How Microsoft Aligns and Matures Essential 8 Mitigation Strategies

The Essential Eight are a baseline set of security controls that been recommended by The Australian Cyber Security Centre to help mitigate malicious cyber activity for organisations. To help with the implementation of these controls, the Australian Signals Directorate (ASD) has defined an Essential Eight maturity model, detailing the different levels of maturity to help organisations fully align with the Essential Eight. Microsoft have aligned applications and programs to assist with this process. Microsoft have solutions aimed at 5 of the Eight controls as detailed further below:

1. Patching of Operating Systems & Applications

Maturity Level 1: partly aligned, “extreme risk” vulnerabilities are handled within 1 month
Maturity Level 2: mostly aligned, the window narrows to 2 weeks
Maturity Level 3: fully aligned, “extreme risk” vulnerabilities must be dealt within 48 hours with automated confirmation of successful patching, and removal of software no longer supported by the vendor.

Microsoft Solutions for Patch Management

  • Microsoft Endpoint Manager
  • Windows Update for Business
  • Microsoft Defender for Endpoint

2. Multifactor Authentication & Restrict Admin Privileges

Maturity Level 1: use MFA to authenticate all users of remote access solutions.
Maturity Level 2: use MFA to authenticate all users of remote access solutions, and all privileged users (for example, system administrators) and any other positions of trust.
Maturity Level 3: use MFA to authenticate all users of remote access solutions, and all privileged users (for example, system administrators) and any other positions of trust, and all users when accessing important data repositories.

Microsoft Technology for MFA

  • Azure AD MFA

3. Application Controls

Maturity Level 1: application control of executables for workstations and servers
Maturity Level 2: builds on Level One, extending application control to include executables, software libraries, scripts, and installers
Maturity Level 3: builds on Level Two, adding Microsoft’s latest block rules to prevent application whitelisting bypasses.

Microsoft Solutions to Control Applications

  • Windows Defender Application Control
  • AppLocker
  • AaronLocker

4. User Application Hardening & Office Macros

Maturity Level 1: Users must first approve execution of macros, users cannot change macro settings, browsers must
block or disable Flash
Maturity Level 2: Builds on Level 1 to also block macros in documents from the Internet, and to block web ads and Java in browsers.
Maturity Level 3: Builds on Level 2 and Level 1 to restrict macros to those from trusted sources and to disable Flash and Object Linking and Embedding (OLE) in Microsoft Office.

Products Within Microsoft Office:

  • Active Directory
  • System Center Configuration Manager (SCCM)
  • Intune
  • Microsoft Defender Application Guard
  • Microsoft Defender for Office 365
  • Cloud-powered Microsoft Defender for Endpoint

5. Daily Updates

Maturity Level 1: Make monthly backups of key data, store for 1 to 3 months, and test partially at least once per year
Maturity Level 2: Shift gears to back up weekly instead of monthly, on non-rewritable media, with full testing at least once a year and partial testing at least twice a year
Maturity Level 3: Shift gears again to back up daily, store for at least 3 months, test full restoration at the start and when technology changes, with partial testing at least once per quarter.

Microsoft Solution for Daily Backups

  • Azure Backup
  • Office 365 Backup

Acurus has assisted iconic Australian brands in building their cyber security foundations to align with the Essential 8. We can help you to create a unified solution, which meets all needs of the Essential 8 and mitigates malicious cyber activity for your organisation.

If you’d like help with developing or implementing your essential 8 strategy contact us on 1300 119 561 or let us contact you by expressing your interest below.

Contact