that make those attacks possible."
Remediation, in his view, isn't a software reinstall. "Recovery is not remediation. If you're restoring from backup, you haven't removed the problem."
Sovereignty and access controls
Jenkins also touches on jurisdictional sovereignty—a growing concern for European customers using US-based vendors. ThreatLocker, he says, mitigates this through its Irish legal entity, EU-based data centres, and built-in access restrictions.
"You can go in there and say ThreatLocker doesn’t have access to your data. You can choose which countries your data can be accessed from. We made that really visible after a Reddit post that got traction."
Even support access is tightly controlled. "If a support engineer accesses multiple accounts without logging a ticket, it gets flagged. Zero trust applies internally too. I don’t even have access to JIRA."
IPO ambitions, but no exit plan
Despite fielding acquisition interest, Jenkins says the plan is to go public. "We’re in the preparation of an IPO right now," he confirms.
"Success to me is that in ten years, 90% of the world blocks by default, shuts down ports by default. The only reason I would ever sell is if it helps us achieve that."
The company’s board remains founder-controlled, even after taking $250 million in investment. "Companies don’t run in the boardroom," Jenkins adds. "And if you’re doing something because your investor said to and it fails, it’s still your fault."
Final thoughts
In an industry increasingly driven by marketing, ThreatLocker’s credibility rests on deep technical investment, operational experience, and unflinching transparency. Jenkins knows the space is crowded—"80% of security tools are sugar pills," he says—but is betting that an uncompromising approach to product and service is what partners and end users really want.
"We have problems, like any growing company. But if a customer problem can’t be solved, escalate it. And if it still can’t be solved, call me. I don’t care if it’s 2am and they’re a 20-endpoint customer. That’s the culture. And we’re keeping it."
