Endpoint security is a modern strategy when it comes to cybersecurity. Limiting communication and access from everyone to only those authorized mitigates the risk of viruses and malware attacks.
ThreatLocker, an expert in endpoint security technologies, has a phrase for this strategy: “never trust, always verify.” ThreatLocker keeps this phrase at its core.
Danny Jenkins, CEO and co-founder of ThreatLocker, gave his thoughts on the purpose of endpoint security during a keynote presentation at the ITEXPO in Ft. Lauderdale, Florida. ThreatLocker is a platinum sponsor at the 2023 MSP Expo.
ThreatLocker is known for operating a zero-trust endpoint security platform that assists organizations from businesses to government agencies and academic institutions to stop ransomware and other cyberattacks.
Jenkins talked about the past with security. Anti-virus was comforting for most. People felt protected with it. Then the internet came to fruition. People had the ability to download software. Well, in comes malware. Not only was malware an issue, people also saw each other on the network when dialed up.
“Even with antivirus, which was making feel secure, warm and fuzzy, I was a sitting duck,” said Jenkins.
In 2002, the Baster virus came out and changed the security landscape. It attacked Windows update. That “warm and fuzzy” feeling went away. To mitigate, Microsoft added firewall to Windows XP. The protected feeling came back.
Fastforward to 2017, EternalBlue happened. This made people realize servers didn’t have firewalls. And those servers got hit – hospitals, government agencies and business.
With things like ransomware, trojans, adware, etc., there is a misconception that antivirus, AI and threat hunting – layers and layers and layers of protection – is the right strategy. Those layers are not protecting at all. Here’s how, according to Jenkins: Attackers use an advanced IP scanner and backup software to see through those layers.
Because the items listed above are software, they are distributed through email, messaging apps, attachments and embedded malware, as a few examples. Another way malware and software get distributed is through vulnerabilities. Look at Microsoft “Follina,” a zero-day vulnerability in Windows that was exploited by state-backed hackers.
“When opening a document, Office crashed,” said Jenkins, when describing his experience with Follina. “We waited and waited, then PowerShell launched and downloaded a piece of Malware on the machine.”
So how do MSPs and companies stop attacks? Jenkins said to allow only what is needed and block out everything else.
“The best solution is to allow what you need and block everything else. If someone wants to introduce anything new, they request it and you approve it,” said Jenkins. “You stop ransomware, malware and Shadow IT by only allowing what you need and blocking everything out.”
Just as a side note, Shadow IT is when endpoint users install their own software and download their own apps without being aware of vulnerabilities and patches.
ThreatLocker’s application allowlisting, Ringfencing, storage control, elevation control and endpoint network access control solutions, when combined, provide a more secure approach of blocking the exploits of unknown application vulnerabilities. Ringfencing, for example, reduces the chance of a cyberattack by limiting what applications can do, whether it’s interacting with another application, files, data or the internet.
Jenkins then came full-circle and asked the audience, “what is the purpose of endpoint security?” To stop bad stuff from happening.
Edited by Greg Tavarez