Down the Security Rabbithole Podcast (DtSR) DtSR Episode 696 - Zero Trust CyberSecurity Shenanigans
Mar 10, 2026
Rob Allen, CPO of ThreatLocker and zero trust endpoint advocate, talks platform evolution from deny-by-default allow-listing to ringfencing, network control, Detect (EDR), patching and MDR. He covers AI risks, scaling policies for many agents, reducing alert noise, and why prevention-first security reshapes consolidation and TCO.
AI Snips
Chapters
Transcript
Episode notes
Allowlisting Extended Into Ringfencing And Platform
- ThreatLocker evolved from simple allowlisting to a platform combining allowlisting, ringfencing, network control, patching, and MDR.
- Rob Allen described ringfencing as limiting what running processes can do, not just whether they can run, preventing actions like PowerShell reaching the internet.
Zero Trust Applied Across Process And Network Layers
- ThreatLocker adds controls across multiple layers: process execution, process behavior, and network access to implement zero trust principles.
- Rob Allen framed this as extending the deny-by-default principle from binaries to what running software is allowed to do and to network traffic.
Ringfence AI Agents To Only Needed Resources
- Ringfence agentic AI and developer tools to restrict access to sensitive shares and internet destinations.
- Rob Allen recommends creating policies that allow AI tools only the specific network and storage resources they need, blocking finance shares.