The modern cybersecurity landscape is more complex than ever. Some cybercriminal organisations are growing more sophisticated, adopting advanced technologies and working together in gangs to target well-protected networks. At the same time, at the other end of the scale, we see malware, spyware and ransomware being purchased cheaply on the dark web, and employed by people with little or no technical abilities. Hacking and cybercrime used to be the preserve of an able, elite few – now it’s accessible to common criminals. In the geopolitical sphere, cyberspace has become a new theatre of modern warfare, as state-affiliated malicious actors target government institutions and critical national infrastructure.
Then there’s the talent gap. Cyber-skills are increasingly in demand but there is an acute shortage in the workforce. Modern working from home and remote working cultures are posing new challenges for securing businesses’ networks. For the private sector, both data leaks and the theft of intellectual property have become huge issues that can threaten a company’s reputation, target its customer or client base, and damage its profitability.
Navigating all these threats is difficult. It requires a proactive approach, and it requires us to work together and to harness the power of the community to provide comprehensive threat detection and behaviour monitoring. It requires constant updates and the provision of testing environments to facilitate safe online computing practices. And it requires the evolution of tried and tested products to keep users from harm.
At ThreatLocker our goal is to protect from cyberattacks with zero-trust methods – that means we don’t trust any application or any command request unless we absolutely need to. We’re not focused on what everyone else is doing in the market. We’re focused on helping our customers prevent, monitor and block malicious activity on their networks. Everything we do is about how we can change the way we’re thinking to block more threats and prevent the bad guys from getting access to your systems.
[See also: Small businesses urged to improve cybersecurity]
ThreatLocker Ops is the latest step on that journey. It identifies and detects anomalies within an environment. Unknown vulnerabilities in an environment could leave the environment susceptible to a cyberattack. ThreatLocker Ops uses the telemetry data collected across all the ThreatLocker modules to identify and respond to potential indicators of compromise or weakness in the environment.
We’ve come a long way in the last few years, responding to new threats and new challenges by evolving our approach. At the beginning, we started off with an understanding that Allowlisting – or stopping harmful attacks by blocking everything from running and only letting trusted applications or processes run – was the future of blocking malware. We were basically an Allowlisting product until we expanded to Ringfencing™, or limiting interaction between applications and their access to files and the internet. That was really innovative, because ThreatLocker turned Allowlisting from a product that was only accessible to large organisations with millions of dollars and unlimited resources to a product that is today used by 40,000 businesses, from small, local dental offices right up to the US Navy and big international corporations. Now, in our latest phase, those 40,000 public and private sector institutions are linked together and connected, with constant data-monitoring and threat detection employed across the whole ThreatLocker community and updated in real time.
With Ringfencing we realised that good software could be used against us. Every application could see all of our data and we needed to stop those applications from having unlimited privileges. We needed to harden the environment and take away basic permissions around file access, and in this way we closed down a lot of vulnerabilities. Last year we announced our Network Control product, which stops hackers and malicious threats in their tracks from spreading across networks, and today, we’re using data from our 40,000 customers to make better decisions about what should be allowed and what should be blocked. To that end, we’re collecting two billion rows of data every hour.
We can use that massive data resource to cross-examine abnormalities. If suspicious activity is flagged by a user, we can check that activity against our huge data backlog to see if other people are detecting similar activities. Today, with ThreatLocker Ops, we’re going one step further, using data and our massive number of sensors to detect potential anomalies automatically. Users will be alerted to breaches according to their own customisable policies. You might get a message that tells you there’s unusual activity on a particular server, seen in real time against our community’s data-logs, and you can respond by blocking access and isolating certain machines entirely until the problem has been sufficiently remedied.
This is the kind of technology businesses and public institutions will need to adopt in response to the multitude of contemporary threat vectors. Just as the sophistication of our enemies increases, we need to stay one step ahead by evolving our strategies and updating our systems and technologies. There is no final destination on the cybersecurity journey – it’s a process that needs constant attention and refinement. ThreatLocker Ops further hardens an environment by notifying and automatically responding to identifiers of attempted compromise in the event of an attack. It provides additional functionality to combat and mitigate the exploitation of known and unknown vulnerabilities. While zero trust effectively reduces the likelihood of a successful cyberattack, ThreatLocker Ops further hardens an environment by notifying and automatically responding to identifiers of attempted compromise in the event of an attack.
[See also: Russia and the new language of war]