CyberWire Daily

Bear in the network.

May 21, 2025
Rob Allen, Chief Product Officer at ThreatLocker, dives into the concept of zero trust and the deliberate simplicity of fundamental controls. He discusses how token theft and phishing can circumvent traditional security measures like MFA, allowing attackers easy access to critical systems. The conversation also highlights the increasing sophistication of cybercriminal tactics, particularly in targeting logistics and healthcare sectors. Allen underscores the need for organizations to adopt proactive endpoint protection and implement a 'deny by default' approach to enhance cybersecurity.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
INSIGHT

Deny-by-Default Endpoint Security

  • ThreatLocker uses a deny-by-default approach to endpoint security rather than reactive responses.
  • It controls what runs and limits lateral movement by only allowing necessary activities and network connections.
ANECDOTE

Simple Control Beats Complex Malware

  • A sophisticated polymorphic PowerShell reverse shell evaded major EDRs but was blocked by ThreatLocker simply by denying PowerShell internet access.
  • This shows that simple, fundamental controls can stop advanced exploits without behavioral detection.
ADVICE

Allow-Only Necessary Apps

  • Allow only necessary applications and block everything else by default to stop misuse of common programs.
  • Blocking all except required activities simplifies protection without needing to identify every malicious action.
Get the Snipd Podcast app to discover more snips from this episode
Get the app