Security through Visibility: Supporting Essential Eight Cyber Mitigation Strategies

Ariane Paguia November 24, 2021

Strong cybersecurity strategies have become mission critical – because interrupted business leads to financial loss, employee and customer dissatisfaction and subsequent lost relationships – as well as damage to your integrity and reputation. So, the question stands as: How can you reduce and mitigate cybersecurity risk?

In recent years, the Australian Federal Government has invested in this issue via a series of Cyber Security Strategies. The most recent in 2020 involved a pledge of AU$1.67 billion over ten years. One of many ongoing activities was the establishment of the Australia Cyber Security Centre (ACSC), which is responsible for the development of Strategies to Mitigate Cyber Security Incidents – to help organisations protect themselves against various cyber threats.

First published in 2017, the ACSC’s Essential Eight Maturity Model is a list of countermeasures that all government agencies and private organisations should move towards implementing across their ICT systems. It details how each of the eight are to be implemented as an organisation’s cybersecurity capabilities advance across levels of maturity.

In this article, I’m going to concentrate on five of the Essential Eight and, of those, specifically their recommendations for securing end user devices.

Mitigation Strategy 1: Application Control

The execution of executables, software libraries, scripts, installers, compiled HTML, HTML applications and control panel applets is prevented on workstations from within standard user profiles and temporary folders used by the operating system, web browsers and email clients.

The challenge is, with users using multiple devices – some they own themselves – and many of them currently working from home, how can you exactly tell what applications are installed and running on their devices?

Then there’s ‘Shadow IT’: applications or technology tools not necessarily approved by IT Operations. Shadow IT is deployed when business units or small groups of employees are simply trying to be more productive. But, as we are discovering each day, it can be far from secure.

What you need to protect your systems and data is a monitoring tool to show you the actual user experience on each device. Clear visibility of what applications are running on which user devices across your fleet offers you greater control and therefore security.

Riverbed | Aternity gives you an overview of any unauthorised apps such as WhatsApp, DropBox or Torrent, then allows you to drill down by country, department and individual device name – giving you the information needed to zero in and remove commonly exploited consumer apps.

Mitigation Strategy 2: Patch Applications

Patches, updates or vendor mitigations for security vulnerabilities in internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists.

Out-of-date application versions on user devices are a significant source of vulnerabilities. Apart from not containing bug fixes to eliminate potential back doors, they provide neither the best user experience nor new application features.

Riverbed | Aternity identifies all versions of each of your corporate applications such as Microsoft 365, Citrix and Acrobat Reader used by your workforce. As an example, many organisations find that their users are running 30 or more versions of Citrix Receiver or AutoCAD – even outdated versions of Zoom or Microsoft Teams.

This enables IT administrators to pinpoint exactly how many versions of apps are being used, who among your users have outdated versions, then take action to apply relevant patches on devices.

Mitigation Strategy 3: User Application Hardening

Web browsers do not process Java from the internet. Web browsers do not process web advertisements from the internet. Configure web browsers to block Flash (ideally uninstall it), ads and Java on the Internet.

As of December 2020, Adobe no longer issued Flash Player security patches, maintained the OS or browser compatibility. This creates a security vulnerability for cyberattacks. Meanwhile, Java is vulnerable to log injection attacks and to trust exploits that follow access-control vulnerabilities.

Both executable services are acknowledged sources of cyber exploits such as malware downloads. Under the ACSC’s recommendations, web browsers should not be allowed to process Java or web advertisements through Flash Player from the internet.

Riverbed | Aternity enables IT teams to identify precisely which apps and devices are running Flash and Java – executables vulnerable to hackers. Importantly, it also enables IT to see the implications on applications and users before blocking Flash and Java, so they can perform necessary actions first.

Mitigation Strategy 4: Restrict Administrative Privileges

Requests for privileged access to systems and applications are validated when first requested. Privileged accounts (excluding privileged service accounts) are prevented from accessing the internet, email, and web services.

According to data breach reporting, malicious or accidental misuse of administrative privileges  remain a major vulnerability. Administrative accounts are the ‘keys to the kingdom’. Malicious insiders or external attackers can use these accounts to gain unauthorised access to information and systems from within or from outside of the organisation.

The Essential Eight prescribes a range of processes for strictly controlling privileged access. These include validation on establishment, limitations on external access and – at higher levels of maturity – the automatic revocation of privileges after a time of inactivity and disablement after 12 months, unless revalidated.

Because historical administrative accounts holding the ‘keys to the kingdom’ can lay dormant if forgotten, Riverbed | Aternity offers complete visibility over current holders by username, device name, department, and IP address. This enables IT to review and validate admin privileges – closing loopholes that could potentially be exploited by past contractors or employees.

Mitigation Strategy 5: Patch Operating Systems

Patches, updates or vendor mitigations for security vulnerabilities in operating systems of internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists.

Most environments operate a wide range of operating systems across user devices. Microsoft provides regular OS security updates, but once this support service ends (specifically Windows 7), the operating system will no longer receive security updates – leaving user devices unprotected against hacks and exploits.

Riverbed | Aternity displays the full range of operating systems across your environment. Your administrators can then drill down to identify unpatched devices by location, department and individual device name. Another benefit is that, when you decide to migrate to new versions such as from Windows 10 to 11, it’s quick and easy to identify which devices to target for upgrade.

Visibility Strengthens Security

The ability to progress up through the Essential Eight Maturity Model has much to do with visibility. Without a clear picture of potential security vulnerabilities on all devices accessing corporate assets, IT has a little chance of limiting them.

Given that the user devices are often the ‘wild cards’ in your defences, a first step is to gain the visibility you need to take action. Riverbed | Aternity offers a series of valuable tools to help implement and then maintain proven mitigation strategies to reduce compromises.