Essential Eight Mitigation strategies: What your organization should focus on

Preventing attacks

Application control

  • Block applications—identify and auto-uninstall prohibited software.
  • Lock a device to a single application or group of applications.
  • Block executables and script execution.
  • Deploy block rules on workstations and servers.
  • Allow or block apps on mobile devices running Android, iOS, or Windows

Patch applications

  • Patch over 300 Microsoft, non-Microsoft, macOS, and Linux applications.
  • Update drivers and BIOS versions.
  • Detect, approve, download, test, install, and validate patches and service packs.
  • Schedule patch scans and deployment.
  • Achieve patch compliance using advanced analytics and audits.
  • Manage workstations and servers on a LAN or WAN.

Configure MS office macros

  • Manage MS Office settings out of the box.
  • Manage MS Office macro settings through execution of custom scripts.
  • Control browser plug-ins, extensions, and allowed sites for Internet Explorer, Edge, Firefox, and Chrome.

User application hardening

  • Control browser plug-ins, extensions, and allowed sites.
  • Leverage browser lockdown and isolation, download restrictions, and data leak prevention tools.
  • Provide or restrict access to web applications.

Limiting the extent of attacks

Restrict administrative privileges

  • Manage privileged access to systems, applications, and network devices.
  • Exert granular control over users' accesses to resources and passwords.
  • Delegate role-based access to AD, Exchange, and Microsoft 365.
  • Gain visibility on and manage privileged permissions.
  • Set role-based access to computers and mobile devices running Android, iOS, or Windows.

Patch Operating Systems

  • Test and deploy OS patches for Windows, macOS, and Linux based on severity.
  • Validate the status of patch deployment.
  • Schedule patch scans, and identify the health status of devices.
  • Identify and manage firmware vulnerabilities.
  • Perform remote firmware upgrades and OS image transfers.

Multi-factor authentication

  • Use one or more authentication techniques to verify users' identities during the password reset and account unlock process.
  • Use a secure password vault for privileged and personal accounts.
  • Enable authentication through AD/LDAP, PhoneFactor, email, RSA SecurelD, etc.
  • Remotely log in to a wide range of systems and network devices on a LAN or WAN, and record privileged sessions.

Recovering data & system availability

Daily backups

  • Perform comprehensive scheduled, incremental object and item-level backups in AD, on-premises Exchange, and Exchange Online.
  • Back up the entire database of application configurations, system settings, and password share permissions through scheduled tasks or live data backup.
  • Perform restart-free granular restoration.
  • Automate configuration backups from over 200 multi-vendor firewalls, routers, switches, etc.

Maturity Level 0

Not aligned with intent of mitigation strategy.

There are weaknesses in an organisation’s overall cyber security posture that need to be addressed.

Maturity Level 1

Partly aligned with intent of mitigation strategy.

Adversaries who are content to simply leverage exploits that are widely available in order to gain access to, and likely control of, systems.

Maturity Level 2

Mostly aligned with intent of mitigation strategy.

Adversaries who are willing to invest more time in a target and attack with much effective tools and tricks.

Maturity Level 3

Fully aligned with intent of mitigation strategy.

Adversaries who are more adaptive and much less reliant on public tools and techniques.

Maturity Level 4

Customized strategies to align with, for high risk environments.

Strategies for organizations who have reached maturity level 3 but are still at risk.

How can Endpoint Central help?

Application control

With Endpoint Central's Application Control you can

  • Build rule based application lists and associate them with user groups.
  • Allowlist trusted applications and blocklist malicious applications, down to the executable level.
  • Regulate and manage unmanaged applications with ease.
  • Identify and auto-uninstall prohibited software.

Patch applications

With Endpoint Central's Patch management module you can

  • Patch 850+ third party applications, Microsoft applications, macOS, and Linux applications
  • Customize and automate patch deployment
  • Automate the testing and approval of patches
  • Decline patches to specific group of computers

Configure Microsoft Office macros

With Endpoint Central's custom script configurations and Browser security, you can

  • Manage MS Office macro settings through execution of custom scripts.
  • Control browser plug-ins, extensions, and allowed sites for Internet Explorer, Edge, Firefox, and Chrome.

Patch Operating systems

With Endpoint Central's Patch management module, you can

  • Seamlessly test and deploy patches to Windows, macOS, and Linux workstations and servers
  • Update Drivers and BIOS

User application hardening

With Endpoint Central's Browser security you can

  • Track the browsers and their add-ons used in your network.
  • Monitor and control browser extensions, plug-ins, and add-ons present in your network.
  • Filter URLs to ensure that only trusted and authorized websites are accessed.
  • Restrict downloads from unauthorized websites.

Restrict admin privileges and daily backup

With Endpoint Central's Application Control you can

  • Enforce application-specific privileged access with endpoint privilege management
  • Run custom scripts under Endpoint Central's Configuration module, to take daily backups of files/folders in your network endpoints

Explore the features and capabilities of the Endpoint Central 

Learn more

Trusted by

Unified Endpoint Management and Security Solution
Patch ManagementSoftware DeploymentEndpoint SecurityOS DeploymentAsset ManagementMobile Device MgmtTools & Configurations