Overview of Case Study

PanAust

With Airlock Digital, a multinational resources organization gains control over endpoint executions and aligns with Essential Eight mitigation strategies.

PanAust
icon-challenge
Challenge

Reduce phishing-related malware risk and align with the Essential Eight application control mitigation strategy

icon-computer
Approach

Implement an enterprise-class application control solution that can extend from IT environments to operational technology environments

icon-result
Result

PanAust has deployed Airlock Digital to align with the Essential Eight application control strategy and prevent unauthorized application execution.

“While we targeted Essential Eight Maturity Level Two, we realized that, with Airlock Digital, there would be minimal additional effort required to achieve Maturity Level Three.”


Scott Brownlee
Cybersecurity Superintendent,
PanAust

The Airlock Digital Application Control Solution

With the Airlock Digital application control solution, PanAust has:

Download the PDF
icon-challenge
Established a sound base to move to larger frameworks including the NIST Cybersecurity Framework and/or ISO 27001
icon-computer
Minimized the number of malware incidents raised by its Managed Detection and Response (MDR) team
icon-result
Eliminated unauthorized browser extension installations
icon-challenge
Used multiple trust options to determine the applications and files to trust, reflecting organizational usage patterns
Group 1707479276 (2)
Completed a smooth implementation of application control with leading partner Sekuro

The Customer

Headquartered in Brisbane, Australia, PanAust is a copper and gold producer in Laos, with additional operations in Papua New Guinea and Chile. The organization has about 4,000 team members, about 1,700 of whom are computer users, and engages contractors and consultants across its operations.

The Challenge

PanAust needed to implement security controls that stopped phishing malware from compromising teams in developed and developing countries.

The organization decided to align with the Australian Signals Directorate’s Australian Cyber Security Centre’s Essential Eight mitigation strategies for internet-connected IT networks, as they were easy to communicate to non-technical teams within the business.

The Approach

PanAust established separate alignment projects for each Essential Eight mitigation strategy. This entailed reviewing its environment against the supporting Essential Eight Maturity Model to identify the right maturity level that each project should target.

The organization identified Maturity Level Two, which targets malicious actors that invest time and employ common social engineering techniques, as the right target for its application control alignment strategy.

PanAust identified Airlock Digital as the preferred solution to deploy application control across about 2,000 endpoints. “While we targeted Essential Eight Maturity Level Two, we realized that, with Airlock Digital, there would be minimal additional effort required to achieve Maturity Level Three. This would give us the ability to defend against adaptable and capable threat actors aiming to perform targeted intrusions,” said Brownlee.

“In addition, we have an operational technology (OT) environment that is the profit generation engine of our business, and we plan to extend application control to its endpoints.

“With Airlock Digital, we could do that without running two separate products or modifying our security strategy to allow the connection of all our IT and OT endpoints to a single solution.”

 

Minimizing disruption with seamless policy management workflows

Supported by a skilled partner, PanAust was able to complete the deployment with minimal disruption. “I wanted our team members to configure and implement Airlock Digital themselves as they would have to own and manage the solution,” explained Brownlee. “It gave us the flexibility to work through what we wanted to allow and what we didn’t at our own pace. We spent a few hours each week for a few weeks until we reached a point at which we were comfortable with what we’d added to our allowlists.”

The seamless policy management workflows offered by Airlock Digital enabled PanAust to easily assign common security policies to non-IT Windows servers, Linux servers, and workstations across the organization. IT workstations and Windows servers were allocated to a separate policy group to support specialist software needs.

The IT team captured configuration images on its various types of hardware, added them to a baseline, and maintained the endpoints in audit mode to build its application control policies.

The team then transitioned Airlock Digital to enforcement mode site by site over four months, allowing policies to be enforced and preventing untrusted applications and files from running. The lightweight Airlock Digital agent minimized impact on system resources while enforcing policies in real-time.

Extensive engagement with the business helped build internal support for the application control project. These included ‘hyper care’ periods in which extra resources were available to help allowlist additional applications required by teams. Starting at smaller sites, IT was able to capture most applications needed by the business before moving to bigger locations, ensuring a smooth transition.

Starting at smaller sites, IT was able to capture most applications needed by the business before moving to bigger locations, ensuring a smooth deployment.

The Result

With Airlock Digital, PanAust has aligned with the Essential Eight application control mitigation strategy to Maturity Level Two.


This is a critical step in the organization’s broader Essential Eight alignment strategy and its establishment of a platform from which to comply with the United States National Institute of Standards and Technology (NIST) Cybersecurity Framework and the ISO 27001 international standard for Information Security Management Systems.  

 

Minimizing malware incidents

PanAust has minimized the number of malware incidents raised by its Managed Detection and Response team after adding Airlock Digital to its security stack. “Prior to Airlock Digital and USB control, we would see malware every one or two weeks,” said Brownlee. “Now, we haven’t seen a genuine malware alert for months.”

Brownlee nominates the browser extension control feature of Airlock Digital, which enables PanAust to allow only trusted extensions to run, as critical to reducing the organization’s attack surface. “That is a big benefit for us, because browser extensions can be installed by users without administrator involvement,” said Brownlee. “With Airlock Digital, we can stop unauthorized browser extension installations and lower our cybersecurity risk accordingly.”

Using multiple trust options to reflect usage

The application control solution provides multiple options when determining the applications and files to trust, ensuring PanAust’s policies fully reflect the usage patterns of teams across the organization.

The IT team turns first to Trusted Installer to allow and automate the deployment of applications through Microsoft Endpoint Configuration Manager, followed by publisher, which enables it to trust software from approved third parties, and hash for code that is unsigned or considered not appropriate for deployment through Trusted Installer.

With many field-based reviewers and users of mining industry software (such as specialist blast-modeling, water level, vibration and topology products), PanAust is a prolific user of Airlock Digital’s One Time Password (OTP) feature for temporary execution of applications not on its allowlist.

PanAust now plans to extend its application control deployment to its OT environment and, with each site being comparatively static, plans to take a highly granular approach to the applications allowed to run in each location. Airlock Digital support for legacy and current operating system versions is integral to the project, as the environment features applications certified to run only with certain firmware and operating systems.

Without the compatibility offered by Airlock Digital, upgrading to newer operating systems would be expensive and impractical.

In addition, with the environment featuring restricted traffic flows, the organization can use a single on-premises policy node that requires only limited connectivity with the Airlock Digital cloud-hosted portal to ensure the continued operation of application control.

“Airlock Digital is a very effective tool in our security arsenal,” concluded Brownlee.

Download the PDF

Lessons Learned

We recommend getting your house in order before deploying Airlock Digital. Cleaning up application inventories and standardizing corporate applications simplifies deployment and ongoing management.”  

Scott Brownlee, Cybersecurity Superintendent, PanAust