“ WHILE A ZERO-TRUST APPROACH IS ABOUT DENYING ACCESS TO THOSE WHO DON ’ T NEED ACCESS , THE CASTLE-AND- MOAT APPROACH TOWARD SECURITY IS FAR MORE LENIENT .”
Certainly , the maturity of zero trust is a lot further along than it was just two or three years ago , but cyberthreats are also a lot more frequent and aggressive today .
“ Back then ,” Danny says , “ MSPs took a stance of allowing by default instead of denying by default . They focused on only blocking the bad stuff . Then , once a year , they would do a full restore for ransomware . That ’ s now changed . A good portion of MSPs have now implemented zero trust . In fact , ThreatLocker has thousands of partners who have implemented zero trust for all of their customers where it ’ s needed most — at the application and endpoint levels .”
ZERO TRUST VS . CASTLE-AND-MOAT SECURITY
While a zero-trust approach is about denying access to those who don ’ t need access , the castle-and-moat approach toward security is far more lenient . It assumes all applications and files inside the network ( the castle ) are safe while everything outside the firewall ( the moat ) is not safe . Both are fallacies .
Danny says , “ Castle-and-moat security is focused on keeping out external factors . Well , that ’ s essentially the whole world . So , when anyone on your team downloads an email , a program , or a game , you ’ re talking about the whole world .”
He continued , “ Also , think back to the Dark Ages when there were real castles and moats . Well , the knights didn ’ t leave their castle without full armor . Today , people are inside the perimeter , go outside their network to work from home or at Starbucks , then come back in . That ’ s where incredible risk occurs .”
THE GAME HAS CHANGED
Think about where we were just 10 years ago . Cybersecurity was more focused on curbing spam , ridding your computer of adware , and avoiding nuisance viruses that sent risqué pictures . That was the definition of “ bad ” back then . Today , a cyberattack could cripple a business and cost their life ’ s savings .
Because the threat of cyberattacks has changed , cybersecurity has to change to keep up with those threats . Much of cybersecurity today revolves around monitoring and detection . With that approach , you are essentially deciphering between the good and the bad . The goal obviously is to get alerts or even shut down all possible threats .
Danny says , “ I try to avoid the word detection . ThreatLocker isn ’ t really about detection . It ’ s more blocking what is not allowed . Rather than trying to determine if it ’ s good or bad , it doesn ’ t matter . None of it is allowed in . We ’ re less about alerts and more about what ’ s required in your environment , then blocking everything else .”
THE REAL QUESTION : DOES ZERO TRUST WORK ?
While you can certainly question if adopting a zero-trust environment is the right approach to cybersecurity , it ’ s hard to question the results .
“ Cybercriminals prefer to attack on weekends ,” says Danny , “ especially holiday weekends . On the Fourth of July weekend , we had 46 MSPs get an attempted hit to all of their devices . Ransomware was attempted to be pushed out to their clients . Thanks to ThreatLocker , all but one of those 46 MSPs had everything blocked . The only reason the one attack went through was because that MSP was still in a learning mode . One week later , and they would have been fine .”
As for where the trend of zero-trust security is headed :
• This year , 80 % of new digital business applications opened up to ecosystem partners will be accessed through zero-trust network access .
• By 2023 , 60 % of enterprises will have phased out of their remote-access VPNs in favor of zero-trust network access .
THE FUTURE OF CYBERCRIME AND OUR RESPONSE
Does the cybercrime industry show any signs of slowing down ? Not according to Danny .
“ We ’ re going to see a lot more cybercrime ,” he says , “ and it will continue to get more sophisticated . All these hackers do every single day is search for every vulnerability imaginable . So , we ’ re going to see more vulnerabilities and more attacks at the entry points . It ’ s going to lead to more ransomware , more costs , and more businesses being hurt . That ’ s why our team at ThreatLocker invests so much time in our cybersecurity solutions . To keep MSPs and their clients safe .”
Visit ThreatLocker . com to learn more .
MSPSUCCESS . COM | 7