In this Brand Story episode, we connect with Danny Jenkins, CEO of ThreatLocker, to explore innovative cybersecurity measures that proactively prevent threats by using dynamic firewalls, application ringfencing, and a zero trust framework. Discover how these advanced solutions simplify IT security management while ensuring your network and data remain uncompromised.
In this Brand Story episode, Marco Ciappelli and Sean Martin sit down with Danny Jenkins, CEO and co-founder of ThreatLocker, to uncover the fascinating journey and innovative approach of ThreatLocker in the cybersecurity realm. The episode sheds light on the company’s mission, the challenges it faces, and the transformative solutions it offers.
Danny Jenkins recounts the origin story of ThreatLocker, beginning with his early career in IT and his fortuitous stumble into cybersecurity. He explains how witnessing firsthand the devastating impact of ransomware led to the inception of ThreatLocker. His experience with ethical hacking and ransomware recovery highlighted a critical need for more effective IT security solutions, enabling Jenkins to spearhead the development of ThreatLocker with a central philosophy: deny by default.
ThreatLocker’s primary goal is to help organizations implement a zero trust framework by making it as simple and automated as possible. Jenkins emphasizes that effective security requires blocking untrusted software and limiting what trusted software can do. He articulates the importance of learning the intricacies of each environment ThreatLocker protects, from small businesses to massive enterprises like JetBlue. By examining each endpoint and understanding the specific software and dependencies, ThreatLocker ensures that systems remain secure without disrupting daily operations.
One of the key aspects discussed is ThreatLocker’s unique human element combined with technological innovation. Jenkins introduces the concept of their 'cyber hero' team, dedicated to providing 24/7 support. This team is crucial, especially when onboarding new clients or assisting those already affected by ransomware. This commitment to customer service underscores ThreatLocker’s philosophy of not only providing top-tier solutions but ensuring they are successfully implemented and maintained.
Jenkins also touches upon the broader industry challenges, specifically the common pitfalls enterprises fall into by relying on endpoint detection and response (EDR) systems alone. He argues that such systems are often reactive, addressing symptoms rather than root causes. ThreatLocker’s approach, focusing on proactive prevention and least privilege access, aims to mitigate vulnerabilities before they can be exploited.
Finally, Jenkins discusses the future vision for ThreatLocker, highlighting continued growth and innovation. The company’s commitment to maintaining high support levels while expanding its product offerings ensures it remains at the forefront of cybersecurity solutions. Events like Zero Trust World serve as educational opportunities for clients to deepen their understanding and enhance their security postures.
Overall, this episode provides an in-depth look at ThreatLocker’s strategic approach to cybersecurity, emphasizing the importance of proactive prevention, customer service, and continuous improvement.
Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974
Note: This story contains promotional content. Learn more.
Guest: Danny Jenkins, CEO of ThreatLocker [@ThreatLocker]
On LinkedIn | https://www.linkedin.com/in/dannyjenkinscyber/
Resources
Zero Trust World Conference: https://itspm.ag/threat5mu1
Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
Cyber Heroes in Action: Delivering Advanced Security Measures for Modern Businesses | A ThreatLocker Story with Danny Jenkins
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
[00:00:00]
Danny Jenkins: Um, Hmm.
Marco Ciappelli: No, no, no, no. These are my favorite. Don't don't steal my thunder. The origin story is my thing. the only thing is when we dive into more operational technical stuff. So origin story is about storytelling is how we introduce a company to our audience. And I'm very, very excited, Sean, this time to start with the new sponsors of ITSP magazine that we're going to introduce to all our audience all over the world.
Sean Martin: Yep. ThreatLocker, great to have you on. Danny Jenkins, great to meet you and have you join us. You're the CEO, co founder,
Danny Jenkins: yes, Sean, Marco, thank you very much for inviting me today.
Marco Ciappelli: It is the person we were expecting, Sean. It's not a,
Sean Martin: is
Marco Ciappelli: it's not a mistake. Hmm.
Sean Martin: Now, so the, the reason I like these, I [00:01:00] mean, of course, I like to dig into how we. operationalized, operationalized technology to, uh, build better security programs. So we have a more secure business and they can achieve more things, uh, safely. And. The reason I like the origin story is because we get to hear from the founders and leaders of organizations, how and why they started their company to help their customers do that, hopefully.
