Risky Business - Risky Biz Soap Box: It took a decade, but allowlisting is cool again
Episode Date: March 12, 2026In this Soap Box edition of the Risky Business podcast Patrick Gray sits down with Airlock Digital co-founders Daniel Schell and David Cottingham to talk about the role ...AI models could play in managing enterprise allowlists. They also talk about the durability of allowlisting as a control. After 12 years in business, the Airlock product hasn’t really changed all that much. That’s a good thing! It also means the Airlock team have been able to spend some time doing deep engineering instead of chasing the latest attacker TTPs and writing detection rules for them. This episode is also available on Youtube. Show notes
Transcript
Discussion (0)
Hi everyone and welcome to this soapbox edition of the Risky Business Podcast.
My name's Patrick Gray.
For those of you who don't know, these soapbox editions of the show are wholly sponsored
and that means everyone you hear in one of them paid to be here.
But that's okay because we have excellent taste in sponsors
and wind up having really interesting conversations in these sessions.
And today we're going to be chatting with two of the founders from Aarlock Digital.
Again, regular listeners would know that I'm a huge fan of Aerlock Digital.
it is a allow listing platform, right?
So it allows you to do, you know,
deny by default execution control
and host hardening across Windows, Linux, and Mac.
They have customers with like 200,000 endpoints doing this stuff, right?
It works amazingly well.
Just there's a sea of happy customers out there.
It's fantastic.
And they are an Australian business too.
Although doing a big push in the US right now
and I guess that's a place to start.
Dave, I should.
So Daniel is the CTO still.
Dave, you've actually stepped back from the CEO role
so that you can have an American go and build American operations
and push the company over there.
I mean, I guess I want to say congratulations
because I've known a lot of founders
and I know being the chief executive
of a rapidly growing software startup is not actually a whole heap of fun.
So what's your new gig?
Yeah, so I'm a chief product officer now
and still retain the co-founder title, of course.
And it's, I'm so excited to be able to concentrate on product.
Well, you know, what I have done in this business from the start.
And, you know, it continues to be the forefront of everything we do.
So continuing to build the best thing, deliver leaning forward for our customers
and make a product that does what it says on the tin is that, you know, the primary goal there.
And I can't wait to continue that.
And you have focus on that.
Real quick, who's the new CEO?
Oh, Kevin Dunn, based in New York.
And really excited to have him.
part of the team and you know he's such a great operator really understands the
business what we do and I can't wait to enhance everything that we do under Kevin's
leadership okay so the first thing I want to talk about today is last time we
spoke we said I had a discussion slash argument about AI because you've built
this incredible sort of instrumentation tool which can control execution on a
on an endpoint right and that's all controlled from a central console so like my
position last time we spoke was, well, you could just use AI, couldn't you, to manage the allow
list from this central console? And you're like, well, but at that point, you've kind of lost
insight, you've lost control, like you've lost understanding of your own context at that point,
which is kind of what allow listing is good at in the first place. We had that conversation a few
months ago, you've gone away and actually wound up building something that can assist
with managing those allow lists, but it's not actually contemporary.
AI. Well, it was very interesting and a lot of reflections off the back of that conversation. And I'm
somewhat conflicted between the two camps, which is you do need AI, but you also don't at the same time.
And since that time, we've actually built a autotrust feature into the product, which we haven't
released yet, but we're going too soon, which basically provides rule recommendations and also
can, if you choose to do so, you know, make some automated decisions on your behalf. And
We haven't actually used AI in order to do that this time.
And there's a number of reasons why we did that,
even though AI provides fantastic context externally
that it can bring in to enhance decisions.
But it's non-deterministic,
which is like when you're putting it in charge of an allow list,
is that why you were like, did not want to go there?
Exactly, because we can't, you know, context is king,
but because we are powered by data that is inside the customer environment,
that's quite a specific static set of information that you've always got coming in,
which is already scope to what you need to pay attention to.
So really we can use, you know,
we can get most of the way by looking at things like prevalence
in terms of execution frequency,
and also in terms of the data that we bring in externally,
from, for example, a great partner of ours in Virus Total, you know, to be able to come to
quite a sensible decision without necessarily saying, well, this binary...
Hello, computer God.
Yes, exactly.
Computer God, tell me, yeah.
