Strong cybersecurity strategies have become mission critical – as business disruption leads to financial loss, employee and customer dissatisfaction, and lost relationships – as well as damage to your integrity and reputation. So the question is, how can you reduce and mitigate cybersecurity risks?
In recent years, the Australian Federal Government has invested in this issue through a series of cybersecurity strategies. The most recent in 2020 involved a commitment of A$1.67 billion over ten years. One of the many ongoing activities has been the establishment of the Australia Cyber Security Center (ACSC), which is responsible for development of strategies to mitigate cybersecurity incidents – to help organizations protect against various cyber threats.
First published in 2017, the CCAA Eight Essentials Maturity Model is a list of countermeasures that all government agencies and private organizations should implement in their ICT systems. It details how each of the eight should be implemented as an organization’s cybersecurity capabilities progress through maturity levels.
In this article, I’m going to focus on five of the eight essentials, and of those, in particular, their recommendations for securing end-user devices.
Mitigation Strategy 1: Application Control
The Essential Eight Maturity Model describes application control, maturity level one, as follows: the operating system, web browsers, and email clients.
The challenge is that with users using multiple devices – some that they own – and many of them currently working from home, how can you tell exactly what apps are installed and running on their devices?
Then there’s shadow IT, which can be far from secure.
What you need to protect your systems and data is a monitoring tool to show you the real user experience on each device. Clear visibility into the applications running on the devices of users in your fleet gives you better control and therefore greater security.
River bed | Aternity gives you an overview of all unauthorized apps such as WhatsApp, Dropbox or Torrent, then allows you to drill down by country, state and individual device name – giving you the information you need to focus and remove mainstream apps commonly exploited.
Mitigation Strategy 2: Patching
Patches, updates, or vendor mitigations for security vulnerabilities in Internet-accessible services are applied within two weeks of being posted, or within 48 hours if an exploit exists.
Outdated application versions on user devices are a major source of vulnerabilities. In addition to not containing bug fixes to eliminate potential backdoors, they do not provide the best user experience or new app features.
River bed | Aternity identifies all versions of each of your enterprise applications such as Microsoft 365, Citrix and Acrobat Reader used by your staff. For example, many organizations find that their users are running 30 or more versions of Citrix Receiver or AutoCAD, or even outdated versions of Zoom or Microsoft Teams.
This allows IT admins to determine exactly how many app versions are in use, which of your users have outdated versions, and then take action to apply relevant patches to devices.
Mitigation strategy 3: Hardening the user application
Web browsers do not process Java from the Internet. Web browsers do not process web advertisements from the Internet. Configure web browsers to block Flash (ideally uninstall it), advertisements and Java on the Internet.
As of December 2020, Adobe no longer released Flash Player security patches, maintained operating system or browser compatibility. This creates a security vulnerability for cyber attacks. Meanwhile, Java is vulnerable to log injection attacks and trust exploits that track access control vulnerabilities.
Both executable services are known sources of cyber exploits such as malware downloads. According to the ACSC’s recommendations, web browsers should not be allowed to serve Java or web-based advertisements via Flash Player from the Internet.
River bed | Aternity Enables IT teams to accurately identify running apps and devices Glow and Java – executables vulnerable to pirates. Importantly, it also allows IT to see the implications on applications and users before blocking Flash and Java, so they can take the necessary actions first.
Mitigation strategy 4: Restrict administrative privileges
Requests for privileged access to systems and applications are validated on the first request. Privileged accounts (except privileged service accounts) cannot access the Internet, email, and web services.
According to data breach reports, malicious or accidental use of administrative privileges remains a major vulnerability. Administrative accounts are the “keys to the kingdom”. Malicious insiders or external attackers can use these accounts to gain unauthorized access to information and systems from inside or outside the organization.
Essential Eight prescribes a range of processes to strictly control privileged access. These include validation at establishment, external access limitations, and – at higher maturity levels – automatic revocation of privileges after a period of inactivity and deactivation after 12 months, unless revalidated.
Because historical administrative accounts holding the “keys to the kingdom” can lie dormant if forgotten, River bed | Aternity provides full visibility into current incumbents by username, device name, service, and IP address. This allows IT to review and validate admin privileges, eliminating vulnerabilities that could potentially be exploited by former contractors or employees.
Mitigation Strategy 5: Patch Operating Systems
Vendor patches, updates, or mitigations for security vulnerabilities in Internet-accessible service operating systems are applied within two weeks of release, or within 48 hours if an exploit exists.
Most environments run a wide range of operating systems on user devices. Microsoft provides regular operating system security updates, but once this support service ends (especially Windows 7), the operating system will no longer receive security updates, leaving users’ devices without protection against hacks and exploits.
River bed | Aternity displays the full range of operating systems in your environment. Your administrators can then drill down to identify unpatched devices by location, service, and individual device name. Another advantage is that when you decide to migrate to new versions such as Windows 10 to 11, it is quick and easy to identify devices to target for the upgrade.
Visibility enhances safety
The ability to progress through the Eight Essentials maturity model has a lot to do with visibility. Without a clear picture of potential security vulnerabilities on all devices accessing corporate assets, IT has little chance of mitigating them.
Since user devices are often the “wild cards” in your defenses, a first step is to get the visibility you need to take action. River bed | Aternity offers a series of valuable tools to help implement and then maintain proven mitigation strategies to reduce trade-offs.
About Ariane Paguia
Ariane Paguia is a Digital Experience Management Specialist at Riverbed | Aternity’s team responsible for helping Asia Pacific customers maximize visibility and performance across end-user networks, applications and devices, so they can realize the full value of their investments in the cloud and digital. She specializes in the design and implementation of end-to-end visibility solutions based on Riverbed | Aternity.