ITEXPO Keynote Speaker: Only Allow What is Needed and Block Out Everything Else

ITEXPO Keynote Speaker: Only Allow What is Needed and Block Out Everything Else

By Greg Tavarez

Endpoint security is a modern strategy when it comes to cybersecurity. Limiting communication and access from everyone to only those authorized mitigates the risk of viruses and malware attacks.

ThreatLocker, an expert in endpoint security technologies, has a phrase for this strategy: “never trust, always verify.” ThreatLocker keeps this phrase at its core.

Danny Jenkins, CEO and co-founder of ThreatLocker, gave his thoughts on the purpose of endpoint security during a keynote presentation at the ITEXPO in Ft. Lauderdale, Florida. ThreatLocker is a platinum sponsor at the 2023 MSP Expo.

ThreatLocker is known for operating a zero-trust endpoint security platform that assists organizations from businesses to government agencies and academic institutions to stop ransomware and other cyberattacks.

Jenkins talked about the past with security. Anti-virus was comforting for most. People felt protected with it. Then the internet came to fruition. People had the ability to download software. Well, in comes malware. Not only was malware an issue, people also saw each other on the network when dialed up.

“Even with antivirus, which was making feel secure, warm and fuzzy, I was a sitting duck,” said Jenkins.

In 2002, the Baster virus came out and changed the security landscape. It attacked Windows update. That “warm and fuzzy” feeling went away. To mitigate, Microsoft added firewall to Windows XP. The protected feeling came back.

Fastforward to 2017, EternalBlue happened. This made people realize servers didn’t have firewalls. And those servers got hit – hospitals, government agencies and business.

With things like ransomware, trojans, adware, etc., there is a misconception that antivirus, AI and threat hunting – layers and layers and layers of protection – is the right strategy. Those layers are not protecting at all. Here’s how, according to Jenkins: Attackers use an advanced IP scanner and backup software to see through those layers.

Because the items listed above are software, they are distributed through email, messaging apps, attachments and embedded malware, as a few examples. Another way malware and software get distributed is through vulnerabilities. Look at Microsoft “Follina,” a zero-day vulnerability in Windows that was exploited by state-backed hackers.

“When opening a document, Office crashed,” said Jenkins, when describing his experience with Follina. “We waited and waited, then PowerShell launched and downloaded a piece of Malware on the machine.”

So how do MSPs and companies stop attacks? Jenkins said to allow only what is needed and block out everything else.

“The best solution is to allow what you need and block everything else. If someone wants to introduce anything new, they request it and you approve it,” said Jenkins. “You stop ransomware, malware and Shadow IT by only allowing what you need and blocking everything out.”

Just as a side note, Shadow IT is when endpoint users install their own software and download their own apps without being aware of vulnerabilities and patches.

ThreatLocker’s application allowlisting, Ringfencing, storage control, elevation control and endpoint network access control solutions, when combined, provide a more secure approach of blocking the exploits of unknown application vulnerabilities. Ringfencing, for example, reduces the chance of a cyberattack by limiting what applications can do, whether it’s interacting with another application, files, data or the internet.

Jenkins then came full-circle and asked the audience, “what is the purpose of endpoint security?” To stop bad stuff from happening.

Edited by Greg Tavarez
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

Related Articles

Expereo Chosen to Drive Global Connectivity for Carlsberg Group

By: Stefania Viscusi    12/7/2023

Brewery conglomerate Carlsberg Group has chosen intelligent internet company Expereo to help with its digital transformation.

Read More

CrowdStrike Brings AI-Driven Cybersecurity to Amazon Business

By: Stefania Viscusi    12/7/2023

CrowdStrike announced that it has officially launched its AI-powered cybersecurity solution, CrowdStrike Falcon Go, on Amazon Business.

Read More

Sotera SecurePhone, Powered by MetTel, Introduces Ultra-Secure Communication in Government and Enterprise Domains

By: Greg Tavarez    12/7/2023

The Sotera SecurePhone joins a growing, robust line-up of security offerings from MetTel that include a range of network and endpoint-based solutions.

Read More

CyberArk Introduces Enhanced Passkeys Authentication

By: Stefania Viscusi    12/6/2023

Identity security company CyberArk has announced a significant step in enhancing the passwordless authentication experience by introducing new passkey…

Read More

Telstra International's Global Managed Security Solutions Powered Up through Netskope Partnership

By: Greg Tavarez    12/6/2023

The expanded partnership between Telstra International and Netskope lets Telstra provide organizations worldwide with a comprehensive managed solution…

Read More