Stopping Cyberattacks before they Start
Most cyberattacks now begin with stolen credentials. Could Zero Trust stop them before they start? Phishing, credential theft and ransomware now dominate the cyber threat landscape. Instead of breaking into systems directly, attackers increasingly gain access by stealing credentials and logging in as legitimate users.
Cybersecurity company ThreatLocker believes the most effective defence is to stop unauthorised activity before it can run.
During Zero Trust World 2026, the company’s annual cybersecurity conference in Orlando, I interviewed ThreatLocker CEO and co-founder Danny Jenkins about how the company is responding to this shift in cyber threats.
Jenkins described the company’s philosophy in simple terms.
“Our goal has always been to stop attacks before they start,” he told me. “If something isn’t explicitly trusted, it simply shouldn’t be allowed to run.”
That principle underpins ThreatLocker’s deny-by-default Zero Trust platform, which allows only approved software and activity to operate inside an organisation’s systems.
The latest expansion of the platform focuses on one of the fastest-growing threats facing businesses today: credential-based cyberattacks.
ThreatLocker Targets Credential-Based Cyberattacks
A central announcement at the conference was the extension of ThreatLocker’s Zero Trust controls to corporate networks and cloud services.
Jenkins explained that the new capability verifies three elements before granting access: valid credentials, an approved device and a secure connection brokered through the ThreatLocker platform.
“Our transformative solution gives organizations confidence that their systems are secure even if a credential is stolen,” he explained during our discussion.
If any one of those elements is missing, access is denied.
The approach is designed to stop attackers even if a user has been successfully phished.
Why Credential Theft has become a Major Security Risk
Much of our conversation focused on how cyberattacks have evolved.
Credentials are the digital keys that allow users to access systems. They usually include usernames, passwords and authentication tokens that confirm a user has logged in successfully. If attackers obtain those credentials, they may be able to access systems while appearing to be legitimate users.
Jenkins noted that authentication tokens have become a growing vulnerability.
“In many cases attackers don’t even need your username and password anymore,” he told me.
He explained how attackers can capture login tokens issued after a successful authentication.
“Once someone logs in, a token is issued to the device. If an attacker captures that token they can potentially access services without ever using the original credentials.”
Artificial intelligence is also accelerating the problem. When I asked about the future of cyber threats, Jenkins pointed out how AI tools have lowered the barrier for generating malicious software.
“Twenty years ago there were probably a relatively small number of people capable of writing sophisticated malware,” he said. “Today someone with no development experience can go to an AI system and generate malicious code in seconds.”
For Jenkins, these developments reinforce the need for security models focused on prevention rather than detection.
“If something isn’t explicitly trusted, it simply shouldn’t be allowed to run.”
Extending Zero Trust Protection to Networks and Cloud Services
The capability introduced at Zero Trust World extends ThreatLocker’s existing controls to corporate networks and cloud platforms.
In practice this means that even if a user is successfully phished, attackers cannot access company systems unless they also possess the trusted device associated with the account.
ThreatLocker says the platform can protect access to widely used services including Microsoft 365, Salesforce, Google Workspace, GitHub and Asana.
By verifying both the user and the device making the request, the system attempts to stop unauthorised access before it occurs.
This preventative approach also reduces reliance on traditional detection systems that generate alerts only after an intrusion has begun.
Security without Disrupting Everyday Work
Introducing stronger cybersecurity controls can sometimes create friction for employees.
When I raised this issue with Seamus Lennon, Vice President of Operations for EMEA at ThreatLocker, he emphasised the importance of balancing security with usability.
“There’s always been a balance between security and productivity,” Lennon told me. “If security controls are too restrictive they can slow people down or stop them doing their jobs.”
ThreatLocker’s deny-by-default model attempts to avoid that problem by defining which applications and processes are allowed to run inside an organisation’s systems.
Once configured, Lennon said, the system should operate largely in the background. “If our solution engineers have done their job correctly, the end users shouldn’t even realise ThreatLocker is there.”
Industry Perspectives from the Conference
Security professionals attending Zero Trust World also shared their experience of deploying preventative cybersecurity models.
Danny O’Brien, Managing Director of Irish cybersecurity provider FutureRange, told me the ThreatLocker platform offers organisations a practical way to implement Zero Trust security.
“By focusing on controlling what applications and processes are allowed to run, organisations significantly reduce their attack surface rather than relying purely on detection after the fact,” he said. “We recommend it to organisations of all sizes, particularly those operating in regulated sectors or with complex endpoint environments.”
Another attendee, Krister Ekberg, Group Investigations Lead at Stena AB, described the approach as a fundamental shift in cybersecurity thinking.
“The biggest benefit I see of the ThreatLocker approach is that it flips the traditional security model,” Ekberg explained. “Instead of trying to block every new unknown threat, it only allows what you explicitly trust to run.”
MSPs and the Wider Customer Base
ThreatLocker distributes much of its software through managed service providers (MSPs).
These are specialist IT companies that manage cybersecurity and infrastructure for multiple client organisations, particularly smaller businesses that do not have their own in-house IT departments.
Irish cybersecurity firm FutureRange is one such partner, deploying the platform across customer environments.
ThreatLocker’s customers range from small businesses using MSP services to large international organisations.
During our conversation, Jenkins said the platform is used by organisations including Heathrow Airport. He added that customers span sectors such as healthcare providers, professional sports organisations in the US, government agencies and major manufacturing companies. In Ireland, he noted that the platform is also used by a leading Irish bank.
From 70 Attendees to a Global Security Community
ThreatLocker says its platform now protects more than 70,000 organisations worldwide.
The company’s annual conference has grown alongside the platform. Zero Trust World began with around 70 attendees in its first year and now attracts more than 2,000 cybersecurity professionals.
The 2026 event took place at the Rosen Shingle Creek conference centre in Orlando, bringing together security specialists to examine how organisations can defend themselves against increasingly automated cyber threats.
ThreatLocker is headquartered in Orlando and operates international offices including Dublin, Dubai and Brisbane, supporting customers across Europe, the Middle East, Asia-Pacific and North America.
As ransomware, phishing and AI-generated malware continue to evolve, Jenkins believes organisations must rethink how they defend their systems.
ThreatLocker’s strategy is straightforward: block anything that is not explicitly trusted, stopping cyberattacks before they can run.
Find out more about ThreatLocker’s rise as a global cybersecurity company in the previous article.
Billy Linehan
Billy Linehan reports from Orlando, Florida, where he attended ThreatLocker’s sixth Zero Trust World conference at the Rosen Shingle Creek Hotel. Billy writes about innovation, tech for good and entrepreneurship for Irish Tech News. He leads Celtar Advisers, working as a business mentor with SMEs and startup founders, and co-founded StartUp Ballymun, Dublin’s longest-running entrepreneurship series. In recent months he has reported from technology and innovation events in Rome, Las Vegas and Orlando.
See more breaking stories here.