What's really funny about this is I remember, like, we had this conversation, like,
quite literally, like not on the podcast, but quite literally years ago about, like, well,
if you wanted to, you could plumb this through to, like, VT.
set sort of whatever threshold is right for that organization, which is if any engine via
virus total thinks that this thing looks bad, just don't run it, right? Or you can throw it in a
sandbox and whatever. And what was interesting about that discussion as a thought experiment
back then was you're actually removing the decision logic about whether or not something executes
on a host from the host, and you're abstracting that out elsewhere. So basically, you've got this
really lightweight client on, you know, allow listing client, which just says,
yes, no, this thing can run or not, but it actually offloads the decision elsewhere,
which is an interesting change to the way that we've done anti-mailware, right?
So, yeah, I mean, who's embracing this?
Like what sort of customers are turning that on?
Well, I guess it's not out yet, right?
So you don't know.
Yeah, it's not out yet.
However, I think the thing is, is what we've done well as a product.
We've built a great framework to make decisions, right?
We've brought in, here's all your data.
You sort of choose your path.
But I think the power is in saying, you know, hey, based on this environmental information and bringing it together and stack ranking those recommendations, whether it's automatic or not, is really providing the customer with a guided path of saying that here's how you sort of get to a point of enforcement.
You know, the worst outcome for us is if a customer doesn't actually get to a point where they're locking a system in enforcement mode and they're getting the prior act of protection of deny by default.
So for us, in order to get that set up phase going really, really quickly by providing that sort of prioritised recommendation work list is where that power is.
And I think, to be honest, the majority of customers are going to end up using that system for recommendations at the very least, if not autotrust in the early stages.
And then the critical thing for us is also providing visibility into what decisions are being made and why.
So there is a little bit of natural language going on about why the system has chosen to make that recommendation, but not using natural language or LLMs to make that decision in the first place, if that makes sense.
Yeah, I'd say based on what we're building at the moment, if you looked at, you'd think it was LLM driven based on like the content that's coming, the plain language that's coming back to you.
But it's really a lot of decision trees and a lot of intelligence from our, what we're going to be.
we've learned internally ourselves, what mistakes people make, building allow lists, like making
sure that you take into account low bins or, hey, you don't want to trust PowerShell is a trusted
process. Pretty good idea because it can do bad things. And it's just layering all the stuff out
of our own heads, what we know and all of our customers now, what they're seeing and sort of rolling
that up into sort of recommendation rules. It's all contextual, you know, and I think the big flip here as well
is that, you know, we built this framework product
where you can see, hey, here's all the executions
you've seen your environment, now make some decisions on it.
Sort of, that's great if you've got a pretty good context about,
yeah, I trust these publishers and these files.
It makes sense to sort of do this reconciliation.
But flipping this, this flips it a little bit on its head,
either an order maker or on a recommendation mode,
where it says, based on what we've seen in your environment,
these are the suggestions of what you should be adding.
So it sort of guides users, and I think it lowers the bar
a little bit for operators as well.
Yeah, yeah.
I mean, but was there a really,
that you didn't try.
I guess what you're saying like both of you is like the reason you didn't use,
you know, contemporary AI here is you just didn't need to.
Didn't make sense.
I think it's excessive because you're, look, not to say that they can't be added contextual
value.
And I think the contextual value from LLMs externally is what is this software I've never
seen it before?
You know, like is there data floating out there somewhere that can bring
some, you know, some clarity.
Well, I know when I see a funny process somewhere, Dave, like the first thing I do is I go
hit Google, you know, and like, LLMs can kind of do that for you, right?
Like they can go and find out other things.
Exactly.
So I think that's the benefit there.
However, because we're running on essentially a closed system, because we're flipping the
problem, we're not trying to make trust decisions on behalf of customers.
There are some other allow listing companies that are trying to do that, but that's an infinite
scale problem, right, where you're making broader and broader decisions for everyone,
and therefore you kind of have to have that context.
Whereas with a customer environment, the customer knows their own operating environment.
So they automatically have a much higher threshold of, I kind of know what I expect to be here
or not, even if it's just an IT operator.
And we can, you know, making sure that we've got those suppression lists for lull bins
and other information,
and bringing in some static context
from what we see in our environments,
we can get 95, 97% of the way there,
just by taking this approach.
Yeah, and I think this is a building block
that we'll get here, we'll feed that out there,
and then we'll take the learnings back as well.
And, you know, it's just a step on the way.
I'm sorry, that is Corpo speak
that is forbidden on risky business.
You are not allowed to say learnings,
Daniel. The word I believe you're looking for is lessons. You learned some lessons. You didn't
learn some learnings because that's not a word. But anyway. And I think also we're in a period of
time and this does play into our thinking a little bit where there is a lot of skepticism about AI
from not all businesses, but just, you know, there's a wide range of opinions that are out there
as well. And if we can pre-process using AI models to get to some sort of
of static classification set and get nearly all the efficacy there without putting another,
hey, how can I help you today?
