Register for Zero Trust World 25!

ThreatLocker Cyber Hero Managed Detection and Response (MDR)

Unleash the full potential of the ThreatLocker® Detect, EDR (formerly known as Ops) solution with managed services from the 24/7/365 ThreatLocker Cyber Hero Team.

What is ThreatLocker Cyber Hero Managed Detection and Response? (CHMDR)

CHMDR is an add-on to ThreatLocker® Detect (formerly known as Ops) that allows organizations to opt for the ThreatLocker Cyber Heroes to monitor and respond to Indicators of Compromise (IoC). When ThreatLocker® Detect, identifies suspicious activity in your environment, the Cyber Hero Team will review the alert to determine if there is a true IoC or a false positive. In the event of a cyber incident, the Cyber Hero will follow the customer's runbook to either isolate or lock down the device and notify the customer. They will be able to identify additional information for the customer, including:

  • What the threat was.
  • How initial access was gained.
  • Where the threat originated.
  • What the threat attempted to do.
  • How the threat was blocked and mitigated.
See ThreatLocker® Detect
Graphic of ThreatLocker Ops Dashboard

Prompt Notifications 24/7/365

The 24/7/365 availability of the ThreatLocker Cyber Hero Team offers around-the-clock Managed Detection and Response (MDR) services to keep organizations secure and alert even outside of standard hours of operation.

The Cyber Hero Team has an average response time of less than 60 seconds. This metric is unique to ThreatLocker and provides a significant advantage when responding to threats. By augmenting the ThreatLocker Zero Trust Endpoint Protection Platform with managed detection and response servers, customers can reduce agent fatigue while hardening their environment to the highest standards, ensuring the mitigation and notification of attempted attacks.


In a live demonstration at Zero Trust World 2024, ThreatLocker showcased the abilities of the Cyber Hero Team in locking down a machine after an attacker connected to a remote server. The attacker tried to run IP scanning tools, created a new admin account, and attempted to disable security tools.

The attacker was challenged with a QR code. When they didn't respond and continued taking additional bad actions, such as attempting to disable ThreatLocker service, the attacker's attempts were thwarted with ThreatLocker default deny, and the machine was locked down. The Cyber Hero Team responded within a minute during the live presentation.

The new additions by ThreatLocker satisfy cyber insurance regulations regarding implementing Zero Trust MDR strategies to prevent modern-day attacks.


Graphic Vector of ThreatLocker Ops Alerts and Detects Feature Icon

Alerts and Detects

Using industry-known indicators of compromise, ThreatLocker® Detect can identify and alert IT professionals that their organization may be under an attempted attack based on customizable thresholds and notification methods.

Graphic Vector of ThreatLocker Ops Respond Feature Icon


Set policies to enable, disable, or create Application Control, Storage Control, or Network Control policies in response to specified observations.

Graphic Vector of ThreatLocker Ops Set Custom Thresholds Feature Icon

Set Custom Thresholds

Policies can be tailored to alert and respond differently based on the threat level to reduce alert fatigue.

Graphic Vector of ThreatLocker Ops Leverage Knowledge feature icon

Leverage Knowledge

IT admins can easily share their own ThreatLocker® Detect policies or “shop” for vetted policies shared by their industry peers and the ThreatLocker team.

More ThreatLocker® Solutions