ITEXPO Keynote Speaker: Only Allow What is Needed and Block Out Everything Else

ITEXPO Keynote Speaker: Only Allow What is Needed and Block Out Everything Else

By Greg Tavarez

Endpoint security is a modern strategy when it comes to cybersecurity. Limiting communication and access from everyone to only those authorized mitigates the risk of viruses and malware attacks.

ThreatLocker, an expert in endpoint security technologies, has a phrase for this strategy: “never trust, always verify.” ThreatLocker keeps this phrase at its core.

Danny Jenkins, CEO and co-founder of ThreatLocker, gave his thoughts on the purpose of endpoint security during a keynote presentation at the ITEXPO in Ft. Lauderdale, Florida. ThreatLocker is a platinum sponsor at the 2023 MSP Expo.

ThreatLocker is known for operating a zero-trust endpoint security platform that assists organizations from businesses to government agencies and academic institutions to stop ransomware and other cyberattacks.

Jenkins talked about the past with security. Anti-virus was comforting for most. People felt protected with it. Then the internet came to fruition. People had the ability to download software. Well, in comes malware. Not only was malware an issue, people also saw each other on the network when dialed up.

“Even with antivirus, which was making feel secure, warm and fuzzy, I was a sitting duck,” said Jenkins.

In 2002, the Baster virus came out and changed the security landscape. It attacked Windows update. That “warm and fuzzy” feeling went away. To mitigate, Microsoft added firewall to Windows XP. The protected feeling came back.

Fastforward to 2017, EternalBlue happened. This made people realize servers didn’t have firewalls. And those servers got hit – hospitals, government agencies and business.

With things like ransomware, trojans, adware, etc., there is a misconception that antivirus, AI and threat hunting – layers and layers and layers of protection – is the right strategy. Those layers are not protecting at all. Here’s how, according to Jenkins: Attackers use an advanced IP scanner and backup software to see through those layers.

Because the items listed above are software, they are distributed through email, messaging apps, attachments and embedded malware, as a few examples. Another way malware and software get distributed is through vulnerabilities. Look at Microsoft “Follina,” a zero-day vulnerability in Windows that was exploited by state-backed hackers.

“When opening a document, Office crashed,” said Jenkins, when describing his experience with Follina. “We waited and waited, then PowerShell launched and downloaded a piece of Malware on the machine.”

So how do MSPs and companies stop attacks? Jenkins said to allow only what is needed and block out everything else.

“The best solution is to allow what you need and block everything else. If someone wants to introduce anything new, they request it and you approve it,” said Jenkins. “You stop ransomware, malware and Shadow IT by only allowing what you need and blocking everything out.”

Just as a side note, Shadow IT is when endpoint users install their own software and download their own apps without being aware of vulnerabilities and patches.

ThreatLocker’s application allowlisting, Ringfencing, storage control, elevation control and endpoint network access control solutions, when combined, provide a more secure approach of blocking the exploits of unknown application vulnerabilities. Ringfencing, for example, reduces the chance of a cyberattack by limiting what applications can do, whether it’s interacting with another application, files, data or the internet.

Jenkins then came full-circle and asked the audience, “what is the purpose of endpoint security?” To stop bad stuff from happening.




Edited by Greg Tavarez
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

SHARE THIS ARTICLE
Related Articles

Shining a Light on the Dark Web: Searchlight Cyber Debuts Comprehensive Hub

By: Greg Tavarez    3/28/2024

The Dark Web Hub is a one-stop shop for crucial context and continuously updated information on dark web marketplaces, ransomware actors, hacking foru…

Read More

Stellar Cyber and Trellix Bridge the Gap in Security Operations

By: Greg Tavarez    3/28/2024

Stellar Cyber announced the integration with Trellix Endpoint Security HX to allow customers to deploy more robust security solutions and improve thei…

Read More

CyberSaint Raises $21M in Series A Funding to Continue Securing its CyberStrong Customers

By: Alex Passett    3/27/2024

CyberSaint announced that it succeeded in a huge $21 million Series A funding round. This was led by Riverside Acceleration Capital (RAC) with other i…

Read More

US Education Receives Security Upgrade with Free Browser Protection Offered by Conceal, Carahsoft

By: Greg Tavarez    3/27/2024

Conceal and Carahsoft recently unveiled an initiative to fortify the cybersecurity infrastructure of U.S. educational institutions.

Read More

Cato's AI Takes Control of Security and Incident Response

By: Greg Tavarez    3/27/2024

With Cato's recently announced Network Stories for Cato XDR, advanced AI algorithms instantly identify outages in customer networks and conduct root c…

Read More