ThreatLocker Unveils Massive Product Expansion: Patch Management, Web Filtering, User Store

The cybersecurity vendor also debuted new data insights and cloud control capabilities during its Zero Trust World 2025 conference.

ThreatLocker debuted an array of new offerings Thursday that represents a major expansion into several key security and IT categories, with an emphasis on providing increased simplification and reduced friction for MSPs, according to ThreatLocker Co-Founder and CEO Danny Jenkins.

The announcements by ThreatLocker included new products and capabilities in patch management, web filtering and cloud control. The vendor also unveiled its User Store — where employees can access pre-approved applications and browser extensions — as well as its new ThreatLocker Insights data analytics offering.

The product launches came during ThreatLocker’s Zero Trust World 2025 in Orlando and were applauded by solution and service provider partners who spoke with CRN.

During the announcement Thursday, Jenkins (pictured) said the vendor is both giving MSPs an opportunity to get more capabilities from ThreatLocker while also making existing products better with predictive capabilities from Insights.

“Our job is to make your life easier,” he said during the product unveiling. “You need to make decisions faster, quicker.”

Insights — which took five years to build, Jenkins said — can tell MSPs exactly which applications are running on which devices, as well as all dependencies of those apps.

“We need this to be able to better identify threats [and] better predict whitelisting and ringfencing policies,” he said. “So we created this central brain where all of the insights [can] go into.”

In an expansion into a major new category, ThreatLocker unveiled its patch management offering that focuses on showing where an organization may be missing software updates, Chief Product Officer Rob Allen said during the keynote session.

This can include revealing which machines have not been patched and which applications are missing crucial updates, Allen said.

The result is that ThreatLocker can also enable partners and customers to build better policies for patching, he said. The company is currently supporting 30 applications with its patch management offering and is expecting to support 100 apps by the end of April, according to Allen.

The launch looks like it will be a major win for the many MSPs who are frustrated with the shortcomings of existing tools for managing constant software updates, said Ken George, president and founder at NetSmart, a Cary, N.C.-based MSP.

The fact that ThreatLocker is offering patch management in this way means that “they've tested [each update] and it's going to work. And that's what we don't have right now,” George told CRN. “We don't have anything to do patch management that's completely reliable.”

In other words, “this is a huge deal,” he said.

Another new offering from the vendor, ThreatLocker Web Control, brings the company into the critical web filtering segment — and aims to make it easier for organizations to tackle vexing issues such as shadow IT, Jenkins said during the session Thursday.

Organizations will be able to build predefined categories — such as for project management tools or cloud storage, for instance — that are allowed for certain groups or individuals, or across the organization, he said.

“You can very carefully define what you want from a web filtering point of view,” Jenkins said.

Similarly, the ThreatLocker User Store provides the ability for organizations to avoid having to answer approval requests for pre-sanctioned apps. And that, Allen said, “is going to take a lot of the friction away and take a lot of work away from the busy [teams].

“So you can basically just create your policy and say, ‘Look, these are the things that you need. These are the approved applications within our environment,’” he said. “And the users won't be confused anymore.”

Meanwhile, with the debut of its new Cloud Control offering, ThreatLocker is seeking to further cut down on the manual effort for MSPs and IT teams while improving security, Jenkins said. Instead of workers having to inform the IT team when they will be travelling, this can be done by automatically pulling IP addresses from their devices to determine where the person is located, he said.

At the same time, “if somebody phishes your credentials [or] someone steals your token, it's useless,” Jenkins said.

Cloud Control will initially be available for Microsoft 365 accounts, and will soon be expanded to cover G Suite, AWS and GitHub accounts, as well, he said.

It’s clear that ThreatLocker is continuing to evolve into a broader platform for MSPs, which is welcome news given the vendor’s strong reputation in its existing categories, said Art Ocain, vice president of incident response and disaster recovery at Lewisburg, Pa.-based Airiam.

“I think that ThreatLocker is slowly going to be able to replace other tools that MSPs are using,” Ocain said.

Ultimately, MSPs ought to seriously consider if ThreatLocker might also be a fit in these newer segments such as patch management and web filtering, given the vendor’s track record so far, he said. “I'd encourage companies to look at ThreatLocker before signing your three-year renewal [with other vendors].”