And, uh, I'm thrilled, Danny, to, to get a view into what ThreatLocker is doing, how it was founded and, and, uh, how you, how you help organizations achieve better security, therefore better business, maybe a brief few words from you about. Your background, maybe leading up to the founding of ThreatLocker. What were you up to before?
Danny Jenkins: so, uh, I, I, I started my career in it. Uh, I left school very, very young at 15 and I got an apprenticeship in it. And what could only be described as an Ms. P back then, it wasn't really [00:02:00] MSPs and I, I, I learned NetWare and I learned windows, and I ended up being in corporate IT for some time. And when I ended up in corporate, it, I, I very, I think luckily fell into the security side because I worked at the corporate headquarters.
I was the only IT person there. And this was in the early 2000s, and they had 146 sites joined together, all had their own IT departments. And then suddenly ransomware, but malware started spreading through the network. And I ended up being the person responsible for security and then very entrepreneurial quit left there, started some email security businesses.
And, and, and then in 2014, I sold my email security business and I, I was. Doing two things. I was doing a lot of ethical hacking, but I was also being called in a lot to help with ransomware recoveries. And ransomware was very, very new then. And the companies were saying, well, how do we get, we paid, we didn't get our data back.
What are we going to do? How do we get our data? What can all of this? And this is where I really got into the idea of ThreatLocker because it was. Companies have [00:03:00] been destroyed by ransomware and they're doing everything arguably right.
Sean Martin: Oh, a fellow, uh, NLM er in the good old network days. I'm sure you remember that.
Danny Jenkins: it's been a long time and, uh, there's how you see a market change overnight between 1999 and, and, uh, early 2000s, Microsoft just ended a company essentially.
Marco Ciappelli: why don't we talk exactly about that? Like in big, uh, bigger leaps than, you know, what it would take probably forever. Like the main changes that you have seen since when, uh, you started a company or even going back to 1999, as you mentioned, like milestones that brought us to where we are now.
Danny Jenkins: Well, so I think, I think, first of all, I think going back to the early 2000s, malware was a constant issue when I was working corporate it and we had antivirus, we had endpoint security and it was constantly evading that. But the level of the issue. Was not a business issue. It [00:04:00] became an it issue. So I remember there was a piece of malware came in and it was coming into everybody via a zip file.
It was an executable in a zip file. And I emailed the company saying, please don't open any zip files. Be careful. There's malware coming in. You know, five minutes later, I get a call or an hour later. I get a call from the front desk saying, Hey, there's a problem with our website. And when I try and open the attachment to see the problem, it's not working.
And I run downstairs and the lady who did this is in tears. And there's, uh, uh, inappropriate pictures on her screen. They'd been popping up, but that was the scope of it was someone's upset. Someone got offended and we have to clean up their machine now. And then turn it to 2014. It was the first time I ever saw ransomware.
And this is where it became a business issue because the, I got brought in to help with the recovery. They paid 22, 000 ransom and they didn't get their data back. So I came in to say, okay, well, let's see, use this recovery tools, things like this to help with the recovery. And about [00:05:00] a week into the recovery, the owner of the business called me up and said, He was in tears.
This was a 60 year old man in tears saying, is my business gone? And then that's only dawned on me. This is a real problem. And when they asked me at the end, we got it recovered by the way, mostly it was painful, but when they asked me, what can we do, they didn't like my answer. And that was the challenge I had.
How can I, I know there's a solution out there, but it requires too much work and the customer and the it department was like, we're not going to do that. And that's really where the idea of ThreatLocker came from. It was, Hey, you have to deny by default. Now it doesn't necessarily mean causing hell to your users.
And they said, this is ridiculous. There's no viable technology solution out there to do this. And that's really what got me thinking about ThreatLocker. If there isn't something out there, how do we create something? [00:06:00] Silence.
Sean Martin: operationally or programmatically through an application, uh, you want it to fail in a way that doesn't, doesn't, uh, put the user in harm or, or, uh, Take the application down a path that, uh, you know, if we're talking about security, exposes data, exposes weaknesses in the application of the underlying infrastructure.
So you touched on a point that I think we regularly go around on, uh, on, uh, conversations with organizations, which is what we need to run our business. We need to enable the users to do what they need to do. The, the transactions need to, Take place, um, if we, if we can't onboard customers, if we can't complete banking transfer money transfers through our apps, we're losing money as an organization.
So how, how have you found that sweet spot? Assuming you have to deny all fail safe and the word that I use, um, [00:07:00] and still let organizations achieve what they need to.
