Essential 8 Overview 

Since 2010 the Australian government has disseminated information to improve cybersecurity and better protect our nation’s digital assets. The “Essential-8” is the latest iteration that began with the Defence Signals Directorate’s (DSD now ASD) “Top 35” mitigation strategies. Over the ensuing decade little has changed with poor patching still posing the most insidious risk to organisations. The ASD have distilled more than a decade of analysis into the Essential-8 analysis that will help organisations of every size validate their existing safeguards and prioritise their security requirements  based on cold, hard data from an independent source.

Sécurité partners reduce Essential-8 risks

Securite and our partners can offer point-products or end-to-end solutions that will help your organisation protect against Essential-8 security risks. 

Flexera;

Automated Patching

Airlock Digital;

Application Whitelisting

Thales Safenet;

Multi-Factor Authentication

Thycotic;

Privileged Accounts

Airlock Digital Application Whitelisting

Airlock Digital Whitelisting is built to scale with ease in Enterprise class environments or is equally at home within SMB ecosystems. The solution can be rapidly deployed, is easily integrated into existing infrastructure and helps organisations become more secure by enforcing controls across all files and applications across the organisation and digital assets. Whitelisting helps achieve compliance with PCI-DSS and HIPAA standards and is a security safeguard recommended by the ADSD and NIST.

Snapshot

• Easily create and manage secure whitelists and proactively prevent malicious code from executing
• Deploy with ease and seamlessly integrate Airlock within your existing operating systems and applications
• Centralised visibility into the origin of files across the organisation, when it was deployed and how it was executed
• Track network communications between the file and Domains and IP addresses to forensically understand how the file behaves
• Lightweight 7Mb agent is easily installed and offers little impact on endpoint performance

Thales SafeNet Multi-Factor Authentication

SafeNet’s Trusted Access suite offers Identity-as-a-Service (IaaS) and Single-Sign-On (SSO) to bolster identity safeguards and streamline Cloud identity management, password administration and enforcement of security policies.Flexible Cloud management lowers the complexity and cost of administration while IaaS lowers the risk of error, omission or oversight. For environments that demand rigorous compliance enforcement, IaaS provides an independent, unimpeachable audit trail and the means to glean insights into access policies.

Snapshot

• Add another layer of security to protect intellectual property and sensitive corporate data
• Simplify Cloud identity management with SSO
• Gain visibility into access events
• Intuitive management with single pane administration dashboard
• Hone access policies to lock-down security controls

Thycotic Privileged Account Manager (PAM) 

Thycotic’s Enterprise grade PAM enables administrators to discover, manage, assign access using RBAC to accounts from a central dashboard. The Thycotic solution is a low impact PAM that’s simple to deploy in either terrestrial on-premises environments or in the Cloud and provides an important layer of added security to lock-down employee or third-party privilege. Thycotic’s solution family includes password and service account administration to provide a comprehensive range of layered security safeguards. 

Snapshot

• Discover privileged accounts and vault credentials and service accounts
• Delegate access across the Enterprise
• Monitor and record sessions for analysis or forensic auditing
• Enforce least privilege compliance across the Enterprise

Flexera Patch Management

Software patching still poses one of the gravest security threats to organisations. Flexera’s Software Vulnerability Manager’s “Vendor Patch Management” solution identifies, prioritises and remediates gaps in application and operating system patching. Flexera’s Secunia Research division provides Enterprise class security research that captures data from software vendors and enables IT administrators to keep abreast of patching threats. 

Snapshot

• Leverage the capabilities of a dedicated application designed to ensure patches are applied in a timely manner
• Limit the risk of attack and breach using published vulnerabilities as an attack vector
• Prioritise patching based on business risk and not chronology
• Mitigate a risk identified by Australia’s DSD as one of the most virulent and avoidable IT security threats faced by system administrators

Essential 8 1-4

Mitigation Strategies to Prevent Malware Delivery and Execution

1. Application Whitelisting

Application Whitelisting of approved/trusted programs to prevent execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers.

Sécurité Partner – Airlock Digital

2. Patch Applications

Patch Applications e.g. Flash, web browsers, Microsoft Office, Java and PDF viewers. Patch/mitigate computers with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest version of applications.

Sécurité Partner – Flexera

3. Configure Microsoft Office macro settings

Configure Microsoft Office macro settings to block macros from the internet, and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.

4. User Application hardening

User application hardening. Configure web browsers to block Flash (ideally uninstall it), ads and Java on the internet. Disable unneeded features in Microsoft Office (e.g. OLE), web browsers and PDF viewers

The Government “ISM”;

Information Security Manual

The “ISM” is the definite set of guidelines on how the Australian Federal Government applies safeguards across the public service and agencies. 

Click on the link below;

Essential 8 5-8

Mitigation Strategies to Limit the Extent of Cyber Security Incidents

5. Restrict Administrative Privileges

Restrict administrative privileges to operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don’t use privileged accounts for reading email and web browsing.

Sécurité Partner – Thycotic

6. Multi-Factor Authentication

Multi-factor authentication including for VPNs, RDP, SSH and other remote access, and for all users when they perform a privileged action or access an important (sensitive/high-availability) data repository.

Sécurité Partner – Thales SafeNet

7. Patch Operating Systems

Patch operating systems. Patch/mitigate computers (including network devices) with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest operating system version. Don’t use unsupported versions.

Sécurité Partner – Flexera

Mitigation Strategies to Recover Data and System Availability

8. Daily Backups

Daily backups of important new/changed data, software and configuration settings, stored disconnected, retained for at least three months. Test restoration initially, annually and when IT infrastructure changes.