Suggestions

Today: Jun 30, 2025
Sign in
Subscribe

Zero trust, zero excuses

Danny Jenkins, CEO of ThreatLocker
Danny Jenkins

ThreatLocker CEO Danny Jenkins on why endpoint security has never been easier. 

Everyone’s talking about Zero Trust now—it’s a buzzword. But implementing it, especially on endpoints, isn’t always easy.

Actually, when it comes to endpoints, it’s incredibly easy—at least in 99% of cases. The idea behind Zero Trust is very simple. It’s not about a single product, though products can help support it. The principle is this: access is only granted to what’s needed.

And it’s not just about users. For example, Bob only needs access to financial files—so he only gets access to those. Sally only needs access to sales—so that’s all she can see. Microsoft Office only needs access to documents—so it only gets that access. It can’t touch PowerShell.

When we apply this to endpoints, we ask: What software is allowed to run? Is everything blocked by default? Can one piece of software communicate with another? Can it access your files?

That’s the philosophy—only what is needed should be allowed.

We’ve done 20,000 endpoint implementations with just 30 hours of manpower. That’s possible because of learning algorithms, AI advancements, and the intelligence we’ve built into the system. All of that has made it incredibly easy to implement Zero Trust at the endpoint level.

So, you’re leveraging AI and ML in your portfolio.

Yes, we use both machine learning and AI quite extensively. In fact, we’ve developed our own models that are continuously learning and evolving.

The challenge with implementing Zero Trust is that you need to understand how software is supposed to behave. That’s where our models come in. With millions of endpoints deployed worldwide, we’re able to observe and learn typical behavior patterns—for example, how Office behaves, how Chrome behaves, how Adobe behaves.

We identify what each application needs to do—and nothing more. That insight is what makes our Zero Trust approach so effective.

Is your platform automated?
Yes, absolutely. Once deployed, the platform automates most of the process. It identifies all the applications in the environment. While there is a small manual component and the customer may need to do a bit of manual work, around 99.9% of the deployment is fully automated. That’s also thanks to the fact that we have a team continuously feeding data into the system to keep it optimized.

Do you also play in the EDR space?

We have full EDR capabilities. Zero Trust is at the core of what we do, and EDR is a critical part of the overall strategy. But EDR should always be the backup, not the first line of defense.

Think of EDR like a house alarm. You wouldn’t rely solely on the alarm and leave your doors unlocked. You lock your doors first—that’s your proactive protection—and then you set the alarm as your second layer of defense.

Are you seeing a lot of AI-driven exploits?
Yes, a huge amount. We’re observing two key trends: First, there’s a significant rise in phishing attacks—highly convincing and intelligently crafted. Second, we’re seeing the creation of new, previously unseen malware that’s bypassing traditional defenses.

What are your views on AI in cybersecurity?
AI is a double-edged sword. Attackers use it, and so do defenders. But when it comes to intent detection, AI falls short. For example, backup software and malware might both move data to the cloud—but AI can’t tell whether it’s malicious or not. That’s why AI is more effective at behavioral profiling—understanding what’s normal vs. abnormal—rather than trying to guess intent.

Do you also cover cloud-native and endpoint security?
Yes, we do. For instance, we now support Microsoft 365. We’re building consolidated log views that help detect anomalies—say, if someone logs into Microsoft 365 in Dubai but accesses GitHub from Florida minutes later, we flag that as suspicious behavior.

What are you bringing to the table? What would you say differentiates your solution?

I’d say our biggest differentiator is the control we give organizations over what runs in their environment. We’re ring-fencing applications, limiting what they can do, and applying strict rules with binary decisions around data access. This means you’re no longer guessing whether the latest threat will be detected. Instead, the approach is: if it’s not explicitly allowed, it simply doesn’t run. That’s real security.

Can your solution be easily integrated into existing security stacks?
Yes, absolutely. In fact, we frequently integrate with SIEMs. While we offer our own EDR, XDR, and MDR capabilities, I’d say about half of our customers use our Zero Trust platform alongside another EDR solution.

Do you think SIEM is still necessary?

If you need to keep logs, then yes—of course, SIEM is still important. I believe SIEM has two main purposes. First, it’s a central log aggregator, giving you visibility into everything that’s happening in your environment in the event of an incident. Second, it’s critical for compliance.

It’s also meant to help with threat identification by running rule sets on the data. That said, I think it was over-prioritized in many organizations. You still have people investing in SIEM while allowing untrusted software to run freely—which, frankly, is a bit backward. You’d think Zero Trust would be the first step.

What does the current threat landscape look like? Are there any new trends, or is it still the usual suspects—ransomware, phishing, and malware?
We’re definitely seeing a lot of new ransomware gangs emerge. There’s more data exfiltration, and we’re also seeing an uptick in AI-driven malware. So while it’s not necessarily a radically new threat landscape, it’s certainly evolving—with more actors, more malware variants, and greater use of AI to drive attacks.

Do you provide threat intelligence or insights to your customers?

Yes, we do. While we don’t provide a direct list of threats, we cross-reference customer data against threat intelligence sources to identify suspicious activity. That correlation helps customers understand their exposure without overwhelming them with generic threat feeds.

What opportunities do you see in this market? Are you targeting any specific verticals?

This is the fourth market we’ve entered, and it’s growing faster than any of the previous ones. A big part of that is our maturity—we’re now used by over 54,000 businesses worldwide, including some of the world’s largest airports, banks, and financial institutions. That level of trust certainly helps.
But I also think companies in this region are becoming more aware of how heavily targeted they are. Given the geopolitical tensions and rising cyber activity, there’s growing urgency to close existing security gaps.

What’s your key message to CISOs in this region?

Focus on removing unnecessary permissions. Whether through application whitelisting, ring-fencing, or revoking excessive user privileges—this is where you’ll have the most impact. Prevention through access control is far more effective than detection after the fact.

Tags

Related Posts

Jeevan Thankappan

Leave a Reply

Latest from Blog

Don't Miss

ThreatLocker CEO: “Harden your security posture, and don’t overcomplicate things”

An exclusive interview with Danny Jenkins, CEO and co-founder of ThreatLocker.  
Justin Doo, Regional Manager MEA, Okta.

North America leads in zero trust policies, Europe and Middle East lag, Okta report

According to Okta’s research, 40% of global organisations are working on zero

Welcome to

By signing or creating an account you agree with our Code of conduct & Privacy policy