Without putting people's allow lists in the hands of a non-deterministic model that might do
something crazy.
Exactly.
Yeah, yeah, no, I get you.
I get you.
I feel you.
It's about, look, but this landscape is changing very quickly.
And of course, we're always looking for ways that we can make sure that we're giving people
the greatest outcomes and, you know, using the best tools for the right problem.
which is, I think, how we need to think about AI generally,
which is like, what problem are you solving?
Is this tool the best way to solve that problem?
And, you know, one day that may be yes.
Now, look, another thing, you know,
I've been reflecting on you guys.
Like, I think you've been a sponsor of risky business,
something like eight years.
I think companies existed something like 12.
One thing that's interesting is that airlock digital
basically hasn't changed in that time, right?
So this is when you know you've hit an enduring control,
something that's durable is fundamentally the product hasn't changed.
But where that gets interesting is that frees you up to do a lot of really fundamental engineering.
So I think when you look at a lot of endpoint security software, they have to chase the latest red balloon floating across the room
because they've got these big sort of threat research teams and they have to look at tradecraft and build detections and whatever.
Default and I allow listing not really like that.
You don't have to play that game and you could just look at, at,
core engineering. Now, one of the things that you've built is this assembly reflection feature,
which we did speak about on a previous show. But these are these deep sort of features that when
the tradecraft evolves enough, they actually wind up being extremely handy. Daniel, did you
preempt the attacker behavior by build it? Like, what prompted you to do the work, the engineering
work on that feature in the first place.
Yeah, I think what we really, at that time, I guess, you know, at the end of the day,
what we're trying to do is stop code execution.
So if there's a way that attackers can execute code that is sort of out of scope for us,
it really becomes a giant hole in the solution.
So, you know, at that time, I guess when your PowerShell reflection was sort of a new technique
or was sort of in the news and, you know, customers were asking about it and ourselves internally
were, you know, trying and we're like, oh, we go a bit of a gap here.
So, you know, we put in a lot of work to build this feature.
But as long as we cover, like, again, like all these hook points for execution,
then, you know, it will be effective regardless of any, for any tradecraft that uses that type of execution.
So what we're seeing here is, you know, another example, good one would be like browser accession control.
You know, that we're now seeing that as a form of execution.
So we want to make sure we add visibility into that space.
And what's been really, I guess, well, I've been learning in the last couple years,
or even the last couple of months, is although we built this great security framework,
which does things like blocks click wants, it blocks VSTO, add-ins, and all these other things
over time where we go, oh, A-Lock, I already blocks this. That's a great surprise. Now we need to
really sort of start communicating to our customers and the market like, hey, it turns out that,
you know, all these things you're seeing, we can actually control that. And rather than making it
maybe like an advanced blocklisting rule or an advanced allow listing capability, so build
some UI's like, oh, hey, here's the click once, you're building.
and where you can make rules based on the difference of capabilities.
But the fact that we've got that ground floor in place and it's, you know, it's so sturdy and can
just see everything.
It's just, you know, we're not scrambling after attacks.
Yeah, yeah.
I mean, this is what came up last time we spoke, right?
When you were talking about these click ones, these are these, you know, I think Adam
and I spoke about, I don't know if that was on the show or not, but I was just like, I remember
talking to Adam about him, just like, my God, these click once things like, you know, Microsoft
Brainwave of like these packaged applications anyway.
But basically Microsoft has a way for you to package up these applications,
which will side load stuff.
You would do all sorts of weird crap, which just doesn't make any sense.
And obviously attackers have figured that out.
And yeah, this was a problem, wasn't it?
You actually had a customer reach out to you and go,
can you build something to take care of this?
You were like, well, we already have something that takes care of that.
So, I mean, how do you go about, like, what's the thinking about how you can begin
to communicate that to your customers?
because, you know, you can't put it front and center in the console because that's just going to get annoying.
Like, you put it in an email, people are going to ignore it.
Like, what's the approach there?
Yeah, I think it's maybe not front and center on the console, but I think it sort of moves into, like, you know, attack surface hardening or something, attack surface reduction.
So, like, where you can build, a simple way to build the rules.
Like, I guess I don't want our users to have to go make this logic tree of detection and prevention to, like, you know, make this custom crafted block list.
because they're only going to be able to do that
once they know the knowledge about that exact thing
so I'd like to sort of maybe front end it a little bit
but it just sort of moves into that sort of
hardening space or if this keyword comes up
where sounds like what are we doing about click once in that
or if that's what trade then you go oh we know airlock covers that
at least educating that there's something we can do about it
and that airlock you know they can link that together
they might have an existing control in place
have you have you had to resist the temptation
to build detections into the product
to say well there's been some
execution events here that we think are bad and you should probably have some rules around them,
Dave, like you're pulling, you've got face like you have opinions there. No, I don't think so.
