Azure
--
Questions
--
Followers
Top Experts
We are looking to implementing Application Control into our environment to comply with the controls of the Australian Cyber Security’s Essential Eight strategy. We are in the process of listing Proof of Concept (PoC) of the Airlock Digital application control platform to validate the suitability of the tool for our environment, which contains many complex industry specific and in-house developed applications.
I have listed Use cases for Airlock, kindly let me know if anything is missing, should be taken out or not required?
| Item. | Description |
| Environment | |
| Agent support on multiple OS versions | Client agent available on Windows, Linux and MacOS |
| Multiple Deployment Options | On-Premise / Cloud management server |
| Management | |
| Centralized Management Console | Single console to manage everything |
| Role-Based Access Control | Differing levels of permissions |
| Allowlisting Mechanism | |
| Cryptographic File Hash Identification | Identify allowlist item by cryptographic file hash |
| Utilise SHA-256 File Hash as Minumum | Minimum SHA-256 file hashing algorithm for allowlist enforcement |
| Software Publisher/Signature Identification | Allowlist based on trusted signed software |
| File Path | Allowlist based on file path |
| Parent Process | Allowlist based on process information |
| Blocklist Functionality | Ability to overide allowlist with blocklist rules |
| Trusted Installer | Ability to allowlist based on SCCM/Intune deployment |
| Allowlist Maintenance | |
| Block Event | Add to allowlist based on blocked events |
| Testing or Audit Mode | Test allowlist without impact |
| Client Request | Add to allowlist based on client request |
| File Reputation Reference | Leverage reputation attributes for identification |
| Policy Configuration | |
| Policies for Different Asset Groups | Policies based on device groups |
| Bypass Mechanism | |
| Manual Bypass | Bypass without changing any policy |
| Time-Limited | Bypass based on a time limit |
| Self Service | Bypass based on policy and/or user group |
| Bypass Capture/Reconcilication | Add to allowlist based on bypassed activity |
| Enforcement | |
| Block Programs (Excutables) | Block executable files |
| Block Software Libraries (dlls) | Block software libraries and linked executables |
| Installers | Block application installers |
| Block Scripts | Block scripts engines and script files |
| Covers all accessible storage | Enforce allowlist across all storage devices |
| Visibility | |
| Real-time logging | Provide log output in real-time |
| Log all blocked executions | Ability to log blocked executions |
| Log trusted executions | Ability to log allowed executions |
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
Thanks. Want clarification on two points;
1)“Missing Airlock existence - this signal asset not having airlock calling back”
Can you please elaborate what do you mean by “signal asset not having airlock calling back”?
2)“Allowlist binaries in priority” Are you referring to application binaries? and “the engine need to enforce the strictest match like folder, path vs hash” what are we matching? application binary folders?
Thanks for your feedback, anything else you can think off?
For 1, it is more to uninstall airlock hence centrally you see one of the asset no longer in the list of managed device.
For 2, it is more of the apps binaries that is applied with multiple airlock allowed list rules, what is the resultant action to take by Airlock for enforcement. More of clarity of the enforcement state for the binaries
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Azure
--
Questions
--
Followers
Top Experts
Microsoft Azure is a cloud computing platform and infrastructure for building, deploying and managing applications and services through datacenters. It provides both platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) services and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems. Cloud Services is a PaaS environment and can be used to create scalable applications and services; there are specific software development kits (SDKs) provided by Microsoft for Python, Java, Node.js and .NET. Azure also has file and storage services, data management, analytics and DNS services.