Threatlocker Enables the Essential Eight

Threatlocker Enables the Essential Eight

Img-Blog-Threatlocker-Enables-Essential-Eight

Our application whitelisting and ringfencing technology has been growing by leaps and bounds lately, and we have been seeing adoption of this approach to security in Australia as well. We thought it was worth the effort to do a quick breakdown on how ThreatLocker can enable this critical strategy for Australian Businesses.

The Essential Eight While is a set of noted solution that are recommended recommended by the Australian government as a baseline for a better security posture for organizations. The Essential Eight, sets in place the bedrock for a future state of security and in truth makes it much harder for adversaries to compromise systems with simple security fixes. Using the Essential Eight proactively is a cost-effective approach to cyber security in terms of time, money and effort. By leveraging these suggested solutions organizations enable micro segmentation which allows them to better respond to a cyber security incident. The Australian government has a suggested implementation order for each technology to assist organisations in building a strong cyber security posture for their systems.

The suggested implementation order for each solution is aimed at assisting organisations in quickly setting a strong cyber security posture. After an organisation has implemented the desired mitigation technology at an initial level, they should focus on continuing to increase the maturity of their implementation so that they reach full alignment with the overall strategy.

The Essential Eight suggests these approaches to security with these technologies as the first solutions that should be chosen.

Application whitelisting of approved/trusted programs to prevent execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers.

Why: All non-approved applications (including malicious code) are prevented from executing.

Restrict administrative privileges (AKA Ringfencing) to operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don't use privileged accounts for reading email and web browsing.

Why: Admin accounts are the ‘keys to the kingdom’. Adversaries use these accounts to gain full access to information and systems.

Additionally, based on the Australian governments breakdown of the maturity model of the first solution that should be chosen, application whitelisting, there is a progression of this technology to the infrastructure. Below is a breakdown of that three step model.

Application whitelisting Maturity Model

An application whitelisting solution is implemented on all workstations to restrict the execution of executables to an approved set.

An application whitelisting solution is implemented on all servers to restrict the execution of executables to an approved set.

An application whitelisting solution is implemented on all workstations to restrict the execution of executables, software libraries, scripts and installers to an approved set.

An application whitelisting solution is implemented on all servers to restrict the execution of executables, software libraries, scripts and installers to an approved set.

An application whitelisting solution is implemented on all workstations to restrict the execution of executables, software libraries, scripts and installers to an approved set.

An application whitelisting solution is implemented on all servers to restrict the execution of executables, software libraries, scripts and installers to an approved set.

Microsoft's latest recommended block rules are implemented to prevent application whitelisting bypasses.

https://www.cyber.gov.au/node/100"

Threatlocker’s technology can immediately enable these steps. Within hours our system can be deployed and enabled to enable your organization to move from the level 1 maturity to the end state, or level 3. The Essential Eight is a solid approach to security for Australian organizations to subscribe to. Our solution makes this strategy achievable and honestly, easy to employ.