Essential Eight – The first four
Welcome to the second part of our blog series about the Essential Eight Maturity Model (EEMM).
If you haven’t already read Part 1, head over to our blog and check it out www.runtime.net.au/essential-eight-overview-a-must-read/
In this post we will look at 4 of the strategies of the Essential Eight. You will learn what they are, what they do and how they affect your business.
Application control
Application Control plays a crucial role in protecting both workstations and servers by preventing any application or script that is not explicitly white-listed from being executed.
By restricting the use of applications and scripts, Application Control significantly cuts down the ability of malicious software such as ransomware and malware from running.
Application also includes:
- Implementing Microsoft’s recommended ‘block rules’
- Allowed/Blocked app execution events are centrally logged.
This means that events are logged to a central place and protected from being deleted. This is crucial as often attackers will clear logs to hide signs of malicious activity. - Event logs are consistently monitored for signs of malicious activity.
Application Control can seem a little heavy handed at first and yes it may feel restrictive to users, however when implemented correctly users shouldn’t experience too much inconvenience.
The key to successful implementation is having a good understanding of the applications that your users run on a regular basis and communicating the changes well head of time.
Patch applications
Patching applications is process of ensuring that all software (on Operating Systems such as Microsoft, Apple, Linux, Unix) are up to date.
By updating to the latest version of software you are getting the most recent security updates, features, and hot fixes.
Why do you need the latest versions? Simple, using un-patched applications often have security vulnerabilities that are known to hackers. These vulnerabilities can be used exploited and potentially give attackers access to your systems.
How do you patch applications?
Any good MSPs (Managed Service Providers) use a central software that monitors devices 24/7, reports when an application is out of date and even updates when new software versions are available.
What devices should you be patching?
All software on internet connected devices need to be patched & monitored. This includes:
- Laptops / Desktops / Workstations
- Tablets
- Servers
- Phone Systems
- CCTV systems
- Printers / Copiers
- Switches, Routers, WAPS so on
Configure Microsoft Office macro settings.
What is a macro?
A macro is an automated sequence of actions that allow users to save time by cutting down on repetitious tasks – they are very hand when dealing with spreadsheets, access databases, word documents so on.
Microsoft Office being the most widely used business productivity suite in the world is a very attractive target for attackers. The potential payoff for an attacker who utilises macros is huge.
Essential Eight MM recommendations include:
- Macros should be disabled by default and any macro that is allowed should be either from Microsoft’s list of trusted publishers or validated as free from malicious code by your companies IT team or specialist.
- MS Office macro antivirus scanning is enabled.
- MS Office macros originating from the internet are blocked by default.
Malicious macros are usually spread via phishing/targeted emails that have a Word or Excel document attached. If you are in the Accounting or Finance industry these are particularly prevalent, so make sure your company uses a quality email inspection and filtering service.
User application hardening
UAH is the process of reducing potential attacks by increasing security for things like Web Browsers (think Chrome/Edge/Firefox), PDF readers, Microsoft Office and other apps. Not only are you applying tougher security settings, but you also restrict user’s ability to modify certain settings.
There are also recommendations around restrictions:
- Restricting access to powershell
- Restricting access to event logs
- Removing any programs that aren’t deemed as necessary.
- Blocking web browsers from displaying web adverts or pop ups.
Things to Consider
A great deal of the measures taken with EEMM revolve around restricting access or tightening security. Generally, when you get tougher with security it has an impact on what users can and can’t do – there is a very fine line between productivity vs inability to do one’s role.
If you are going to implement EEMM in your business, it is imperative that you do your research and understand exactly what your team need to do their job efficiently. A huge amount of the implementation is learning about your environment, learning about best practice and recommendations, then planning the most effective implementation.
Another big consideration is that this is not a set and forget strategy, it involves continual monitoring and management. Your organisation needs to have this as a priority and continually review and evolve with the environment.
Final thoughts
If you are embarking on EEMM then have in the back of your mind the affect this has on your team.
Don’t send a memo for Monday saying that there are tougher security measures in place and like it or leave it.
Take team on the journey, advise why this is happening, when it is happening, what affect it will have on their environment, how you and the IT team will deal with problems experienced by users and outline the risks associated with not implementing EEMM.
The team at Runtime IT have been working with businesses just like yours and understand the best way to implement these changes without causing a mutiny.
Don’t leave it to chance, speak to the team at Runtime IT today
