CISO Tradecraft®

#211 - Allowlisting and Ringfencing (with Kieran Human)

Dec 16, 2024

Kieran Human, a special project engineer at ThreatLocker with a master's in cybersecurity, shares compelling insights on modern endpoint protection. He explores the evolution from traditional antivirus systems to advanced EDR, revealing the critical role of allowlisting and ring fencing in today's threat landscape. Kieran discusses the limitations of conventional methods against fileless malware and ransomware, emphasizing proactive strategies to safeguard endpoints. Practical tips and real-world experiences highlight how organizations can effectively mitigate cyber risks with ThreatLocker’s innovative solutions.

27:43

Creator website

Episode guests

Kieran Human

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The transition from traditional antivirus to advanced solutions like allowlisting significantly enhances cybersecurity by limiting the execution of unauthorized applications.

Ring fencing provides granular control over approved programs, helping to mitigate risks by preventing exploitation of vulnerabilities within trusted software.

Deep dives

Evolution of Endpoint Protection

The history of endpoint protection began with antivirus software, notably John McAfee's VirusScan in 1987, which laid the foundation for future security measures. The evolution continued with the introduction of tools like Norton Antivirus, which aimed to identify and quarantine malicious software through signature-based detection. While these early tools were effective against the limited malware of the time, the rapid increase in variants led to their inadequacy, necessitating a shift toward more advanced solutions. As cyber threats evolved, the industry recognized the need for dynamic strategies, paving the way for Endpoint Detection and Response (EDR) systems that focused on monitoring and analyzing endpoint activities.

Intro

4min

Evolving Cybersecurity: From Antivirus to EDR

7min

Enhancing Security through Application Allowlisting

8min

Strategies for Combating Fileless Malware and Ransomware

3min

Enhancing Security with ThreatLocker

6min

In this episode of CISO Tradecraft, host G Mark Hardy discusses the history and evolution of endpoint protection with guest Kieran Human from ThreatLocker. Starting from the inception of antivirus software by John McAfee in the late 1980s, the episode delves into the advancements through Endpoint Detection and Response (EDR) and introduces the latest in endpoint security: allowlisting and ring fencing. The conversation highlights the limitations of traditional antivirus and EDR solutions in today's threat landscape, emphasizing the necessity of default-deny approaches to enhance cybersecurity. Kieran explains how ThreatLocker’s allowlisting and ring-fencing capabilities can block unauthorized applications and actions, thus significantly reducing the risk of malware and ransomware attacks. Practical insights, war stories, and deployment strategies are shared to help cybersecurity leaders implement these next-generation tools effectively.

Thank you to our sponsor ThreatLocker

https://hubs.ly/Q02_HRGK0

Transcripts: https://docs.google.com/document/d/1UMrK44ysBjltNkddCkwx9ly6GJ14tIbC

Chapters

00:00 Introduction to Endpoint Protection
00:41 Upcoming Event: CruiseCon 2025
01:18 History of Endpoint Protection
03:34 Evolution of Antivirus to EDR
05:25 Next-Gen Endpoint Protection: Allowlisting
06:44 Guest Introduction: Kieran Human from ThreatLocker
08:06 Benefits of Allowlisting and Ring Fencing
17:14 Challenges and Best Practices
26:19 Conclusion and Call to Action

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

CISO Tradecraft®

#211 - Allowlisting and Ringfencing (with Kieran Human)

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Evolution of Endpoint Protection

Next-Generation Endpoint Protection

The Role of Application Containment

Implementation and Best Practices

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

CISO Tradecraft®

#211 - Allowlisting and Ringfencing (with Kieran Human)

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Evolution of Endpoint Protection

Next-Generation Endpoint Protection

The Role of Application Containment

Implementation and Best Practices

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights