As a result of the recent, well publicised cyber attackes in Australia, there is an astounding amount of information available to Australian Small to Medium business (SMBs). The Australian Cyber Security Centre (ACSC) releases specific guidance for SMBs and has outlined the importance of the Essential Eight, which are designed to help organisations protect themselves from cyber threats.
The Essential Eight Maturity Model supports the implementation of these policies and is based on the Australian Cyber Security Centre’s (ACSC) experiences in assisting organisations implement the Essential Eight.
Read our article on what the Essential Eight is, and why you should care here
The Essential Eight Maturity Model covers:
- Application Control
- Patching applications
- Configuring Microsoft Office macro settings
- User application hardening
- Restricted administrative privileges
- Patching operating systems
- Multi-factor authentication
- Regular backups of important data.
This model helps organisations to constantly work towards a more secure environment while allowing the organisation to continue to operate as freely as possible.
This post will focus on Application Control as the first strategy to prioritise in the Essential Eight.
Application Control is a policy that protects the organisation from malicious code initiating on systems. Implementing this will ensure that only approved applications can be executed. This will greatly reduce the risk of malware infection and system compromise.
By utilising Microsoft licensing, you can implement Application Control through Microsoft Defender. With this feature enabled, only Windows components, Microsoft Store apps and reputable applications as defined by the Intelligent Security Graph will be allowed to run.
Application control is an important security measure, however, it should not be used as the sole means of defence. A layered security approach should be taken in order to provide adequate protection for systems and data.
Application Control does not:
- Provide a portal or other means of installation for approved applications.
- Prevent an attacker from:
- Exploiting a vulnerability in an approved application to gain code execution
- Copying an executable onto the system and executing it
- Injecting code into another process to execute it.
- Use web or email content filters to prevent users from downloading applications from the internet.
- Check the reputation of an application using a cloud-based service before it is executed. If the application is approved internally, Application Control’s job is complete.
- Use a next-generation firewall to identify whether network traffic is generated by an approved application.
To start the process of Application Control, the following steps are initiated:
- Identify approved applications
- Develop rules to allow approved applications
- Maintainance of these rules
- Regular validation of rules
To put it simply, if you’re not already implementing the Essential Eight in your organisation, you should start now. Cyber security is more important than ever and these strategies are essential in order to mitigate the risk of a cyber security incident.
So what are you waiting for? Get started today
For more information on the Essential Eight go to https://www.cyber.gov.au/acsc/view-all-content/publications/essential-eight-explained
