Read how Burger King scaled its existing WAN infrastructure with Forcepoint Next-Gen Firewall and SD-WAN, enabling the deployment and management of policies for hundreds of its restaurants centrally, remotely and efficiently.
Get in touch
1300 019 919
sales@konverge.com.au
Essential Eight Strategies to Mitigate Cyber Security Incidents
Johnny Thai • Nov 19, 2023
Strategies to mitigate cyber security incidents
In the ever-evolving landscape of cyber threats, organisations face diverse challenges in safeguarding their digital infrastructure. Recognising the need for comprehensive mitigation strategies, the Australian Signals Directorate (ASD) has leveraged its wealth of experience in responding to cyber incidents, vulnerability assessments, and penetration testing for Commonwealth entities to develop prioritised measures. While acknowledging that no specific set of mitigation strategies can offer a foolproof protection against all cyber threats, organisations are advised to adopt the Essential Eight mitigation strategies outlined in the Strategies to Mitigate Cyber Security Incidents as a foundational measure. This baseline, referred to as the Essential Eight, significantly increases the difficulty for adversaries to compromise systems. Delving into targeted intrusions, ransomware, malicious insiders, 'business email compromise,' and threats to industrial control systems, these strategies are tailored to address a spectrum of cyber risks. To effectively implement these measures, organisations are encouraged to undertake asset identification, risk assessments, and cultivate essential elements such as motivation, executive support, skilled professionals, and financial resources. Motivators may include past incidents, penetration tests, mandatory reporting, compliance requirements, or evidence of previously underestimated cyber security postures and heightened threat exposures. We will delve into the core principles of the Essential Eight, unlocking insights to fortify your organisation against the dynamic realm of cyber threats, and how Forcepoint is a solution to addressing your essential eight needs.
Essential Eight constitute the following
mitigation strategies:
Mitigation Strategy 1: Control use of application (application control)
Application allow listing is a security measure that involves approving and trusting specific programs to prevent the execution of unauthorised or malicious programs, including file types such as .exe, DLL, scripts (e.g., Windows Script Host, PowerShell, HTA), and installers.
Forcepoint ONE addresses the challenges posed by the increasing adoption of cloud and SaaS applications, especially as organisations wrestle with the complexity of Bring Your Own Device (BYOD) trends. This platform offers users streamlined access to necessary apps while safeguarding the network and data, ensuring consistent threat protection and Data Loss Prevention (DLP) across both cloud and private applications. With the ability to protect sensitive data on managed and unmanaged devices through agentless or agent-based security, Forcepoint ONE intelligently enforces security measures without compromising the user experience. It provides:
- Visibility and control over hybrid workers' interactions with data;
- Prevents misuse of sensitive information;
- Controls access to high-risk web content; and
- Facilitates secure remote access to business resources and private apps without the intricacies of Virtual Private Networks (VPNs).
Forcepoint Next Generation Firewall (NGFW)
Forcepoint NGFW is enhanced by Forcepoint Endpoint Context, which gathers essential endpoint metadata, including user, application, and network details, and transmits it to the NGFW. This integration empowers administrators with precise control over user and application access to data, enabling the creation of sophisticated, human-centric access policies. The NGFW, through features like Application Control, can restrict network access to specific applications based on trusted signing authorities, exemplified by blocking browsers such as portable Google Chrome and Firefox while permitting only Microsoft Internet Explorer. Additionally, Endpoint Application control policies can prevent applications like Putty.exe from establishing connections.
Forcepoint Remote Browser Isolation (RBI)
Forcepoint RBI ensures a secure "Zero-Trust" browsing experience by isolating user devices from potentially harmful websites, eliminating direct interaction with malware found on webpages and web-based applications. The RBI solution not only guards against malware delivered through compromised files supported by trusted applications, such as Microsoft Office documents with malicious macros, but it also incorporates Content Disarm & Reconstruction (CDR) capability. This feature sanitises files downloaded from the web, delivering only clean files by removing any potentially malicious code. When used alongside Forcepoint RBI, CDR offers comprehensive malware protection for both web browsing and file downloads. The solution also limits users' data-sharing activities, rendering embedded email URLs in read-only mode to prevent data loss and credential theft from phishing attacks. Importantly, web applications accessed through this solution do not leave sensitive corporate data in the browser caches of endpoints.
