TubbTalk 106: Application Whitelisting, Cybersecurity and Ringfencing

An Interview with Ben Jenkins

Ben Jenkins is the Senior Solutions Engineer at ThreatLocker. ThreatLocker is an application whitelisting, ring-fencing and data storage control platform. It protects businesses from cybersecurity attacks, malicious and misuse software.

What Does ThreatLocker Offer for Cybersecurity?

Threatlocker is a zero-trust endpoint security solution. Ben says it protects all your endpoints against cyber threats through four main components. First, whitelisting apps and denying anything not on the list.

Second, ring-fencing to prevent apps from running or accessing the internet or other apps. Then, they remove local admin rights from users to stop them running apps. Finally, the storage control option blocks USBs and locks down network shares.

Not clear what application whitelisting means? This article might help!

 Zero Trust in Cybersecurity

Zero Trust is a bit of a buzzword in the IT industry at the moment, but what does it mean? Ben explains that: “In its simplest form, it’s about providing users’ applications across your network with least privilege released access.

“This limits the amount of system damage. It’s an extension that takes away local admin rights for users and locks down your applications. The solutions ThreatLocker implements are based on a zero-trust stack.”

How to Deploy ThreatLocker for Better Cybersecurity

ThreatLocker is designed to be simple for MSPs to use. You can deploy from your own RMM (most are already integrated). Or you can deploy with GPO. Then, ThreatLocker looks at the sites in the RMM and creates sub-organisations in your personal portal.

Therefore, an MSP can manage all their clients’ systems in a single pane of glass. You can apply certain policies across every client, or select. You can have global settings across all machines or on different web browsers, and set and forget it.

Integrations with Other Tools

ThreatLocker integrates with ConnectWise, Kaseya and Datto PSAs and RMMs, as well as Splunk. And Ben says they’re currently building a Slack integration. Plus, they have AD integrations.

“The great thing about ThreatLocker is we are a very nimble company. So, if there is integration that people want, we’re more than happy to build it. We’re constantly adapting. And one of our core products came about from product feedback from users asking for a solution.”

What is Elevation Control?

Elevation control is a way for MSPs to deal with employees from a client company asking for the administrator password. Ben says that this usually happens because they want to install or update an application.

“We enable the MSP to take away local admin credentials and allow your user to only run certain applications as an administrator. But now there is an inherent issue here because of a cyber-attack called application hopping.

“This allows a hacker to use admin credentials from one application onto another. It’s obviously a bug, which is why our ring-fencing locks all the other applications. It prevents those attacks.”

How Data Storage Control Prevents Cybersecurity Threats

Data storage control is about locking down your storage so that it cannot be exfiltrated, leaked, or stolen. “Say you run Chrome; it has the same access to data that a user has. You don’t really want that.

“If any of the applications you use for a niche purpose has a hole that’s not patched or can be exploited, someone else can get in and steal your data. So ThreatLocker locks down network shares, local files and folders, including sync folders.

“What else needs access to your system? Your backup solution, and that’s about it. Lock the data first and grant access only to certain applications. This is a good way to reduce the risk of ransomware – if anything gets in, it will encrypt everything it can access and then ask for money to release it.”

How to Connect with Ben Jenkins

• ThreatLocker
• Follow ThreatLocker on Twitter
• Connect with Ben on LinkedIn

How to Connect with Me

• Subscribe, rate and review TubbTalk in iTunes
• Subscribe, rate and review TubbTalk on Stitcher Radio
• Subscribe and rate TubbTalk on Spotify
• Follow TubbTalk on iHeartRadio
• Follow @tubblog on Twitter

Mentioned in This Episode

• Slack
• Splunk
• AppBlock for Android
• Freedom for iOS
• RSS Feed Reader: Pocket
• Backup Tool: Veeam
• Channel E2E
• The Register
• The Verge
• The Bleeping Computer
• MSP sub-Reddit

You Might Also be Interested in

• Podcast: How MSPs can Adapt to Emerging Cybersecurity Threats for Better Customer Support
• Why Your MSP Business Should Offer Offsite Data Backup to Clients
• National Computer Security Day: How to Keep Your MSP Clients Safe

You might like: