

ThreatDown MDR
Endpoint-only MDR by Malwarebytes with fully published pricing ($99/endpoint/year for the Elite tier that includes MDR). ThreatDown brand launched November 2023 as the dedicated business product line. Platform-native, requires ThreatDown EDR agent, and covers endpoints only, with no cloud, SaaS, identity, or network monitoring.
Buyer fit
Good fit when
- ✓SMBs and IT-constrained organizations wanting affordable MDR with published pricing
- ✓MSPs wanting channel-first MDR with OneView multi-tenant console and RMM integrations
- ✓Environments prioritizing ransomware protection with 7-day rollback capability
Watch out when
- ×Enterprise organizations needing multi-surface coverage (cloud, SaaS, identity, network)
- ×Organizations wanting vendor-agnostic MDR that works with existing EDR investments
- ×Buyers wanting formal MTTD/MTTR SLA commitments or dedicated analyst support
Coverage
Platform
Additional capabilities
Incident response
Pricing
What costs extra
- –DNS Filtering (Ultimate tier only, $119)
- –Server protection ($129-179/year per server)
- –Mobile protection ($10/device, Android/iOS/ChromeOS)
Cost caveats
- –Endpoint-only coverage, no cloud workload, SaaS, identity, or network monitoring
- –Platform-native lock-in, cannot BYO CrowdStrike, SentinelOne, or Defender
- –No dedicated analyst or account manager, pooled SOC model
Pricing compiled from public sources. Verify directly with the provider.
Team and access
Reputation
G2 4.6/5 (1,074 reviews) with multiple Leader awards (Best ROI, Easiest to Use). Gartner Peer Insights 4.6/5 (904 reviews) for EDR, though MDR-specific reviews are fewer. MRG Effitas EPP Product of the Year 2025. IDC MarketScape 2024: Leader for endpoint security (Small Business). Praised for simplicity and price transparency. Main knock: endpoint-only with platform lock-in.
What customers praise
- ✓Published pricing ($99/endpoint/year for MDR), most vendors require sales calls
- ✓Deploys in minutes with minimal IT involvement
- ✓7-day ransomware rollback and three-level endpoint isolation
Common complaints
- ×Endpoint-only coverage, no cloud, SaaS, identity, or network monitoring
- ×Platform-native lock-in, cannot use with other EDR vendors
- ×Support can be slow per some reviewers, no dedicated analyst
In r/msp, Malwarebytes/ThreatDown is well-regarded as cost-effective SMB endpoint protection but considered less feature-rich than SentinelOne or CrowdStrike for advanced use cases.
Questions to ask
- 1.
What is the actual analyst-to-customer ratio in the SOC?
- 2.
How does the 7-day ransomware rollback work technically, and what are the failure scenarios?
- 3.
What happens if we need IR beyond endpoint isolation, do you have IR partners?
- 4.
What is the upgrade path if we outgrow endpoint-only coverage and need cloud/identity/network monitoring?
Evidence
Sources reviewed
Public-data caveats
- –No public contractual response-time SLA is recorded for this profile.
- –No public breach warranty is recorded.
- –Response authority may depend on pre-approval and contract scope.
Also consider
Information compiled from public sources. Verify details directly with the provider before making decisions.