February 14, 2024

Proactive Allowlisting: Ransomware Protection

David Cottingham
David Cottingham - CEO, Airlock Digital

JuiceIT 2024 Guest Blog – Traditional (reactive) security is no longer enough to stay ahead of the thousands of variants developed each year by cybercriminals. Airlock’s proactive security platform is an effective protection against ransomware (i.e. Cryptolocker, Cerber, and Cryptowall). Airlock Digital was founded in 2013 with one goal; enabling organisations to implement and maintain application whitelisting, simply and securely, in dynamic computing environments. 

The founders of Airlock Digital have spent years implementing application whitelisting technologies in enterprise organisations, and deeply understand real-world whitelisting challenges. Airlock Digital was born out of necessity to address challenges that arose, as a new approach to application whitelisting was needed.

Are traditional security methods becoming ineffective? 

Traditional security methods, such as anti-virus, attempt to detect patterns of code in software determined as ‘bad’ by the vendor. To make this determination, the vendor must obtain a copy of the ‘bad’ software. Typically, by the time the vendor gets a copy for analysis, the ransomware strain has already impacted thousands of users. 

As every strain can be unique, traditional solutions are always playing catch up. According to Baidam, ’99% of malware hashes are seen for only 58 seconds or less‘, with most malware only seen once. This reflects how quickly hackers are modifying their code to avoid detection.

Recently, ‘malware factories’ have appeared in the wild, generating unique Cerber ransomware executables every 15 seconds. Also known as a ‘hash factory’ attack, this generation is designed to defeat traditional security products. 

How does Airlock stop ransomware? 

Airlock takes a proactive approach by treating all software as ‘bad’ unless an administrator explicitly allows it. This proactively prevents all ransomware variants, such as Cryptolocker, Cerber and Cryptowall, from encrypting files, regardless of how it is mutated or opened on a computer. 

As each customer makes decisions regarding what software they trust in-house, each deployment is unique. This prevents cybercriminals from testing their attacks before attacking their targets.  

About Airlock Digital 

Airlock Digital, delivers forward- thinking endpoint protection solutions, enabling organisations to implement rapid, scalable allowlisting and execution control.

Through first-hand understanding of the operational challenges in cybersecurity, intimate industry experience, and an intuitive solution set, Airlock Digital is positioned as the leading commercial allowlisting vendor.

You can also hear more from Airlock Digital at JuiceIT 2024, Australia’s largest IT Solutions and Services conference. Register here.