Airlock Digital enables you to easily create and manage secure application allowlists in dynamically changing computing environments. Unlike signature based file blocking (black listing) such as antivirus, Airlock only allows files it has been instructed to trust, to run. Vectra has partnered with Airlock to ensure our clients can achieve ASD essential 8 alignment. As an Airlock implementation partner, we can assist you with proof of concept installations, pre-installation help, and deployments both large and small – including licensing.
Airlock Digital was created out of necessity, to address the modern security challenges and advanced threats our customers face on a daily basis. Airlock Digitals proactive security solutions deliver forward thinking and proactive security in enterprises around the world, one such solution being Airlock, their flagship allowlisting application.
Airlock Digital is an Australian based company, with offices in both Adelaide and Canberra. Airlock is allowlisting standards compliant.
Vectra has partnered with Airlock to ensure our clients can achieve ASD essential 8 alignment through implementation across their internal networks.
Application allowlisting, also known as application control, is the most effective security strategy to prevent malicious code from running on a computer. It works by allowing the user (or administrator) to create and maintain a list of known ‘good’ files which they trust, only these files can run on the computer while all others are blocked. This proactively prevents unknown threats such as ransomware and malware from loading on a computer.
Contrast Application Allowlisting with traditional Anti-virus solutions which work on an application blocklisting software model and only prevent files from running which have been classified as ‘bad’. This reactive approach allows attackers to modify the files (malicious code) they use to attack organisations to avoid detection.
The Australian Signals Directorate intelligence agency ranks Application Allowlisting as most effective strategy (#1) to prevent Targeted Cyber Intrusions*.
Vectra can help you reduce the risk of zero day attacks. IP allowlisting and advanced application control are also very effective at reducing your exposure.
The ‘audit only’ mode allows you to discover and monitor application execution from every user’s device, which creates the ‘baseline’. Once Airlock is moved to ‘enforcement’ mode, after review – the baseline is used to allow these applications/files to run, and prevent all non approved files or malicious code from running. If the file is not in the whitelist it cannot run, regardless if a file is known as good, bad or indifferent.
With a regular review of the blocked item list, the baseline can be dynamically updated to allow any newly approved applications or files. This information is easily visible in the extensive dashboard view.
Vectra can assist you with proof of concept installations, pre-installation help, and deployments large and small (including licensing). Several of our security staff are well versed in Airlock’s Application Whitelisting platform, which gives you confidence that your installation of Application Whitelisting will be successful. By using Application Whitelisting you can move towards meeting compliance requirements and aligning your company with the ASD essential 8, provided by the Australian Signals Directorate.
Typical deployments consist of an:
Enforcement Agent – installed on workstations and servers to provide protection;
Server – Easy to install, supporting both physical and virtual infrastructure;
Application Capture (optional) – Installed on a known trusted workstation or server to assist with the maintenance of Application Whitelisting rule sets.
Allowlisting is currently supported by the Airlock Enforcement Agent on the following operating systems:
Microsoft Windows
– Windows® XP SP3, Vista SP2, 7 SP1, 8, 8.1, 10 and 11;
– Windows® Server 2003 SP1, 2008, 2008R2, 2012, 2012R2, 2016, 2019, 2022;
(all Windows platforms include 32bit and 64bit support and are compatible with Core versions of the respective Windows® versions).
Linux
– CentOS Linux 6.3+ / 7.2+ / 8.x / 9.x (including Stream)
– Red Hat Enterprise Linux 6.3+ / 7.2+ / 8.x / 9.x
– Oracle Linux 7.7+ / 8.2+ (including UEK kernels)
– Rocky Linux
– Amazon Linux 2
– Ubuntu 14.x, 16.x, 18.x, 20.x, 22.x
macOS
– Catalina 10.15+
– Big Sur 11.0+
– Monterey 12.0+
– Ventura 13.0+
Airlock Digital prioritises compliance against the Australia Cycber Security Centre’s Essential 8 Mitigation Strategies. As the requirements change the solution will be updated. Airlock is tailored to help customers achieve Application Control at a Level 3 Maturity.
Airlock Digital priorities compliance against The Australian Cyber Security Centre Essential Eight Mitigation Strategies and is committed to making changes to the solution as the requirements change. The Airlock platform is tailored to help customers achieving Maturity Level 3 for Application Control.
Airlock integrates with a number of SIEM for external logging of all platform data in real-time. Airlock can also export most data from within the platform to common file formats such as .CSV & .XML. If you’re interested in finding out more about SIEM integrations and to find out if your SIEM is supported, give our team a call or send an enquiry below.
Scenarios where new applications are being introduced and/or a user wants to run something that’s currently getting blocked is essential to a successful Allowlisting implementation.
One Time Pad (OTP) functionality is incorporated into Airlock. This handles exceptions through a time-based audit mode (can be Self Serviced and/or through a service desk workflow). During this session, a user can run unapproved files. After the code expires/is revoked, the device goes back to the original policy. The Airlock administrator can then review what the user ran during this session and make Allowlist updates if required.
