Their challenge is to protect systems and business data in uncontrolled environments well beyond the traditional office network. But adapting to this new reality can’t be done overnight. It requires a well-planned transition to modern security strategies and tools. And that starts with ensuring you’ve got the basics right.
The Australian Government’s Essential Eight framework outlines eight vital strategies to mitigate and protect against the impacts of cyber attacks. In particular, five of those strategies can help organisations secure endpoints in any location. These include: implementing application controls, patching applications and operating systems, configuring Microsoft Office macro settings, and hardening applications.
By implementing these proactive steps, your organisation won’t be relying solely on reactive malware detection. Here’s our advice on how to adopt and implement best practices for these strategies, helping your organisation get on the right track to reaching an acceptable level of security maturity.
The first strategy is to ensure only approved applications can be executed on systems that access business networks and data. This prevents the spread of malicious code and the installation or use of unapproved applications that could compromise systems and data.
On a basic level, it requires the use of allow lists – the process of identifying approved applications, and developing, maintaining and validating application control rules on a regular basis. Best practices include cloud-driven allow-list solutions, along with publisher certificate rules (combining publisher and product names) and path rules to ensure file systems permissions are configured to prevent the unauthorised modification of folder and file permissions, contents and individual files.
As many security breaches often come from lapses in human judgment rather than system failure, application controls can act as technical guard-rails to help reduce the impact of improper usage. It can even be helpful to configure application controls to generate usage logs that record file names, time stamps and usernames to enable investigations and to triage activity when faced with attempts to execute malicious code.
Insight helps companies implement application controls, typically using Microsoft solutions such as Windows Defender Application Control (WDAC) and AppLocker.
The Essential Eight splits this into two strategies – for applications and operating systems – but the fundamentals are the same: Software updates, or patches, need to be applied as quickly as possible to fix security vulnerabilities and bugs, and mitigate the risks of systems being compromised.
Business IT teams need to be aware of the applications and operating systems running on their networks, and whether these are up to date with the latest updates. Insight recommends maintaining an inventory of all applications running on your systems, including software and firmware that run on network physical appliances and virtually. This inventory should already be in place, having been put together during the application allow-list process.
From then on, it’s just a matter of making sure your organisation is running the latest stable version of each application. If not, acquire, test and deploy the necessary patches or updates.
However, patching becomes more complicated when endpoints are remote. According to research by cloud-based platform provider Action1, this process can even take up to 2.5 times longer than manual patching. With the need to keep the growing number of remote endpoints secure, companies should consider transitioning to cloud-based endpoint management solutions. Instead of relying on manual patching or internal patch testing and deployment procedures, cloud-based solutions can help overcome the challenges of securing endpoints that aren’t on the corporate network.
Insight can help clients with patch management solutions including Microsoft Endpoint Manager, Windows Update for Business, and Microsoft Defender for Endpoint. We can also help leverage Azure cloud capabilities to automate patching strategies for on-premises and multi-cloud data centres.
In applications like Microsoft Office, macros can save users time and reduce potential data entry errors in routine tasks. But macros execute code, making documents vulnerable to being exploited by attackers intent on infecting systems or stealing data.
The solution is not to disable all macros, but to selectively trust macros while removing the choice from end users. This means digitally signing macros and then locking the application to disable all but the signed ones. Also consider policies that prevent protective measures from being disabled, ensuring that only signed macros are run.
A key step here is to survey your current macro usage and create an inventory. Evaluate the inventory and delete the macros you don’t use. Properly managed macro settings can give your organisation the benefits of unhindered productivity while minimising security risks.
It’s important to understand your current policy on Microsoft Office macros, or to create a policy if you don’t have one already. This is where you may need the support or resources of a partner like Insight, who can help you lock down your macros, control their distribution and manage end user control over applications using tools like Endpoint Manager configuration settings and Microsoft Defender for Office 365.
Applications are often installed with default settings, options, services and capabilities that later prove unnecessary. Hardening these applications improves their security and reduces the likelihood of these defaults being used against your organisation.
Your approach to application hardening needs to strike a balance between functionality and security, ensuring that security settings aren’t restricting application performance. Testing and change management is crucial to this process. Once an application is hardened, it needs to be implemented through distributed software points so the hardening is embedded.
First, take stock of the applications used by your organisation and research hardening recommendations from the vendors. Consider disabling services and capabilities that are not essential.
A vulnerability scanning tool such as Nessus, Nexpose, OpenVAS or SAINT can help to identify which services can be discontinued. Microsoft Defender for Endpoint even includes a threat and vulnerability management feature, which can detect vulnerabilities and misconfigurations in real time. Microsoft Defender for Office 365, Microsoft Defender Application Guard, or Microsoft Defender for Cloud Apps are also among the tools that Insight can help your organisation deploy as part of this strategy.
The first and most vital step towards achieving cyber maturity is to understand your position. This is why the first thing we do at Insight when consulting with customers is to conduct a current state assessment and a gap analysis. This helps us understand where an organisation is on its security maturity journey and create a roadmap towards achieving its desired state.
The Essential Eight framework includes a helpful maturity model that details different levels of security controls. Which level you aim for depends on your current security maturity and your organisation’s risk appetite. There’s no one-size-fits-all approach other than to have a step-by-step strategy to reach an acceptable level of security maturity across all eight strategies first, and then continually improve upon them to reach your target level of maturity.
Beyond the Essential Eight, people are the most important consideration when it comes to cybersecurity. Ransomware continues to be a big risk, and users are often targeted in security attacks. Training and awareness are therefore crucial to mitigating this risk in your organisation.
Of course, reaching the desired level of security maturity requires choosing and deploying the right tools for your needs. These tools may in fact already be in your arsenal, and data-driven insights can help use them to their full potential. At Insight, we help organisations make the most of their existing investments in the Microsoft software ecosystem to vastly improve their security maturity.
Optimising the cybersecurity of your organisation is an ongoing journey to new levels of maturity. As an Australian Cyber Security Centre (ACSC) Partner, Insight is closely aligned to the Essential Eight Framework and can assist with your organisation's security maturity journey.