What is old is new again: default deny on the endpoint – Danny Jenkins – ESW #402
Default deny is an old, and very recognizable term in security. Most folks that have been in the industry for a long time will associate the concept with firewall rules. The old network firewalls, positioned between the public Internet and private data centers, however, were relatively uncomplicated and static. Most businesses had a few hundred firewall rules at most.
The idea of implementing default deny principles elsewhere were attempted, but without much success. Internal networks (NAC), and endpoints (application control 1.0) were too dynamic for the default deny approach to be feasible. Vendors built solutions, and enterprises tried to implement them, but most gave up.
Default deny is still an ideal approach to protecting assets and data against attacks - what it needed was a better approach. An approach that could be implemented at scale, with less overhead. This is what we’ll be talking to Threatlocker’s CEO and co-founder, Danny Jenkins, about on this episode. They seemed to have cracked the code here and are eager to share how they did it.
This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them!
Danny Jenkins, CEO & Co-Founder of ThreatLocker, a cybersecurity firm providing Zero Trust endpoint security, is a leading cybersecurity expert with over two decades of experience building and securing corporate networks, including roles on red and blue teams. He is dedicated to educating industry professionals about the latest cyber threats and frequently speaks on the topics of ransomware and Zero Trust.
I'll be running an panelcast with Fastly, titled Security Without Speed Bumps: Using WAF Simulator to Transform DevSecOps Workflows. Join me for this exciting webcast on April 16th. To register for this panelcast, go to securityweekly.com/WAF
I SIEM, you SIEM, we all SIEM for a Security Data Strategy – Colby DeRodeff – ESW #402
We wanted security data? We got it! Now, what the heck do we DO with all of it?
The core challenge of security operations, incident response, and even compliance is still a data management and analysis problem. Which is why we’re seeing companies like Abstract Security pop up to address some of these challenges.
Abstract just released a comprehensive eBook on security data strategy, linked below, and you don’t even need to give up an email address to read it! In this interview, we’ll talk through some of the highlights:
- Challenges
- Myths
- Pillars of a data security strategy
- Understanding the tools available
Segment Resources
Before co-founding Abstract Security as CEO, Colby held key leadership positions in several fast-growing companies, where he honed his skills in driving product development, scaling operations, and leading cross-functional teams. Colby is passionate about building high-performance teams, fostering innovation, and delivering value to customers through groundbreaking technology.
His leadership style emphasizes a blend of strong business acumen and a deep understanding of technology trends, ensuring companies under his leadership stay ahead of the curve. Colby is also a proponent of cultivating a positive company culture, encouraging diversity, and empowering employees to drive meaningful change.
Colby DeRodeff is a seasoned executive and technology leader with a wealth of experience in security and SaaS platforms. He is the CEO and Co-Founder of Abstract Security, where he drives the company’s mission to deliver cutting-edge security solutions to tackle today’s most pressing digital threats. Colby has a proven track record of scaling companies, driving product innovation, and leading cross-functional teams to success.
Colby DeRodeff is a customer first, lead from the front executive with a strong background in scaling technology businesses, specializing in security, SaaS platforms, and innovative product development. As the CEO and Co-Founder of Abstract Security, Colby leads the organization with a focus on delivering cutting-edge security solutions that address the evolving challenges in today’s digital landscape. His expertise spans strategic leadership, product vision, and operational execution.
Security Weekly listeners save $100 on their RSAC Conference 2025 Full Conference Pass! RSA Conference will take place April 28 to May 1 in San Francisco and on demand. To register using our discount code, please visit securityweekly.com/rsac25 and use the code 5U5SECWEEKLY! We hope to see you there!
The rise of MSSPs, CVE drama, Detection Engineering How-To & Doggie Survival Skills – ESW #402
In the enterprise security news,
- new startup funding
- what happened to the cybersecurity skills shortage?
- tools for playing with local GenAI models
- CVE assignment drama
- a SIEM-agnostic approach to detection engineering
- pitch for charity
- a lost dog that doesn’t want to be found
All that and more, on this episode of Enterprise Security Weekly.
Identiverse 2025 is returning to Las Vegas, June 3-6. Hear from 250+ expert speakers and connect with 3,000+ identity security professionals across four days of keynotes, breakout sessions, and deep dives into the latest identity security trends. Plus, take part in hands-on workshops and explore the brand-new Non-Human Identity Pavilion. Register now and save 25% with code IDV25-SecurityWeekly at https://www.securityweekly.com/IDV2025
Adrian Sanabria
- FUNDING: Courtesy of the Security, Funded newsletter, #188 – When Tariffs Hit the Fan
Last week's vibe check asked, "what's the first sign a security tool won't deliver value?"
Dead even were the answers, "team sticks to manual work", and "no clear owner after purchase". Less concerning were "integration delays or issues" and "no early value shown".
In this week's funding:
- ReliaQuest, a Florida-based SOCaaS vendor raised a $500M Private Equity Round from EQT, FTV Capital, and Kohlberg Kravis Roberts.
- Cyberhaven, one of a handful of new DLPv2 startups, raised a $100M Series D from StepStone Group.
- Portnox, a modern NAC vendor, raises a $37.5M Series B led by Updata Partners
- Reality Defender, a deepfake defense platform, raised an undisclosed venture round from Fusion Fund, Samsung NEXT, and BNY Mellon
- JOBS: Lesley, What Happened to the “Cybersecurity Skills Shortage”?
- AI TOOLS: Introducing Docker Model Runner
Docker is the latest to offer a free LLM inference engine. If you haven't tried any of these out, they're a great way to get comfortable with the technology, for free, in the comfort of your own home lab.
I'm pretty basic, so I'm just looking for a nice UI, though there are some significant differences between these. All of these have their own model repos, and make it easy to download and start using a model. With that said, here's some I tried out that worked and didn't totally suck, and one or two I haven't tried yet, but look nice:
- Ollama - the UI is Powershell if you're using it on Windows. Very basic UI, though it can be connected to fancier front ends.
- GPT4all - looks like this UI got an overhaul! I haven't used this version yet. Looks nice.
- Jan - haven't tried yet, looks nice
- LM Studio - powerful UI with a learning curve
- Anaconda AI Navigator - very polished, nice UI, highly recommend.
- DRAMA: Two CVEs, One Critical Flaw: Inside the CrushFTP Vulnerability Controversy
- HOWTO: My SIEM-Agnostic Creative Process to Detection Engineering
- CHARITY: Security Tinkerers Hosts “Pitch for Charity” Event cosponsored by Okta and SentinelOne at Okta Headquarters in San Francisco
- REPORTS: CISO MindMap 2025: What do InfoSec Professionals Really Do?
- SQUIRREL: This Eight-Pound Miniature Dachshund Survived 16 Months on a Rugged Australian Island. But She’s Still Evading Rescuers
