fbpx
Back to Knowledge Centre
3 min
Share

ASD Essential Eight Explained – Part 2: Patching Applications

avatar

By Information Assurance Specialist at Data#3 Limited

The Essential Eight

The Australian Signals Directorate (ASD) Essential Eight has received considerable attention since it included an additional four strategies to the previously defined ‘Top 4 Strategies to Mitigate Cybersecurity Incidents’. Logan Daley continues the ASD Essential Eight Explained series below.

Patching Applications

What is it?

In a nutshell, applications are designed to perform a specific task but often don’t account for potential flaws and vulnerabilities. Unless it’s actually a security-centric application, security is lower on the features list, that’s if it makes the list at all. In some cases, applications are released with undocumented capabilities, features enabled are not being used, or use non-standard ports and services. In all fairness, if we tried to QA the apps to perfection, we’d never actually get anything to market!

Over time, the capabilities, features, and other bugbears come to the surface and are fixed by the vendor or, in other cases, discovered and exploited by those that don’t share my sunny disposition.

Where do I start?

As is the case with Application Whitelisting, a current inventory of applications is a must-have. We need to know what is on our network and why. Odds are the vendors of those applications have released patches and updates to address these issues, add features, and improve performance. Once we know what applications we have, we can investigate whether or not we have the latest stable releases and patches. In some cases, vendors are very proactive and notify their clients, supplying the patches at no charge during the lifetime of the application. Some charge extra for this service, but some just make them available without letting you know. In the end, patches and updates should be available.

Any pitfalls?

Without a doubt, Shadow IT can bite hard here. If you focus only on the “known” and approved applications, you may overlook the one-off applications downloaded to perform some task not officially sanctioned by the company. Even these one-off systems should be updated (or preferably removed until their existence can be justified and approved). In larger enterprises, patching applications can become all-consuming as it seems there are updates every day. A solid change-management process to test, schedule and deploy updates and patches on a prioritised basis is a must-have.

The ghost in the machine?

We are fooling ourselves if we think we can secure every application perfectly; risk will always remain. The key is to reduce the risk inherent in using applications to an acceptable level. Where the possibility to interact with an application exists, so does the ability to exploit the same. Technology was created by humans so human error is innate.

How do I make it work?

Once you have a current inventory of your applications and a reliable change management process in place, it’s time to begin (or at least keep going) with patching your systems to the current stable releases. Remove or replace any unsupported applications and make sure they’re included in your application whitelisting solution. Create a list, subscribe to alerts, or at the very least ask your vendors to notify you of updates and patches so you can include them in your regular scheduled maintenance. When it comes to emergency or urgent patches, treat them as a priority. Recent incidents with WannaCry and Petya/NotPetya  should have highlighted this.

Am I missing anything?

While this approach seems to consider the current state, make sure to include any new applications as soon as they hit production. Even the latest and greatest systems will be updated at some point. Also, don’t overlook the software and firmware that run on your network appliances, physical and virtual. The programs that run your routers, switches, firewalls, load balancers and so on are still applications.

How do I start?

Take a deep breath and realise this isn’t going to happen overnight. Get the right people involved and don’t hesitate to put your hand up if you need some help. Begin with your current application inventory and if you’ve recently undertaken an Application Whitelisting project, you should already have that. Prioritise your applications and make sure you have the latest stable version of each. If you are a few versions behind, acquire, test, and deploy the patches using your change management process. Rinse and repeat!

Read more from the ASD Essential Eight Explained series.

Go to: Part 1: Application Whitelisting

Tags: ACSC Essential Eight, Cybersecurity, Network Security, Patching Applications

Featured

HP-C4T-x360-435-Promotion-VIDEO-Card-v2
Is the HP ProBook G9 the ultimate teaching tool?
Navigating the six stages to ITAM maturity with Technology Intelligence 360
A truly seamless collaboration experience, all under one (hybrid) roof
Can everyone hear me okay? The secret to better remote collaboration
Data#3 Wins Schneider Electric Elite Partner Award
Data#3 named Schneider Electric Elite IT Solution Provider of the Year

Related

JuiceIT Guest Blog | How XDR can help when time is of the essence

The only thing worse than cyber threats is an inability to detect those threats in time. Organisations need the…

JuiceIT Guest Blog | Veeam Platform: Reliable and Fast Recovery from Ransomware in a Hybrid World.

Ransomware attacks have become a growing concern for organisations of all sizes in Australia and New Zealand, resulting in significant…

Customer Story: Pernod Ricard Winemakers

Azure Migration gives Pernod Ricard Greater Flexibility and Improved Performance Download Customer Story Contact a Specialist…

Why would you deploy SASE?
If Secure Access Software Edge (SASE) with Cisco Meraki is the destination, what does the journey to get there look like?

Firstly, let’s set the scene. The term SASE was first mentioned by Gartner Analysts in July 2019 and Gartner continues…

Data#3 named (HPE) Platinum Partner of the Year and Aruba GreenLake Partner of the Year
Data#3 enjoys double scoops at HPE/Aruba awards night

December 08, 2022; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, is proud to announce that it has…

Azure BaaS
Protecting Data in a Cloud World: Will Backup as a Service be what Keeps Your Business Online Through a Crisis?

Very few organisations could run in a technology-free environment, so naturally, strong IT departments put considerable effort into business continuity…

Azure Site Recovery
Beyond Backup: The Role of Azure Site Recovery in Business Continuity

In the first of our Azure Backup blog series, we discussed the value of data, and the critical importance…

Delivering the Digital Future, Securely – for Western Australia
Delivering the Digital Future, Securely – for Western Australia

Data#3, proudly sponsored by Cisco, Microsoft and Palo Alto Networks, are pleased to present to you: Delivering the Digital Future,…