Cyber security mitigation strategies are vital in securing your business from cyber threats.
The Australian Cyber Security Centre (ACSC) Essential Eight Strategies to Mitigate Cyber Security Incidents makes it much harder for adversaries to compromise your systems; while no mitigation strategy can guarantee 100% safety from cyber-attacks, applying the Essential 8 will give your business a strong baseline for your overall cyber safety.
What is the Essential Eight?
The ACSC developed the Essential Eight as a series of baseline mitigation strategies. They are:
- Application whitelisting
- Patching applications
- Configuring Microsoft Office macro settings
- Application hardening
- Restricting admin privileges
- Patching operating systems
- Multi-factor authentication
- Daily backups
What is application control?
Application control is designed to protect your systems against malicious code by ensuring only approved apps can be used by users with the right authorisation level. It allows IT administrators to define the type and level of access that individual users are granted to specific applications and services.
Application control can be configured based on a range of criteria, including user role, IP address, device type, and other factors. It ensures that an appropriate level of access is granted for each application and service, which prevents unauthorised users from accessing sensitive or confidential data.
In addition to limiting access to applications, IT administrators can also enforce policies surrounding how an application is being used. For example, they can restrict an application’s usage time or monitor usage activity to ensure that no one is abusing the service or performing any unauthorised actions.
Benefits of application control
By applying access control policies to applications, organizations can prevent unauthorized access to sensitive data and limit the risk of data leakage.
Additionally, application control can be used to prevent malicious code from being executed on a computer. By limiting the amount of data that is sent up to the operating system, application control can help to prevent data leakage and network attacks.
How to implement application control
Putting application control in place consists of several steps: identifying approved applications, defining application control rules to ensure only authorised applications are permitted to run, maintaining those rules using a change management program, and validating them on an annual or more frequent basis.
The following methods are common and effective ways to implement application control:
- Cryptographic hash rules.
- Publisher certificate rules (using both publisher and product names).
- Configuring file system permissions to prevent unauthorised folder and file permission modification.
You can also set application control policies via mobile and desktop management software solutions, like Microsoft InTune, or Sophos endpoint management.
Creating a whitelist
Application control can also be implemented by creating a whitelist. Application whitelisting is a method of using a pre-defined list of authorised applications and services that are allowed to run on your network. Any apps that are not on the whitelist will be automatically blocked from running.
Whitelisting is the opposite of blacklisting, a security method used by antivirus software. Blacklisting contains a list of known malicious apps and programs that are automatically blocked; whitelisting is a list of approved apps and programs, in which all others are blocked.
The purpose of application whitelisting is to avoid unauthorised programs from accessing an organisation’s network resources. This mitigates the risk of data breaches and malicious activities by severely limiting access to devices and systems.
ACSC application control maturity levels
The Essential Eight strategies are measured according to the level of cyber threats they aim to mitigate, and are ranked by four maturity levels. The ACSC recommends each strategy should be at the same level before attempting to increase the tradecraft.
Maturity level zero indicates there are weaknesses in your overall cyber security posture.
Maturity level one application control restricts the execution of: executables, installers, compiled HTML and HTML apps, software libraries, scripts, control panel apps, and others are prevented on workstations within standard user profiles.
Maturity level two application control is implemented on workstations and internet-facing servers to restrict the same executions to an organisation-approved set, as well as logging allowed and blocked executions.
Maturity level three follows the same restrictions, and adds the implementation of Microsoft’s recommended block and recommended driver block rules. Allowed and blocked executions are logged, monitored for signs of compromise, and actioned when cyber security events are detected.
Get the Essential Eight specialists to configure your mitigation strategy
Implementing application control is crucial in any organisation’s cyber security efforts. Application control can be used to mitigate the potential impact of cyber-attacks, as well as establishing a monitoring and response program to test your systems and evaluate their cyber security capabilities.
The cyber security experts at Itopia specialise in managing the Essential Eight mitigation strategies for businesses nationwide. Talk to them today for an assessment.