ThreatLocker Zero Trust World: Arming Defenders for a Cyber WarThreatLocker Zero Trust World: Arming Defenders for a Cyber War

ZERO TRUST WORLD — Day one of ThreatLocker’s Zero Trust World 2025 served as a refresher for cyber defenders to up their game in the fight against cybercriminals.

Zero Trust World 2025 got underway Wednesday in Orlando, Florida. Channel Futures is there.

The event has attracted attendees from 28 countries, such as Japan, South Africa, Canada, Israel, Brazil and more.

Master of ceremonies Adam Reid told attendees, “You’re serious about getting much-needed solutions” to defend against cyberattacks.

“Hackers are getting smarter, but so are people fighting back,” he said. “[Zero Trust World] is about arming you with the tools to take back control … to stop attacks before they happen.”

The Mission Behind Zero Trust World

ThreatLocker CEO Danny Jenkins said his company’s mission is to change the paradigm of cybersecurity from default-allow to default-deny. Its goal is to get both a big organization and a small organization to use its services.

“If we can get the entire world to use our services, that’s our goal,” he said. “We have one goal here, that everybody goes away smarter. Your eyes are opened and you’re shown things you didn't think about. I want you to know how to detect with default-deny. If you’re 5% smarter, and go back to the office and do one thing, it’s a win. If there’s a 5% less chance of getting hacked, that’s a win.”

Related:ThreatLocker Nets $115 Million Funding Round

Among the keynote speakers were Hector Monsegur and Chris Tarbell, the “hacker and the Fed.” Former adversaries, Tarbell worked in the FBI’s cyber crime squad while Monsegur led the Anonymous/LulzSec hacking collective. They have worked together to prevent more than 350 cyberattacks against U.S. government computer systems. Monsegur is director of research at Alacrinet, and Tabell is co-founder of NAXO, a cybersecurity and investigations firm.

Tarbell said complacency is the No. 1 mistake seasoned cybersecurity professionals make while securing their environments.

“They don't really know what threats are coming after them,” he said. “They don't realize that people are buying credentials online. They don't realize what really the threat is out there and what's happening. People don't realize how much money these ransomware guys have. They have HR departments. They're offering signing bonuses. I'm not trying to tell you guys where to get your next job, but you can get a six-figure signing bonus at a ransomware group if you have some skill set. It's out there and it's going bad. These ransomware guys now are not state actors. State actors used to be the worst, and they're going after your R&D, they're trying to take your information and some are going after the money, like North Korea. But it's really these ransomware groups; they're coming after you because they're so rich, and we're just making them richer. Every time we pay them, we increase our threat vector, so it's getting worse.”

Related:The Gately Report: AI Increasing Need for Zero Trust, ThreatLocker

Don’t Give Up

From a technical standpoint, the biggest mistake a CISO can make if they can’t get the budget they need, hire the team they need or buy the product they need, is giving up, Monsegur said.

“I promise, you guys are going to run into executives in that space,” he said. “They'll [say], 'Hey, I've tried, I'm just going to run this as far as I can take it before I get replaced or fired,' and sometimes it doesn't happen for years. The person's there and they're running a security program on neutral until something bad happens, and that's it. I'm not calling anybody out, but if you're in that position and you know your company's not willing to work with you to improve upon your security program, maybe it's time to move on. That's the reality, and that's what I'm seeing with some of my clients.”

On the flip side, some organizations have lots of resources and are buying every security product, but they “set it and forget it,” Monsegur said.

Related:Zero Trust World: ThreatLocker Providing an Action Plan for Preventing Attacks

“They're not fine-tuning the security products,” he said. “You still have to fine-tune. You still have to configure. The hope is that the products are doing whatever they're doing, and if they get breached, they get breached, and this is what it is.”

In addition, there are organizations that have neither the budget nor resources, and they’re missing talent, Monsegur said.

“I'll meet a CISO [who says], 'I'm forced to get a cyber insurance policy in my state and my industry, and I have to do some sort of penetration test and my budget is $10,000. What can we do with that?'” he said. “Then they get the report, but they don't have the talent or resources to remediate any of these issues. They might focus on the criticals, but the highs, mediums and lows are going to be ignored until the next year and it’s just rinse and repeat over and over.”

The good news is there are a lot of great free resources available, Monsegur said.

“There are certain things you can do if budget is a problem,” he said “If talent is a problem, then you have to work with your vendors. Build some good relationships with good, trusted vendors and you're going to be in a much better place. But the one thing you don't want to do is just sit idle and wait for that ransomware attack, because if you don't have resilience as part of your program, then you're done.”

