What’s new in Airlock v4.5

CrowdStrike Integration

The Airlock v4.5 release coincides with the availability of Airlock in the CrowdStrike Store.

CrowdStrike Falcon customers are able to get the benefits of Application Whitelisting and System Hardening with advanced blocklisting and script control enabling them to trace blocks and audit exceptions through the process call tree via deep links back to the Falcon Dashboard from the Airlock web management console.

CrowdStrike customers can today quickly spin-up a trial of Airlock from with-in the CrowdStrike Store and then manage the deployment of Airlock capability via the Falcon Sensor.

Application whitelisting for Linux!

Airlock adds Linux support for the Airlock Enforcement Agent.

Linux agent support enables Airlock customers to implement application whitelisting and system hardening on Linux servers and workstations with the existing workflows used to manage application whitelisting for Windows based Agents.

Initially supported Linux OS are Redhat Enteprise Linux , CentOS v7 and 8 as well as Amazon Linux.

Support for additional Linux operating systems will be introduced over the coming months based on customer demand.

Airlock Roles and Group Filtering a Restriction

Roles and Group based filtering and restriction

This release of Airlock introduces a roles based access control at a User group level.

This allows you to assign users to only see and manage computers in certain policy groups, useful for when say you might have different teams looking after servers and workstations.

User permission groups can now be used to assign functionality to users within the product. This makes the management of large user groups significantly easier.

Airlock Parent Process Whitelisting and Blacklisting

Parent Process Whitelisting & Blacklisting

Airlock v4.5 introduces parent process whitelisting and blacklisting support.

Administrators can now define trusted applications which can be used to execute code on a system. This is particularly useful for developers that may require the ability to compile and execute unsigned code from a particular application without restriction.

It also allows administrators to define in what context a particular application can be used, making system hardening significantly easier. For example, administrators can now lock down an executable such as ‘wmic.exe’ from being used by the system, except for applications that require it for operation. This makes achieving a high security application whitelisting ruleset, significantly easier.

Offline Application Captures

Application Captures can now be performed offline without an Airlock server connection and can be initiated without requiring server access.

This improves the speed and flexibility of capturing applications, particularly in scenarios where different teams within an organisation are responsible for different tasks within Airlock. For example, the application capture team can now perform this function independently of Airlock policy administrators.

On-Premise Airlock customers are able to download the updated server installer via the Airlock Client Portal.

Cloud based customers can contact support to schedule a time to upgrade to the current version of Airlock.

Updated user documentation and detailed full change log can be found in the Client Portal .