What’s New in Airlock Digital v4.7
Codeless Self-Service
Authorized users can now enable audited, time-limited allowlisting exceptions from the enforcement agent, without the need to contact the Airlock Digital administrator or service desk to receive exemptions.
This capability can be permitted for all users on an endpoint, or offered to select users dynamically, depending on the users Domain Security Group membership.
Blocklisting Enhancements
Airlock Digital blocklisting now supports up to five criteria, enabling granular control over a file’s execution based on the files metadata and context of the execution. This opens significant possibilities for endpoint hardening and the prevention of entire attack classes.
Additional blocklist criteria have also been added, enabling control of files execution based on Domain Security Group (controlling certain users’ ability to execute a file) and the operating system a file is being executed on.
SIEM Logging via REST API
SIEM logs can now be obtained from the REST API, enabling customers to ‘pull’ log events into their environment from Airlock Digital Cloud. This prevents the need for SIEM solutions to be exposed to the internet to receive events.
Airlock Digital has also designed a dedicated on-premises, lightweight logging agent to automate connectivity between the REST API and SIEM solutions.
Additional Allowlisting File Type Coverage
Airlock Digital has added support for the Compiled HTML (.chm) file type, which can be used by adversaries to conceal malicious code (MITRE ATT&CK technique T1218.001).
Version 4.7 now has visibility and preventative control of the execution of individual CHM files at an individual file level.
On-Premises Airlock Digital customers are able to download the updated server installer via the Airlock Digital Customer Portal.
Cloud-based customers can contact support to schedule a time to upgrade to the current version of Airlock Digital.
Updated user documentation and detailed full change log can be found in the Customer Portal .
