Ben Jenkins, ThreatLocker: Dealing with the scourge of ransomware

A padlock on a shed.
Ben Jenkins, ThreatLocker: Dealing with the scourge of ransomware
Duncan is an award-winning editor with more than 20 years experience in journalism. Having launched his tech journalism career as editor of Arabian Computer News in Dubai, he has since edited an array of tech and digital marketing publications, including Computer Business Review, TechWeekEurope, Figaro Digital, Digit and Marketing Gazette.

Threatlocker was founded in 2017. What was it set up to do?

Endpoint security, and we do that by following zero trust. Now, the problem is zero trust is not the best name to describe things. And it’s kind of this industry buzzword or buzz term that’s come out that we kind of had to stick to using because it’s what people know. But we don’t like to describe things as zero trust. 

Essentially, we do it through four main pillars. So we have our application whitelisting. Very simply either allowing an app to be able to run or not run. So that’ll stop any executions from running. We then have ring fencing, which is the way to add on top of that. So ring fencing will say, Okay, you want XYZ application to run. But it’s not allowed to access file folders, the internet, registry, etc, other apps if you want as well. So that’s kind of the application whitelisting piece – those two bundles. 

We then have elevated control, which is a great way to have to take local admin credentials away from users. And allow us to elevate individual apps as a local admin. Now, there’s an inherent problem with your users having full local admin credentials, because they can install whatever they want across the machines. So if we can take that away and allow them to run only certain apps as an admin, it’s a higher security. And then, finally, we have our storage control, which is simple USB blocking.

What would you say instead of zero trust?

Sadly, we use zero trust. Our CEO really doesn’t like the term of zero trust. The problem with zero trust is this idea that it’s kind of come along, and everyone’s read about it. And it’s kind of stuck. But the naming convention is really gross. And you can misunderstand quite easily. So I don’t like it. It’s not a great way to describe it. But it is also the easiest way for us to describe what we do. We do follow the zero trust model.

What’s the latest news with the company?

We’re doing a huge push in Europe. We’re are going to every event that we can and we are doing every speaking slot that we can. We’re rapidly growing the business. Since the Kaseya attack, we have been inundated with calls, people have suddenly realised that their RMM (Remote Monitoring and Management) tool cannot necessarily be trusted across their network. 

Kaseya has an RMM tool that is used to be able to manage your machines, deploying software updates, etc. It was used for a breach to be able to deploy ransomware onto customer machines. So, because of that we’ve seen that the Threatlocker solution has been really asked for because of our application whitelisting. We can stop apps from running, etc. Ransomware is technically an executable, which is an application. So we’ve seen a huge uptick, and people asking for demos, trials, and the solution because of that.

What other kind of trends have you noticed developing in cybersecurity?

It’s really interesting. The trend that I noticed most recently actually started at the start of lockdown. Not a lot of businesses were built to work from home. And what then happened, at least in the UK, we had the order of everyone needs to be working from home unless you’re an essential business etc. Everyone panicked and went: “Crap. We’re not ready. What do we do?” 

So these businesses, these CISOs, these heads of security, threw in every solution that they were able to right there and then. And what I’m envisioning and what I’ve seen starting now, what I really expect to see over in the start of 2022 is businesses looking at tools that they’ve got in place, and trying to either consolidate or get rid of tools that aren’t necessarily needed. Number one to save money, but number two from a security aspect as well.

Do you think working from home is the biggest cybersecurity challenge for companies now?

I think working from home was a huge, huge problem. I think we kind of settled into the new norm. I hate that term.

There’s a lot more hybrid working now.

Yeah. I think that’s definitely growing. And you’ll see a lot of businesses moving towards that hybrid beast. But one thing that I’m frequently talking about is ransomware. And we’re seeing ransomware attacks are growing and growing and growing. It’s something that is not slowing down. It’s only getting faster.

What are your thoughts on companies that pay the ransom?

It’s really hard. I used to work for a backup vendor. And we would always advise don’t pay. But we would always advise don’t pay because we would have had backups for solutions. So I would recommend that everyone has backups. I also recommend that everyone has a security tool in place, such as Threatlocker where we can stop ransomware from getting in. 

But the sad fact is people don’t often have these tools in place, and they have to pay. And often they’ll find that if they don’t pay, they can’t get their data back and then their business fails. I don’t recommend paying. But I understand why businesses have to.

Look at security solutions. We can stop ransomware from running on your machines. We can protect you. It’s almost viewing it as an insurance policy. It’s not an ‘if’ with ransomware. It’s ‘when’.

If we look at ransomware attacks, they’re going after small businesses, charities, etc. They’re also going after large businesses like the NHS in the UK. Currently there’s an attack on the Irish health service. And that literally shut down the Irish health service. They’re going for large scale businesses, they’re going for small businesses. It’s not a case of ‘if’. It’s a case of ‘when’ now, so have the solutions in place to be able to stop, but it’s not tax

A recent study suggested that less than 20% of companies use endpoint securities. So the vast majority of companies aren’t using it.

Yet. And the problem with businesses is that you may have endpoint security, you might have web filtering, you might have all of the different pieces of security in there. And most businesses will have a multi layered approach. But the problem is the malware is either not been picked up by any of those, or it’s been picked up by all of them. So you’re paying more for multiple solutions that are picking up the same problem. And this is really where we come in as Threatlocker to be able to essentially say you can get rid of some of those solutions.

So why would a company not have endpoint security? Is it just to do use and all these other bits and pieces?

Yeah. Often it’s because they’ll be using those other solutions. And the one thing we’ve noticed with businesses is it comes down to money at the end of the day. So they may be investing in a better firewall, for example, better web filtering. If they’re all web-based web filtering could be the way to go. So it’s they’re more than likely looking at those kinds of solutions first, and then not necessarily focusing on endpoint security.

Looking to revamp your digital transformation strategy? Learn more about the in-person Digital Transformation Week North America taking place in Santa Clara, CA on 11-12 May 2022 and discover key strategies for making your digital efforts a success.

Tags: , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published.