ThreatLocker
Cyber Hero MDR
Unmatched price-to-value ratio for Zero Trust MDR. The $2-5/user pricing with 60-second response time makes it the most affordable MDR option, ideal for MSPs and SMBs already using or willing to adopt ThreatLocker.
Best For / Not Ideal For
Ideal for
- +MSPs seeking affordable MDR to layer on client environments
- +SMBs needing Zero Trust with 24/7 monitoring at low cost
- +Organizations prioritizing application allowlisting as primary defense
- +Companies wanting US-based SOC with fast response times
Not ideal for
- −Enterprises needing deep threat hunting capabilities
- −Organizations with non-Windows-heavy environments
- −Companies wanting vendor-agnostic MDR across multiple EDR platforms
- −Teams needing built-in incident response and forensics
What They Actually Do
Approval: Configurable — You choose which actions need approval
Incident Response: Separate retainer required
Response SLA: 60-second average response time
Cyber Hero Team follows customer runbooks to isolate or lock down devices and notify customers. Can implement advanced lockdown stopping all software and network traffic. 60-second average response time. Customers elect response actions (isolate computers, isolate networks).
Stack Compatibility
EDR
SIEM
Cloud
Ticketing
Other Integrations
Attack Surface Coverage
Endpoint
included
Cloud Workloads
Limited
SaaS Apps
included
Identity
included
Network
Limited
OT/ICS
Contact
Pricing & Total Cost
- Pricing Model
- Per-user per-month tiered pricing
- Price Range
- $2-$5 per user per month for MDR add-on
What costs extra
- $ThreatLocker platform license required separately
- $Detect EDR license required as prerequisite
- $Additional modules (Cloud Control, Elevation Control) sold separately
Hidden cost warnings
- Warning:MDR price is add-on to ThreatLocker platform costs
- Warning:Requires full ThreatLocker Detect EDR deployment first
- Warning:No standalone MDR without ThreatLocker ecosystem
✓Trial available (30-day free trial of ThreatLocker platform)
✓Proof of Value available
Service Details
Contract Terms
Contact for specifics
Data Retention
Contact for specifics
Dedicated Analyst
Yes
Portal Access
Yes
Custom Reporting
Yes
Quarterly Reviews
No
Communication & Visibility
Communication Channels
Escalation Method
Cyber Hero Team notifies via customer-configured channels; follows predefined runbooks for response actions
Data Access
Dashboard Access
Visual dashboards but no raw log queries
What to Ask ThreatLocker
Based on common blind spots and real-world evaluation patterns
- 1.
What is the total cost including ThreatLocker platform license plus MDR add-on?
- 2.
How does Cyber Hero handle incidents that require actions beyond endpoint isolation?
- 3.
What is the tuning timeline for allowlisting to reach stable state in our environment?
- 4.
Can you provide the runbook customization process and turnaround time?
- 5.
What happens to our allowlisting policies and data if we leave ThreatLocker?
- 6.
How does the MDR handle macOS and Linux endpoints vs. Windows?
- 7.
What is the escalation path for incidents requiring forensic investigation?
Compare With Similar Providers
Browse Related
Information compiled from public sources. Verify details directly with the provider before making decisions.