"What is the
Essential Eight initiative?"
The Australian Government, through the Australian Signals Directorate (ASD) has
created a set of Cyber Security guidelines for Australian businesses.
These guidelines capture the recommended mitigation strategies
that all businesses should implement.
​
In simple terms, if you've considered all of these eight aspects,
you're not perfect, but you're in pretty good shape.
Ahead of the curve.
This initiative is the Essential Eight.
(You can read more about Government's Essential Eight here)
​
The Essential Eight is made up of:​
​
We can help you with a wide variety of services across all of these aspects.
Information Security Services
MULTI-FACTOR AUTHENTICATION
​
While the enablement of Multi-Factor authentication in itself is not necessarily complex, it is the surrounding activities that determine how successful this is for your organisation.
​
Planning
We work with you to identify the most logical grouping of users for your roll-out. We also work through the best methods, with Mobile App Authentication or FIDO2 key being the two favoured options, due to their resilience.
Communication
We give you templates and a timeline for the communications users tend to respond best
Preparation
We work to establish Break Glass accounts, so that you still have a way to get in and temporarily disable MFA in the unlikely circumstance that the service is interrupted.
​
Roll out
We give you the approach and techniques to use when ensuring users have prepared their device (if using an Authentication App) or have their FIDO2 key.
A typical approach is to do all Admin accounts first, followed by users likely to be most impacted or derailed by a change. Last, you typically target the remaining users, who are presumably better prepared for change
​
Clean up
It is generally considered good practice to run some checks, such as the last time any given account successfully logged in (disabling it if it is great than 30 days), and then also the last time any accounts did not successfully login, and flag them for review.
RESTRICTION OF ADMIN PRIVILEGES
​
Admin Privilege restriction refers to the practice of limiting the privileges of administrative users in a Microsoft 365 environment. This can help to reduce the risk of unauthorized access or misuse of administrative privileges by limiting the actions that administrative users can perform.
​
Privileged Identity Management (PIM)
is a feature of Microsoft 365 that helps organizations to manage and control the use of administrative privileges in their environment. PIM allows administrators to assign temporary, time-limited privileges to users, rather than giving them permanent, unrestricted access to all administrative functions.
​
Zero Trust
is a security concept that involves treating all network traffic as untrusted and requiring authentication and authorization for all access to resources, regardless of whether the user or device is inside or outside the corporate network. In a Microsoft 365 environment, Zero Trust can be implemented using features such as
Azure Active Directory (Azure AD) Identity Protection and
Azure AD Conditional Access.
​
These features help to ensure that only authorized users and devices are granted access to resources, and that access is granted only after appropriate authentication and authorization checks have been performed.
APPLICATION CONTROL
​
We work with you to implement an appropriate Application Control model. This model works by identifying the device applications you wish to allow in your environment. In this process, we check and verify that any of the applications are not malicious, insecure, or likely to cause your environment to be compromised.
In M365, some of the features we typically enlist for this are:
​
App Locker
An application-focused feature-set that allows you to create policies that determine the applications you allow to run within your organisation based on things like the application name, the owner, the path to the application or its filename.
​
Device Guard
A device-focused features-set that can restrict the use of devices based on their hardware and firmware configuration. We can also create policies that block requests from applications that are not signed with a trusted certificate, for example. These features are available via Security and Compliance Centre, and Group Policy in Active Directory.
​
Code Integrity Policies
A code-focused feature-set that allows or disallows code to run base on the integrity of the code it uses. It can block code that has been tampered with, or signed using untrusted certificates, for example.
PATCHING OPERATING SYSTEMS
Since our focus is primarily the Microsoft 365 environment, we do a relatively high level patching operation for computer or device OSs. These updates typically address security vulnerabilities, bugs, or other issues that could affect the stability or performance of the OS.
In M365, some of the features we typically enlist for this are:
​
Windows Update
This is a built-in feature of the Windows operating system that allows users to install updates and patches to keep their devices up to date and secure.
​
Mobile Device Management (MDM)
This feature allows administrators to manage and secure the devices that are used to access corporate data, including the installation of updates and patches.
​
Device Compliance
This feature allows administrators to set policies for device compliance, including the requirements enforced for installing updates and patches.
​
Endpoint Protection
This feature provides protection against malware and other threats by scanning devices and installing updates and patches as needed.
