Frequently Asked Questions (FAQs)
Stop targeted attacks with Airlock Digital Allowlisting and Execution Control
Customers typically implement our solution, including enablement of enforcement mode, within a few weeks of acquisition.
Factors that influence implementation times include the degree of software standardisation within the customer environments and the number of times an administrator tunes policy within the solution.
The Airlock Digital support team can provide tailored advice and support, while qualified and experienced partners are available to deliver full implementation services.
The Airlock Enforcement Agent currently supports enforcement of allowlisting on the following operating systems:
Microsoft Windows
– Windows® XP SP3, 7 SP1, 8, 8.1, 10 and 11;
– Windows® Server 2003 SP1, 2008R2, 2012, 2012R2, 2016, 2019, 2022;
(all Windows platforms include 32bit and 64bit support and are compatible with Core versions of the respective Windows® versions).
Linux
– CentOS Linux 6.3+ / 7.2+ / 8.x / 9.x (including Stream)
– Red Hat Enterprise Linux 6.3+ / 7.2+ / 8.x / 9.x
– Oracle Linux 7.7+ / 8.2+ (including UEK kernels)
– Rocky Linux
– Amazon Linux 2
– Ubuntu 14.x, 16.x, 18.x, 20.x, 22.x, 24.x
macOS
– Catalina 10.15+
– Big Sur 11.0+
– Monterey 12.0+
– Ventura 13.0+
– Sonoma 14.0+
– Sequoia 15.0+
Airlock Digital prioritises alignment with the Australian Signals Directorate Essential Eight Mitigation Strategies. and is committed to making changes to its solution as the requirements change. This is tailored to help customers align with Maturity Level 3 for Application Control.
The Essential Eight Maturity Model can be accessed here.
Microsoft Windows Defender Application Control (WDAC) and AppLocker are technologies natively built into newer versions of the Windows operating system, which have the ability to block the execution of files based on a provided policy. These technologies do not incorporate centralised logging (by default) and use Group Policy as their policy deployment mechanism, making them comparatively difficult to manage and maintain.
Airlock Digital has a range of advantages, including:
– Native centralised reporting;
– Dedicated web based management console;
– File metadata collection, which creates a centralised repository of all files seen;
– Ability to deploy, update and apply policies rapidly (less than one minute);
– Linux and macOS support;
– One time password (OTP) and self service exception mechanisms; and
More information is available here.
Airlock Digital enables customers to trust publishers seen in their environments. On Windows and macOS, this means trusting a code signing certificate or digital signature. Most major software companies’ and operating system files are signed and enable customers to apply updates without requiring file exceptions.
On Linux systems, the Airlock Digital solution can trust application updaters, meaning most major CentOS/RHEL/Ubuntu distributions can have updates applied without file exceptions.
These features reduce the number of blocks to a minimum and significantly reduce the management of an allowlist policy.
For external logging of all platform data in real-time, the solution integrates with:
- Crowdstrike Falcon LogScale
- Splunk
- Graylog
- SumoLogic
- Common Event Format (CEF) (Qradar)
- Generic Syslog
- Local JSON File
The Airlock Digital solution can export most data within the platform to common formats like .CSV & .XML
Effectively managing the introduction of new applications and scenarios in which a user urgently needs to run a blocked application are key to the success of an application control (allowlisting) implementation.
The Airlock Digital solution incorporates one time password functionality that handles these exceptions through a time-based audit mode (this can be applied through self service and/or a service desk workflow). During this session, the user concerned can run unapproved files. Once the code expires/is revoked, the device returns to the original policy. The Airlock Digital solution administrator can then review what the user ran during their session and update the organisation’s allowlist if required.
Unable to find what you were looking for?