Defense in Depth Can You Have a Secure Software Environment Without Traditional Vulnerability Management?
May 8, 2025
Howard Holton, COO at Gigaom, and Rob Allen, Chief Product Officer at ThreatLocker, dive into the intricacies of zero trust and vulnerability management. They discuss the limitations of traditional prevention tools and why adopting a default-deny approach enhances security. The conversation highlights the importance of focusing on the most critical vulnerabilities, complemented by effective exposure management. Hear insights on real-world scenarios, like the PrintNightmare case, illustrating how zero trust can significantly reduce attack risks.
AI Snips
Chapters
Transcript
Episode notes
VM Is Reactive Layer In Defense
- Vulnerability management is largely reactive and never perfect, so organizations are always catching up.
- Howard Holton argues VM is one layer of a layered defense and not mutually exclusive with zero trust.
Assume Software Is Vulnerable
- Rob Allen says assume every software is full of holes and act accordingly.
- That assumption naturally leads to zero trust controls to limit damage when exploits occur.
Deny By Default To Reduce Risk
- Block unknown or unnecessary code from running by default to neutralize many exploit paths.
- Use deny-by-default controls to stop dropped DLLs or remote code execution from succeeding.