Danny Jenkins: So when we started looking at this and it was interesting because I'm looking at this idea for a business. So I say, I'm going to build a solution that allows people, and it's not just blocking untrusted software, but limiting what it can do, uh, and ring fencing, elevation controls and things like that.
But we started off with this principle of block untrusted software. And the first challenge I had was there's not a big enough market. The amount of people that were buying this was so small. Nobody was going to invest in it. And I realized if I wanted, this was going to cost an absolute fortune to build and to manage and to, to achieve.
And when you go in after a market, that's at most 500 million worldwide, that's not, you've got to get a big enough piece of that market to pay for that. So what we first did is say, well, The only way we make it a bigger market is make it a viable solution to the whole world. So we started looking at what is the problem?
Why won't people deny by default? And the first problem was it was just too hard [00:08:00] to onboard. Most companies you go to didn't have a clue the software they were running. They didn't understand what the software needed to do. So there was this learning stage where you had to figure out everything and you didn't want to upset your users in the first place.
The second problem was, well, I've tried this before and it all worked fine. It was hard to set up, but then we had updates. So we had windows updates, office updates, Chrome updates. And then suddenly that got blocked. And the third problem was actually the smallest of them was, well, sometimes people need things and it can't take me two hours of my time as an IT guy to solve their problem.
So we had to get that workflow, right? Outside of that, most people don't change the software they're running. So you have someone in finance. They come in every day. They open Chrome, they open zoom, they open the financial software, they're putting office. And that's what they do. They don't go and download a new application every day.
Now updates happen, but they don't download a new application. So what we said is, well, [00:09:00] we need to get rid of those solutions. And it started off by some of the most advanced learning, which just gets more and more advanced every time we see it, we learn the DLLs, we learn the hashes, we learn the dependencies, we learn it at a system level, and then we enhance that to say, well, in addition to that, we're going to start tracking the updates.
So most. Endpoint security teams, what they do, they go out and build a team of threat analysts. And we've got a team of threat analysts as well. Um, but what we focused on was what if we built a team of people whose job it is to know every single update of every single product out there. So we have research teams and update teams.
We have relationships with 4, 500 vendors. We have 45, 000 products that we have data on everything from what dependencies they use. What country their developers are based out, where they funded by the Chinese communist party, everything about every piece of software you can imagine. And we started building that out because what that allowed us to do was take away all the headaches.
So as a, as an it manager, and you know, this is a security tool, mostly used by it. You could go in, you could [00:10:00] deploy, you could wait a couple of weeks. You could see a nice, simple report saying this is the software you have. This is what you, this is what country it was developed in. This is what it currently has access to, and you can choose what you want and don't, and then you lock it down.
And once you lock it down, we've, we've deployed to 50 something thousand companies now, and the, my initial goal was two things to go back to 2008. Well, we got our product release. We got our first beta. I had two goals. I want to sell to a small company and I want to sell to a big company. So someone with 10 employees and someone with 10, 000 employees.
And by 2021, we had lots of small companies, lots of midsize companies, but we, we signed probably our first large enterprise, which was close to 20, 000 endpoints, I think was JetBlue. And that's when we knew if I can get these to use it, all of these companies to use it, we can make the whole world viable for the entire world.
Marco Ciappelli: Now, let's talk about you kind of went there like you have a very large theme here and [00:11:00] I see that there is that they call it the cyber hero. So I see like a human element into the technology, right? Like you got these guys that do the research, but also interact with your customers. And from what I'm understanding, they create some kind of like a customized solution for them.
That's why I guess you can work with the small and the big team. So tell me about how you. You invested a lot of money, I'm assuming, and time and training into building a human team instead of just giving everything to technology.
Danny Jenkins: Okay. So I'll tell you a little bit about the word cyber hero and why we started using it first, which you'll find amusing. So the beginning, there's three of us, three people founded the company, me, our CRO, who's my wife as well. And our chief quality officer with three people that found it throughout.
And like most founders, I mean, today we've got 550 staff. And we've got lots of money, but most like most founding companies, we had no money. We had no staff. We had no time, three things we didn't have. [00:12:00] And I remember I was on the call with a customer. A prospect. And they said to me, Hey, we work 24 hours a day.
We need 24 hour support. It was like a hospital. And I said, yeah, we have 24 hour support. And so, uh,
Marco Ciappelli: will have
Danny Jenkins: we will, we will by the time you install
Sean Martin: You're already up 24 hours any day. So anyway,
Danny Jenkins: it's funny because today, and by the way, today, our support averages 23 second response time, 365 days a year, 24 hours a day. And it's run by a team of great people, our cyber hero team.
