Airlock Digital’s support team are allowlisting experts and can provide tailored advice and support during implementation. This is in addition to Airlock Digital’s quick start deployment package which sets up customers for success from day one.

Airlock Digital understands that some customers prefer to have hands on implementation assistance which can be provided by qualified and experienced implementation partners.

The Airlock Enforcement Agent currently supports enforcement of allowlisting on the following operating systems:

Microsoft Windows
– Windows® XP SP3, Vista SP2, 7 SP1, 8, 8.1, 10 and 11;
– Windows® Server 2003 SP1, 2008, 2008R2, 2012, 2012R2, 2016, 2019, 2022;
(all Windows platforms include 32bit and 64bit support and are compatible with Core versions of the respective Windows® versions).

Linux
– CentOS Linux 6.3+ / 7.2+ / 8.x / 9.x (including Stream)
– Red Hat Enterprise Linux 6.3+ / 7.2+ / 8.x / 9.x
– Oracle Linux 7.7+ / 8.2+ (including UEK kernels)
– Rocky Linux
– Amazon Linux 2
– Ubuntu 14.x, 16.x, 18.x, 20.x, 22.x

macOS
– Catalina 10.15+
– Big Sur 11.0+
– Monterey 12.0+
– Ventura 13.0+

Allowlisting and Privileged Access Management are often grouped by vendors which can be confusing, however they represent two completely separate approaches.

Privileged Access Management is designed to control ‘who can run what’ within an enterprise. It is designed to provide administrative privileges where required for a given application launch or prevent applications from executing at a high level (typically executables only).

Allowlisting is designed to control ‘what files can run’ within an enterprise. It is designed to control the execution of code on the system and as a result is far more granular in nature.

Both controls can achieve similar outcomes on the surface, however allowlisting provides a more comprehensive security posture against malicious code, as the control is focused on the files themselves, rather than the user. Airlock is a pure play allowlisting vendor, designed to enforce high security allowlists within enterprise environments.

What level of Essential 8 compliance can Airlock

Airlock Digital priorities compliance against The Australian Cyber Security Centre Essential Eight Mitigation Strategies. and is committed to making changes to the solution as the requirements change. The Airlock platform is tailored to help customers achieving Maturity Level 3 for Application Control.

The Essential Eight Maturity Model can be read here.

Microsoft Windows Defender Application Control (WDAC) and AppLocker are technologies natively built into newer versions of the Windows Operating system, which have the ability to block the execution of files based on a provided policy.

Many customers that first try to implement Allowlisting / Application Control (formerly Application Whitelisting) have first hand experience with these technologies. Airlock was created as the founders had first hand experience attempting to implement these technologies and found them too difficult to manage and maintain. In Airlock Digital’s opinion, this is primarily due to the lack of centralised logging (by default) and Group Policy being used as the policy deployment mechanism for AppLocker / WDAC.

Airlock Digital has the following advantages:
– Native centralised reporting;
– Dedicated web based management console;
– File metadata collection, which creates a centralised repository of all files seen;
– Ability to deploy, update and apply policies rapidly (less than one minute);
– Linux and macOS support;
– One Time Pad (OTP) and Self Service exception mechanisms; and
– Many more.

More information here.

Airlock Digital recommends against placing trust in software deployment platforms to automatically approve new software. This is because it creates a mechanism to bypass the enforced policy while at the same time eroding the definition of what is trusted.

The Airlock platform has been designed to make the process of trusting software easy, while at the same time maintaining a centralised definition of trust, providing a high level of visibility and security.

Airlock has the ability for the customer to place trust in a Publisher seen in their environment.

On Windows and macOS trusting Publishers is the action of trusting a code signing certificate or digital signature. Most major software companies and operating system files are signed using Publishers and enable the application of updates without file exceptions occurring.

On Linux systems Airlock has the capability of trusting application updaters. Most major CentOS / RHEL / Ubuntu distributions can have updates applied without file exceptions occurring when using Airlock.

These features reduce the number of blocks that may occur to a minimum and enable a significant reduction in the amount an allowlist policy needs to be managed.

For external logging of all platform data in real-time, Airlock integrates with:

• Splunk
• Graylog
• SumoLogic
• Common Event Format (CEF) (Qradar)
• Generic Syslog
• Local JSON File

Airlock has the capability of exporting most data within the platform to common formats like .CSV & .XML

Handling scenarios where new applications are being introduced and/or a user wants to run something that’s currently getting blocked is essential to a successful Allowlisting implementation.

Airlock incorporates a One Time Pad (OTP) functionality which handles these exceptions through a time-based audit mode (can be Self Serviced and/or through a service desk workflow). During this session, one can run unapproved files. After the code expires/is revoked, the device goes back to the original policy. The Airlock admin can then review what the user ran during this session and make Allowlist updates if required.