What is old is new again: default deny on the endpoint - Danny Jenkins - ESW #402

What is old is new again: default deny on the endpoint - Danny Jenkins - ESW #402

Author: Security Weekly Productions April 15, 2025 Duration: 36:20
Enterprise Security Weekly (Video)
NewsTechnology

Default deny is an old, and very recognizable term in security. Most folks that have been in the industry for a long time will associate the concept with firewall rules. The old network firewalls, positioned between the public Internet and private data centers, however, were relatively uncomplicated and static. Most businesses had a few hundred firewall rules at most.

The idea of implementing default deny principles elsewhere were attempted, but without much success. Internal networks (NAC), and endpoints (application control 1.0) were too dynamic for the default deny approach to be feasible. Vendors built solutions, and enterprises tried to implement them, but most gave up.

Default deny is still an ideal approach to protecting assets and data against attacks - what it needed was a better approach. An approach that could be implemented at scale, with less overhead. This is what we'll be talking to Threatlocker's CEO and co-founder, Danny Jenkins, about on this episode. They seemed to have cracked the code here and are eager to share how they did it.

This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them!

Show Notes: https://securityweekly.com/esw-402


Hosted by Adrian Sanabria, Enterprise Security Weekly (Video) is a deep dive into the complex world of protecting large organizations. This isn't just a headline recap; it's a practical, analyst-level discussion for security professionals who need to understand the "why" behind the news. Each episode from Security Weekly Productions brings together a seasoned panel including co-hosts like Katie Teitler-Santullo, Ayman Elsawah, Jason Wood, Jackie McGuire, and Sean Metcalf to dissect emerging threats, architectural shifts, and the tools that promise to help. You'll hear candid evaluations as they put security vendors and their claims under the microscope, separating hype from genuine utility. The conversation revolves around actionable intelligence and strategic trends that empower defenders to build more resilient environments. Tuning into this podcast provides a consistent, informed perspective that cuts through the noise of the daily alert cycle, offering clarity and context that's often hard to find. It’s a video format that adds a layer of connection and detail to these technical discussions, making complex topics more accessible. If your work involves making critical decisions about enterprise security posture, this series serves as a vital resource for staying informed and ahead of the curve.
Author: Language: English Episodes: 100

Official website RSS
instagramyoutubediscordlinkedinspotifygithub
Enterprise Security Weekly (Video)
Podcast Episodes
AI Red Teaming Comes to Bug Bounties - Michiel Prins - ESW #391 [not-audio_url] [/not-audio_url]

Duration: 33:31
HackerOne's co-founder, Michiel Prins walks us through the latest new offensive security service: AI red teaming. At the same time enterprises are globally trying to figure out how to QA and red team generative AI models…
Enterprise News - ESW #390 [not-audio_url] [/not-audio_url]

Duration: 57:37
This week in the enterprise news - Cymulate acquires CYNC Secure, Tidal Cyber acquires Zero-Shot, Amazon ransomware attack, and more! Show Notes: https://securityweekly.com/esw-390
2024 End-of-Year News and Wrapup - ESW #388 [not-audio_url] [/not-audio_url]

Duration: 30:05
As we wrap up the year, we have an honest discussion about how important security really is to the business. We discuss some of Katie's predictions for AppSec in 2025, as well as "what sucks" in security! Show Notes: htt…

«1...678910