Um, but what we did is at the time we didn't have that. And we weren't getting calls like very often. I mean, it was a hundred, 200 end points. It wasn't a big deal. So they're like once every month you get a 24 hour thing, but we need it to be available 24 hours a day. So we put an alert on our phone. We created this live chat and the live chat would basically allow you to go in and say, Hey, I want to chat with someone, ask them a simple question.
Or I want a zoom session. So get on a call with me 24 hours a day. And we still do that now. Um, so we create this live [00:13:00] chat and then we got to push to our phone, but. Apple's push mechanism. It's not very reliable. It doesn't make noises all the time. It tends to self silence. So what we did instead is we installed ceiling speakers through our house and If someone came in the queue doesn't matter it was on loud as well the whole house would echo with new visitor in the queue and Like I'd wake up at 2 in the morning.
I'm like what the hell is going on and and I And I get on and I get to the point about cyber hero. So I get a call at two in the morning or a chat. So I pick up this chat and it's one of the customers that I put on trial that day. And they're like, Hey, Danny, why are you up at 2 a. m.? And I'm like, oh shit.
Now, I either tell this guy, oh look, we only have three employees, or I just, and I just said, I just saw your chat come in, and I wanted to grab it. And that's what I said to him. But it made me think, oh, this is going to get asked a lot. So we renamed all of our staff to Cyber Hero. Oh, we named the three of us the cyber hero in the chat and [00:14:00] today we show their name and cyber that we have cyber Hero cyber is here in training cyber psychic cyber hero and super cyber hero different levels now But we always have their name and that's kind of why it came as a name But also what we realize is these guys are there to help you at your worst moment And I would say every week we do about two on boardings from someone that's already been hit by ransomware and they're trying to get control of their environment, but also people have configurations issues.
I mean, we run everything in hospitals, in banks, in airlines, in airports, like, um, and these things are, they cannot shut down. So we have to be there as fast as they need to, whenever they need to. And, you know, we say, Our goal is zero trust and zero trust means least privilege. It doesn't mean zero effort, but zero trust, little effort.
And if we can give you a solution with little effort, and we can do a lot behind the scenes and we can do it in an economy of scale, you win as the customer, we win as the vendor.
Sean Martin: what are some of the [00:15:00] biggest challenges your customers face as they move from, I'm assuming it's both a cultural and a technological shift, uh, in terms of here's how we normally manage our networks and our, and our end points and our, in our, uh, application infrastructure and whatnot, and. I know that the abstract zero trust is maybe hard for a lot of people to kind of grasp and then to, so to make that an understanding from a cultural perspective and then to change, I don't know if you have to change the environment a lot beyond just configurations.
So what's that shift look like from an existing small, medium business, let's say, um, to something that you get to help them with.
Danny Jenkins: I mean, I hate the marketing term zero trust. I mean, we use it, but I hate it. And the reason I hate it is because it's not. It's not actually descriptive of what it is. And if you remember back in the 1990s and the early 2000s, what we call the cloud now is referred to as hosting. That's what it used to be called.
I [00:16:00] hosted my email with my ASP and now it's called the cloud and zero trust is what used to be called least privilege. And the concept of least privilege is not new. We use it on firewalls all the time. We have a default deny policy and we allow ports. That we need in the, what we're doing is we're saying, we're going to extend this beyond just a firewall or beyond file permissions, and we're going to do it at an application level, not just what can run, but what can the application do?
And the reality is 80 percent of companies now don't have users as local administrators anyway, so users are used to. Having to request it install certain applications, not all, but a large portion of good applications. So the culture shift, isn't the big issue. Everyone thinks it's going to be the big issue.
I think the biggest customer, the biggest issue I have with our customers. It's normally making sure we deal with the internal politics of it and companies are splitting it and security more and more. And quite often what will happen is a CISO will [00:17:00] come to us or it's it security. And they'll say, we love ThreatLocker.
We want to do this. And nobody in it saw a demo, nobody in it knew anything about it. And then suddenly it goes to do something and it's not working and they don't know why it's not working. They don't know anything about what we've done. And, and then they're left managing the tool quite often and something's being blocked and they've burned 10 hours.
