Airlock Digital was created out of necessity, to address the modern security challenges and advanced threats our customers face on a daily basis. Our proactive security solutions deliver forward thinking and proactive security in enterprises around the world.
Airlock Digital is an Australian based company, with offices in Adelaide and Canberra. Airlock is whitelisting standards compliant.
Vectra has partnered with Airlock to ensure our clients can achieve ASD essential 8 alignment.
What is Application Whitelisting?
Application Whitelisting is the most effective security strategy to prevent malicious code from running on a computer. It works by allowing the user (or administrator) to create and maintain a list of known ‘good’ files which they trust, only these files can run on the computer while all others are blocked. This proactively prevents unknown threats such as ransomware and malware from loading on a computer.
Contrast Application Whitelisting with traditional Anti-virus solutions which work on a blacklist model and only prevent files from running which have been classified as ‘bad’. This reactive approach allows attackers to modify the files (malicious code) they use to attack organisations to avoid detection.
The Australian Signals Directorate intelligence agency ranks Application Whitelisting as most effective strategy (#1) to prevent Targeted Cyber Intrusions*.
Airlock Deployments by Vectra
Airlock is provided as an on-premise, or cloud based client-server solution.
Typical Airlock deployments consist of an:
Airlock Enforcement Agent – installed on workstations and servers to provide protection;
Airlock Server – Easy to install, supporting both physical and virtual infrastructure;
Airlock Application Capture (optional) – Installed on a known trusted workstation or server to assist with the maintenance of Application Whitelisting rule sets.
How can Vectra help?
Vectra’s experience with Application Whitelisting is extensive. Our network and security team has successfully deployed Airlock in many different networks, including our own. Application Whitelisting has previously been a tedious process, is difficult to maintain and can often cause pain for users on the network. Application Whitelisting with Airlock is a simple, repeatable process.
Airlocks ‘audit only’ mode allows you to discover and monitor application execution from every user’s device, which creates the ‘baseline’. Once Airlock is moved to ‘enforcement’ mode, after review – the baseline is used to allow these applications/files to run, and prevent all non approved files or malicious code from running. If the file is not in the whitelist it cannot run, regardless if a file is known good, bad or indifferent.
With a regular review of the blocked item list, the baseline can be dynamically updated to allow any newly approved applications or files. This information is easily visible in Airlock’s extensive dashboard view.
Vectra can assist you with proof of concept installations, pre-installation help, and deployments large and small (including licensing). Several of our security staff are well versed in Airlock’s Application Whitelisting platform, which gives you confidence that your installation of Application Whitelisting will be successful. By using Application Whitelisting you can move towards meeting compliance requirements and aligning your company with the ASD essential 8, provided by the Australian Signals Directorate.