Essential 8

Essential 8 Overview

 

Since 2010 the Australian government has disseminated information to improve cybersecurity and better protect our nation’s digital assets. The “Essential-8” is the latest iteration that began with the Defence Signals Directorate’s (DSD now ASD) “Top 35” mitigation strategies. Over the ensuing decade little has changed with poor patching still posing the most insidious risk to organisations. The ASD have distilled more than a decade of analysis into the Essential-8 analysis that will help organisations of every size validate their existing safeguards and prioritise their security requirements based on cold, hard data from an independent source.

 

Sécurité partners reduce Essential-8 risks

 

Sécurité and our partners can offer point-products or end-to-end solutions that will help your organisation protect against Essential-8 security risks.

 

Flexera;

 

Automated Patching

 

Airlock Digital;

 

Application Whitelisting

 

Thales Safenet;

 

Multi-Factor Authentication

 

Thycotic;

 

Privileged Accounts

Airlock Digital Application Whitelisting

 

Airlock Digital Whitelisting is built to scale with ease in Enterprise class environments or is equally at home within SMB ecosystems. The solution can be rapidly deployed, is easily integrated into existing infrastructure and helps organisations become more secure by enforcing controls across all files and applications across the organisation and digital assets. Whitelisting helps achieve compliance with PCI-DSS and HIPAA standards and is a security safeguard recommended by the ADSD and NIST.

Snapshot

 

Easily create and manage secure whitelists and proactively prevent malicious code from executing
Deploy with ease and seamlessly integrate Airlock within your existing operating systems and applications
Centralised visibility into the origin of files across the organisation, when it was deployed and how it was executed
Track network communications between the file and Domains and IP addresses to forensically understand how the file behaves
Lightweight 7Mb agent is easily installed and offers little impact on endpoint performance

Thales SafeNet Multi-Factor Authentication

 

SafeNet’s Trusted Access suite offers Identity-as-a-Service (IaaS) and Single-Sign-On (SSO) to bolster identity safeguards and streamline Cloud identity management, password administration and enforcement of security policies.Flexible Cloud management lowers the complexity and cost of administration while IaaS lowers the risk of error, omission or oversight. For environments that demand rigorous compliance enforcement, IaaS provides an independent, unimpeachable audit trail and the means to glean insights into access policies.

Snapshot

 

Add another layer of security to protect intellectual property and sensitive corporate data
Simplify Cloud identity management with SSO
Gain visibility into access events
Intuitive management with single pane administration dashboard
Hone access policies to lock-down security controls

Thycotic Privileged Account Manager (PAM)

 

Thycotic’s Enterprise grade PAM enables administrators to discover, manage, assign access using RBAC to accounts from a central dashboard. The Thycotic solution is a low impact PAM that’s simple to deploy in either terrestrial on-premises environments or in the Cloud and provides an important layer of added security to lock-down employee or third-party privilege. Thycotic’s solution family includes password and service account administration to provide a comprehensive range of layered security safeguards.

Snapshot

 

Discover privileged accounts and vault credentials and service accounts
Delegate access across the Enterprise
Monitor and record sessions for analysis or forensic auditing
Enforce least privilege compliance across the Enterprise

Flexera Patch Management

 

Software patching still poses one of the gravest security threats to organisations. Flexera’s Software Vulnerability Manager’s “Vendor Patch Management” solution identifies, prioritises and remediates gaps in application and operating system patching. Flexera’s Secunia Research division provides Enterprise class security research that captures data from software vendors and enables IT administrators to keep abreast of patching threats.

Snapshot

 

Leverage the capabilities of a dedicated application designed to ensure patches are applied in a timely manner
Limit the risk of attack and breach using published vulnerabilities as an attack vector
Prioritise patching based on business risk and not chronology
Mitigate a risk identified by Australia’s DSD as one of the most virulent and avoidable IT security threats faced by system administrators

Essential 8 1-4

 

Mitigation Strategies to Prevent Malware Delivery and Execution

 

1. Application Whitelisting

 

Application Whitelisting of approved/trusted programs to prevent execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers.

 

Sécurité Partner – Airlock Digital

 

2. Patch Applications

 

Patch Applications e.g. Flash, web browsers, Microsoft Office, Java and PDF viewers. Patch/mitigate computers with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest version of applications.

 

Sécurité Partner – Flexera

 

3. Configure Microsoft Office macro settings

 

Configure Microsoft Office macro settings to block macros from the internet, and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.

 

4. User Application hardening

 

User application hardening. Configure web browsers to block Flash (ideally uninstall it), ads and Java on the internet. Disable unneeded features in Microsoft Office (e.g. OLE), web browsers and PDF viewers

 

The Government “ISM”;

 

Information Security Manual

 

The “ISM” is the definite set of guidelines on how the Australian Federal Government applies safeguards across the public service and agencies.

 

Click Here

 

 

ASD Top 35 Mitigation Strategies;

 

A historical archive worthy of review

 

Sécurité partner Check Point have an archive of the original DSD 35, the progenitor to the Essential 8. The sad observation is that in spite of over a decade of improvements in IT security, avoidable errors are still the main cause of breaches.

 

Click Here

Essential 8 5-8

 

Mitigation Strategies to Limit the Extent of Cyber Security Incidents

 

5. Restrict Administrative Privileges

 

Restrict administrative privileges to operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don’t use privileged accounts for reading email and web browsing.

 

Sécurité Partner – Thycotic

 

6. Multi-Factor Authentication

 

Multi-factor authentication including for VPNs, RDP, SSH and other remote access, and for all users when they perform a privileged action or access an important (sensitive/high-availability) data repository.

 

Sécurité Partner – Thales SafeNet

 

7. Patch Operating Systems

 

Patch operating systems. Patch/mitigate computers (including network devices) with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest operating system version. Don’t use unsupported versions.

 

Sécurité Partner – Flexera

 

Mitigation Strategies to Recover Data and System Availability

 

8. Daily Backups

 

Daily backups of important new/changed data, software and configuration settings, stored disconnected, retained for at least three months. Test restoration initially, annually and when IT infrastructure changes.