Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.
Danny Jenkins, CEO, and co-founder of ThreatLocker joined host John Gilroy on this week’s Federal Tech Talk to give his perspective on cybersecurity for federal information technology.
The beginning of the interview focused on the issues brought up by the Log4j incident. CISA Director Jan Easterly has said Log4j is “The most serious vulnerability I have ever seen in my decades-long career.” Jenkins said that many free tools are available to manage open-source software, and this is an example of one of them.
The concern he has is that it has already been installed in hundreds and hundreds of servers, and it will take months, or years, to understand the ramifications of this attack.
One approach he suggests is to have automated controls over federal applications and storage. That way, if malicious code is injected into your system, you can have a method to detect where it has embedded itself.
Jenkins introduced the concept of “ring-fencing” to the discussion. The term originated on the farm — the idea was to build a barrier to protect animals. The financial industry took the term and applied it to isolating assets to protect them from risk. As applied to the world of information security, ring-fencing considers risk management when allowing access to data and other digital resources.