Key use cases for Forcepoint Remote Browser Isolation:
- Expand Web Access Without Additional Risk.
Securely expand web access to
uncategorized and risky sites. - Protect C-Level and Other High-Risk Users.
Protect users with elevated
privileges by air-gapping their endpoints from web threats. - Block Phishing Attacks.
Stop phishing from compromising endpoints, delivering
ransomware, and stealing credentials. - Prevent Data Loss.
Keep sensitive web app data out of browser caches; limit user
data sharing activities on websites.
Mitigation Strategy 2: Manage application vulnerability (patch application)
Ensure the security of computer systems by promptly patching applications like Flash, web browsers, Microsoft Office, Java, and PDF viewers, particularly addressing 'extreme risk' vulnerabilities within 48 hours and utilising the latest versions of these applications.
Forcepoint Next Generation Firewall (NGFW)
The Intrusion Prevention System (IPS) feature of Forcepoint Next Generation Firewall (NGFW) offers strong defense against application vulnerabilities, employing advanced technologies like Deep Packet Inspection to guard against exploits. This aspect of NGFW serves as a mitigation strategy for unpatched vulnerabilities, offering protection during the period between patch availability and actual deployment.
Forcepoint Remote Browser Isolation (RBI)
Web browsers are specific target for compromise, with organisations often managing multiple browser platforms and versions, both sanctioned and unsanctioned. The
Information Security Manual (ISM) emphasises the urgent need to patch extreme-risk drivers and applications within 48 hours. For example, the rollout of Chrome Stable version 87.0.4280.141 included 16 security fixes, 15 of which were high-severity, prompting warnings from the US Cyber and Infrastructure Security Agency (CISA).
The challenge of promptly patching browser applications within 48 hours is compounded by their widespread installation on numerous endpoints, frequently beyond the organisation's network. The introduction of BYOD devices further complicates security efforts, broadening the attack surface
Forcepoint RBI addresses these challenges by providing real-time protection against web browser compromise, eliminating direct user interaction with websites and web applications to mitigate security vulnerabilities. This approach safeguards against risks associated with compromised browsers, restricts users' data-sharing activities, such as rendering embedded email URLs in read-only mode to prevent data loss and credential theft from phishing attacks. Additionally, web applications accessed through RBI ensure sensitive corporate data is not stored in the browser caches of endpoints.
Mitigation Strategy 3: Removing or disabling active content from Microsoft documents and PDF (configure Microsoft Office macro settings)
Adjust Microsoft Office macro settings to enhance security by blocking macros from the internet. Instead, permit only approved macros either in designated 'trusted locations' with restricted write access or those digitally signed with a trusted certificate. This configuration helps mitigate the risk of malicious macros compromising the integrity of Office applications and ensures that only verified and secure macros are allowed to execute.
Forcepoint Zero Trust Content Disarm and Reconstruction (CDR)
Attackers have been repeatedly exploiting vulnerabilities in widely used software like Microsoft Office, Microsoft Windows, and Adobe PDF to access data and execute malicious programs, including executable files, DLLs, and scripts. Conventional detection-based defenses struggle to keep pace with these evolving threats. In contrast, Forcepoint's Zero Trust Content Disarm and Reconstruction (CDR) takes a unique approach. Instead of relying on malware detection, it operates on the premise that nothing can be inherently trusted. This method involves extracting valid business information from files, either discarding or storing the originals, verifying the extracted information's structure, and then creating new, fully functional files to securely transmit the information. Zero Trust CDR proves to be a game-changer in mitigating even the most advanced zero-day attacks and exploits. By exclusively extracting and delivering the positive aspects of a file without attempting to detect the negative elements, Forcepoint Zero Trust CDR prevents file-based malware from infiltrating organizations, offering protection against zero-day and completely unknown threats. Notably, this malware prevention approach eliminates the need for constant updates with the latest malware signatures, ensuring the defense is consistently up-to-date.
