Top 4 Mitigations for Targeted Cyber Intrusions

The Australian Signals Directorate (ASD) has made mandatory the implementation of the Top 4 strategies for mitigation of targeted cyber intrusions for Federal Government Agencies. Until now it has been very difficult for an organisation to validate that it has sufficient security controls in place to secure its IT infrastructure in line with these requirements.

Introspectus provides an independent auditing capability that is separate from the organisation’s security enforcing products, providing assurance that an organisation’s security controls are in place for the Top 4 mitigations, and are working.

How can Introspectus help?

Introspectus has added the ability to independently, in almost real-time, validate whether your organisation complies with these Top 4 Strategies for mitigation of targeted cyber intrusions by verifying the effectiveness of your security measures against a reference source.

Reporting

Application Whitelisting
|
Patch Applications
|
Patch Operation System
|
Restrict Administrator Privileges

Application Whitelisting

Introspectus actively tests the effectiveness of an organisation’s whitelisting.

Introspectus performs this Application Whitelisting test when a user logs on and every 60 minutes thereafter. The Pass/Fail rate is presented in a graphical format.

Whitelisting
Security Compliance - Whitelisting

A report of workstations and user ID’s that fail the Application Whitelisting test is produced.

Whitelisting Fail Data by Machine ID
Security Compliance - Whitelisting Fail Data by Machine ID

Patch Applications

Introspectus allows for an organisation to define the recommended version of each application that is allowed in an environment, and then tests all devices against this standard.

Introspectus performs this test once a day and a report is produced of those devices not meeting the pre-defined patch version requirements.

Software Compliance Profile Report
Security Compliance - Software Compliance Profile Report

A report of workstations and user ID’s that fail the test is produced.

Software Compliance Profile Data Machines
Security Compliance - Software Compliance Profile Data Machines

Patch Operation System

Introspectus tests the effectiveness of an organisation’s Microsoft patching regime against one of three reference sources:

  • Microsoft Windows Update (If not restricted by Group Policy), or
  • Corporate WSUS or SCCM server, or
  • Microsoft Offline File.

Introspectus performs this test once a day, graphing the number of machines that are completely patched versus not completely patched.

Software Compliance Profile Data Machines
Security Compliance - Software Compliance Profile Data Machines

A report is produced indicating each site within your organisation for its level of patching compliance.

Patch Compliance By Site
Security Compliance - Patch Compliance By Site

A report is produced indicating each workstation’s level of patching.

Patch Compliance by Site my Machine ID
Security Compliance - Patch Compliance by Site my Machine ID

Restrict Administrator Privileges

Introspectus scans all workstations and extracts a list of all members of your organisation’s specified local administrator group/s.

Introspectus performs this test when a user logs on and every 60 minutes thereafter.

A report is produced listing all User IDs and workstations where the user is a member of a defined local user group.

Administrator Report Users
Security Compliance - Administrator Report Users