A leading Australian state government department chose Airlock Digital application control and allowlisting to improve its cybersecurity and implement Essential Eight risk mitigation.
About the Australian State Government Department
The department has important economic and infrastructure responsibilities within the state.
Challenge
The department wanted to deploy an easy-to-manage, low impact allowlisting solution to implement Essential Eight risk mitigation for application control.
Approach
The department selected application control and allowlisting from Airlock Digital for its functionality and reliability as a last line of defense against cybersecurity threats.
Achieved full compliance with Essential Eight Maturity Level Two for application control within three months
Proactively blocked a phishing attack from executing in its environment
Maintained a management overhead well within the accepted tolerance of 30 minutes per day
The Customer
The Australian government department is charged with delivering significant infrastructure projects with a considerable benefit to the state. Protecting its people and operations from cyber threats is critical to the department and a core responsibility of an Information and Communications Technology (ICT) operations leader, who manages its cybersecurity team.
The Challenge
One of the ICT operations leader’s early tasks was to review allowlisting products for alignment with the department’s objectives, and for ease of deployment within its largely Microsoft environment. The review encompassed Airlock Digital application control and allowlisting.
The Approach
“With a small cybersecurity team, every tool we buy has to achieve an objective and be easily maintainable, with a very small user action footprint,” explained the leader. “Our evaluation revealed Airlock Digital needed minimal administration, met our cost requirements and included the allowlisting features we needed to protect our organisation and users by aligning with our desired Essential Eight maturity level.”
The Result
The Australian state department deployed Airlock Digital to 1,300 end-user devices and 200 servers in audit mode and, in the leader’s words, “nobody noticed.” “We didn’t receive a single service desk call about the performance of the client when we deployed the Airlock Digital agents, and the overhead on the machines was so low that when one of our senior leaders followed up on the implementation, we explained to him he already had it and showed him the icon on his device!”
The department moved its entire fleet into full allowlisting enforcement mode within three months. The user impact was again negligible, with only a few exceptions issued through one-time passwords (OTPs) to enable developers to access essential processes.
Adopting Airlock Digital enabled the department to stop a range of unwanted applications, files and processes from running in its environment, and a blocked phishing attack soon after deployment. “Airlock Digital addresses the unknown and is our last line of defence against threats,” said the leader.
Department cybersecurity team members who regularly use Airlock Digital laud features such as multiple allowlisting options (i.e. file hashes, paths and publisher exceptions), built-in options for implementing Microsoft blocklists, OTPs that allow for temporary emergency exceptions using multi-factor authentication, and the ability to log to security information and event management software.
“It’s easy to troubleshoot files that have been blocked using the logs in the interface in the administration portal,” said one user of the product. “In addition, the Airlock Digital service desk has been highly responsive, although we haven’t had to use them often.”
Airlock Digital enabled the department to align with the Essential Eight Maturity Level that matches its risk appetite and adapt to changes quickly. “The Australian Signals Directorate refreshed the Essential Eight late last year, so we had two controls we had to meet to achieve Maturity Level Two last year and three this year,” explained the leader. “With Airlock Digital, we have been able to seamlessly implement the additional controls required.”
Overall, Airlock Digital delivered increased control over changes to the department’s environment with minimal impact on application deployment and patching. Management overhead has remained within requirements. “It’s well within our acceptable tolerance, which is less than 30 minutes per day of management,” said the leader.
.svg)
