#211 - Allowlisting and Ringfencing (with Kieran Human)

In this episode of CISO Tradecraft, host G Mark Hardy discusses the history and evolution of endpoint protection with guest Kieran Human from ThreatLocker. Starting from the inception of antivirus software by John McAfee in the late 1980s, the episode delves into the advancements through Endpoint Detection and Response (EDR) and introduces the latest in endpoint security: allowlisting and ring fencing. The conversation highlights the limitations of traditional antivirus and EDR solutions in today's threat landscape, emphasizing the necessity of default-deny approaches to enhance cybersecurity. Kieran explains how ThreatLocker’s allowlisting and ring-fencing capabilities can block unauthorized applications and actions, thus significantly reducing the risk of malware and ransomware attacks. Practical insights, war stories, and deployment strategies are shared to help cybersecurity leaders implement these next-generation tools effectively.   Thank you to our sponsor ThreatLocker https://hubs.ly/Q02_HRGK0 Transcripts: https://docs.google.com/document/d/1UMrK44ysBjltNkddCkwx9ly6GJ14tIbC Chapters 00:00 Introduction to Endpoint Protection 00:41 Upcoming Event: CruiseCon 2025 01:18 History of Endpoint Protection 03:34 Evolution of Antivirus to EDR 05:25 Next-Gen Endpoint Protection: Allowlisting 06:44 Guest Introduction: Kieran Human from ThreatLocker 08:06 Benefits of Allowlisting and Ring Fencing 17:14 Challenges and Best Practices 26:19 Conclusion and Call to Action