Forcepoint Remote Browser Isolation (RBI)
Forcepoint RBI ensures a secure "Zero-Trust" browsing experience by isolating user devices from websites, eliminating direct interaction with malware found on webpages and web-based applications—a process referred to as "air-gapping." Recognizing that malware often infiltrates through compromised files supported by "approved/trusted" applications, such as a Microsoft Office document containing a malicious macro, Forcepoint RBI aligns with the ISM requirement (Security Control: 1488; Revision: 0) to block Microsoft Office macros in documents originating from the internet. Additionally, the RBI solution incorporates Content Disarm & Reconstruction (CDR) capability to sanitise files downloaded from the web, delivering only clean files with any potentially malicious code removed. This integration with Forcepoint RBI ensures comprehensive malware protection for both web browsing activities and file downloads. The solution further limits users' data-sharing activities, rendering embedded email URLs in read-only mode to prevent data loss and credential theft from phishing attacks. Importantly, web applications accessed through the solution do not store sensitive corporate data in the browser caches of endpoints.
Mitigation Strategy 4: User application hardening for attack surface reduction
Enhance cybersecurity by configuring web browsers to block Flash, preferably uninstalling it, along with ads and Java when accessing the internet. Additionally, disable unnecessary features in Microsoft Office (such as OLE), web browsers, and PDF viewers. This proactive approach mitigates potential vulnerabilities associated with these elements, enhancing the overall security posture of the digital environment.
Forcepoint Next Generation Firewall (NGFW)
Forcepoint Endpoint Context gathers essential endpoint metadata, including user, application, and network information, transmitting it to NGFW for comprehensive security measures. The Forcepoint endpoint security solution provides administrators with precise control over user and application access to data, enabling the implementation of intelligent and human-centric access policies. Endpoint Applications can be restricted from accessing the network based on trusted signing authorities, exemplified by NGFW's Application Control feature blocking browsers like portable Google Chrome and Firefox, allowing only Microsoft Internet Explorer internet access. For instance, the Endpoint Application control policy can also prevent Putty.exe from establishing connections.
Forcepoint Remote Browser Isolation (RBI)
Organisations often manage diverse browser platforms and versions, both approved and unapproved. The ISM (Security Control: 1144; Revision: 9) emphasises the need to promptly patch, update, or mitigate drivers and applications assessed as extreme risk within 48 hours. For example, the release of Chrome Stable version 87.0.4280.141, incorporating 16 security fixes, with 15 marked as high-severity, leading the US Cyber and Infrastructure Security Agency (CISA) to issue warnings to organisations
As web browsers are installed across an increasing number of endpoints, often beyond the organisation's network, the challenge of patching browser applications within the suggested 48-hour time-frame becomes formidable. This complexity is heightened by the introduction of BYOD devices, expanding the attack surface to include access to organisational information assets and networks, making security even more challenging.
Forcepoint RBI offers real-time protection against web browser compromise by eliminating direct user interaction with websites and web applications, thereby mitigating the risks associated with security vulnerabilities. The solution further restricts users' data-sharing activities, such as rendering embedded email URLs in read-only mode to prevent data loss and credential theft from phishing attacks. Notably, web applications accessed through this solution do not retain sensitive corporate data in the browser caches of endpoints.
Mitigation Strategy 5: Control privileged access (restrict administrative privileges)
Forcepoint ONE
The Forcepoint ONE Security Service Edge (SSE) Platform is a comprehensive cloud-based solution providing SaaS protection to ensure the safety of users and data across the entire enterprise. It consolidates various cloud security services, including Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Zero Trust Network Access (ZTNA), eliminating the need for fragmented solutions and simplifying security for hybrid workplaces. This all-in-one platform also incorporates advanced features like Remote Browser Isolation (RBI), Content Disarm & Reconstruction (CDR), and Data Loss Prevention (DLP).