Cause they didn't know it was that lock. I mean, it takes 60 seconds to permit something, but they're trying to push a script out from a server. And that script's being blocked as it should be, because we don't know It could be ransomware. It could be bad. So I think the biggest challenge companies think is changing the culture.
Most humans, most people, when you say to them, this is why we're doing this. And this is why it's important. They'll accept it. When we think about things like developers who need to download new software. This is about least privilege. So if they need to download new software, let's let them download new software, but only ring fence it.
So it can't see your network unless it's been trusted. Let's make sure it can't encrypt your files. [00:18:00] And that's what we're really about is making sure the right fit is for the right person and right role in the company. And we do all these simulations to see how it's going to affect people before we lock down.
And this, this isn't, sounds like a lot of work, but realistically, I've endpoints and the customer put in 20 hours work in total beginning to end to achieve that. So it's not a lot of work and we're, but like I said, the, the fear is the culture and the users, the challenge, the real challenge, the real way people waste time in ThreatLocker is their IT team.
Not understanding that we now have a new process. It's a very easy process, but let's follow this process beginning to end. And when they do. It gets easy. And I almost beg every CISO I speak to, please bring your IT team on this demo, because when they see this, they're going to love it. But when you jam it down their throat, they're going to be on defense mode immediately wanting to get it out.
Marco Ciappelli: And is it a
Sean Martin: mark a real? Oh, good.
Marco Ciappelli: Yeah, no, no, no. You go.
Sean Martin: I was going to say that. Because I'm picturing, [00:19:00] and maybe you can elaborate on this if it's true, I'm, I'm picturing an easier life for IT, um, perhaps if, if you give them the environment with which to manage all this stuff through, right?
Danny Jenkins: it's really the first user we did a deal with our kids. We got them in a private school. We couldn't afford it at the time. And we, we did a deal where we would actively contribute and look after their IT and help things like that. And they had 60 teachers, 120 devices, something like that. And it was a nightmare.
We were fixing things every single day. And we were like, what have we done? Send the kids to public school. They'll turn out fine. And, uh, we, what we did is they were the first user of ThreatLocker. And what's interesting is we went from spending 20 hours a week. Managing their it to less than an hour a month.
And the reason being is because the it guy is now in control. And when you manage your it systems, when you imagine you give someone a laptop and five years later, it comes back the exact same way it went out. Apart from a smash screen. [00:20:00] That's like, that's what really makes it easier when you manage it, as opposed to responding to users, breaking things.
I installed Dropbox and it's filled up my hard drive. I don't understand why my Chrome is eating all my CPU because you've got 15 web extensions installed. If you take those things away, it gets easier. And then we also bring in the tools, like the ability to do endpoint privilege management, where you can automatically elevate a request.
So somebody says, Hey, I need to download and install a printer. I'm going to request the software can run. And my IT guy can approve it to elevate at the exact same time. So the IT guy doesn't have to log onto your machine anymore and put in a password. He just approves that package and you click on it.
And it's awesome. Okay.
Marco Ciappelli: So is it like a one solution fit the mall or it's a, you have different packages or, or it's one and then you turn on and off things depending on who your clients is.
Danny Jenkins: So we, we have an endpoint protection platform and that includes two major groups and each group has different components. And [00:21:00] most companies who are signing up now, apart from the really large enterprise tend to go with what we call unified, which is all of it together. Uh, I'd say most, it's probably like 55%, but we have ThreatLocker Protect.
Now what ThreatLocker Protect does is it provides an allow listing solution to stop untrusted software, including ransomware, because malware. It's just software. Um, it ring fences applications to control what they can do when they're running. So when we think about solar winds, Orion, we're able to foil that. I use the word vulnerability, but it wasn't a vulnerability from being exploited. Um, so for Lena exchange, we're able to harden all of those. And then we've got elevation control with EPM. We've got storage controls and we've got network controls where we can control East West traffic and get really granular with dynamic ACL.
So that's what we call our protect controls. And then on the other side, we have felt like a detect, which is our EDR and our MDR where we can manage it. So my goal and the purpose of ThreatLocker is to accelerate the protection part of our business. Cause I always say, [00:22:00] when you get an alert in your EDR, that's not a false positive, including ThreatLocker.
It's because you screwed up on part a, because you did something wrong on part a. And if you want to secure your environment, it shouldn't be about detecting bad things. It should be about hardening your environments of bad things can't happen in the first place. And the detection part is the backup plan.
