Why Airlock Digital : Compliance
Canada's Top 10 IT Security Actions
Proactive security advice from the Canadian Centre for Cybersecurity (CCCS)
The Canadian Centre for Cybersecurity (CCCS) Top Ten IT Security Actions to protect Internet connected networks and information (ITSM.10.089) provide organizations with actionable guidance to reduce cyber risks and enhance operational resilience. These measures focus on addressing common threats such as ransomware, unauthorized access, and insider risks.
CCCS Top 10 IT Security Actions
1. Consolidate, monitor, and defend internet gateways.
2. Patch operating systems and applications.
3. Enforce the management of administrative privileges.
4. Harden operating systems and applications.
5. Segment and separate information.
6. Provide tailored training.
7. Protect information at the enterprise level.
8. Apply protection at the host level.
9. Isolate web-facing applications.
10. Implement application allow lists.
Application Control is a key pillar of the CCCS Top 10 IT Security Actions and provides a significant risk reduction against malware, ransomware and cyber security incidents.
How Airlock Digital supports the Implementation of application allow lists
2. Application allow lists: An introduction
| Activity Reference | Capability Statement |
|---|---|
| 2.1 Allow lists versus deny lists | Airlock Digital supports enforcement of allow lists on workstation and server endpoints with support for Windows, macOS and Linux, making easy to administer application control a reality. Centralized visibility of all allowed and blocked executions enables customers to validate the application control rulesets as frequently as desired. |
| 2.2 Methods for creating an allow list | Airlock Digital’s integration with VirusTotal combines enterprise-scale application control with file-level threat intelligence, enabling organizations to make informed decisions about their allowlisting policies. Additionally, Airlock Digital contains utilities such as the Baseline Builder which makes the creation of an allow list simple by capturing file data from a Standard Operating Environment (SOE) image or reference computer. |
| 2.2.1 File and folder attributes | At a high level, Airlock Digital enables the trusting of applications at the file, path, publisher, or parent process level, providing complete control over what executes in your environment. At a deeper level, organizations can create powerful and granular rules based on multiple parameters including product name, version, user, command line, operating system and many more. This enables applications to be controlled under specific conditions, in addition to basic criteria. |
| 2.2.2 Application related files | Allow listing can be enforced for a comprehensive set of file types, including executables, application libraries and browser extensions. Administrators must enable ‘Script Control’ within policy to gain coverage of scripts, installers, Powershell, compiled HTML & HTML applications, etc. With Airlock Digital, organizations are in control of their approved set at all times. |
3. Best practices for implementing allow lists (CM-7)
| Activity Reference | Capability Statement |
|---|---|
| 3.1 Evaluate application allow list solutions | Airlock Digital is the global leader in application control and allowlisting. Purpose built, scalable and easy to implement, our solution is used across financial services, government, healthcare, manufacturing and other industries. By securing endpoints running legacy and new versions of Windows, macOS and Linux, we extend protection across IT and operational technology environments. |
| 3.2 Identify authorized applications | Airlock Digital performs application control securely and comprehensively, applying to all system locations by default, including operating system folders, program folders, removable media and network locations. Whenever an application is seen by the Airlock Digital solution, a repository entry is created which provides a record of the application within the environment. This automatically creates a private catalog of applications specific to your organization. |
| 3.3 Create a policy | Airlock Digital provides a centralized and easy to use platform to view, manage and distribute allow list policies across an enterprise. Airlock Digital has been designed as a framework for organizations to manage their own trust, in contrast to competitors that often define what an organization 'trusts' through cloud-based definitions or other means. With Airlock Digital, organizations are in control of their approved trust set at all times. |
| 3.4 Test the allow list |
Airlock Digital believes there needs to be more "prove it" in the security industry. To provide auditability of the Airlock Digital (and our competitors) solution, Airlock Digital has developed the Allowlisting Auditor, which is a free tool to ensure that your allow list is providing the intended security outcome.
|
| 3.4.1 Application allow list modes | Airlock Digital supports both Audit and Enforcement of application control on a wide variety of endpoints. Audit and Enforcement mode can be switched back and forth, without requiring a system reboot or user action. Additionally, Airlock Digital contains time bound exception management features, ensuring user impact is minimized while managing security risk. |
| 3.5 Implement the allow list | Implementation of the allow list can be performed in stages by grouping endpoints into distinct policy sets. Computers can be moved between policies anytime, including the targeting of trust sets to specific users if desired. |
| 3.6 Manage the allow list | Airlock Digital solves the process problem commonly associated with allow listing and makes management easy at-scale. Out of the box, Airlock Digital provides centralized visibility and pre-built workflows to perform policy management. Organizations can choose to use features such as Trusted Installer, which integrates with software deployment solutions such as InTune and JAMF to make automatic deployment of applications seamless. |
| 3.7 Enforce the allow list | Enforcement mode is the objective for all allow list implementations. Airlock Digital provides the platform which makes allow listing enforcement mode a reality for organizations at-scale. |
| 3.8 Implementing allow lists on mobile devices | Allow listing on mobile devices (iPhone / Android etc) is currently not supported by Airlock Digital. |
This analysis is based upon Top 10 IT security action items: No. 10 Implement application allow lists - ITSM.10.095 (August 2022) .