fbpx
Share

ASD Essential Eight Explained – Part 1: Application Whitelisting

The Essential Eight

In February of 2017, The Australian Signals Directorate (ASD) published an update to their “Top 4” Strategies to Mitigate Cybersecurity Incidents by revising the list to include four more crucial strategies. The “Essential Eight” has received considerable attention over the past several months although I have encountered many organisations that are unsure where to begin. In this series of brief articles, I will try to give you a bit of a kick-start to help you get going in the right direction. You are not alone…if you need help, please ask as we’re all on the same side!

The original ASD Top 4 included Application Whitelisting, Patching Applications, Restricting Administrative Privileges, and Patching Operating Systems. The Essential Eight now includes those four plus Disabling Untrusted Microsoft Office Macros, Using Application Hardening, Multi-Factor Authentication, and Daily Backups of Important Data. While the full ASD list contains 37, your focus should be on these eight before putting too much effort into the other 29.


Application Whitelisting

What is it?

I consider a firewall to be a Yes / No device when you strip away all of the “Next Generation” and Unified Threat Management (UTM) pieces. To some degree, Application Whitelisting works the same way by specifying which applications can execute (the Whitelist) leaving everything else implicitly or explicitly denied (the Blacklist). Granted, there will always be some that fall in the middle (the Greylist), but those should be reserved for administrative decision and not for the user to decide. By the way, make sure the aforementioned firewall also has a default “deny all” rule in place. I have seen many installations where the final rule was an “Allow All” with millions of hits against it.

Where do I start?

The first place to start should be understanding your information systems and which applications are needed to perform your business functions. If you don’t have this list already, please create it and engage a security specialist to help if needed. This will essentially become your “Whitelist”. It’s worth noting that not every team in your organisation will use the same list, there may be a core list (such as office applications) for everyone but different lists for other roles (such as Payroll and HR). Getting a handle on what applications you need and which you don’t want is crucial otherwise you can find yourself preventing good and allowing bad like a lousy B-grade superhero movie.

Any pitfalls?

Many, which is why I recommend getting the right people involved and this means more than just the IT team. Management also needs to support and sign off on this initiative. Having it as part of your information security / general IT policies is also recommended. You need to know exactly what applications are on your network and which ones are actually needed. It’s not an easy voyage, but one worth taking. At the heart of it, executing code is the cause of a lot of breaches. Also consider that it’s not always malware; sometimes your own tools and utilities can be used against you!

The ghost in the machine?

It’s us, plain and simple. At the end of the day, we just want to do our jobs, get paid, and go home to our families. Be ready to uncover shadow IT and related shadow data that often arise as a result of shortcuts (well-intended or otherwise) that we use to get the job done. Application Whitelisting can really help secure the environment, but be prepared for some resistance from the masses.

How do I make it work?

You probably already have the required hardware and software to make this a reality. Most modern endpoint protection applications, such as those from Symantec, Sophos, and McAfee have the ability to perform application whitelisting. Modern UTM firewalls that offer application control are not really “Whitelisting” but can add another layer of defence if you choose.

Am I missing anything?

Make sure you have the endpoint protection applied to every host that you can, and think beyond just workstations. Locking down the ability of applications to execute on your servers – especially database servers and web servers – can be an invaluable tactic.

How do I start?

It’s time to take stock and figure out what your business needs and what it doesn’t want. That comes down to what makes your business tick – the very applications you rely on.

Tags: ACSC Essential Eight, Application Whitelisting, Cybersecurity, Network Security

Featured

Related

Why would you deploy SASE?
If Secure Access Software Edge (SASE) with Cisco Meraki is the destination, what does the journey to get there look like?

Firstly, let’s set the scene. The term SASE was first mentioned by Gartner Analysts in July 2019 and Gartner continues…

Data#3 named (HPE) Platinum Partner of the Year and Aruba GreenLake Partner of the Year
Data#3 enjoys double scoops at HPE/Aruba awards night

December 08, 2022; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, is proud to announce that it has…

Azure BaaS
Protecting Data in a Cloud World: Will Backup as a Service be what Keeps Your Business Online Through a Crisis?

Very few organisations could run in a technology-free environment, so naturally, strong IT departments put considerable effort into business continuity…

Azure Site Recovery
Beyond Backup: The Role of Azure Site Recovery in Business Continuity

In the first of our Azure Backup blog series, we discussed the value of data, and the critical importance…

Delivering the Digital Future, Securely – for Western Australia
Delivering the Digital Future, Securely – for Western Australia

Data#3, proudly sponsored by Cisco, Microsoft and Palo Alto Networks, are pleased to present to you: Delivering the Digital Future,…

K-12 Video Period
Securing the school network amidst escalating threats

Security threats are now a routine problem for increasingly connected education institutions. The good news is that a new generation…

Protecting Data in a Cloud World: What You Need to Know About Azure Backup

Welcome to part 1 of our 3-part blog series, exploring data protection options and considerations for when you’re operating in…

The Southport School Revisited
The Southport School: Four Years On

How have their investments in wireless networking and security paid off after four years? Download Customer…