The most valuable aspect was the ease of onboarding the product, considering that we were already users of other products in ThreatLocker's line, that made it much simpler than a third-party MDR, which we had experience with and found difficulty in keeping the rules well defined to avoid false positive calls for our clients in the middle of the night, suspecting something may be happening. It took a little adjustment period with ThreatLocker Cyber Hero MDR, but that adjustment period was 10% of the amount of time we spent with other MDR and EDR products, getting them tuned well enough to where we were not getting the false positives that we experienced with other products. The obvious benefits of using ThreatLocker Cyber Hero MDR include the incredible response that we get from the Cyber Heroes. If something is happening in the environment that is even a little suspicious, we will get a call twenty-four seven if that's what we elect to have happen, and we can also elect to have them take action, such as isolating computers or isolating networks. Knowing that they will respond that way, along with the power of the other components of ThreatLocker behind them, allows us to sleep much more easily at night. ThreatLocker Cyber Hero MDR has absolutely reduced our time to detect anything malicious or potentially malicious. In the past year since we've been using ThreatLocker Cyber Hero MDR, we have received calls about potential malicious activity, and that potential malicious activity is usually detected in under a minute. We see calls come from the time something potentially occurs to us answering a call in less than five minutes. During that time span, had we directed the ThreatLocker Cyber Hero MDR team to do so, we could have completely isolated the entire network or those endpoints if it wasn't already in our playbook with them. This is not something we experienced with other products we've used in the past, and we find it much more helpful, allowing us and our clients to sleep better at night. ThreatLocker Cyber Hero MDR has so far eliminated our need to remediate much of anything. In the very beginning, there were plenty of instances where we had tools that were completely our fault, like IP scanners that we had used in the normal course of doing things. Upon deploying the MDR, those things were immediately detected and reported to us. I specifically took action to ensure those tools were removed from the environments because that's the proper thing to do. Since then, there has really been nothing to remediate. The only thing we've really been remediating is what I've referred to earlier—the fine-tuning of setting up the MDR to remediate false positives. So far, there hasn't been anything to remediate, and I think that’s a testament to the product and the setup of the other components within it for our clients. Regarding our security posture, it has definitely improved since adopting ThreatLocker Cyber Hero MDR. We did not have our own SOC to monitor those things, which is why we've always used an EDR or MDR product on behalf of our clients. Now, having transitioned from those products of the past to ThreatLocker Cyber Hero MDR, we are getting the alerts and calls we need, and we end up fine-tuning our policies simply to reduce false positives because nearly everything else is stopped at the door. We can tell a client that we have not had any incidents whatsoever since adopting this product, and it is clear that things are immediately stopped at the door before anything can even start. Even when something never got started, we can say that the beginning was detected and forwarded, sending a powerful message to clients who are concerned about their security posture and putting us in a better position to protect them.
