Endpoint is the path of least resistance, says Threatlocker

Penny Horwood
clock • 2 min read
Seamus Lennon
Image:

Seamus Lennon

IT Leaders Summit debates the true purpose of endpoint security.

At the Computing IT Leaders Summit, an audience of some of the UKs top CIOs gathered to listen to experts drawn from a broad range of disciplines and backgrounds. One of these was Seamus Lennon, Senior Solutions Engineer from zero trust endpoint protection platform ThreatLocker, who delivered a talk on the purpose of endpoint security.

Lennon began with a reminder of what exactly zero trust is because misconceptions are still commonplace. For the record zero trust essentially assumes a breach is imminent or has already occurred therefore security architecture should work on a least privilege basis. Every user should have access to only the applications that they specifically need to do their job.

The problem is that in many organisations, cybersecurity teams are juggling a raft of tools to detect, block, manage and mitigate threats but whilst these are all effective to some extent against known threats, they become much less so for new ones. Crucially they struggle to tell the difference between legitimate software and the malicious type. Applications like PowerShell can be used legitimately for the purposes it was developed for - or it can be used to run malicious activity. The fact remains that every time a user opens a piece of software - knowingly or not - that software can access everything the user can. As Lennon said:

The path of least resistance is not the infrastructure and it's not your end users. It's the endpoint"

Lennon also raised the possibility that increased levels of home working are being exploited by criminals who are using the greater connectivity of our homes as attack vectors. The message for employers is to be wary of your employees' smart doorbells because they represent the path of least resistance.

One particularly sobering statistic delivered by Lennon is the fact that 87% of ransomware attacks utilise PowerShell.

A crucial aspect of zero trust is ring fencing. Applications like PowerShell should be ringfenced and prevented from accessing files, folders and the internet. This prevents the downloading and execution of malicious code. It also prevents data exfiltration which is one of the cyber criminals more recent weapons of choice.

ThreatLocker present defence as a triangle, with the first two sides concerning the education of users and traditional threat detection. Both of these are necessary but also fallible (yes, even if you use heuristic or AI powered threat detection) ThreatLocker beefs up the third side of the triangle - which is control.

That control compromises six parts - ringfencing, application allowlisting, elevation control, storage control , network access control and managing user configurations.

 

 

 

 

 

 

You may also like
Vinted's stylish security: Navigating fashion-tech fusion

Cloud and Infrastructure

Turning to open source to address containers and microservices

clock 07 December 2023 • 4 min read
Data breach affects nearly 7 million 23andMe profiles

Hacking

Data including family trees and birth years have been stolen

clock 05 December 2023 • 2 min read
The Sellafield site in Cumbria, formerly known as Windscale

Hacking

Report alleged Sellafield IT systems were attacked by hacking groups linked to Russia and China

clock 05 December 2023 • 2 min read
Penny Horwood
Author spotlight

Penny Horwood

Associate Editor focusing on diversity in tech and sustainability content.

Upcoming events

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security Technology

GitHub announces passwordless authentication trial

GitHub announces passwordless authentication trial

The trial can be considered a milestone in the long demise of passwords

Penny Horwood
clock 13 July 2023 • 2 min read
Generative AI is still at an infantile level when it comes to technical issues

We tried ChatGPT for vulnerability fixes. Most flaws are too complex for generative AI alone

An experiment with ChatGPT 3.5 found that 80% of code fixes were unusable or introduced new vulnerabilities

clock 12 July 2023 • 4 min read
Pete Bowers, COO, NormCyber

Interview: NormCyber, Security Excellence Awards winner

'We aim to make every day on the cybersecurity front reassuringly dull for our customers!'

clock 25 June 2023 • 5 min read