Essential Eight
The Australian Signals Directorate, an organization with a similar* mission to the American NSA, has published a number of very interesting documents.
Their Essential Eight Explained provides a quick overview of the eight Mitigations to cyber security threats that they deem to be the most effective. These eight, implemented properly and proactively, will establish a secure baseline for an organization. The eight are a subset of a larger list. The larger list covers many more technologies and process that can be implemented to address and mitigate further risks.
Not all organizations need to address the risks mitigated by the larger list, but every organization would benefit from implementing the Essential Eight.
*sort of… If you want to investigate further their site is here
What are the Eight
The list is pretty simple
- Application Control Listing
- Patch applications
- Configure MS Office Macros
- User application hardening
- Restrict Admin Privileges
- Patch OSes
- Use Multi-factor authenticaion
- Perform daily backups
The first four assist in mitigating the risk of getting infected with malware.
Items five through seven are to prevent or limit the spread of malicious activity if/when malware gets inside the network.
The final assist with returning to normal operations.
Implementing these eight technologies and processes will dramatically raise the baseline security level of an organization, making it much more difficult for malicious software/actors to impact an organization.
However, these are not all trivial to implement.
Two, Six, Eight
Probably the easiest three on the list, Patching Applications, Patching Operating Systems and Daily Backups, are much easier today than they was a decade ago, but there are still operational challenges. Patching all applications and operating systems requires an accurate and up to date inventory of all devices and their software. This list will also need to include all internet facing/permiteter equipment, as these have recently been under more and more scrutiny. 1 2 3 4 Disk is much cheaper today than it was 10 years ago, but data has grown over that time period too, making daily backups still challenging for organizations, where backup windows can run into business hours, or where business hours are around the clock.
One
Let’s return to the first item on the list - Application Control. This is also known as Application Whitelisting. At a basic level it is designed to limit what applications can run on a computer. More advanced implementations track additional system components, to ensure only authorized DLLs and scripts can run.
Correctly implementing an application control list will prevent malicious code from executing on the organization’s computers, while allowing trusted applications to run for users. However, this requires a fair bit of planning and effort to implement. Thankfully, Windows (AppLocker), MacOS (Gatekeeper) and Linux (SELinux) all include some built-in application control listing capability. There are additional security offerings for control listing in Windows - Carbon Black App Control and Airlock Digital, to name two.
<Find additional Linux & MacOS options. CMD software for linux? …>