ITEXPO Keynote Speaker: Only Allow What is Needed and Block Out Everything Else

ITEXPO Keynote Speaker: Only Allow What is Needed and Block Out Everything Else

By Greg Tavarez

Endpoint security is a modern strategy when it comes to cybersecurity. Limiting communication and access from everyone to only those authorized mitigates the risk of viruses and malware attacks.

ThreatLocker, an expert in endpoint security technologies, has a phrase for this strategy: “never trust, always verify.” ThreatLocker keeps this phrase at its core.

Danny Jenkins, CEO and co-founder of ThreatLocker, gave his thoughts on the purpose of endpoint security during a keynote presentation at the ITEXPO in Ft. Lauderdale, Florida. ThreatLocker is a platinum sponsor at the 2023 MSP Expo.

ThreatLocker is known for operating a zero-trust endpoint security platform that assists organizations from businesses to government agencies and academic institutions to stop ransomware and other cyberattacks.

Jenkins talked about the past with security. Anti-virus was comforting for most. People felt protected with it. Then the internet came to fruition. People had the ability to download software. Well, in comes malware. Not only was malware an issue, people also saw each other on the network when dialed up.

“Even with antivirus, which was making feel secure, warm and fuzzy, I was a sitting duck,” said Jenkins.

In 2002, the Baster virus came out and changed the security landscape. It attacked Windows update. That “warm and fuzzy” feeling went away. To mitigate, Microsoft added firewall to Windows XP. The protected feeling came back.

Fastforward to 2017, EternalBlue happened. This made people realize servers didn’t have firewalls. And those servers got hit – hospitals, government agencies and business.

With things like ransomware, trojans, adware, etc., there is a misconception that antivirus, AI and threat hunting – layers and layers and layers of protection – is the right strategy. Those layers are not protecting at all. Here’s how, according to Jenkins: Attackers use an advanced IP scanner and backup software to see through those layers.

Because the items listed above are software, they are distributed through email, messaging apps, attachments and embedded malware, as a few examples. Another way malware and software get distributed is through vulnerabilities. Look at Microsoft “Follina,” a zero-day vulnerability in Windows that was exploited by state-backed hackers.

“When opening a document, Office crashed,” said Jenkins, when describing his experience with Follina. “We waited and waited, then PowerShell launched and downloaded a piece of Malware on the machine.”

So how do MSPs and companies stop attacks? Jenkins said to allow only what is needed and block out everything else.

“The best solution is to allow what you need and block everything else. If someone wants to introduce anything new, they request it and you approve it,” said Jenkins. “You stop ransomware, malware and Shadow IT by only allowing what you need and blocking everything out.”

Just as a side note, Shadow IT is when endpoint users install their own software and download their own apps without being aware of vulnerabilities and patches.

ThreatLocker’s application allowlisting, Ringfencing, storage control, elevation control and endpoint network access control solutions, when combined, provide a more secure approach of blocking the exploits of unknown application vulnerabilities. Ringfencing, for example, reduces the chance of a cyberattack by limiting what applications can do, whether it’s interacting with another application, files, data or the internet.

Jenkins then came full-circle and asked the audience, “what is the purpose of endpoint security?” To stop bad stuff from happening.

Edited by Greg Tavarez
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

Related Articles

ICYMI: What's Happening in the MSP Industry?

By: Greg Tavarez    7/19/2024

Here are a few articles compiled into one for readers interested in developments around the MSP space.

Read More

Global Microsoft Outage Linked to CrowdStrike: What Happened, and What's Next

By: Alex Passett    7/19/2024

A massive global Microsoft outage has reportedly stemmed from a misconfigured update from cybersecurity company CrowdStrike.

Read More

MSPs: When is it Time to Evolve Your Brand, Positioning, and Marketing?

By: Contributing Writer    7/18/2024

From the rise of AI to the increase in cyber attacks and the shift to hybrid offices, dynamic forces are driving stronger demand for managed services.…

Read More

Assuring Top-Notch Cybersecurity: Assura and Stellar Cyber Announce New Partnership

By: Alex Passett    7/18/2024

Assura, Inc. and Stellar Cyber have announced a strategic partnership aimed at bolstering both offensive and defensive cybersecurity capabilities for …

Read More

Unveiling Seismic LLC's Unique Value Proposition: An Interview with Richard Cabelo

By: Rich Tehrani    7/18/2024

Seismic is distinctively purpose-built to empower MSPs, VARs, integrators, OEMs, and distributors with the resources and agility needed to achieve bes…

Read More