I think what we've been pulled in is ways that we can cut to the foundations of what made the
attack work. So the more interesting thing when we look at like attack trees on a particular
piece of security research is not about the end of the tree about what it results in and catching
that. It's about what interesting techniques are actually used along the way that we can
actually prevent or take out. So, you know, using, you know, catching assembly reflection,
which is what we're talking about, you know, MS build, taking that off the table so attackers
can't compile, you know, dot net projects on the fly and get an executable directly in memory.
You know, and making that sort of point and click available. So we're getting rid of classes
of attacks rather than just focusing on the code or the outcome or,
how they got there. So it's just taking tooling off the table and as Daniel said in hardening.
So it's focusing on those pieces, how we break the chain rather than catch it at the end.
And what's been interesting, and I'm sure we've said this before in the past,
is like when you look at modern attacker tradecraft, it's very complex.
Like they'll drop a WVB script that makes a batch file that drops a DLL which calls an EXE
and does this downloader. There's so many components and they're trying to get around
these static behavioral detections, trying to find a way for,
the machine that won't trigger like an EDR detection, when for us, it's just 20 more cases
of code execution that gives more opportunity to stop it along the path.
Now look, you know, I'm privy, I guess, a little to how well things are going for ALOC and
they are going extremely well.
I guess the question is, you still don't seem to have much competition in the market.
There's one that I can think about that's quite obvious, but the reason I'm not naming them
is because I don't think their technology is actually very good.
I think that they've made some very weird decisions,
actually in the way that their product works,
so I don't want to just be seen trash talking them.
But apart from them, and you know who I mean, them,
there's not real, it doesn't seem to be anybody else out there.
Like, why is that, Dave?
Like, why is it that still 12 years later, you know,
and you guys are like making terrific headway in the market?
Why is no one else out there doing this?
The majority of the security industry sells a product, whereas we sell a product that allows
you to implement a strategy inside your business.
And all too often, I think the security industry comes up with a solution and says,
hey, just install this, you'll be fine.
Whereas for us, it's not just about installation, it's about management, it's about life cycle,
and that's what we are focused on solving.
And I think that at first glance, it's not the.
easiest path as compared to installing an antivirus or installing an EDR that's the tooling is
there. However, I think that as the threat lands...
I don't know, man. Like, I think installing and correctly configuring an EDR versus installing
and correctly configuring airlock, I didn't... Your stuff might be easier, in fact.
Well, it cuts off a whole class of other surrounding challenges that you may have in terms of,
well, you know, if you're preventing, then you don't really have much to respond to on the other
end. So we're cutting out a lot of sort of adjacent work. But, you know, I think that also there's
everyone's heard of deny by default. Everyone's heard of allow listing, but there's still a level of
skepticism there as to the operational, not the efficacy, but the ability to operationalize it
within a business. And I think one thing that's been working great for us is just rather than saying,
hey, we make this easy, is demonstrating that through, you know, great, you know, actual customer
deployments and references as are still a greater source of business. But, you know, I think that
the market is now ready to start looking at this approach and that is, you know, the last 12 months
has been extremely busy as a result. So, I mean, what I heard there is our approach is too nerdy.
Yeah, because, and look, to be honest, I think that's something that we've struggled with a little bit,
which is C-suite messaging, is how do you turn up with a board?
Because we're not just selling security, we're selling an endpoint strategy,
which is often a subset of endpoint.
So it's sort of like, how about we do this particular subsection of this sub-industry on our endpoints?
It's extremely effective.
And that's something that we're really starting to make sure that we're resonating as we, you know,
continue to grow the business.
But we've got a way to go on it.
I guess I just do wonder why it is that you get the whole thing to yourself.
I mean, hey, it's great, good to be you.
It's great to be you.
Yeah, I think at the end of the day, the fact we have agents across Windows from XP onwards,
old versions of Linux, across Mac, maintaining these, you know,
caring about all the different code executions.
Like we've been, like you said, like we've been building this for a very long time.
It's actually pretty hard.
You can't just vibe code this up.
You know, you're doing, and there's a huge part also on performance and architecture as well,
where how much memory do you use, how much load, it's unacceptable to put this much iops on a VDI host.
And these are all journeys or challenges that we've sort of gone through maybe six, seven years
ago on this one particular customer. But that's all been building on building and lessons learned.
