Академический Документы
Профессиональный Документы
Культура Документы
Essential 8 Security
Controls – Determine your
organisation’s alignment
The Australian Cyber Security Centre’s ACSC
Essential 8 Cyber Security Framework, if
implemented, mitigates 85% of targeted cyber
intrusions. This is the current security posture
recommended by government.
There are a number of cyber security frameworks in use around the world, many of which
have significant similarities to Australia’s ACSC Essential 8, including NCSC Top 10 (UK) and
NIST (USA). The eight security controls incorporated into the Essential 8 Framework are the
fundamental mitigation strategies required to protect your organisation.
Prevents
attacks Application Patch
Disable untrusted
User application
Microsoft Office
Whitelisting Applications hardening
macros
Limits extent
of attacks Restrict Patching
Multi-factor
administrative operating
authentication
privileges systems
Recovers
data &
system Daily backup
availability of important data
02
Risk & Essential 8
Compliance Guide Security Monitoring
Essential 8 Principles
Below are the core principles of the Essential 8:
03
Risk & Essential 8
Compliance Guide Security Monitoring
Stage 1: Planning
Establishing a current, objective view of your organisation’s alignment to the Essential 8
can be challenging and time consuming. Huntsman Security’s Essential 8 Auditor is a
product that has been designed for this purpose.
The Essential 8
Auditor delivers a
snap shot in time
view of your cyber
posture
04
Risk & Essential 8
Compliance Guide Security Monitoring
The agentless, self-install software delivers a snapshot in time view of your Essential 8
coverage and compliance to enable you to simply and quickly identify gaps and plan
for implementation and improvement of the controls. Detailed below is an excerpt
from the report, for the Application Whitelisting control.
The Essential 8
Scorecard provides
measurement,
and enables
management,
of cyber risk.
05
Risk & Essential 8
Compliance Guide Security Monitoring
06
Risk & Essential 8
Compliance Guide Security Monitoring
The scorecard collects and monitors logs from all endpoints. From the logs, the scorecard has the capability to
alert in real time on applications that have been executed or blocked on the end point. The scorecard reporting
will provide a full list of executed software by privileged user that is either prohibited or unauthorised.
Application Pre-defined actions like logging off the user or putting the end point in quarantine can be automatically
Whitelisting
taken when an unauthorised application is executed.
The scorecard provides the capability to monitor application versions. For example, using the correlation engine,
the scorecard can alert if an endpoint is not updated with the latest signature version or if Windows updates
have not been applied.
Patch Applications
Microsoft Office applications leverage the power of macros to automate routine tasks. However, macros
can contain malicious code that can infiltrate endpoint devices and gain unauthorised access. By monitoring
application logs, the scorecard has the capability to alert on endpoints that may be infected or compromised by
Disable untrusted
Microsoft Office
exhibiting abnormal behaviour patterns on endpoints. The scorecard can also report on macro execution on
macros endpoint devices by monitoring the process events on endpoints.
Disabling running Internet-based Java code, untrusted macros, and disabling unneeded web browser features
would assist in elevating application security. The scorecard can identify applications that are targeted using
User application malicious webpages or attachments as well as monitor removable media. The scorecard can also monitor
hardening changes to policy to ensure that the existing policy applied for user application hardening is not changed.
The scorecard monitors authentication events from endpoints (wired/wireless), Active Directory and network
devices, providing alerts and reporting on high privileged account activity. All administrative actions are
audited and reported on, and alerts can be generated when administrators perform un authorised actions.
Restrict
administrative Pre-defined actions like logging off the user or putting the end point in quarantine can be automatically taken
privileges when an unauthorised action is executed.
Operating system patching can be managed using System Centre Configuration Manager (SCCM) or Microsoft
Windows Server Update (WSUS). The scorecard collects endpoint and server logs and can report on devices
Patching that are not on the latest patch versions and provides alerts on unsuccessful
operating Windows updates.
systems
The scorecard provides monitoring on a number of multifactor authentication options. For example, smart
cards, passwords, user certificate and tokens (VASCO/RSA) and alerts an early warning for brute force attacks
Multi-factor and password guessing.
authentication
Daily backup of critical system configuration settings and data provides a great disaster recovery strategy
during a security incident. The scorecard collects logs from backup devices and alerts on the health of
Daily backup backups as well as reports on who has accessed the backup device.
of important
data
07
Want to find out more?
For more information on measuring the effectiveness of your cyber security
controls, please contact the appropriate Huntsman Security office listed on
the back cover.
t: +61 2 9419 3200 t: +44 845 222 2010 t: +81 3 5953 8430
Level 2, 11 Help Street 7-10 Adam Street, Strand Awajicho Ekimae Building 5F
Chatswood NSW 2067 London WC2N 6AA 1-2-7 Kanda Sudacho
Chiyodaku, Tokyo 101-0041
huntsmansecurity.com linkedin.com/company/tier-3-pty-ltd