Deny-by-default stops cyber threats from the get-go

Zero Trust; never trust, always verify. Those are the words to live by when it comes to cybersecurity. This comes after many high-profile ransomware attacks and the changing nature of work from in the office to anywhere.

A 2021 Microsoft survey found that 96% of over 1,200 security decision-makers in the US, Germany, Japan, Australia, and New Zealand said developing a Zero Trust strategy is critical to their organization’s success. In May, the White House mandated its federal government adopt security best practices, including moving towards Zero Trust Architecture to improve cybersecurity. A November report by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) also put forward the Zero Trust model as a reference for the European Union to enhance its measures against cyber threats.

Zero Trust is rooted in these three principles:

1. Don’t trust – verify explicitly

Always authenticate the requester for every session, whether from the internal network or the internet.

2. Use least privileged access

Only give access on a need-to-know basis, just the minimum required to perform the work.

3. Assume a breach

Always be vigilant in detecting and mitigating breaches. Assume they are already happening or will happen, not an if situation.

Ransomware is a growing threat around the world, with a successful attack occurring every 11 seconds and costing US$20 billion in total damages this year. Research on more than 80 million potential ransomware-related samples submitted to VirusTotal for 18 months from 2020 found the top 10 countries with the highest number of submissions were: Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran and the UK.

Source: ThreatLocker

More disturbingly, the attacks had gone beyond having economic and operational repercussions, putting lives at stake. Nearly 25% of the health delivery organization respondents in a Ponemon Institute survey reported an increase in mortality rates due to ransomware attacks. When one of the largest oil supply pipelines in the US was held hostage for US$5 million last May, it caused a fuel shortage leading to a surge in prices and panic buying. The Colonial Pipeline was brought to a standstill from a single compromised virtual private network (VPN) account password.

Two months later, a group of hackers exploited a zero-day vulnerability in the Virtual System Administrator (VSA) software of an IT solution provider for managed service providers (MSPs) and small and medium-sized businesses. They demanded US$70 million to resolve the issue, which also affected thousands of customers in its supply chain during the 10-day outage. A zero-day vulnerability is a flaw in software or hardware that its developer is not aware of yet, giving crooks time to wreak some damage until the vulnerability can be patched.

These online offensives uncovered hidden and potential weaknesses in the virtual world with real-world consequences. It also made organizations turn to a once easily dismissed security measure – whitelisting – as enterprise-level cybersecurity provider, ThreatLocker, can attest. It saw its business hit record sales growth following the VSA breach described above.

More people now realize the value of ThreatLocker’s combination of application whitelisting, proprietary Ringfencing, storage control and elevation control solutions for a more secure approach in their organizations’ cyber defense strategies.

“ThreatLocker stops it dead. Kaseya had a vulnerability. People got into Kaseya because of that vulnerability. If the MSPs had whitelisted, the bad guys would have gotten into Kaseya, but they wouldn’t have been able to push out the ransomware. It is very, very effective at stopping ransomware,” Danny Jenkins, CEO and co-founder of ThreatLocker, said in a CRN interview.

Whitelisting is when only those in the approved list are allowed access to the system, and is the ultimate version of zero trust. Any and everything not on the whitelist is automatically blocked. ThreatLocker is like a bouncer; it won’t allow entry if not on the whitelist regardless of the entity’s friend or foe status.

Even Danny Jenkins himself didn’t see initially that the deny-by-default mechanism would find a footing in the cybersecurity market. Though the alpha version of ThreatLocker successfully stopped malware attacks on his children’s school (one of his first clients when he began consulting), it was only in 2017 that he took his solution as a business seriously when it managed to thwart one of the worst malware attacks in history, the WannaCry ransomware.

“Five years ago, every investor I talked to literally slammed the door in my face and said, ‘You have got the dumbest idea ever.’ I have literally gotten emails like that from investors, and those same investors are coming back now saying they are desperate to get in on this,” he recalled.

“I have still got the same emails from them that say, ‘Whitelisting is dumb. It is a stupid idea. Why don’t you pivot and create an EDR [endpoint detection and response]? It’s nice to see it pivot to people desperately trying to invest versus people ignoring you.”

Today, more than 2,000 partners and thousands of clients are onboard with ThreatLocker, implementing zero-trust policies to prevent unauthorized software intrusions. Aside from application whitelisting, its line of defense includes Ringfencing™, which controls how applications interact with other applications; storage control, which controls device access down to the most granular level; and elevation control which secures user access privileges.

Threat detection is no longer enough to stave off cyberattacks. When the damages and ramifications can be crippling, whitelisting is a game-changer.

For fast deployment of Application Whitelisting and Ringfencing solutions that put your business in control, click here.