Rob Allen, Chief Product Officer at ThreatLocker and an expert in endpoint protection, dives into the company's zero-trust approach to cybersecurity. He explains their unique 'deny by default' methodology that simplifies allowlisting and boosts security. Rob discusses innovative features like ring-fencing to prevent unauthorized access and the advanced Cloud Detect for monitoring platforms like Office 365. He also shares insights on managing software updates during critical periods and the importance of proactive threat detection.
32:18
forum Ask episode
web_stories AI Snips
view_agenda Chapters
auto_awesome Transcript
info_circle Episode notes
insights INSIGHT
Zero Trust Approach
ThreatLocker uses a deny-by-default, permit-by-exception approach.
This contrasts with most cybersecurity tools, which allow everything except known bad actors.
insights INSIGHT
Automated Allow Listing
ThreatLocker automates application learning and maintains definitions for over 4,000 applications.
This simplifies allow listing and handles software updates, traditionally a hurdle in this approach.
question_answer ANECDOTE
Patch Tuesday Incident
Rob Allen accidentally had files blocked after updating his machine on Patch Tuesday.
This highlights the rare but potential issue of updates occurring before ThreatLocker can process them.
Get the Snipd Podcast app to discover more snips from this episode
In this conversation, I speak with Rob Allen, Chief Product Officer at ThreatLocker.
We talk about:
ThreatLocker’s Unique Zero Trust Approach to Cybersecurity: How ThreatLocker’s "deny by default, permit by exception" methodology, along with automated application learning and built-in definitions for over 4,000 applications, simplifies allowlisting and enhances endpoint security.
Innovations in ThreatLocker’s Control Features: How ThreatLocker’s ringfencing prevents unauthorized application interactions and data access, and dynamic firewalls mitigate risks like lateral movement and ransomware attacks through endpoint-level network segmentation.
Recent Developments and Cloud Expansion: How ThreatLocker Detect and Cloud Detect provide advanced detection capabilities for endpoint and cloud environments, including Office 365, enabling anomaly detection, centralized alerts, and proactive threat management.
And more.
Into (00:00:00) ThreatLocker's Zero Trust Cybersecurity Approach (00:00:31) Understanding Allow Listing in Cybersecurity (00:01:49) Managing Software Updates with ThreatLocker (00:02:13) Automated Application Updates for Over 4000 Programs (00:04:11) Vendor Collaboration for Early Software Updates (00:05:40) Challenges and Risks of Immediate Software Updates (00:06:53) Assuming Breach: A Core Cybersecurity Principle (00:08:10) Implementing Zero Trust Strategies with Ring Fencing (00:09:30) Controlling Application Interactions to Prevent Threats (00:09:50) Advanced Data Protection with Storage Control (00:13:17) Dynamic ACLs for Smarter Network Control (00:15:48) Ransomware Risks from Open Ports (00:16:50) Using Shodan to Identify Open Port Vulnerabilities (00:17:19) Building Application Allow Lists with Contextual Data (00:18:43) Learning Mode for Application and Traffic Visibility (00:19:36) Balancing User Behavior Control and Workflow (00:20:44) Integrating Detection and Control with ThreatLocker Detect (00:21:44) Why Detection is Critical in Cybersecurity Layers (00:22:41) Response Mechanisms and Automated Remediation (00:24:02) Lockdown Mode: Ultimate Isolation from Threats (00:25:38) Streamlined Application Approvals with Cyber Hero (00:26:36) Breaking Down Ransomware Attack Stages (00:27:46) Introducing Cloud Detect for Cloud Security (00:29:39) How to Learn More About ThreatLocker Solutions (00:30:47)
Unsupervised Learning