​
Overall, OS patching is an important aspect of maintaining the security and integrity of devices and systems within an organization. By regularly installing updates and patches, organizations can help protect against security vulnerabilities and other threats.
PATCHING APPLICATIONS
​
These activities focus on updating and fixing vulnerabilities or bugs in software applications. Application patching is an important aspect of security, as it helps to protect against threats such as malware, ransomware, and other types of cyber attacks. By regularly applying patches to software applications, organisations can reduce the risk of these threats and ensure that their systems and data are secure.
​
In M365, some of the features we typically enlist for this are:
​
Windows Update
This is a feature in the Windows operating system that automatically downloads and installs updates and patches.
​​
Office Update
This is a feature in Microsoft Office that allows users to download and install updates and patches for the Office suite of applications.
​Microsoft Update
This is a feature that allows users to download and install updates and patches for a range of Microsoft products, including Windows, Office, and other software applications.
​​
In addition to these features, Microsoft 365 also includes various tools and services for managing and deploying patches and updates, such as
Microsoft Intune and Microsoft Endpoint Manager.
These tools can help organizations automate the patching process and ensure that their systems are always up to date and secure.
USER APPLICATION HARDENING
We work to determine the security measures and controls you need to protect the applications used by your users from a range of threats and vulnerabilities.
These measures help ensure that users can access and use applications safely without exposing the organization to risk.
​
In M365, some of the features we typically enlist for this are:
​
Application whitelisting
This involves specifying a list of approved applications that users are allowed to use, and blocking all others. This can help prevent the execution of malicious or unapproved software on user devices.
​
Application sandboxing
This involves running applications in a secure, isolated environment where they can execute without being able to access sensitive data or system resources. This can help prevent malware or other malicious code from compromising the system.
​
Application patching
This involves regularly updating and patching applications to fix known vulnerabilities and ensure that they are secure. This can help prevent attackers from exploiting vulnerabilities in outdated versions of software.
​
Application access controls
This involves implementing controls to limit access to applications based on user roles and permissions. This can help prevent unauthorized access to sensitive data and systems.
MS OFFICE MACRO CONFIGURATION
Macros are small programs that can automate tasks in Office applications such as Word, Excel, and PowerPoint. They can be useful for automating repetitive tasks or extending the functionality of the application, however, macros can also pose a security risk, as they can be used to spread malware or perform malicious actions.
​
To help mitigate this risk, Microsoft 365 allows us to configure macro settings for your organization. We can enable or disable macros for specific file types or block all macros from running. We can also set specific macro security settings, such as requiring a digital signature for macros or blocking unsigned macros.
​
The Office Macro Configuration feature is typically controlled via the Microsoft 365 security and compliance center. It applies to all Office applications and is available for both Windows and Mac.
​
Some of the features related to Office Macro Configuration include:
​
Macro security settings
Allows us to set specific macro security settings, such as requiring a digital signature for macros or blocking unsigned macros.
​
Macro restrictions
Allows us to block all macros from running or enable macros for specific file types.
​
Digital signatures
Allows us to require a digital signature for macros to verify the authenticity and integrity of the macro.
​
Trusted locations
Allows us to specify trusted locations on the network where macros are allowed to run without prompting the user.
​
Overall, the Office Macro Configuration feature in Microsoft 365 allows us to manage macro settings for Office documents in order to help mitigate security risks and maintain control over the automation of tasks in your organization.
DAILY BACKUPS
​
With the advent of Ransomware becoming more commonplace, it has heightened the need to have the right type of M365 backup.
That is, isolated.
It is simply not enough to have a cloud-based backup without taking into consideration the potential vulnerability, should the core M365 environment be breached.
For example, it is common practice for hackers to track down backups, and either include them in their encrypting activities, or deleting them or rendering them unusable.
Whatever the case, backups are vulnerable if they are not done the right way.
​
Medium-sized organisations are disproportionately
targeted by hackers because they’re
not large enough to employ full time Security
Specialists, but they
are large enough to be worthwhile targets…
For these situations, we created our flagship offering:
​
package.
​
We offer an unbeatable
"Not on my watch" protection guarantee*.
If your M365 environment is hacked once
we've hardened it, we'll give back 100% of
the money you've paid us for up to
the last 12 months.
​
This means we have a shared interest in keeping you safe.
​​