Forcepoint ONE has the capability to implement user-based policies for any application across all devices, including BYOD scenarios. This functionality proves effective in managing access to both internal and external business applications, offering heightened visibility into data movements, as well as user and device activities. The data management pane in Forcepoint ONE can impose restrictions based on various parameters such as user, device, and location. For example, it can prevent a Domain Admin located outside approved locations from accessing critical applications, ensuring a secure and controlled data environment.
Forcepoint Remote Browser Isolation (RBI)
The Essential Eight Maturity Model mandates, at level three maturity, the use of technical security controls to prevent privileged users from reading emails, browsing the web, and accessing files through online services. Forcepoint RBI offers a secure "Zero-Trust" browsing experience for privileged users by isolating their devices from websites, eliminating direct interaction with malware on webpages and web-based applications. Web browsing for privileged users can be restricted to read-only mode, reducing the risk of data loss and credential theft from phishing attacks. Furthermore, sensitive corporate data accessed through web applications via this solution does not remain in the browser caches of endpoints.
Mitigation Strategy 6: Manage Operating Software (OS) vulnerability (patch operating systems)
To enhance cybersecurity measures, it is important to promptly patch or mitigate computers, including network devices, harbouring 'extreme risk' vulnerabilities within a strict 48-hour time-frame. Utilising the latest operating system version is crucial for optimal security, as unsupported versions should be avoided to mitigate potential vulnerabilities. This proactive approach ensures that systems are fortified against emerging threats and vulnerabilities, minimising the risk of exploitation and enhancing overall cybersecurity resilience.
Forcepoint Next Generation Firewall (NGFW)
Forcepoint NGFW incorporates a robust Intrusion Prevention System (IPS) capability designed to offer substantial protection against application vulnerabilities. This is achieved through the implementation of advanced technologies like Deep Packet Inspection, which plays a crucial role in safeguarding against potential exploits. The NGFW's IPS feature not only serves as a proactive defense against known vulnerabilities but also functions as a mitigation strategy in cases where vulnerabilities remain unpatched. Specifically, it provides protection during the critical period between the identification of a vulnerability and the subsequent deployment of the necessary patch, ensuring a secure environment even in the interim.
Mitigation Strategy 7: Use of Single Sign On (SSO) and Identity Management (Multi-Factor Authentication)
Multi-factor Authentication (MFA) is an essential security measure, extending beyond conventional user logins. It is particularly crucial for various remote access methods such as Virtual Private Networks (VPNs), Remote Desktop Protocal (RDP), Secure Socket Shell (SSH), and others, ensuring an additional layer of verification to enhance access security. This approach helps fortify the protection of sensitive or high-availability data repositories, making it an integral component of the security framework. Additionally, MFA is mandated for all users when engaging in privileged actions, emphasising its role in safeguarding critical operations and preventing unauthorised access to privileged functionalities.
Migitation Strategy 8: Perform regular backups
Ensuring the integrity and resilience of data is an important aspect of cybersecurity practices. Implementing daily backups of crucial data, including new or modified information, software, and configuration settings, is fundamental. These backups are stored in a disconnected state, providing an additional layer of security against potential cyber threats. It is imperative to retain these backups for a minimum of three months, allowing for the restoration of critical information in case of data loss or system failures. Regular testing of the restoration process, initially and annually, and particularly when there are significant changes to the IT infrastructure, is a proactive measure to guarantee the effectiveness of the backup system and to swiftly address any unforeseen challenges that may arise.
Konverge your technical partner
At konverge, we understand businesses may be dealing with legacy systems and technical debt, where the immediate or complete implementation of Essential Eight Maturity Model requirements might be challenging. In such scenarios, cybersecurity tools with a risk-based approach, like the Forcepoint Dynamic User Protection platform, can effectively address these challenges.
Forcepoint's Risk-Based approach delivers tangible results by:
- Providing a deeper understanding of user intent through a focus on user behavior and their interactions with data.
- Enhancing employee productivity with personalized data security, allowing low-risk users to continue usual activities while restricting high-risk user activities.
- Minimising false positives through a graduated policy enforcement approach based on risk levels, preventing practitioners from experiencing alert overload.
- Facilitating secure collaboration on cloud applications by gaining insights into user engagement with cloud data.
