Practical Allowlistingand Execution Control

What is allowlisting?
What capabilities does allowlisting have?
How can you benefit from
Airlock's allowlisting platform?

What is allowlisting?

Allowlisting (formerly known as application whitelisting) is considered a foundational cybersecurity strategy due to its effectiveness in the prevention of sophisticated malware and file-based attacks such as ransomware. As a result, implementing allow listing is highly recommended in a number of cybersecurity compliance frameworks including NIST, ASD Essential Eight and CMMC.

Developed by cybersecurity practitioners, Airlock addresses the technical and organisational challenges typically associated with allowlisting. Airlock delivers purpose-built workflows that enable rapid and scalable deployment while significantly reducing staffing resources required for day-to-day management.

Screenshot 2023-12-07 at 4.47.13 PM

Allowlisting framework

Administrators control where and how they apply trust-hash, publisher, path or process
Screenshot 2023-12-07 at 4-58-52 PM-png

Broad file coverage

Execution control for all executables, application libraries, installers and scripts
Screenshot 2023-12-07 at 4-51-15 PM-png

Unique configurations

Removes an adversary’s ability to test and validate their attacks
Screenshot 2023-12-07 at 4-59-31 PM-png

Exception handling

Temporarily exclude devices from allowlisting via Airlock’s One Time Pad (OTP) functionality to ensure business continuity is maintained
Screenshot 2023-12-07 at 4-56-37 PM-png

Blocklisting

Implement pre-defined rules aligned with the Mitre Att&ck framework, Microsoft recommended block rules or create your own

Key Capabilities

Airlock allowlisting enables organisations to reduce cyber risk and significantly uplift their endpoint security posture.

Through industry leading workflows that are easy to use, Airlock enables organisations of all maturity levels to maintain a long-term effective allow listing strategy without end user disruption.

Airlock’s innovative, feature-rich allow listing is used to protect hundreds of thousands of endpoints worldwide.

 

  • Define what files are trusted, block everything else, thereby preventing the execution of all untrusted and unknown code.

  • Access to real time execution data enables rapid policy management for minimal business disruption.

  • Intuitive product workflows empower IT staff to manage day-to-day operations, without the need for specialist cybersecurity expertise.

  • Deploy on premise or in the cloud using Airlock’s flexible product architecture.

Benefits

  • Pro-actively block malware, ransomware, and zero-day attacks.

  • Reduce the risk of cybersecurity breaches and the cost associated to recover.

  • Extend operational life of legacy systems and reduce the burden on IT resources.

  • Meet and maintain compliance requirements and regulatory standards.

Compliance & regulation

Allowlisting technologies are now written into Government standards and/or regulations worldwide, including:

Australia: ACSC Strategies to mitigate cybersecurity incidents (Essential 8)

United States: Top 10 Mitigations, NIST 800-171, Cybersecurity Maturity Model Certification (CMMC), Center for Internet Security Basic Six

New Zealand: Critical Controls 2022

CanadaTop 10 IT Security Action

About Airlock Digital

Airlock Digital, delivers forward thinking endpoint protection solutions which enable organisations to implement rapid, scalable allowlisting and execution control. Through first-hand understanding of the operational challenges in cybersecurity, intimate industry experience and an intuitive solution set, Airlock Digital is positioned as the leading commercial allowlisting vendor worldwide. Airlock operates worldwide with staff on the ground in Australia and North America.

About Airlock Digital

Microsoft Windows
– Windows® XP SP3, Vista SP2, 7 SP1, 8, 8.1, 10 and 11;
– Windows® Server 2003 SP1, 2008, 2008R2, 2012, 2012R2, 2016, 2019, 2022;
(all Windows platforms include 32bit and 64bit support and are compatible with Core versions of the respective Windows® versions).

Linux
– CentOS Linux 6.3+ / 7.2+ / 8.x / 9.x (including Stream)
– Red Hat Enterprise Linux 6.3+ / 7.2+ / 8.x / 9.x
– Oracle Linux 7.7+ / 8.2+ (including UEK kernels)
– Rocky Linux
– Amazon Linux 2
– Ubuntu 14.x, 16.x, 18.x, 20.x, 22.x
– Alma

macOS
– Catalina 10.15+
– Big Sur 11.0+
– Monterey 12.0+
– Ventura 13.0+
– Sonoma 14+