#211 - Allowlisting and Ringfencing (with Kieran Human)

In this episode of CISO Tradecraft, host G Mark Hardy discusses the history and evolution of endpoint protection with guest Kieran Human from ThreatLocker. Starting from the inception of antivirus software by John McAfee in the late 1980s, the episode delves into the advancements through Endpoint Detection and Response (EDR) and introduces the latest in endpoint security: allowlisting and ring fencing. The conversation highlights the limitations of traditional antivirus and EDR solutions in today's threat landscape, emphasizing the necessity of default-deny approaches to enhance cybersecurity. Kieran explains how ThreatLocker’s allowlisting and ring-fencing capabilities can block unauthorized applications and actions, thus significantly reducing the risk of malware and ransomware attacks. Practical insights, war stories, and deployment strategies are shared to help cybersecurity leaders implement these next-generation tools effectively.

Thank you to our sponsor ThreatLocker

https://hubs.ly/Q02_HRGK0

Transcripts: https://docs.google.com/document/d/1UMrK44ysBjltNkddCkwx9ly6GJ14tIbC

Chapters

• 00:00 Introduction to Endpoint Protection
• 00:41 Upcoming Event: CruiseCon 2025
• 01:18 History of Endpoint Protection
• 03:34 Evolution of Antivirus to EDR
• 05:25 Next-Gen Endpoint Protection: Allowlisting
• 06:44 Guest Introduction: Kieran Human from ThreatLocker
• 08:06 Benefits of Allowlisting and Ring Fencing
• 17:14 Challenges and Best Practices
• 26:19 Conclusion and Call to Action