Beyond the Dark Web: Zero Trust for Enterprise Security
Cyber threats evolve unprecedentedly, and bad actors even weaponize AI. Traditional security approaches are no longer sufficient. This podcast dives deep into the critical need for a Zero Trust Security model, focusing on blocking first and permitting later to build truly resilient enterprise security defenses. Discover how understanding modern cybercriminals' methods, including those operating on the dark web, is essential for implementing proactive and effective protection strategies. Sugata Sanyal, Founder & CEO of ZINFI, discusses this in an insightful discussion with Danny Jenkins, Co-founder and CEO of ThreatLocker. With over 20 years in cybersecurity, Danny founded ThreatLocker on the principle of denying by default, offering an endpoint cloud protection platform that hardens digital environments. This conversation explores the shift from reactive detection to proactive protection, the changing landscape of attack vectors, cybercrime's organized nature, and AI's critical role in offense and defense for enterprise security. Listen to the full episode to gain actionable insights into fortifying your enterprise security posture against advanced cyber threats!
TL;DR
Cybersecurity veteran Danny Jenkins discusses why traditional detection-based security is failing and how a zero-trust approach—blocking by default and permitting only what is necessary—is the only way to effectively secure modern, mobile endpoints and cloud-based applications against sophisticated threats like ransomware and unauthorized remote access tools.
"We have been failing at finding every piece of malware for thirty years; instead of trying to detect what is bad, we should focus on only allowing the specific software your business actually needs."
— Danny Jenkins
What We Discussed
The Evolution of Zero Trust Security
The cybersecurity industry has spent decades attempting to build lists of every malicious file in existence, a strategy that Danny Jenkins argues has inherently failed. Instead of reactive detection, ThreatLocker advocates for a zero trust philosophy that begins with a total block of all executions. This proactive approach ensures that only pre-approved software can run on a company's network. By starting with a clean slate, organizations can effectively eliminate the risk of unknown malware and zero-day exploits.
- •Security should focus on blocking first and permitting later to create a secure environment.
- •Traditional antivirus tools have struggled for 30 years to keep up with the volume of new malware.
- •ThreatLocker identifies what software a business actually needs before denying everything else.
- •The platform provides visibility into the country of origin for all running applications.
- •Allow-listing simplifies security by removing the need to identify if a file is 'good' or 'bad'.
- •This model addresses the core issue of ransomware by preventing unauthorized tools from ever starting.
- •The strategy makes security viable and simple for businesses that lack huge IT teams.
Hardening the Endpoint as the New Perimeter
In the past, businesses relied on a strong network perimeter to keep threats out while maintaining a soft interior. Today, the endpoint—whether a laptop or a server—is the primary target because it travels outside the office and accesses encrypted data directly. Danny highlights that hardening these devices is crucial because gaining access to an endpoint gives an attacker the same permissions as the user. This makes endpoint protection the most critical layer of a modern defense strategy.
- •Endpoints are the point of entry for almost every modern cyberattack on a business.
- •Modern traffic is often encrypted (HTTPS), making it invisible to traditional network firewalls.
- •Hardening the endpoint prevents attackers from using remote access tools to bypass security.
- •The 'soft middle' of internal networks must be protected by individual device security.
- •ThreatLocker treats every computer as its own secured island within the larger network.
- •Protecting endpoints ensures security remains intact even when employees work remotely.
- •Stopping unauthorized software at the device level is more effective than filtering at the gate.
Control Beyond Application Execution
Simply allowing a program to run is not enough; businesses must also control what those programs can do once they are active. ThreatLocker extends its protection to storage controls and elevation management to limit the damage a compromised application can cause. By restricting an app's access to only the files it requires, companies can stop data exfiltration and lateral movement. This granular control is essential for preventing privileged escalation attacks that often lead to full network compromise.
- •Control includes more than just execution; it dictates what software can access on the drive.
- •Elevation controls prevent standard users from running processes with administrative rights.
- •The platform manages PAM (Privileged Access Management) to reduce the risk of stolen credentials.
- •Storage controls prevent authorized apps from being used to encrypt or steal sensitive data.
- •Web filtering and network traffic controls are integrated into the endpoint agent for unity.
- •Limiting software capabilities reduces the overall attack surface available to hackers.
- •These controls help satisfy compliance requirements for data privacy and internal security.
Securing the Cloud and Mobile Workforce
As business operations move to the cloud, the definition of an endpoint has expanded to include mobile devices and cloud-hosted servers. Danny notes that most current attacks focus either on the endpoint or the cloud application itself. While mobile OS limitations exist, having an agent on these devices is a key part of identity protection. By securing the link between the user and their cloud data, organizations can ensure that unauthorized access is blocked regardless of the user's physical location.
- •A large portion of business is conducted via mobile devices and cloud infrastructure.
- •ThreatLocker agents provide a layer of security even on limited mobile platforms.
- •Cloud applications are a top target for modern hackers looking for quick data wins.
- •The focus remains on stopping the attack vectors that lead directly to the cloud.
- •Authenticated network connections are verified before access to cloud resources is granted.
- •Protecting the cloud requires a mix of identity management and device posture checks.
- •The goal is to maintain a consistent security posture across all device types and locations.
Frequently Asked Questions
Key Takeaways
Related Episodes
Building Scalable Companies via Venture Studios
A venture studio acts as a central engine that simultaneously builds and scales multiple startups. Unlike traditional accelerators, it offers long-term, hands-on involvement by integrating the roles of entrepreneur, operator, and investor. According to Matt Burris, a Subject Matter Expert (SME) on Venture Studios and a partner at the 9point8 Collective and a Senior Director at the Venture Studio Forum, notes in a podcast with Sugata Sanyal (Founder & CEO of ZINFI), this model provides essential day-one capital and operational support, allowing founders to prioritize product-market fit over administrative tasks. By centralizing resources, studios function similarly to ZINFI’s Unified Partner Management platform, orchestrating complex variables into a streamlined infrastructure. As we move through 2026, the studio model has emerged as a powerful alternative to standard venture capital. It is particularly effective for corporate innovators and seasoned entrepreneurs seeking to minimize risk while launching high-growth, scalable companies.
Past, Present, and the Future of Cybersecurity
In this engaging episode, we explore the dynamic world of partner ecosystems, examining their critical roles in advancing cybersecurity and propelling significant business growth. The podcast presents Joe Levy, CEO at Sophos, who brings decades of tech industry expertise, alongside ZINFI Technologies’ CEO Sugata Sanyal. Together, they provide deep insights into developing cybersecurity strategies and the vital importance of partnerships in spurring innovation and broadening market reach. Listeners will understand how strategic collaborations form the foundation of sustainable business models and how emerging technologies, such as artificial intelligence, are reshaping the cybersecurity arena.
AI’s $7 Trillion Revolution: Tech and Partner Ecosystem
In this insightful podcast, Chief Analyst at Canalys, Jay McBain, discusses the transformative impact of cloud computing and AI on global economics, channel dynamics, and IT spending with ZINFI Technologies’ CEO, Sugata Sanyal. Delving into geopolitical influences, technological shifts, and the future of partner ecosystems, McBain provides a deep dive into how businesses need to adapt to these changes. The discussion also highlights strategies for embracing new technologies and optimizing channel operations in a rapidly evolving digital landscape, making it a must-listen for professionals navigating the complexities of modern tech industries.