A Conversation With Slava Konstantinov From ThreatLocker

A Conversation With Slava Konstantinov From ThreatLocker

➡ Allow what you need, block everything else with ThreatLocker:
threatlocker.com

In this episode, I speak with Slava Konstantinov, ThreatLocker's MacOS Lead Architect, about their zero-trust approach to endpoint security and their latest cybersecurity innovations.

We talk about:

• ThreatLocker’s Zero Trust Approach to Cybersecurity:
How ThreatLocker enforces a default deny security model, ensuring only explicitly allowed applications and actions can run, reducing attack surfaces and unauthorized access.

• Key ThreatLocker Products and Features:
How ThreatLocker’s solutions—Application Control, Storage Control, Ring Fencing, Network Control, and ThreatLocker Detect—help organizations enhance security through granular policy enforcement.

• New & Upcoming ThreatLocker Features:
How new solutions like Patch Management, Web Control, Insights, and Cloud Detect will provide even greater security, automation, and compliance for businesses managing complex IT environments.

Chapters:
00:00 - Intro to ThreatLocker and Zero Trust Security
01:24 - How ThreatLocker’s Application Control Blocks Unauthorized Software
06:52 - Storage Control: Preventing Unauthorized Data Access and USB Threats
08:19 - Ring Fencing: Controlling App Permissions and Network Access
12:37 - Elevation Control: Granting Admin Privileges Without Risk
16:23 - Network Control: Restricting Internet and Internal Network Access
19:26 - AI-Driven Security Policies: The Future of ThreatLocker Management
24:07 - Mac vs. Windows Security: Key Differences and Challenges
29:49 - ThreatLocker’s Expansion: New Products and Future Plans
32:32 - Where to Learn More About ThreatLocker’s Security Solutions

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Avsnitt(532)

Take 1 Security Podcast: Episode 19

Take 1 Security Podcast: Episode 19

Topics for this episode: News and analysis * [ ] A couple of months into my job with IOActive * [ ] Paris Attacks: resilience vs. prevention * [ ] Updating the OWASP IoT Project (no longer the Top 10) It’s an umbrella project. * [ ] Adding to the IoT project the SCADA Top 10 List (read the list), and Nabil Ouchn is going to be project leader on that project * [ ] Pentagon farms coding to Russia * [ ] Crypto email service pays ransom, gets taken out anyway * [ ] Blackout Europe shows vulnerabilities in LTE. Forced leak of location within 2-KM radius. Were also able to block LTE and force 3G or 2G. * [ ] Onapsis talks SAP HANA vulnerabilities. They’re config issues, and aren’t patchable, and include: remote file writes, remote directory deletions, moving files to where they can be access remotely, remote command execution, and remote python execution. To fix, you have to upgrade to the latest version and reconfigure your system. Also two issues with the database that allow HTTP RCE and SQL RCE. * [ ] TPP : how did we even get an agreement that was secret in the first place. Forget the details. This should never be allowed to happen again * [ ] Linux ransomware now hitting websites (broken by Brian Krebs) * [ ] Linux.Encoder.1 has a predictable key for its ransomware, and a tool was released to decrypt victims’ systems. Good to know that even attackers make dumb encryption implementation mistakes. * [ ] Visio smart tracking turned on for 10 million users. Here was the pitch “revolutionary shift across all screens that brings measurability, relevancy and personalization to the consumer like never before!” * [ ] Ring-0 theory of devops: history of the o-ring. Small thing that everything else depends on. for serial tasks you need A players to have an A process. As you lower the whole thing tumbles down * [ ] The Chinese Great Cannon: so we know about the Great Firewall, now learn about the Great Cannon * [ ] Must read article: What ISIS Really Wants, by the Atlantic * [ ] Two must follows: Gunnar Peterson, and Benedict Evans. Gunnar is brilliant in security, and Benedict works for Adresesen Horowitz Updates and announcements * Hit me up at IOActive if you have any security consulting needs. Notes * The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM. * It’s better to listen via iTunes or with the player embedded above, but you can also download the sound file directly. Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

16 Nov 201531min

Take 1 Security Podcast: Episode 18

Take 1 Security Podcast: Episode 18

Topics for this episode: News and analysis * Sonar framework * Schneider Electric SCADA issues revealed at DEFCON * Ashley Madison hack, extortion will become more common, passwords added to SecLists * Hackers attack PR firm and manipulate stocks * Uber is quadrupling their security staff in 2015 * Android vulnerabilities lately Ideas and commentary * Business-based hacking: extortion-based hacking, ransomware, prediction-based hacking, PR releases, etc. Find the leverage, then execute the hack * My problem with threat intelligence * Optimal playlists for getting work done: baroque, no words, medium volume, 60 beats per minute * Ambient sound as two-factor, which goes to my idea of continuous authentication * How standardization and insurance will change security * Miller (mlr) is like sed, awk, join, cut, and sort, but for name:index data such as CSV * Participation in the OWASP IoT Project, Sasa Zdjelar is going to work on an IOT disposition project, Digicert is possibly working on a secure updates project, and we welcome others to add to the mix Updates and announcements * Vegas conferences: two talks, Blackhat Arsenal, DEFCON talk on IoT Attack Surface Areas, Caparser release * If you’re into IoT, be sure to check out Craig Smith’s podcast at IoT Weekly, and Bruce Sinclair’s IoT podcast as well * SecLists has been reorganized, go check it out * Kali Linux 2.0 is out: new kernel, based on debian, rolling release, go get it Notes * The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM. Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

