ThreatLocker’s Rob Allen Urges MSPs To Rethink Zero Trust At XChange Denver

At XChange in Denver, Rob Allen, chief product officer at ThreatLocker, delivered a candid and actionable presentation urging solution providers to embrace a more practical approach to zero trust security.

“We’re going to talk about zero trust,” Allen began. “We are going to avoid most buzzwords, but zero trust is one, unfortunately, that we’re going to have to lean into.” His message to MSPs was clear: security must start with a default-deny posture, and ThreatLocker’s platform makes that achievable without the heavy lift.

Allen emphasized that ThreatLocker’s controls operate at the system level, not the user level. “It doesn’t make any difference if it’s an administrator or not. They’re still not going to be able to run the things that you don’t want them to be able to run.”

A standout feature of ThreatLocker’s approach is ringfencing, which limits what applications can do once they’re running. “Does PowerShell need to reach out to the whole internet? The reality is it doesn’t,” Allen said. “By denying by default, you can stop it running code.”

He also addressed common gaps in server protection, noting that attackers often exploit virtual servers. “Very often people do not ThreatLocker servers…it makes it possible for attackers to mount VHDs, remove security tools and boot without those security tools running.”

Allen urged MSPs to block outbound traffic from servers and restrict USB access to prevent data exfiltration. “In a lot of cases, that will stop data exfiltration in its tracks,” he said. “Most servers do not need to [connect] outwards, unrestricted to the internet.”

ThreatLocker’s agent-based deployment logs all activity and auto-generates policies, reducing manual configuration. “We’ll see all that software running and we’ll say, okay, we’re going to create a policy for this,” Allen explained.

Learn more at threatlocker.com