Essential 8 Mitigations for Targeted Cyber Intrusions

The Australian Signals Directorate (ASD) has made mandatory the implementation of the Essential 8 strategies for mitigation of targeted cyber intrusions for Federal Government Agencies.

Until now it has been very difficult for an organisation to validate that it has sufficient security controls in place to secure its IT infrastructure in line with these requirements.

Introspectus provides an independent auditing capability that is separate from the organisation’s security enforcing products, providing assurance that an organisation’s security controls are in place for the Essential 8 mitigations, and are working.

ASD's Mitigation strategies to prevent malware delivery and execution *

Application Whitelisting

Prevent execution of unapproved/malicious programs, including .exe, DLL, scripts and installers by whitelisting approved/trusted programs.

Why: All non-approved applications (including malicious code) are prevented from executing.

Learn More

Application Patching

Patch/mitigate computers with extreme risk vulnerabilities within 48 hours by using the latest version of applications. e.g. Flash and web browsers.

Why: Security vulnerabilities in applications can be used to execute malicious code on systems.

Learn More

Microsoft Office Macros

Configure settings to block macros from the Internet, and only allow vetted macros either in trusted locations with limited write access or digitally signed with a trusted certificate.

Why: Microsoft Office macros can be used to deliver and execute malicious code on systems.

Learn More

User Application Hardening

Configure web browsers to block Flash, ads and Java on the Internet. Disable unneeded features in Microsoft Office, web browsers and PDF viewers.

Why: Flash, ads and Java are popular ways to deliver and execute malicious code on systems.

Learn More

ASD's Mitigation strategies to limit the extent of cyber security Incidents *

Restrict Administrative Privileges

Restrict administrative privileges to operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don't use privileged accounts for reading email and web browsing.

Why: Admin accounts are the keys to the kingdom. Adversaries use these accounts to gain full access to information and systems.

Learn More

Patch Operating Systems

Patch/mitigate computers with extreme risk vulnerabilities within 48 hours by using the latest supported operating system version.

Why: Security vulnerabilities in operating systems can be used to further the compromise of systems.

Learn More

Multi-Factor Authentication

Implement multi-factor authentication, including for all remote accesses, and for all users when they perform a privileged action or access an important data repository.

Why: Stronger user authentication makes it harder for adversaries to access sensitive information and systems.

Learn More

ASD's Mitigation strategies to recover data and system availability *

Daily Backups

Perform daily backupts of important new/changed data, software and configuration settings, stored disconnected, retained for at least three months. Test restoration initially, annually and when IT infrastructure changes.

Why: To ensure information can be accessed again following a cyber security Incident (e.g. after a successful ransomware Incident).

Learn More