3 Challenges for Cyber Defenders

Also at Zero Trust World, Mike Puglia, general manager of Kaseya’s cybersecurity’s practice, unveiled three things cybersecurity professionals can concentrate on that can make their organizations more secure. The first is thread hijacking, or conversation hijacking.

Kaseya's Mike Puglia

“What we're seeing now is the cyber attacker compromises an email; it's a legitimate email, and they wait until something interesting happens,” he said. “Then when something interesting happens, which might be the next day, 10 days or six months, they take action. It starts with business email compromise (BEC). They've compromised an email and there's a long thread: 'We're buying a house, we've just closed, alright, wire the money to Wells Fargo.' Now they cut the whole email. They paste it in and they say, 'No, sorry, the wire number is Bank of America. They put in the new number wire. This one was $600,000 out the door. It’s very simple, low tech, but if they're in the email, it works.”

An effective way to stop this from succeeding is verifying before wiring any money, Puglia said.

“If you are going to wire money, I want you to pick up the phone, call the contact that is asking you to wire with the number you have on file – not the email they sent you – it's important to mention that to them, and validate it,” he said.

Network compromises are the second thing, in which “somebody gets a foothold on the network and then they move laterally and they exploit things, " Puglia said.

“We have pen testing that we do, and over the last 3,000 pen tests – this kind of surprised me –  in about half the cases we were able to compromise the network,” he said.

Network compromises can result from firewall compromises, unmonitored endpoints, IoT compromise or exposed servers, Puglia said.

“What can you do about it?” he said. “In settings, there are registry settings. Disable multicast DNS, disable link-local multicast name resolution (LLMNR), disable network basic input/output system (NetBIOS) for DNS, restrict dynamic host configuration protocol (DHCP) addresses and monitor all endpoints,” he said. “But there are some simple group policies and registry settings to tell Windows not to just answer and broadcast your stuff everywhere, and it would cut down on that 50%. That's something easy to do.”

The last things are old-school persistence and defensive evasion, Puglia said.

“Persistence is being able to come back after I compromise something, because it's not much good if I have to do everything at once,” he said. “What we are seeing all over the place now is, they're using legitimate tools, remote control tools. If people allow software to be installed on a machine and it's legitimate tools that the rest of the network, and endpoint detection and response (EDR) and antivirus (AV) trust, you're headed for disaster. We see it over and over again.”

This Is War

Also during Zero Trust World, Chase Cunningham, vice president of security market research at G2, told attendees that everyone, everywhere is now a potential cyber warfare actor.

“We can't keep thinking about cyber like the IT thing,” he said. “We are engaged in a warfare and a combat fighting space period. Last year, about 50 Americans that we know of, which is 50 too many, died because they were unable to get medical care at a hospital. [More than] 140 health care organizations were hit and brought down for days on end. Imagine you're trying to take someone in for cancer treatment or for an urgent care thing, and you can't get in because the systems are down. People have died because of cyber warfare activities, and the folks in Washington [say], 'Well, what's critical infrastructure?' Critical infrastructure is this type of stuff.

"Let me change the way that you think about cyber for a second," continued Cunningham. "If a bunch of Russians in a Spetsnaz plane flew over central Kansas and parachuted out, and took over a hospital and killed 50 Americans because they wanted to do something, we would be going hardcore into Russia. If a boat full of Chinese national People’s Liberation Army (PLA) soldiers showed up on the shores of San Diego, and they rushed up and took over a pharmacy where people couldn't get their pills, guess what? We engage in conflict. That's how we need to think about this space; otherwise, we're delusional.”

Concentrating on the simple things makes the biggest difference, Cunningham said.

G2's Chase Cunningham

“People use sh**** passwords; I know, breaking news,” he said. “People click phishing links, breaking news. Change the way that you deal with the problem and you don't become the issue. Get forward. Get ahead of it. We've got enough cyber, by God. There's so much.”

It’s important to challenge the experts and do your own research, Cunningham said. Also, don’t make decisions based on fear, uncertainty and doubt.

Too many cybersecurity products and services, and certifications aren’t solving the problem, he said. Oh, and breaches are actually good for business.

“Stock values do better … there's money to be made here,” Cunningham said. “Look at Microsoft and CrowdStrike. They got breached. You see the dip? Guess what happens after the dip? The bounce. Look at Marriott and Equifax. They get bought. There's the bounce. Make your money; life is good.”

It’s important to have a cybersecurity strategy, he said.

“Have a plan,” Cunningham said. “Have good technology that ultimately will enable your business, your organization or your customers to be better secure.”