Get a Free Report of the Software Running in Your Environment - Including Risks & Countries of Origin

ThreatLocker® Cyber Hero® Managed Detection and Response (MDR)

Unleash the full potential of the ThreatLocker® Detect EDR (formerly known as Ops) solution with managed services from the 24/7/365 ThreatLocker® Cyber Hero® Team.

What Is ThreatLocker® Cyber Hero® Managed Detection and Response? (Cyber Hero® MDR)

Cyber Hero® MDR is an add-on to ThreatLocker® Detect (formerly known as Ops) that allows organizations to opt for the ThreatLocker® Cyber Hero® Team to monitor and respond to Indicators of Compromise (IoC). When ThreatLocker® Detect identifies suspicious activity in your environment, the Cyber Hero® Team will review the alert to determine if there is a true IoC or a false positive. In the event of a cyber incident, the Cyber Hero® Team will follow the customer's runbook to either isolate or lock down the device and notify the customer. They will be able to identify additional information for the customer, including:

  • What the threat was
  • How initial access was gained
  • Where the threat originated
  • What the threat attempted to do
  • How the threat was blocked and mitigated

Prompt Notifications 24/7/365

The 24/7/365 availability of the ThreatLocker® Cyber Hero® Team offers around-the-clock Managed Detection and Response (MDR) services to keep organizations secure and alert even outside of standard hours of operation.

The Cyber Hero® Team has an average response time of less than 60 seconds. This metric is unique to ThreatLocker® and provides a significant advantage when responding to threats. By augmenting the ThreatLocker® Zero Trust Endpoint Protection Platform with managed detection and response servers, customers can reduce agent fatigue while hardening their environment to the highest standards, ensuring the mitigation and notification of attempted attacks.

Cyber Hero® MDR Demo

In a live demonstration at Zero Trust World 2024, ThreatLocker® showcased the abilities of the Cyber Hero® Team in locking down a machine after an attacker connected to a remote server. The attacker tried to run IP scanning tools, created a new admin account, and attempted to disable security tools.

The attacker was challenged with a QR code. When they didn't respond and continued taking additional bad actions, such as attempting to disable ThreatLocker® service, the attacker's attempts were thwarted with ThreatLocker® default deny, and the machine was locked down. The Cyber Hero® Team responded within a minute during the live presentation.

The new additions by ThreatLocker® satisfy cyber insurance regulations regarding implementing Zero Trust MDR strategies to prevent modern-day attacks.


Alerts and Detects Icon

Alerts and Detects

Using industry-known indicators of compromise, ThreatLocker® Detect can identify and alert IT professionals that their organization may be under an attempted attack based on customizable thresholds and notification methods.

Respond Icon


Set policies to enable, disable, or create Application Control, Storage Control, or Network Control policies in response to specified observations.

Set Custom Thresholds Icon

Custom Thresholds

Policies can be tailored to alert and respond differently based on the threat level to reduce alert fatigue.

Leverage Knowledge Icon

Leverage Knowledge

IT admins can easily share their own ThreatLocker® Detect policies or “shop” for vetted policies shared by their industry peers and the ThreatLocker team.

More ThreatLocker® Solutions

ThreatLocker Network Control logo

Network Control

See Solution
ThreatLocker Elevation Control Logo

Elevation Control

See Solution
ThreatLocker Storage Control Logo

Storage Control

See Solution