How ThreatLo ‘Zero T To Change The Cyb
Certainly, the maturity of zero trust is a lot further along than it was just two or three years ago, but cyberthreats are also a lot more frequent and aggressive today. “Back then, MSPs took a stance of allowing by default instead of denying by default.
MSPs today are losing the battle. The size of the endpoint security market is about $9 billion a year. In 2021, cybercrime and ransomware cost the world $6 trillion . In essence, it’s like cybercrime is the GDP of Japan and all measures of cybersecurity combined is the GDP of Somalia or Burundi. When you have an entire industry that is outmatched while ransomware attacks are up 800% and cybercriminals continue utilizing cryptocurrency that’s virtually undetectable, how do you flip the script and take back control of cybersecurity? According to Danny Jenkins, CEO and co-founder of Threat - Locker, it starts with “zero trust,” a network security model based on a strict identity verification process. Danny says, “In simple terms, zero trust means least privilege. Don’t give access where access isn’t required. Zero trust applies to different levels. At the application and file levels, you are only giving access to those who need access. At the network level, you’re thinking about what ports are open.” Dispelling The Myths Of Zero Trust MSPs and end-users who are hesitant to adopt a zero-trust model of cybersecurity often have a false perception of what it entails. They may think that the C-level executive who has always accessed an application will now be shut out entirely. That’s not the case. If someone in the organization routinely accesses an application or file, it makes perfect sense for them to still be able to access it. “When you roll out a cybersecurity solution like ThreatLocker, it learns what’s in your environment. It will learn which applica- tions and files are accessed and by whom. Then the MSP can either allow or deny access based on the findings,” Danny says. Some also believe that the zero-trust philosophy is brand-new and a far more aggressive approach to cybersecurity. That’s not entirely true. Danny says, “Zero trust is simply a framework. A target. Every - one already has some level of zero trust in their business. Do they have administration permissions? Do they have a firewall that blocks inbound traffic? Those are levels of zero trust.”
They focused on only blocking the bad stuff. Then, once a year, they would do a full restore for ransomware. That’s now changed. A good portion of MSPs have now implemented zero trust. In fact, ThreatLocker has thousands of partners who have implemented zero trust for all of their customers where it’s needed most — at the application and endpoint levels.” Zero Trust vs. Castle And Moat Security While a zero-trust approach is about denying access to those who don’t need access, the castle and moat approach toward security is far more lenient. It assumes all applications and files inside the network (the castle) are safe while everything outside the firewall (the moat) is not safe. Both are fallacies. Danny says, “Castle and moat security is focused on keeping out external factors. Well, that’s essentially the whole world. So, when anyone on your team downloads an email, a program, or a game, you’re talking about the whole world.” He continued, “Also, think back to the Dark Ages when there were real castles and moats. Well, the knights didn’t leave their castle without full armor. Today, people are inside the perim- eter, go outside their network to work from home or at Star- bucks, then come back in. That’s where incredible risk occurs.” The Game Has Changed Think about where we were just 10 years ago. Cybersecurity was more focused on curbing spam, ridding your computer of adware, and avoiding nuisance viruses that sent risqué pictures. That was the definition of bad back then. Today, a cyberattack could cripple a business and cost their life’s savings.
MSPSuccessMagazine.com/cyber2022 6
Made with FlippingBook Ebook Creator