25 Aug 201526min

Mr. Robot Episode 3 Review

Mr. Robot Episode 3 Review

[ NOTE: There are spoilers below, not just for this episode but for the show in general. ] Enough people have asked me to start doing reviews of Mr. Robot episodes that I’m going to have a go at it. The deciding factor was the fact that I had such a strong desire to write during the third episode. I’m going to start here with thoughts on the show in general, not just on episode 3. Mr. Robot in general The character The main protagonist is an interesting character. He is what the writer evidently wants to capture, or actually believes to be, the template for a true hacker, which is highly damaged. I am quite struck with the focus that is placed on how truly messed up he is. He has major drama with the way his father was killed. He largely hates society. He has deep personal depression. And he’s a user of narcotics. I’m left thinking along the lines of a Hemingway type of artist, where the best creativity (in this case hacking) comes from those wo are the most tortured internally. Painters, musicians, etc. We’re familiar with the template. This redeeming qualities, which the writers take equal efforts to highlight, are the desire to protect people, his love for the blonde girl, and a general but understated willingness to fight back against the soul-crushing force of our modern, consumerist society. I really enjoy how he is only actually going to see his psychiatrist because he’s trying to help her, and if she’s actually going to help him it’ll kind of be on accident. He deeply analyzes people and sees if they’re good, or weak, or in need of help, and then if they are he kind of hates them less because of this. And he is willing to use his superpowers to help them as a result, like when he pushed that guy out of his psychiatrist’s life. The tech Before going into the various problems, it must be said that the information security writing has been exemplary. I’d say definitely the best we’ve seen in either movies or “television” (whatever that is). That said, there are a number of missing links in the armor. On one of the first episodes, possibly the first, I noticed an IP address with a final octet in the 300’s. That’s just an editing miss, but it did take me out of the fantasy. In Episode 2, which I generally didn’t like, I was quite bothered by the destruction scene. Here’s what I think happened there. They wanted to do a destruction scene, they had it all rigged up, and they wrote the story so that he’d do a quick hack and then get spooked enough to do it. Then they show the infosec writer(s) the story component and they’re like, Um, no. There’s no way anyone of this skill level would be hacking from his actual IP address. And they’re like, Well, we need to do this scene. Most people will miss that, and the scene will be cool enough to make up for it. So the writer stomps out of the room mumbling about how they shouldn’t have hired him for authenticity if they were going to make such obvious mistakes, and they go with it. Who knows if that really happened, but that’s how I imagine it. Comments on modern society I also find the comments on modern society to be quite interesting. I think it’s a big part of the whole hacker feel. Hackers have always had this component to their mystique. Being counter-culture. Being underground. Fighting against the man. So the idea that everything is a conspiracy with the rich exploiting the poor, the strong exploiting the weak, and everything being about selling advertising and the dominance o...Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

19 Juli 201518min

Take 1 Security Podcast: Episode 17

Take 1 Security Podcast: Episode 17

Topics for this episode: Announcements * [ ] New desk, new mic setup News * [ ] SSL vuln spoofing issue, requires mitm * [ ] Sleepy puppy XSS Payload Management Framework * [ ] Troy Hunt on tech presentations * [ ] Stock market attacked and taken down. Anonymous warned about it beforehand * [ ] OPM goes to 21.5 million cards; director steps down * [ ] People need to get fired for this stuff; it’s the only way anyone will care enough to do anything * [ ] National Guard announces data breach Commentary * [ ] Mr. Robot * [ ] Splunk buys Caspida * [ ] Securing web session ids, by Eran Hammer Notes * The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM. Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

12 Juli 201525min

Take 1 Security Podcast: Episode 16

Take 1 Security Podcast: Episode 16

Topics for this episode: * [ ] Hacking Team Hacked, show which oppressive governments bought their software * [ ] No exploits for non-jailbroken iPhone * [ ] The FBI spent 775K on Hacking Team software * [ ] Citi creating a digital currency, called Citicoin * [ ] Clinton attacking China on hacking, “Said they’re trying to hack into everything that doesn’t move.” * [ ] Eric Holder suggests that Snowden had a positive impact, and that an agreement could be reached * [ ] Critical bug in node.js patched that could lead to DoS * [ ] MasterCard looking to do facial scanning to authenticate purchases * [ ] FBI is offering 4.3 million for help finding top hackers * [ ] A petition for Ellen Pao to leave Reddit has topped 150K signatures Notes * The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM. Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

7 Juli 20156min

Take 1 Security Podcast: Episode 15

Take 1 Security Podcast: Episode 15

Topics for this episode: * iOS flaw * The Chinese hacking campaign against the US * Breach at Recorded future * Hacking cars through key fobs * NSA/GCHQ hacking of people through security software * Snowden’s documents in the hands of the Chinese and Russians * Samsung re-enabling Windows Update * Mr. Robot * Blackhat/DEFCON Notes * The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM. Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

29 Juni 201514min

Take 1 Security Podcast: Episode 14

Take 1 Security Podcast: Episode 14

Notes * The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM. Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

15 Juni 201522min

Take 1 Security Podcast: Episode 13

Take 1 Security Podcast: Episode 13

Notes * The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM. Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

12 Juni 201542min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
rss-racevecka
bilar-med-sladd
market-makers
skogsforum-podcast
rss-laddstationen-med-elbilen-i-sverige
rss-technokratin
natets-morka-sida
rss-elektrikerpodden
developers-mer-an-bara-kod
mediepodden
ai-sweden-podcast
rss-uppgang-och-fall
solcellskollens-podcast
hej-bruksbil
bli-saker-podden
rss-it-sakerhetspodden
rss-veckans-ai
rss-fabriken-2