Just like you have a burglar alarm in your house. If you forgot to lock your door, someone gets through your lock. Um, and each component, like some companies will come to us and say, Hey, I just want Whitelisting or I just want, um, EPM, but 95 percent of our customers use our whitelisting solution, probably, like I said, 55 percent of new customers use the whole thing combined.
And then companies will just pick and choose what, what helps them with their needs. If we get to a really big enterprise, they tend to have very specific needs with very specific budgets for those needs.
Marco Ciappelli: Yeah. There is a manager system. I was looking at it that you can turn on and off what you want to use. Right.
Danny Jenkins: Yes. You can, and you can just literally check a box. And what's cool [00:23:00] is a lot of companies will come to us and say, Hey, I just want to use your application controls. And then they'll use the application controls and then six months into it, they'll say, Hey, can I test this detect module and with your MDR?
And I'll say, yeah, sure. Test it. But I want you to do me a favor when you test it, do some bad stuff on your computer and see who responds first. Cause we have a cyber hero team, 24 hours a
Marco Ciappelli: Well, why, why, why you respond, right? You're the one in the house that get the
Danny Jenkins: Yeah, with the speakers. So I don't know if support still think I have the speakers in the house, because when I went, when I stopped doing nighttime, we changed it.
So if someone was in the queue more than 60 seconds, it would still go through my speakers. Now the speakers stopped working like four years ago, but nobody knows that. And they still respond in 23 seconds. But that, and the cool thing about it is, I mean, we. There's not a single day of the year. We went through a hurricane here in Florida recently, and we have backup generators with hurricane rated building.
But in addition to that, we also send 10 people to our Dublin office just to make sure if some of the worst case happens and we [00:24:00] end up with complete disaster in Florida, but we do not stop ever. We don't stop for Christmas. We don't stop Thanksgiving. We don't stop for hurricanes. When the hackers go home, we go out and we haven't stopped support for six, seven years now, since 2018.
Sean Martin: And that's, that's one of your, uh, I'm looking at the values on, on your website for the company. Sense of urgency is, is certainly one of them. Innovation, uh, is something we touched on a bit here. Um, The, the ability to, to manage all this stuff, maybe you want to touch on that in a second, but what I want to touch on here is the challenging the norm and because what I hear, what I'm hearing is there's a lot of best practices that somehow organizations kind of move away from the segmentation, the, um, the, the, the, the deny, uh, fail safe, the, the, uh, um, Yeah, basically running a safe first [00:25:00] environment and then opening things up to operate a lot of those best practices we kind of leave behind. How does challenge the norm fit in, uh, both internally for how you run the business and then how does that impact how you interact with your, your customers?
Danny Jenkins: So, so I think when we started throughout like a 0. 0001 percent of the population would take the idea that we can block software by default, like everyone else is not doing that. And if we depend on the industry you look at now, it's going somewhere between. Early, the single digits up to 30 percent of companies that are doing that.
And we're really changing the norm there. And I think the problem often is as a company, the easy solution, we have the same tools that an EDR had day one. What we had to do was put in the rule sets. The easy solution for us was to come out and say, I can sell you a product that you don't have to do anything because companies want.
An easy solution, but we had to challenge that and say, we need to make the other [00:26:00] solution, the real solution, the norm. And there's a reason if you look through the history of endpoint protection. Who was the winner 20 years ago? Who was the leader? Are you thinking about Semantic or someone like that?
They own the entire market. Now, if you think about who owns the endpoint detection market now, it's probably someone like CrowdStrike. The, the reality is, and in between that we've gone through semantic, we've seen a vast ABGs, we've seen trends, we've seen, um, uh, a bunch of mc, McAfees and all of these other solutions that come and die as quick as they come.
And the reason is because they don't work. And what these companies are doing is they're coming up with big, shiny. Marketing gimmicks and not actually solving the solution, but knowing you don't know that we're not good enough until you get breached, at which point we've already collected five years revenue from you in most cases.
And what we said is that we cannot afford to churn customers. So these companies are relying on 10, 15, 20 percent churn year over year. [00:27:00] Uh, because someone got mad because it didn't detect them and they're okay. We, we have 99. 96 percent renewal in eight month over month. And it's, and that's because if you, if you challenge the norm and you say, we're going to do something that actually solves your problem and doesn't give you fake promises and hot air.
