Zero Trust World: ThreatLocker Hopes MSPs Get 'Smarter' About Fighting Attacks
Zero Trust World is about deep diving into the threat landscape and knowing your enemies.
![Zero Trust World Feature 2023 Zero Trust World Feature 2023](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltfd849bb031d9af0d/652407bc40861a8921a839f5/Zero-Trust-World-Feature-2023.jpg?width=700&auto=webp&quality=80&disable=upscale)
Adam Reid, a professional master of ceremonies, is emceeing Zero Trust World. He said attendees are at the conference because they recognize that cybersecurity is a serious topic, “and you’re serious about getting solutions.”
“The theme is all about risk and diving really deep into the threat landscape so we know enemies, the threats they pose and to learn how to defend,” he said.
Ransomware demands totaled $20 billion in 2021 and that’s expected to jump to $260 billion by 2031, Reid said.
“So whether you’ve already adopted zero trust [or have just started the process], you have found your community right here, right now,” he said. “We’re going to get stronger and wiser. You’ll leave here with the skills and knowledge needed. Everybody in this room … we need your help to achieve that.”
ThreatLocker‘s Danny Jenkins said most of the questions he’s received at Zero Trust World are “really good, technical questions.”
“I like that because I’m a technical person,” he said. “So they’re very much about, ‘How can I harden this application? How can I stop PowerShell from eating my lunch? How can I stop this from talking to this?’ Or they’re really trying to get into the weeds and saying, “What can I do that’s tangible?’ And that’s most of what people are asking here today.
ThreatLocker has been around a little more than five years and the first three were pretty slow, Danny Jenkins said.
“But the last two years, we’ve just exploded,” he said. “We’re over 240 employees now. Our headquarters is based here in Orlando and we also opened a European headquarters in Dublin, and I think we’ve got 14 people starting next week. So we’re constantly growing. Our customer base is growing. We represent over 40,000 businesses now and those businesses range from local dental offices through MSPs, right up to the U.S. Navy and JetBlue, and other large corporations.”
The lion’s share of Zero Trust World attendees are MSPs, Danny Jenkins said. ThreatLocker grew 530% last year in the MSP industry and it now has thousands of MSP partners.
“MSPs have really struggled to find security products that are designed to be multitenant to work for them,” he said. “And three years ago we decided to go to the MSP market and make our products work. And what we found was a market that was massively underserved from tangible technologies to stop cyber threats. And that’s been really integral to our growth.”
Michael Meis is associate CISO at the University of Kansas Health Systems. He gave a keynote on how the tactics detailed in “The Art of War,” one of the oldest and most successful books on military strategy in the world, are similar to those needed to battle cyber crime.
He outlined principles from the book and how those apply to current cybersecurity programs. The first is defining victory, which is just as important in cybersecurity as it is in traditional warfare.
“If you fail to define victory, I guarantee you will never reach it,” he said. “Defining victory in cyber is just as complex and difficult. Define what victory means to your organization. Develop a vision and mission statement … specifically for your security team.”
It’s also important to build teams around the idea of excellence, Meis said.
“With excellence, it’s the concept where everyone is there to do one thing — their job at the highest possible level,” he said. “When you instill these ideas, it sets a level of performance … and gives purpose to drive excellence … things that contribute to performance … to meet the victory definition.”
In addition, it’s important to know yourself and your enemy, he said. That means knowing your assets — for example, revenue generation and capabilities, your outcomes with people, processes and technology. That means knowing these things of your adversary, too.
Knowing your allies is important, Meis said. In cyber, that means third-party allies like vendors.
“Next, invest in coordination,” he said. “Become part of the organization. Our goals should be enable an organization to protect itself. We have to generate and support across the the organization. And coordinate outside of your organization.”
And lastly, avoid losing, Meis said. That means staying away from easy mistakes that give attackers an easy way in.
“You will be attacked, but you don’t have to lose,” he said. “This is where it’s important to invest in incident response capabilities, whether internally or bring in a third party. Invest in resilience. It’s important we can take a punch and get back up. That’s how we fight a battle and how we win a war.”
Scott Davis, Quickpass‘ director of cybersecurity education, gave a keynote on making sense of cybersecurity “acronym soup.” Quickpass offers privileged access management (PAM) built for MSPs.
He said the cybersecurity industry is continually trying to overcomplex what should be simple solutions.
“We’re making it too confusing,” he said. “Vendors create confusion. We’re marketing and telling you what we’re doing, using acronyms, confusing you, and then you’re confusing clients. As vendors, as MSPs, you have to do a better job of educating what these acronyms mean.”
Many acronyms have numerous meanings, creating even more confusion, Davis said. For example, identity and access management (IAM) is just a large category, and inside of it is PAM and inside of PAM is privileged identity management (PIM).
It’s important to put it in simple terms, he said.
Scott Davis, Quickpass‘ director of cybersecurity education, gave a keynote on making sense of cybersecurity “acronym soup.” Quickpass offers privileged access management (PAM) built for MSPs.
He said the cybersecurity industry is continually trying to overcomplex what should be simple solutions.
“We’re making it too confusing,” he said. “Vendors create confusion. We’re marketing and telling you what we’re doing, using acronyms, confusing you, and then you’re confusing clients. As vendors, as MSPs, you have to do a better job of educating what these acronyms mean.”
Many acronyms have numerous meanings, creating even more confusion, Davis said. For example, identity and access management (IAM) is just a large category, and inside of it is PAM and inside of PAM is privileged identity management (PIM).
It’s important to put it in simple terms, he said.
THREATLOCKER ZERO TRUST WORLD — Day one of ThreatLocker‘s Zero Trust World kicked off with CEO Danny Jenkins telling attendees he hopes they walk away a little smarter about zero trust and cybersecurity.
The conference in Orlando has attracted attendees from across the United States, Canada, the United Kingdom, Germany, Hungary and more.
“Zero trust is a way of thinking,” Jenkins (pictured above) said. “Only give access where it is required. We hope you go away knowing something you didn’t know before.”
Learning to Stop Ransomware Attacks
If attendees can stop ransomware attacks based on what they learn at Zero Trust World, that’s an accomplishment, Jenkins said.
“We have people coming over wanting to learn how to secure their environment, people both in the MSP community, but also IT directors who just want to know, ‘What am I missing here?’ This is the biggest Zero Trust World we’ve ever had and we expect it to be bigger again next year.”
ThreatLocker wants people to be more aware of what zero trust means, what they can do tangibly in their environment, and how zero trust protects them from cyber threats, Jenkins said.
“People often see it as this magical product,” he said. “And the problem is, with cybersecurity it’s been smoke and mirrors for too long. Now we’re saying, ‘Look, these are tangible things you can do’ – take away permissions, lock down your environments – and we want people to be more aware of that, but also more aware of the threats, more aware of how easy it is to steal someone’s data, to gain access to someone’s network. So we’re hoping from the labs, people can get hands-on experience and [say], ‘Oh, I can actually get around someone’s security here.'”
Sami Jenkins is ThreatLocker’s COO and co-founder. She said attendees can “smarten up” their employees at Zero Trust World via hacking labs.
“Our team can show them what to do to prevent these cyberattacks,” she said.
See our slideshow above for more from Zero Trust World.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like