ThreatLocker: Most Effective Endpoint Security Means Blocking Unneeded Software

CHANNEL PARTNERS CONFERENCE & EXPO/MSP SUMMIT — During his MSP Summit keynote Monday, ThreatLocker’s Danny Jenkins detailed what’s necessary for effective endpoint security.

Jenkins is ThreatLocker‘s co-founder and CEO.

Jenkins talked about how ThreatLocker only allows access to software needed and blocks everything else with its zero trust protection platform.

If one-third of a cybersecurity provider’s employees downloaded something they shouldn’t have, just imagine what could be happening in your organization. This happened at ThreatLocker.

“Now we are a cybersecurity company,” he said. “We do training every single month. We have engineers, we have controls, everything.”

Yet, when Jenkins launched an attack to see how many employees would respond correctly, one-third of them took the bait.

“And some of these guys were engineers who were smart people,” he said. “They just thought oh, Danny asked me to run this. It must be important. The reality is it didn’t run anyway.”

Antivirus, EDR Aren’t Catching All Threats

Antivirus, and endpoint detection and response (EDR) haven’t stopped all threats, Jenkins said.

“Right up to today, we see ransomware constantly,” he said. “And the EDR and antivirus detection is still failing to detect everything that’s bad.”

Software distribution, software vulnerabilities and software supply chain pose three big threats to organizations, Jenkins said.

“The supply chain is becoming a bigger and bigger issue,” he said. “SolarWinds at the end of 2019 was a terrifying experience for the federal government because an attacker had managed to get into SolarWinds Orion source code and embed malicious code. Now at this point, the government is allowing it, they’re trusting it, they’re bringing it into their environment, They’re giving it the highest privilege they can to whoever was using it. And at some point three weeks after it ran the code, it executed this malicious instruction, went out to the internet and got instructions … and pushed out an update to all of their users that had malware in it for weeks.”

Attackers Getting Increasingly Sophisticated

Attackers are getting more and more sophisticated, and they’re going after software companies harder and harder so they can get into your system without you even knowing, Jenkins said.

“Every time we run software on our computer, that software has access to everything that we have access to as a user, whether we’re an admin or not,” he said.

All of these attacks are software based, Jenkins said.

“What is the best way to address them?” he said. “Well, the answer is simple. Just allow the software you need rather than just relying on your antivirus or your EDR to detect everything that’s bad. Just say only allow what I need and block everything else. And that means if someone gets into my remote monitoring and management (RMM), tries to run ransomware … attaches a malware to my Office document, it’s not going to be able to run in the environment.”