Essential 8 as a Service
The ASD Strategies to Mitigate Cyber Incidents is a list published by the Australian Signals Directorate. It is reviewed yearly and informed by the ASD's experience in operational cyber security including responding to serious cyber intrusions, and performing vulnerability assessments and penetration testing for Australian government agencies. The prioritised list of practical actions totals 37 strategies, however the first eight strategies dubbed the "essential eight" are considered to provide a baseline cyber security posture.
The Essential 8 expand on the Top 4 strategies and are broken into two categories, the first four fall under the category 'to prevent malware running' and the second four fall within the 'to limit the extent of incidents and to recover data' category;
The Essential Eight
> Application Whitelisting (also Top 4)
> Patching Applications (also Top 4)
> Disable untrusted Microsoft Office macros
> User application hardening
> Restricting adminstrative privileges (also Top 4)
> Patching operating systems (also Top 4)
> Multi-factor authentication
> Daily backup of important data (see SmartPROTECT®)
You can view the ASD's Essential Eight maturity model here.
The Essential Eight are offered as a fully managed service (#ASD8aaS). The service has been developed for easy and cost-effective implementation. It is offered modularly, allowing organisations to choose which strategies they most need assistance with, or to complement existing technologies.
We started by releasing the country’s first fully integrated ASD 4 as a Service (#ASD4aaS) to the market to cover Patch & Vulnerability Management, Application Whitelisting and Privileged Account Management. Now we have built on this to expand our offering to cover the Essential 8.
Organisations should undertake a security assessment with The Missing Link, to determine the assets that need protecting, the protection level needed for each and to identify any potential adversaries. The assessment should then be compared to the Essential Eight and any gaps filled to reach the baseline protection level.
A full list of our security offerings can be found here.