Then you're going to continue to use our product and we're going to do that. I'm going to make it easy. We're going to make it manageable. We're going to put a team behind you to make sure you know what you're doing. We did some really crazy things here. Like you only get paid in ThreatLocker once your customers actually successfully deployed and locked down. So we don't have this. Oh, you hit, thanks for the order. Go away. Now we don't care if it's shelfware. Our team get paid on actual work. We're probably the only security company in the world that pays our support team based on the outcome of their tickets and not based on, Hey, you got a flat wage, do whatever you want.
Sit there with your feet up. Don't help the customer, help the customer. They get paid and [00:28:00] their rewards go up and down based on the outcome of the ticket.
Sean Martin: That's super cool. That's super cool. And then, and, and innovative as well. Um, talk to me about, I mean, you said, talk about the renewals there. And I forget, there's probably an old stat, but there was a stat at one point that said 40 percent of an SMB that got hit, 40 percent of SMBs that get hit with a ransom, a ransomware attack, go out of business. Um, so they can only renew if they stay in business.
Danny Jenkins: Yeah.
Sean Martin: you want to, you want to keep them in business. Um, so that's. That's kind of the SMB space, but I want to shift to, you touched on in terms of making it better, but one of the, I worked for the big yellow crew for a long, long time. And one of the biggest challenges we have is we tackled the enterprise space was tens of thousands of systems distributed around the world, different, different cultures, different infrastructures, depending on where they're, where they're based.
You [00:29:00] have critical infrastructure and banking and healthcare, all these different environments. How do you. How do you address that space, um, and a lot of the complexities that those environments bring and then a lot of the differences that each of those industries bring, um, in a way that, that enables them to successfully manage, but also you to plug in with your, your cyberheroes in a way that, that can support them and nobody gets, gets hurt in the process.
Danny Jenkins: So I'll tell you one of the hardest spaces we deal with the two hardest areas and we deal with healthcare. Healthcare is scared. Finance is scared. Healthcare and finance are some of the easiest companies to deal with, believe it or not. Um, but one of the hardest spaces to deal with is airlines and airports.
And I've got one of them I can talk about a public case study. That that, which is JetBlue and they've got tens or more than 10, 000 endpoints, thousands and thousands of endpoints on IOT devices, on [00:30:00] bridgeways, on laptops, on servers. And they've got engineering software and they've got custom software that was probably written 40 years ago before windows even existed.
And all of these things become difficult. What we're trying to achieve here. We're not here to say what's good and bad. And this is what's nice about the way we think. We're here to say, what do you need and what do you use in your environment? So more often than not, when you go and deploy an EDR, your EDR or your antivirus is going to break something.
And if it doesn't break it, then it might break it in six months time, because their way they work is they'll look for a certain pattern. So they'll say, Hey, this encryption pattern is used in malware. So, and it might only start getting used in malware today, but for the last five years. Your software has been using that exact same encryption pattern.
And then one day a piece of malware comes out and the antivirus company or the EDR adds that encryption pattern into their definitions. And then suddenly your aircraft maintenance software, which has been running for five years, stops working. [00:31:00] And it becomes an unknown and you are there. I mean, we saw half the world blue screen and that's because, and that's because these companies have to update and evolve and change their patterns and change their codes so, so fast.
And all of the users to be effective. So when you're doing 14 updates a day to staying. Ahead of the attackers, you're eventually going to hit something the way we're working. We don't care whether your pattern is good or bad. We go in, we learn your environment. We look at the software you're using these companies, most of this legacy software, it doesn't, we're not here to say you should or shouldn't use it.
We're here to say, this is what you have. And this is what it's currently doing. We monitor it. Like we can monitor it for three months or we can monitor it for three days. We've typically most companies pick 21 days is the average. We monitor it. We make sure. Anything that happens in that period, we understand that we are going to permit based on that.
And if you're really nervous, some companies will go in and monitor it for three months and then they'll do simulations. And what's nice is you're never going to end up in a [00:32:00] situation where this worked yesterday and it suddenly doesn't today, because some piece of malware changed the rules around what is bad.
And because we're saying it doesn't matter if it's good or bad, it's on your machine. Is TeamViewer good or bad? Well, that depends. Do you use it to access your machine or did someone call you Pretending to be at Microsoft and ask. To get the malware off your machine. Like, and that's the nice things about we're doing.
We're not constantly chasing threats. We're not having to push 14 updates a day. We're blocking first and then we're allowing by exception and we just learn. And, you know, when I look at JetBlue, I think they have probably 10, 000 applications in their machine. And I don't understand what three quarters of them are for.
