3 hours ago
1
ARTICLE AD BOX
Julie Devoll, HBR
Hello, my name is Julie Devoll, editor of special projects and webinars for Harvard Business Review. I recently had the pleasure of attending Zero Trust World and sitting down with Ryan Bowman, vice president of solutions engineering at Threatlocker. Ryan discussed how organizations can successfully implement Zero Trust security while balancing the needs of day-to-day business operations.
Ryan, thank you so much for joining [me] today.
Ryan Bowman, Threatlocker
Absolutely. Thank you for having me.
Julie Devoll, HBR
So Zero Trust is widely accepted but inconsistently implemented. So from an engineering perspective, what does it take to truly operationalize it inside organizations?
Ryan Bowman, Threatlocker
Yeah, I mean, that’s been the focus of Threatlocker—to make a well-known technology that is effective and be able to do that. An extensive learning process for us really tries to automate that process and get the heavy lifting off the administrator’s shoulders by automatically doing a lot of the discovery of what’s already in the environment, and that gives you that baseline. Instead of starting from zero, start from a position of knowing a good portion of what’s there. And then yes, there’s always some of that manual work to make those final adjustments. But really, automating that initial discovery process is a huge factor in being able to effectively implement the types of controls that Zero Trust provides.
Julie Devoll, HBR
So as attackers use AI to automate their exploits, how should security architecture evolve to prevent threats rather than simply detect them?
Ryan Bowman, Threatlocker
Yeah, I mean, that’s really the foundation of Zero Trust. And what makes that so effective with AI giving people the ability to change their attacks very, very quickly and execute multiple attempts of an attack over and over again in a very short amount of time. The ability to detect all those fast enough, and to be able to detect the new threats, fast enough, has become an even more difficult task than it’s been in years past. And that’s really what makes Zero Trust shine—not having to identify all those, just knowing that this is a behavior we haven’t seen before. And so we’re just simply not going to allow it until we discover [whether] there’s a real need for it or not.
Julie Devoll, HBR
So then how do you design cybersecurity controls that reduce attack surfaces without disrupting your business outcomes or your IT teams?
Ryan Bowman, Threatlocker
Yeah, that’s always been the security challenge. Creating a network that’s secure enough to be difficult to penetrate but not impacting the ability [of] users to get their work done. And again, that process of discovering what is normal behavior inside the environment is a huge, huge piece of that and, of course, the knowledge and the understanding of what attackers are most likely to try to weaponize inside the environment. And making sure that there [are] controls around those things is a very important piece as well, so that even if there is some level of attack, it’s really hard for that to spread because of the amount of control that’s in place and limiting those things that are not normal anyway.
Julie Devoll, HBR
Well, Ryan, thank you so much for joining us today.
Ryan Bowman, Threatlocker
Thank you for having me.
English (US) ·