The Australian Signals Directorate (ASD) has made mandatory the implementation of the Essential 8 strategies for mitigation of targeted cyber intrusions for Federal Government Agencies.
Until now it has been very difficult for an organisation to validate that it has sufficient security controls in place to secure its IT infrastructure in line with these requirements.
Introspectus provides an independent auditing capability that is separate from the organisation’s security enforcing products, providing assurance that an organisation’s security controls are in place for the Essential 8 mitigations, and are working.
Prevent execution of unapproved/malicious programs, including .exe, DLL, scripts and installers by Application Control approved/trusted programs.
Why: All non-approved applications (including malicious code) are prevented from executing.
Learn MorePatch/mitigate computers with extreme risk vulnerabilities within 48 hours by using the latest version of applications. e.g. Flash and web browsers.
Why: Security vulnerabilities in applications can be used to execute malicious code on systems.
Learn MoreConfigure settings to block macros from the Internet, and only allow vetted macros either in trusted locations with limited write access or digitally signed with a trusted certificate.
Why: Microsoft Office macros can be used to deliver and execute malicious code on systems.
Learn MoreConfigure web browsers to block Flash, ads and Java on the Internet. Disable unneeded features in Microsoft Office, web browsers and PDF viewers.
Why: Flash, ads and Java are popular ways to deliver and execute malicious code on systems.
Learn MoreRestrict administrative privileges to operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don't use privileged accounts for reading email and web browsing.
Why: Admin accounts are the keys to the kingdom. Adversaries use these accounts to gain full access to information and systems.
Learn MorePatch/mitigate computers with extreme risk vulnerabilities within 48 hours by using the latest supported operating system version.
Why: Security vulnerabilities in operating systems can be used to further the compromise of systems.
Learn MoreImplement multi-factor authentication, including for all remote accesses, and for all users when they perform a privileged action or access an important data repository.
Why: Stronger user authentication makes it harder for adversaries to access sensitive information and systems.
Learn MorePerform daily backupts of important new/changed data, software and configuration settings, stored disconnected, retained for at least three months. Test restoration initially, annually and when IT infrastructure changes.
Why: To ensure information can be accessed again following a cyber security Incident (e.g. after a successful ransomware Incident).
Learn More