enterprisesecuritymag

Airlock Digital Further Improves its Allowlisting Solution

By Enterprise Security Magazine | Tuesday, April 06, 2021

Airlock eliminates the support burden of allowlisting by implementing simple workflows that minimize user disruption. If a required application is blocked, IT teams, including non-security personnel, can grant permissions to users using a variety of One-Time Password (OTP) options.

FREMONT, CA : Airlock Digital, an Australian cybersecurity leader, is continuing to improve its industry-leading allowlisting solution further to block malware, ransomware, and zero-day attacks and help IT and cybersecurity teams comply with cybersecurity requirements and reduce allowlisting operational effort.

“There are many security products that can allow or block files. That isnt the challenge,” says David Cottingham, Co-Founder, Airlock Digital. “The challenge is how you instrument the allowlisting process to operationalise pro-active security controls.”

Allowlisting, also known as application whitelisting or application monitoring, is documented in a range of government cybersecurity standards and regulations worldwide, including the ACSC Essential Eight Strategies to Mitigate Cyber Security Incidents, U.S. NIST 800-171, CMMC, Center for Internet Security Basic Six, Canadian Top 10 IT Security Actions, and New Zealand Critical Controls are among the top ten mitigations. There are several cybersecurity solutions available today that can prevent files from being executed on endpoint systems. Almost none have the granular centralized control, workflow support, or organizational flexibility needed to support allowlisting in complex, enterprise computing environments at a reasonable cost.

“Codeless self-service aims to reduce friction and enables users to handle exceptions as quickly as possible, reducing overall business impact and work disruption,” says Cottingham. “Ultimately, organizations can choose how they want exception management to be used, in line with the organizations appetite for risk.”

Airlock eliminates the support burden of allowlisting by implementing simple workflows that minimize user disruption. If a required application is blocked, IT teams, including non-security personnel, can grant permissions to users using a variety of One-Time Password (OTP) options. A new codeless self-service functionality is included in the latest Airlock version 4.7 update, in addition to one-time use and mobile OTP. This helps to retain user usability without compromising security. Privilege users can self-administer temporary access to applications and scripts that are limited to the general user base using codeless self-service.

“By having more granular criteria for blocklisting rules, you can now easily operationalise your security policies,” says Daniel Schell, Co-Founder, and Chief Technology Officer, Airlock Digital. “Based on Active Directory group membership, security administrators can easily block applications such as TeamViewer across the environment in a couple of clicks, while still allowing access for users that may need it.”

Airlock Digital has adopted a user-centric approach to allowlisting with the latest product enhancements. Airlock gives businesses more flexibility and streamlines workflows by allowing them to manage access for individual users or groups in addition to devices. This makes Airlock’s allowlisting more scalable and allows for integration with Privileged Access Management (PAM) solutions. Additionally, more granular blocklisting standards have been introduced, enabling blocklist rules to be applied to particular enterprise security classes and operating system versions, ensuring that only properly privileged users can execute files across a range of device types.

The importance of Airlock as a strategic cybersecurity tool for achieving proactive endpoint defense continues to develop. Another immediate advantage is that it reduces the number of security incidents that Security Operations Centre (SOC) teams must contend with. This is accomplished simply by stopping malicious execution and limiting the ability to execute risky code.

Airlock also offers users full insight into all files running on their endpoints, including their history and related network operation, and can share this information with SIEM platforms. Airlock cloud customers can now use a REST API to retrieve SIEM logs from the cloud, eliminating the need for a custom solution or exposing ports to the internet.

Weekly Brief