But I understand exactly what they do and our systems automatically learned it and allowed those policies for them.
Marco Ciappelli: Well, very, very cool. I want to end this first conversation because spoiler alert, we're going to have many more with ThreadLocker. So we're going to probably dive in into what's coming up and partners and other interesting [00:33:00] conversation to understand how the business is evolving. But as we spoke a lot about the past, I'd like to end with the question of what's in the near future for ThreadLockers?
What's your vision for the next few months? Yeah,
Danny Jenkins: I think the core mission of felt like it maintains the same and we didn't call it zero trust there. And it gets called zero trust now, but it's to accelerate companies. Use of at least privilege environment. And we want to make everything as simple as possible, as easy as possible, automated, and that includes product includes education to the market.
We did 840 trade shows this year. So far they include education sessions, uh, keynotes and everything else. And the, any one day we've got 30 people on the road meeting with customers. So our mission is to make sure people accelerate. To a zero trust environment, least privilege wherever possible, um, without upsetting their business.
Uh, what we are doing to accelerate that is we're continuing to enhance. How do we [00:34:00] make it easier? Things like we've got this new ThreatLocker, uh, uh, insights it's called. And basically it allows you to immediately see this file based on the 90 percentile needs this, this, this, this, this, this, this, this.
You don't have to think about it. You click one button, it gets easier. Every minute we save an IT manager, every five minutes, every time someone doesn't have to go and redo something. We make it easier to achieve our, for you to achieve our mission. And that is what we're continuing to do. We've got a lot more exciting stuff.
We've grown five times in the last, um, two years, and we expect to grow five times in the next two years while maintaining the same support levels, but also improving the product constantly. Bye.
Sean Martin: It's fantastic. I'm excited to continue to dig in and learn more. And, uh, have more conversations with you and your team and your partners and your customers. And, um, I'm also excited, Danny, to, uh, to see the team in Orlando. Zero trust world 2025 in February.[00:35:00]
Danny Jenkins: And that, that is, that's probably the biggest, if you want to get educated on cyber security, come to this event. And there's in 19th of February, I think it is. We go to ZTW. com. You can find that the details, but basically we do three days of cyber security training. And some of it's about ThreatLocker's product.
Some of it is about how to hack. Yes. We teach people how to hack and we want to teach them how to bypass it. We'll show you examples. And how you can take a reverse shell that's blocked by your EDR and use AI to make it unblocked, uh, undetectable by your EDR. And it's, it's hands on unlike most conferences where you have a keynote and you have people.
Most of our keynotes, or at least half of them have a thousand laptops in the room. And we'll actually walk you through exercises so you can get hands on it. Three days of fun. It's three days of technical learning. And what the coolest part about it is there's a 500 pass on it, by the way, this is a cost center to us.
So we're not making money on that pass, but if you pass your cyber hero test onsite, you get a refund of your pass [00:36:00] onsite. So you can go
Sean Martin: Very much like your support team.
Danny Jenkins: Yes. And you get a nice little pen and a certificate and you get there, you get
Marco Ciappelli: some cash back.
Danny Jenkins: you get some cash back. So it's a great three days. And if you can't make it follow up with our webinars, I think we have one coming up on AI on how to use AI to generate malware.
We've got some cool stuff on YouTube that from previous ones, you'll see like hardening max, where we can take over a map. We want to show you what you should be doing on your map. But before we do that, we actually completely take control of the Mac through its AirPods wirelessly without any interaction from the user.
Marco Ciappelli: Wow. Well, we are
Sean Martin: whispering in the ear.
Marco Ciappelli: We are excited because we're planning to be there. So that's that's that for for everybody. We hope other people are going to make it there. And we're looking forward to many more conversation with you and other people from your team to, you know, Keep telling the ThreatLocker story as we go into the new year.
So, thank you very, very much.
Sean Martin: Yes. Thanks, Danny. [00:37:00] Thanks, Danny. And everybody stay tuned.
Danny Jenkins: today.
Sean Martin: Yep. And we'll, uh, we'll include links to, uh, connect with Danny and the team and to learn more about the event. And, uh, any other, any other resources the team wants to share that, uh, are relevant for this conversation. So thanks everybody. Stay tuned for more.
We'll, uh, see you on the next Brand Story here on ITSP Magazine.
Marco Ciappelli: Thank you, Danny.
Danny Jenkins: Thank you.