Oh, oh, that we got to that point where now we're like, you know, again, this sort of solid
lightweight framework that we've built all this on. But I think just for someone else to build
that framework, it's very hard. And there are new and new, smaller competitors coming to market,
But they're really focused just on one operating system or they're focused on just block listing,
even though they're saying they're doing app control.
You know, there's a lot of mixed messaging from PAM vendors and, you know, just the market in general as well.
That's who does what?
That's always been something that's driven you spare.
Is the PAM people saying, yes, we can do a Lassisting as well?
It's like, no, you do PAM.
Well, I think that's the point to your, this is a nerdy problem, which is you can block an executable and you can say,
look, we stop the app.
But if you look at how attackers run...
Yeah, but you can block it executable properly.
Yeah, well, yeah.
And plus any associated libraries, the reflection techniques, you know, anything that's a lot of chance.
You can block execution properly.
Execution.
Yes, that's a better way to look at it.
But yeah.
Well, now, and now, too, like, I think the other thing that's happening with you guys at the moment is you guys are working very much on, like, integrating with all of the other stuff around the enterprise that you might find, for example, in a sock, right?
Like this is this is a big area of work for you right now.
Yeah, we talk a lot about how, you know, we're, the primary thing that we solve is a process
problem when it comes to a law listing, which is how do you get the right, you know,
the right trust, the right people at the right time without impacting the productivity of the
business.
But in order to do that and being generally focused on really a point solution space in the market,
we need to make sure that we're playing nicely and integrating well with all of the
tools that are around us.
So, you know, if you want to approve something, well, we've got to bring those decisions into your workflow,
be that Microsoft Teams or Slack or ServiceNow, you know, if you need to issue an exception for someone,
we need to bring that to you because I'm, you know, totally understand why people don't need to go,
I need to approve that, I need to go over to the console.
And, you know, this is about driving a process through an organization and weaving it in amongst the business tooling.
So there's a massive focus for us, you know,
over the next three months and has been in order to integrate with all of these other productivity
platforms. And I think that's what's been interesting. It's not other security tools. It's
business productivity and workflow tools, which is the biggest enabler. I mean, everyone starts off
building their security startup to tackle Chinese APTs and make the Ministry of State Security
cry. And it always ends with like, we're writing a service now integrate.
This is how it goes.
I mean, it's true.
But, you know, it's where we're at now
and it's August training business workflows
and, you know, it's an exciting time.
And I think that the more accessible,
the easier that we make allow listing,
you know, the more adoption, you know,
I really think, you know, every release
we're just getting started.
How much has it changed, though,
when you pitch airlock now,
when you pitch a allow listing,
like, is that a lighter lift than it used to be?
for me it definitely is. You know, it used to be converting the haters or it was just like that's
impossible or you can only do it on ATMs and static kiosks. That was sort of the legacy we inherited
and I guess why we exist as a company as well. And I think now, you know, and thanks a lot to
compliance standards, people haven't had a choice and they've had to implement these things
in certain places. Great way to get a sale. And because of that now, but but at the
the end of the day it worked. And I think that's helped a lot. And now a lot of it is when
we sort of come over, when I come across someone who's like, well, that will never work.
I'll ask them, well, when's the last time you tried? What did you try with? And can you
explain how we've got customers with, you know, 200,000 endpoints under management and full
enforcement in user computing dynamic environments? And, you know, and then just talk about our
successes. That's the best way I think often to convince people that maybe, maybe I should have
a look at this or something's different going on.
one of the best conversations that I've had was actually someone that came to a booth and I was sort of jeeing us up a bit.
But he's like, I got Ablocka to work and then we went into all the different mechanisms about how, you know, he actually, you know, made that possible because there's only been a few other people that have actually run into, which is surprising, that have really gone to the end's degree to try and process drive, you know, that technology.
So, you know, he was definitely a believer in that, but, you know, eventually came back around with some interest as well.
A few years later being like, I remember that.
So it's, you know, I think that there's better awareness that there's ever been out there about deny by default in general.
And, you know, it's also great to have a competitor, I should say, that is helping prove out, you know, this is a market.
You never want to be the only one that's in space.
So, you know, and I think it drives me crazy how the nomenclature of zero trust has has morphed over the many years.
But, you know, I think it's a pretty common term that people resonate with and the concept is simple.
And I think, you know, better at explaining it as well.
All right.
We're going to wrap it up there.
Dave Coddingham, Daniel Schell.
Thank you so much for joining me to discuss, I guess, what's been up with Aarlock Digital lately.
great to see you both.
Thank you so much, Patrick.
Thanks, Patrick.