A cyber security incident that impacts a small business can be devastating, however, cyber security doesn’t have to be difficult. The ACSC has an action plan called The Essential Eight comprising of a prioritised list of mitigation strategies to assist organisations in protecting their systems against a range of adversaries. The mitigation strategies can be customised based on each organisation’s risk profile and the adversaries they are most concerned about.
While no single mitigation strategy is guaranteed to prevent cyber security incidents, it’s recommended organisations implement the eight essential mitigation strategies as a baseline. This baseline makes it much harder for adversaries to compromise systems. Implementing the Essential Eight proactively is more cost-effective in terms of time, money and effort than having to respond to a large-scale cyber security incident.
(Source: ASCS website)
The first four essentials are of topical interest for this month’s newsletter, these are:
- Application Control – to prevent the execution of unapproved or malicious programs
- Patch applications – to ensure the latest versions of programs are installed to avoid vulnerabilities
- Configuring Microsoft Office macro settings – to block or only allow vetted macros with limited access; and
- User application hardening – so unneeded features in Microsoft Office are disabled
Application Control is particularly relevant because human error, or security inexperience, combined with malicious programs is an easy and common pathway for a system to be breached.
“The best way for an organisation to manage applications and prevent malware being
installed is to apply whitelisting.”
Whitelisting software allows only authorised pre-approved programs to run. The goal of Application Whitelisting is to block malware from executing on endpoints within a network. Additional benefits of Application Whitelisting are the ability to manage, reduce, or control the demand for resources within a network and improve employee productivity.
Vectra has worked with a number of whitelisting platforms, each with various pros and cons. The most prominent challenge is the impact application whitelisting can have on the end user. By relying on a deny-by-default mechanism of action, a user must have an application whitelisted before they are able to run it. In some organisations, this process can be cumbersome and create workflow delays that frustrate employees. Another challenge is that using whitelisting software often fosters a sense of loss of control and in turn creates application management issues.
However, Vectra has more recently started working with the whitelisting company, Airlock, and discovered that many of the common challenges have been resolved. Vectra’s network and security team have successfully deployed Airlock in many different networks and found the process to be made simple and repeatable because of their extremely user-friendly platform.
Airlock’s ‘audit only’ mode allows you to discover and monitor application execution from every user’s device, this creates the baseline. From here Airlock is moved to ‘enforcement’ mode where the baseline is used to allow these applications or files to run while preventing all non-approved files or malicious code from running. If the file is not in the whitelist it cannot run, regardless if a file is known as good, bad or indifferent.
“Airlock’s baseline can be dynamically updated to allow any newly approved
applications or files easily through Airlock’s extensive dashboard view.”
As whitelisting continues gaining momentum as a viable and proactive security practice, when used in conjunction with other security approaches it becomes highly effective for many organisations. Whitelisting allows your organisation to move towards meeting compliance requirements and aligning your company with the ACSC Essential 8, provided by the Australian Signals Directorate.
Airlock definitely appears to be a front-runner in this space, and as several of Vectra’s security staff are well versed in Airlock’s whitelisting platform, we can assist your organisation with pre-installation help, proof of concept installations, as well as deployments large and small.
To find out more about how Airlock can help your organisation, CLICK HERE.