- Streamlining the investigation of risks from insiders efficiently and with ease.
Forcepoint Advance Classification Engine (ACE) inspects traffic content and usage patterns, incorporates eight defense assessment areas to identify malware, phishing, spam, and other risks to the enterprise. These assessment areas include Real-Time Security Classification, Real-Time Content Classification, URL Classification, Behavioural Sandboxing, Anti-Malware Engines, Anti-Spam/Phishing, Reputation Analysis, and Real-Time Data Classification. Each of these components plays a vital role in ensuring a comprehensive and effective defense against diverse cyber threats.
Contact us to have a confidential discussion about how we can assist you and your organisation's essential cyber security needs today. Simply fill in the below form and one of our technical specialists will be in touch.
Contact Us: Essential Eight
Struggling to deploy IT infrastructure? APC Micro Data Centers offer a pre-configured, all-in-one solution.
Konverge is a Microsoft 365 expert and has helped many Australian businesses with their technology needs. Let us assist you with your journey into Microsoft 's latest game changer in operational efficiencies today.
Download this insightful whitepaper DLP implementation guide for a look at the latest data-breach trends: A practical look at current trends and how to be proactive in stopping data breaches. Five-phase framework: Learn the five steps to a successful DLP implementation through a risk-adaptive approach. Best practices to ensure success: Ways to attain measurable and practical results to achieve seamless execution. Assessing DLP vendors: Explaining the importance and benefits of dissecting the vendor's methodology.
What is CASB? The pillars of CASBs. Threat protection in Australia. CASB solutions and legislation surrounding Australian entities in cybersecurity.
Unlock the power of data with CPG 235 Managing Data Risk. This guide provides expert insights on data governance, risk management, and quality for Australian banks. Subscribe for updates and enhance your data practices today.
Experience the world’s first deep learning data platform. With over 10 exabytes of data under
management, VAST enables companies like Disney, Zoom, NASA, G42, and others to embrace a
future where the boundaries of what’s possible are constantly redefined.
More than half of security leaders describe data visibility as a major concern. Some 60% said they had identified new security gaps. Nearly six in 10 organisations are struggling with employee-related cyber threats in the months since the pandemic began, with 48% reported phishing attacks in the first three months of the pandemic.
Explore how to manage data risk and be APRA CPG 235 compliant as increased sophisticated threats rise with the use of malicious generative AI tools for cyberattacks on Australian businesses. Read about Forcepoint ONE and how it plays an important role in your digital data protection.
We've boosted Tactix's digital infrastructure with secure internet and network setup, implemented top-tier firewall security, and ensured seamless connectivity. Our cabling expertise has streamlined efficiency, while a state-of-the-art wireless network guarantees swift and reliable connections throughout their workspace. Tactix's meeting rooms are now fully equipped for productive collaborations, and every desk boasts docking monitor solutions, elevating productivity and facilitating seamless teamwork.
Small business networks are essential for entrepreneurs looking to optimise productivity, enhance security, and support remote workforces. Centralising your network, understanding its components, and implementing the right storage solutions are crucial steps in this journey. With expert guidance, you can build a network infrastructure that propels your small business toward success in the digital age.
Latest Insights
Struggling to deploy IT infrastructure? APC Micro Data Centers offer a pre-configured, all-in-one solution.
Konverge is a Microsoft 365 expert and has helped many Australian businesses with their technology needs. Let us assist you with your journey into Microsoft 's latest game changer in operational efficiencies today.
Download this insightful whitepaper DLP implementation guide for a look at the latest data-breach trends: A practical look at current trends and how to be proactive in stopping data breaches. Five-phase framework: Learn the five steps to a successful DLP implementation through a risk-adaptive approach. Best practices to ensure success: Ways to attain measurable and practical results to achieve seamless execution. Assessing DLP vendors: Explaining the importance and benefits of dissecting the vendor's methodology.
Ask us anything
No matter what your question relates to, our IT specialists will be happy to help with any related enquiries.
We want to hear from you
Send us your details and we’ll get back to you to schedule a time to talk.
