Frequently Asked Questions (FAQs)

Stop targeted attacks with Airlock Digital Allowlisting and Execution Control

Customers typically implement our solution, including enablement of enforcement mode, within a few weeks of acquisition. 

Factors that influence implementation times include the degree of software standardisation within the customer environments and the number of times an administrator tunes policy within the solution.

The Airlock Digital support team can provide tailored advice and support, while qualified and experienced partners are available to deliver full implementation services.

The Airlock Enforcement Agent currently supports enforcement of allowlisting on the following operating systems:

Microsoft Windows
– Windows® XP SP3, 7 SP1, 8, 8.1, 10 and 11;
– Windows® Server 2003 SP1, 2008R2, 2012, 2012R2, 2016, 2019, 2022;
(all Windows platforms include 32bit and 64bit support and are compatible with Core versions of the respective Windows® versions).

Linux
– CentOS Linux 6.3+ / 7.2+ / 8.x / 9.x (including Stream)
– Red Hat Enterprise Linux 6.3+ / 7.2+ / 8.x / 9.x
– Oracle Linux 7.7+ / 8.2+ (including UEK kernels)
– Rocky Linux
– Amazon Linux 2
– Ubuntu 14.x, 16.x, 18.x, 20.x, 22.x, 24.x

macOS
– Catalina 10.15+
– Big Sur 11.0+
– Monterey 12.0+
– Ventura 13.0+
– Sonoma 14.0+
– Sequoia 15.0+

Vendors can group application control (allowlisting) and Privileged Access Management together; however, they represent two different approaches.
 
Privileged Access Management is designed to control ‘who can run what’ within an enterprise. It provides administrative privileges where required for the launch of a given application,  or to prevent applications from executing at a high level (typically executables only).
 
Application control (allowlisting) is designed to control ‘what files can run’ within an enterprise. It is designed to control the execution of code on the system and as a result is far more granular in nature.
To a degree, both controls achieve similar outcomes. However application control (allowlisting) delivers a more comprehensive security posture, as the control focuses on the files rather than the user. Airlock Digital is a pure play application control (allowlisting) vendor, with a solution designed to enforce high security allowlists within enterprise environments.
 
 
 
 
 

Airlock Digital prioritises alignment with the Australian Signals Directorate Essential Eight Mitigation Strategies. and is committed to making changes to its solution as the requirements change. This is tailored to help customers align with Maturity Level 3 for Application Control.


The Essential Eight Maturity Model can be accessed here.

Microsoft Windows Defender Application Control (WDAC) and AppLocker are technologies natively built into newer versions of the Windows Operating system, which have the ability to block the execution of files based on a provided policy.

Many customers that first try to implement Allowlisting / Application Control (formerly Application Whitelisting) have first hand experience with these technologies. Airlock was created as the founders had first hand experience attempting to implement these technologies and found them too difficult to manage and maintain. In Airlock Digital’s opinion, this is primarily due to the lack of centralised logging (by default) and Group Policy being used as the policy deployment mechanism for AppLocker / WDAC.

Airlock Digital has the following advantages:
– Native centralised reporting;
– Dedicated web based management console;
– File metadata collection, which creates a centralised repository of all files seen;
– Ability to deploy, update and apply policies rapidly (less than one minute);
– Linux and macOS support;
– One Time Pad (OTP) and Self Service exception mechanisms; and
– Many more.

More information here.

Airlock has the ability for the customer to place trust in a Publisher seen in their environment.

On Windows and macOS trusting Publishers is the action of trusting a code signing certificate or digital signature. Most major software companies and operating system files are signed using Publishers and enable the application of updates without file exceptions occurring.

On Linux systems Airlock has the capability of trusting application updaters. Most major CentOS / RHEL / Ubuntu distributions can have updates applied without file exceptions occurring when using Airlock.

These features reduce the number of blocks that may occur to a minimum and enable a significant reduction in the amount an allowlist policy needs to be managed.

For external logging of all platform data in real-time, Airlock integrates with:

  • Crowdstrike Falcon LogScale
  • Splunk
  • Graylog
  • SumoLogic
  • Common Event Format (CEF) (Qradar)
  • Generic Syslog
  • Local JSON File

Airlock has the capability of exporting most data within the platform to common formats like .CSV & .XML

Handling scenarios where new applications are being introduced and/or a user wants to run something that’s currently getting blocked is essential to a successful Allowlisting implementation.

Airlock incorporates a One Time Pad (OTP) functionality which handles these exceptions through a time-based audit mode (can be Self Serviced and/or through a service desk workflow). During this session, one can run unapproved files. After the code expires/is revoked, the device goes back to the original policy. The Airlock admin can then review what the user ran during this session and make Allowlist updates if required.

Unable to find what you were looking for?

Send Us An Enquiry

Send us your enquiry and we will get in touch with you as promptly as possible with answers or solutions.