Endpoint is the path of least resistance, says Threatlocker

Penny Horwood
clock • 2 min read
Seamus Lennon
Image:

Seamus Lennon

IT Leaders Summit debates the true purpose of endpoint security.

At the Computing IT Leaders Summit, an audience of some of the UKs top CIOs gathered to listen to experts drawn from a broad range of disciplines and backgrounds. One of these was Seamus Lennon, Senior Solutions Engineer from zero trust endpoint protection platform ThreatLocker, who delivered a talk on the purpose of endpoint security.

Lennon began with a reminder of what exactly zero trust is because misconceptions are still commonplace. For the record zero trust essentially assumes a breach is imminent or has already occurred therefore security architecture should work on a least privilege basis. Every user should have access to only the applications that they specifically need to do their job.

The problem is that in many organisations, cybersecurity teams are juggling a raft of tools to detect, block, manage and mitigate threats but whilst these are all effective to some extent against known threats, they become much less so for new ones. Crucially they struggle to tell the difference between legitimate software and the malicious type. Applications like PowerShell can be used legitimately for the purposes it was developed for - or it can be used to run malicious activity. The fact remains that every time a user opens a piece of software - knowingly or not - that software can access everything the user can. As Lennon said:

The path of least resistance is not the infrastructure and it's not your end users. It's the endpoint"

Lennon also raised the possibility that increased levels of home working are being exploited by criminals who are using the greater connectivity of our homes as attack vectors. The message for employers is to be wary of your employees' smart doorbells because they represent the path of least resistance.

One particularly sobering statistic delivered by Lennon is the fact that 87% of ransomware attacks utilise PowerShell.

A crucial aspect of zero trust is ring fencing. Applications like PowerShell should be ringfenced and prevented from accessing files, folders and the internet. This prevents the downloading and execution of malicious code. It also prevents data exfiltration which is one of the cyber criminals more recent weapons of choice.

ThreatLocker present defence as a triangle, with the first two sides concerning the education of users and traditional threat detection. Both of these are necessary but also fallible (yes, even if you use heuristic or AI powered threat detection) ThreatLocker beefs up the third side of the triangle - which is control.

That control compromises six parts - ringfencing, application allowlisting, elevation control, storage control , network access control and managing user configurations.

 

 

 

 

 

 

You may also like
Hackers launch brute-force attacks on business VPNs and more

Threats and Risks

The attacks rely on trial-and-error attempts to crack login credentials

clock 18 April 2024 • 2 min read
Last chance to register for Cybersecurity Festival 2024

Security

Book your free place today

clock 18 April 2024 • 2 min read
Interview: Illumio, Security Excellence Awards finalist

Security

'We are one team, delivering one platform, on one mission to ensure that organisations can realise a future without any high-profile breaches'

clock 17 April 2024 • 5 min read
Penny Horwood
Author spotlight

Penny Horwood

Associate Editor focusing on diversity in tech and sustainability content.

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security Technology

Qualys announces service to help organisations comply with UK NCSC cyber guidance

Qualys announces service to help organisations comply with UK NCSC cyber guidance

NCSC advises patching window of 5-7 days; UK currently stands at 15-17 days MTTR.

John Leonard
clock 17 April 2024 • 3 min read
Checkmarx: 'It's very difficult for CISOs to know how to safely incorporate genAI'

Checkmarx: 'It's very difficult for CISOs to know how to safely incorporate genAI'

'It’s an unfortunate reality that developers have not traditionally been big fans of security'

clock 26 March 2024 • 5 min read
UK's biometrics commissioners steps down, signalling missteps

UK's biometrics commissioners steps down, signalling missteps

Home Office is ignoring new technologies

Muskan Arora
clock 31 January 2024 • 4 min read