Organisations are recommended to implement these eight essential mitigation strategies as a baseline. By implementing them, it makes it much harder for adversaries to compromise systems.
The Essential Eight mitigation strategies focus on achieving the following objectives to help organisations counter
cyberthreats:
To follow and implement the Essential Eight effectively, organisations can determine the maturity of their cybersecurity approach based on four levels. These maturity levels are defined as follows:
Maturity Level Zero: Not aligned with the intent of the mitigation strategy
Maturity Level One: Partly aligned with the intent of the mitigation strategy
Maturity Level Two: Mostly aligned with the intent of the mitigation strategy
Maturity Level Three: Fully aligned with the intent of the mitigation strategy
Each of these levels (excluding Maturity Level Zero), which are devised based on the adversary's tradecraft (such as tools, techniques, or procedures) and targeting, provides a systematic approach to implementing the mitigation strategies.
Although there's no single solution that can address all the strategies you should implement, the right combination of processes and IT tools can make reaching Maturity Level Three easy. The mitigation strategies that constitute the Essential Eight are: application control, patch applications, restrict Microsoft Office macros, user application hardening, restrict administrative privileges, patch operating systems, multi-factor authentication, and regular backups. Here's how ManageEngine solutions can help your organisation:
Application control enables trusted applications to be allowed or malicious applications to be blocked based on the requirements in the enterprise. Endpoint Central and Log360 allow you to block malicious applications from running in the enterprise's network. Further, PAM360 enables admins to allowlist select applications and commands that can be run using privileged accounts during secure remote sessions.
01
Vulnerability management includes scanning for threats, vulnerabilities, and misconfigurations in different endpoints and suggesting relevant patches or mitigations for them. Endpoint Central has a patch management module that can patch security vulnerabilities in Microsoft applications and over 300 third-party applications.
02
Script configurations allow Microsoft Office settings to be changed for user or computer groups in an environment. Not only can Endpoint Central help with this but it can also block unwanted software from being downloaded using its browser security module.
03
Application hardening blocks unnecessary services like Flash, Java, or web advertisements. Endpoint Central takes care of disabling or uninstalling these services. All default usernames and passwords for an organisation’s approved list of applications can also be changed using Endpoint Central.
04
Listing all administrative privileges revalidates the administrator accounts of an organisation, including local, domain, and enterprise admin groups and accounts with special privileges. With PAM360 and AD360, the number of required privileges and their validity can be checked and modified.
05
Patch management provides central control over an organisation's patching schedule and distribution. Network Configuration Manager and Endpoint Central ensure operating systems like Windows, macOS, and Linux are patched with support for a wide range of drivers. Patches can also be deployed to servers, workstations, and mobile devices using the mobile device management module available in Endpoint Central.
06
Multi-factor authentication (MFA) helps reduce the attack surface and protects organisations by initiating a higher level of identity assurance. Using Endpoint Central, AD360, or PAM360 and based on their requirements, MFA can be enabled for all users or systems in an organisation's network.
07
Backup assessments determine the need to back up records, prioritise backed-up content, and devise a plan to perform these backups. Depending on an organisation's requirements, Network Configuration Manager and AD360 can perform daily incremental backups, daily backups, or weekly backups. Regular restoration testing and disaster recovery plans can also be implemented.
08
Recently, adversaries were looking to exploit vulnerabilities in Apache’s Log4j software library including CVE-2021-44228 (referred to as Log4Shell), CVE-2021-45046, and CVE-2021-45105. As a Java-based logging library, Log4j is used extensively in consumer and enterprise services, websites, and applications. These vulnerabilities are rated Critical, especially since adversaries run codes from remote locations to take control of weak systems for cryptomining and botnet malware.
Using some strategies from the Essential Eight model, the ACSC recommends:
If you're looking to understand how ManageEngine can help your organisation implement the Essential Eight mitigation strategies, grab a copy of our guide by filling out the form below and we'll email it to you right away.
The complete implementation of the Essential Eight Maturity Model scheme requires a variety of solutions, processes, people, and technologies. The solutions mentioned in our guide are some of the ways in which IT management tools can help with the implementing the Essential Eight requirements. Coupled with other appropriate solutions, processes, and people, ManageEngine’s solutions help implement the Essential Eight Maturity Model. This material is provided for informational purposes only, and should not be considered as legal advice for the Essential Eight Maturity Model implementation. ManageEngine makes no warranties, express, implied, or statutory, as to the information in this material.
Organisations are recommended to implement these eight essential mitigation strategies as a baseline. By implementing them, it makes it much harder for adversaries to compromise systems.
To get the most from every maturity level, organisations can follow the steps given below:
While working on implementing the Essential Eight, organisations need to use a risk-based approach to document and minimise exceptions. These exceptions should also be monitored and reviewed at regular intervals. And, although it isn't necessary to be Essential Eight compliant, it's a good practice to get assessed for its implementations.
The Essential Eight mitigation strategies focus on achieving the following objectives to help organisations counter cyberthreats:
These mitigation strategies provide guidance to organisations with the aim to address targeted cyber intrusions, ransomware and other external adversaries, malicious insiders, and industrial control systems.
