Story image

Breaking down the ASD’s “top four” strategies to mitigate cybersecurity incidents

18 Jun 2018

The Australian Signals Directorate’s (ASD) “Essential 8” is an excellent, tried-and-true security guide, designed for Federal government and agencies, that is absolutely relevant to the security of all businesses.  

While the entire guide should be standard reading for all security professionals and IT administrators, within it lies the ‘top four’, which are the four most instrumental aspects of any organisation’s security strategy.

The top four consist of Application Whitelisting, Patch Applications, Patch Operating Systems and Restrict Administrative Privileges.

According to the ASD, “At least 85% of the intrusions that ASD responded to in 2011 involved adversaries using unsophisticated techniques that would have been mitigated by implementing the top four mitigation strategies as a package.”

While as the ASD states, the top four were constructed in 2011, they remain the top four today for a very good reason.

We - in conjunction with emt Distribution - break down each of the ASD’s top four and why they are so important.

#1: Application Whitelisting

As number one on the ASD’s list, the importance of Application whitelisting can’t be understated.

Application whitelisting is the opposite to Antivirus. In AWL, if an executable file is not in the allowed list, it won’t run.  It’s not reliant on knowing what is malicious, it only needs to know what is considered acceptable in a given environment.

This is what makes AWL the most effective way to prevent malicious, unknown or unacceptable software from executing on a machine.

Good AWL solutions are built with existing business workflows in mind, with minimum impact on business processes and performance. And good AWL solutions certainly do exist.

Daniel Schell, co-founder of Australian application whitelisting company, Airlock Digital says, “True application whitelisting removes the ability for attackers to execute malicious and unknown code. This significantly increases the difficulty of attack, blocking unseen malware and removing core tools attackers need to use.”

Application whitelisting only lets files approved to run, run.  If it’s not in the whitelist, it won’t execute.

So why do more businesses not incorporate application whitelisting into their cyber threat mitigation strategies?

According to Schell, it’s because of a simple misconception.

“It suffers from a perception that it’s difficult to manage and puts an onerous burden on IT Administration. It’s also perceived to slow down an end user’s ability to add new legitimate programs to a system,” Schell says.

Application whitelisting solutions have come a long way. Going back 6 years, the resources required to maintain a solution was significant, and workflows were impacted -  a case of the tail wagging the dog.

As Schell puts it, “In order for an application whitelisting solution deployment to be successful, it needs to align with current business processes.

“When business processes need to change in order to fit in with application whitelisting, then we tend to see significant pushback from the business. This ultimately leads to AWL getting a negative reputation.”

Schell also added, “A solid useful application whitelisting solution should slot into existing workflows, be specific to the environment it’s being used in, require minimum people hours to maintain and make it easy for users to function, without compromising on security.  We’ve achieved this with Airlock”.

#2 Patch Applications and #3 Patch Operating Systems

According to the Flexera Country Report 2017, in Australia Apple iTunes 12.x ran at an unpatched rate of 49%, VLC Media Player 2.x at 49%, Adobe Reader XI.x at 53% and PuTTY 0.x at 51%.  

Each of these applications have had malware that targets these vulnerabilities and applying the patches effectively mitigates the risk of being infected by that malware. If the vulnerability doesn’t exist, the malware cannot achieve its goal.

Flexera senior director of research and security Kasper Lindgaard says, “The exploitation of software vulnerabilities is one of the most common methods in external attacks. Software vulnerabilities are used, not only to initiate an attack, but to escalate privileges, move within systems, conceal attacks and exfiltrate data.

“By maintaining comprehensive processes to apply security patches, businesses shut this important window of opportunity for criminals and experience a substantial reduction in the risk of incidents.”

With vulnerabilities and their patches being highly publicised, slow remediation should not be an option.

“One of the challenges in patching operating systems is the risk of breaking those systems and another is the disruption that the patching activity may cause, which may impact productivity,” Lindgaard continues.

“Most risks associated with patching activities can be mitigated by implementing policies and procedures that take into consideration business requirements. By neglecting security patches under the assumption that it’s problematic to manage them, organizations are accepting a level of risk that they can’t measure or track.”

#4 Restrict Administrative Privileges

According to Thycotic chief security scientist Joseph Carson, Privileged Access Management (PAM) is one of the most effective cybersecurity threat mitigation strategies because it makes cybercriminals job much more difficult.

It forces hackers to continuously repeat hacking techniques that increase the risk of exposing themselves.

“PAM can also be used to improve insights into vulnerability assessments, IT network inventory scanning, virtual environment security, identity governance, and administration and behaviour analytics,” Carson says.

“By paying special attention to privileged account security, you can enhance all your cybersecurity efforts, helping to safeguard your organization in the most efficient and effective way possible.”

Carson believes Privileged Account Management is sometimes perceived as complex, expensive and requires highly skilled technical resources to implement it.

He says that while this may have been true in the past, it’s no longer the case.  

“PAM doesn’t have to be an insurmountable challenge. Any organization can control, protect, and secure its privileged accounts (and make the hacker’s job more difficult),” Carson says.

Thycotic have made PAM accessible, simplified, affordable and easy to learn for any employee who has some technical knowledge.” From PCI DSS to the Australian Information Security Manual, managing and protecting privileged accounts is embedded in almost all major compliance and regulatory requirements.

“As a result of compliance drivers, the wide use of PAM (has) accelerated in those heavily regulated industries like finance, healthcare and governments,” Carson continues.

“These have since become best practices for other industries which have seen PAM becoming a must-have security control that is effective at stopping hackers from gaining access.”

The Wrap

The solid foundation for a good defensive strategy to block the majority of malicious attacks does not need to be difficult.

The “top four” key strategies lay this foundation. Augmented with good gateway defence, user education and review, businesses can improve their security posture significantly.

Companies such as Airlock Digital, Flexera and Thycotic have solid solutions that specifically address these strategies, and when deployed give a level of defensive protection that all organisations should strive to attain.

In turn, this reduces the reliance on post-incident investigation.  If incidents don’t happen, investigation becomes less necessary, and backups are less likely to be relied upon.

Microsoft appoints new commercial and partner business director
Bowden already has almost a decade of Microsoft relationship management experience under her belt, having joined the business in 2010.
Zoom’s new Rooms and Meetings features
Zoom has released information about the upcoming releases for its Rooms and Meeting offerings for 2019.
Aussie company set to democratise direct-to-orbit IoT access
Adelaide-based Myriota has released a developer toolkit that has been trialled and tested by a smart waste management platform.
Apple's AirPods now come with 'Hey Siri' functionality
The new AirPods come with a standard case or a Wireless Charging Case that holds additional charges for more than 24 hours of listening time.
Dynatrace takes pole position in APM Magic Quadrant
It placed highest on Ability to Execute and furthest on Completeness of Vision in the 2019 Quadrant for Application Performance Monitoring (APM).
HCL and Xerox expand strategic partnership
Under the terms of the agreement, HCL will manage portions of Xerox’s shared services, including global administrative and support functions.
Avaya expands integration with Google Cloud AI
This includes embedding Google’s machine learning within conversation services for the contact centre, enabling integration of AI capabilities.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.