What’s new in Airlock v4.7

Codeless Self Service

Authorised users can now enable audited, time-limited allowlisting exceptions from the enforcement agent, without the need to contact the Airlock administrator or service desk to receive exemptions.

This capability can be permitted for all users on an endpoint, or offered to select users dynamically, depending on the users Domain Security Group membership.

Blocklisting Enhancements

Airlock Blocklisting now supports up to five criteria, enabling granular control over a file’s execution based on the files metadata and context of the execution. This opens significant possibilities for endpoint hardening and the prevention of entire attack classes.

Additional Blocklist criteria have also been added, enabling control of a files execution based on Domain Security Group (controlling certain users’ ability to execute a file) and the Operating System a file is being executed on.

SIEM Logging via REST API

SIEM logs can now be obtained from the REST API, enabling customers to ‘pull’ log events into their environment from Airlock Cloud. This prevents the need for SIEM solutions to be exposed to the internet to receive events.

Airlock has also designed a dedicated on-premise, lightweight logging agent to automate connectivity between the REST API and SIEM solutions.

Additional allowlisting file type coverage

Airlock has added support for the Compiled HTML (.chm) file type, which can be used by adversaries to conceal malicious code (MITRE ATT&CK technique T1218.001).

Airlock now has visibility and preventative control of the execution of individual CHM files at an individual file level.

On-Premise Airlock customers are able to download the updated server installer via the Airlock Client Portal.

Cloud based customers can contact support to schedule a time to upgrade to the current version of Airlock.

Updated user documentation and detailed full change log can be found in the Client Portal .