What’s new in Airlock v4.6

Single Sign-on support (SAML)

The Airlock v4.6 release adds single sign on (SSO) support for authentication to the Airlock web management console.

SSO support enables customers to use SAML 2.0 compatible identity providers, such as Microsoft Azure AD, DUO or Okta to sign in with their existing user accounts providing an audit trail of access to the management console, as well as the ability to review privileged access rights in-line with their security policies.

Additionally, Airlock customers can restrict access to the console for SSO accounts only and if local accounts are still used, enforce 2FA authentication.

Airlock Fileless dot NET Assembly Reflection Prevention

“Fileless” .NET Assembly Reflection Prevention

It is commonplace for attackers to assume customers are running some form of application allowlisting or EDR solution. As a result, attackers commonly shift to avoid detection by reflecting code directly into memory, bypassing the majority of solutions on the market today.

Airlock v4.6 now detects and prevents code reflection, particularly using .NET tradecraft. This provides more proactive allowlisting coverage to stay ahead of adversaries and the competition.

User Based Blocklisting

Have you ever wanted to restrict the use of PowerShell, Applications or the use of other Operating System components to certain users only?

Airlock v4.6 delivers, with a significant improvement to the blocklisting engine.

User aware rulesets now enable the control of applications, libraries and scripts on a per user basis. This user context allows Airlock to enforce in a more flexible manner according to the needs of your organization.

Multiple Relay Agent Support

The Airlock relay agent can be used to provide connectivity into discrete or segmented network locations from the main Airlock Server to the Enforcement Agents installed on endpoints.

Airlock v4.6 allows for multiple relay agents to be used to provide greater scalability and fault tolerance, with both load balanced and priority communication modes available.

Linux Automatic Kernel Reload

Making allowlisting easier to implement and maintain on Linux is a core goal at Airlock. v4.6 enables the Airlock Linux Enforcement Agent to now survive through kernel patching.

Linux Enforcement Agents will automatically re-register with the new Linux kernel after an update has occurred, removing the need to re-deploy agents post update.

On-Premise Airlock customers are able to download the updated server installer via the Airlock Client Portal.

Cloud based customers can contact support to schedule a time to upgrade to the current version of Airlock.

Updated user documentation and detailed full change log can be found in the Client Portal .