TubbTalk 106: Application Whitelisting and Ringfencing

cybersecurity

An Interview with Ben Jenkins

Ben Jenkins is the Senior Solutions Engineer at ThreatLocker. ThreatLocker is an application whitelisting, ring-fencing and data storage control platform. It protects businesses from cybersecurity attacks, malicious and misuse software.

What Does ThreatLocker Offer for Cybersecurity?

Threatlocker is a zero-trust endpoint security solution. Ben says it protects all your endpoints against cyber threats through four main components. First, whitelisting apps and denying anything not on the list.

Second, ring-fencing to prevent apps from running or accessing the internet or other apps. Then, they remove local admin rights from users to stop them running apps. Finally, the storage control option blocks USBs and locks down network shares.

Not clear what application whitelisting means? This article might help!

 Zero Trust in Cybersecurity

Zero Trust is a bit of a buzzword in the IT industry at the moment, but what does it mean? Ben explains that: “In its simplest form, it’s about providing users’ applications across your network with least privilege released access.

“This limits the amount of system damage. It’s an extension that takes away local admin rights for users and locks down your applications. The solutions ThreatLocker implements are based on a zero-trust stack.”

How to Deploy ThreatLocker for Better Cybersecurity

ThreatLocker is designed to be simple for MSPs to use. You can deploy from your own RMM (most are already integrated). Or you can deploy with GPO. Then, ThreatLocker looks at the sites in the RMM and creates sub-organisations in your personal portal.

Therefore, an MSP can manage all their clients’ systems in a single pane of glass. You can apply certain policies across every client, or select. You can have global settings across all machines or on different web browsers, and set and forget it.

How can #MSPs better protect their clients' data? Ben Jenkins tells Richard Tubb how the solution from @ThreatLocker helps. Click to Tweet

Integrations with Other Tools

ThreatLocker integrates with ConnectWise, Kaseya and Datto PSAs and RMMs, as well as Splunk. And Ben says they’re currently building a Slack integration. Plus, they have AD integrations.

“The great thing about ThreatLocker is we are a very nimble company. So, if there is integration that people want, we’re more than happy to build it. We’re constantly adapting. And one of our core products came about from product feedback from users asking for a solution.”

What is Elevation Control?

Elevation control is a way for MSPs to deal with employees from a client company asking for the administrator password. Ben says that this usually happens because they want to install or update an application.

“We enable the MSP to take away local admin credentials and allow your user to only run certain applications as an administrator. But now there is an inherent issue here because of a cyber-attack called application hopping.

“This allows a hacker to use admin credentials from one application onto another. It’s obviously a bug, which is why our ring-fencing locks all the other applications. It prevents those attacks.”

How Data Storage Control Prevents Cybersecurity Threats

Data storage control is about locking down your storage so that it cannot be exfiltrated, leaked, or stolen. “Say you run Chrome; it has the same access to data that a user has. You don’t really want that.

“If any of the applications you use for a niche purpose has a hole that’s not patched or can be exploited, someone else can get in and steal your data. So ThreatLocker locks down network shares, local files and folders, including sync folders.

“What else needs access to your system? Your backup solution, and that’s about it. Lock the data first and grant access only to certain applications. This is a good way to reduce the risk of ransomware – if anything gets in, it will encrypt everything it can access and then ask for money to release it.”

How to Connect with Ben Jenkins

How to Connect with Me

Mentioned in This Episode

You Might Also be Interested in

Comments

    Reader Interactions

    Leave a Reply

    Your email address will not be published.

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Send this to a friend