Security insights from ThreatLocker
ThreatLocker’s application whitelisting and ringfencing technology has grown by leaps and bounds and we have observed the adoption of this approach to security in Australia. We thought it was worth the effort to provide a quick breakdown of how ThreatLocker can enable this critical strategy for Australian Businesses.
The Essential Eight is a set of noted solutions that are recommended by the Australian government as a baseline for a better security posture for organizations.
The Essential Eight sets in place the bedrock for a future state of security and in truth makes it much harder for adversaries to compromise systems with simple security fixes. Using the Essential Eight proactively is a cost-effective approach to cybersecurity in terms of time, money, and effort.
By leveraging these suggested solutions organizations enable micro-segmentation which allows them to better respond to a cybersecurity incident. The Australian government has a suggested implementation order for each technology to assist organizations in building a strong cybersecurity posture for their systems.
The suggested implementation order for each solution is aimed at assisting organizations in quickly setting a strong cybersecurity posture. After an organization has implemented the desired mitigation technology at an initial level, they should focus on continuing to increase the maturity of their implementation so that they reach full alignment with the overall strategy.
The Essential Eight suggests the following solutions:
Application whitelisting of approved/trusted programs to prevent the execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell, and HTA) and installers.
Why: All non-approved applications (including malicious code) are prevented from executing.
Restrict administrative privileges (AKA Ringfencing) to operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don't use privileged accounts for reading email and web browsing.
Why: Admin accounts are the ‘keys to the kingdom’. Adversaries use these accounts to gain full access to information and systems.
Additionally, based on the Australian government’s breakdown of the maturity model of the first solution that should be chosen, application whitelisting, there is a progression of this technology to the infrastructure. Below is a breakdown of the three-step model.
Application Whitelisting Maturity Model
An application whitelisting solution is implemented on all workstations to restrict the execution of executables to an approved set.
An application whitelisting solution is implemented on all servers to restrict the execution of executables to an approved set.
An application whitelisting solution is implemented on all workstations to restrict the execution of executables, software libraries, scripts, and installers to an approved set.
An application whitelisting solution is implemented on all servers to restrict the execution of executables, software libraries, scripts, and installers to an approved set.
Microsoft's latest recommended block rules are implemented to prevent application whitelisting bypasses.
Threatlocker’s technology can immediately enable these steps. Within hours our system can be deployed and enabled to allow your organization to move from the level 1 maturity to the end state, or level 3. The Essential Eight is a solid approach to security for Australian organizations to subscribe to. Our solution makes this strategy achievable and easy to employ.