#211 - Allowlisting and Ringfencing (with Kieran Human)

5 snips

Dec 16, 2024

Kieran Human, a special project engineer at ThreatLocker with a master's in cybersecurity, shares compelling insights on modern endpoint protection. He explores the evolution from traditional antivirus systems to advanced EDR, revealing the critical role of allowlisting and ring fencing in today's threat landscape. Kieran discusses the limitations of conventional methods against fileless malware and ransomware, emphasizing proactive strategies to safeguard endpoints. Practical tips and real-world experiences highlight how organizations can effectively mitigate cyber risks with ThreatLocker’s innovative solutions.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ANECDOTE

Early Antivirus

In 1987, John McAfee founded McAfee and released VirusScan, the first antivirus software.
Early antivirus software displayed a running count of prevented viruses, similar to how a Howard Johnson's restaurant once advertised its limited ice cream flavors.

INSIGHT

Polymorphic Viruses

Early antivirus software relied on signature-based detection, which became ineffective against polymorphic viruses.
Polymorphic viruses could change their structure, making signature-based detection computationally infeasible.

INSIGHT

Allowlisting Advantages

Allowlisting offers a more secure approach compared to traditional antivirus and EDR solutions.
It operates on a default-deny principle, permitting only approved applications to run.

Get the Snipd Podcast app to discover more snips from this episode

Get the app