Springe zum Hauptinhalt

Mega-Menü-Produkt-Services_Pfeil

HYPERSECURE PlatformZero Trust Strategy

 

COMPLIANCE

Mega-Menü-Blog_Pfeil

News, Information AND Tips ABOUT IT SecurityTo the Blog
Support
Service Desk Partner Portal

 

Mega-Menü-Blog_Pfeil

News, Information and Tips about IT Security
To the BlogNewsletter

2 min read

Are you compliant for essential 8 in cyber security?

Are you compliant for essential 8 in cyber security?

“There are only two types of companies: those that have been hacked, and those that will be."

Former FBI Director Robert Mueller

No one can escape the threat of a cyber attack. One vulnerability is all an attacker needs to gain unprecedented access to all of your organisation’s confidential files and information. Not only is your company’s data at risk, but also your client’s. So it is of paramount importance that your organisation strengthens its cyber security software and practices. But how confident are you in your company’s ability to counteract cyber attacks?

In 2017, the Australian Cyber Security Centre (ACSC) published a set of baseline mitigation strategies to assist organisations in bolstering their systems against unknown and adverse cyber entities. Of particular note are the Essential 8.
DriveLock specialises in providing endpoint protection and security by working closely with clients to ensure their systems are well-equipped with EAL3+ certified solutions. As part of our work, we’ve developed software and digital tools tailored to achieving the Essential 8 to the highest maturity level (Level 3).

  1. Application Control pertains to the level of control an organisation has over the execution of unauthorised software. DriveLock’s Application Control software is based on “Predictive Whitelisting” and is extendable to Microsoft’s latest block rules, allowing it to achieve up to Maturity Level 3.

  2. Patch Applications ensures organisations are always using the latest version of applications. DriveLock’s Vulnerability Management system achieves up to Maturity Level 3 by being able to identify, evaluate and report vulnerabilities in the inbuilt operations centre within a 48-hour time frame.

  3. Configure Microsoft Office Macro Settings to block macros from the internet, and only allow vetted macros in “trusted locations” with limited write access. DriveLock’s Application Behavior Control has control over the execution of macros, even in trusted locations, allowing a Maturity Level of 3 to be achieved here.

  4. User Application Hardening configures web browsers to block Flash, ads and Java as they are popular ways to transfer malicious code on systems. DriveLock’s Application Behavior Control prevents web browsers from storing data outside limited locations on the local hard disk or child processes, allowing a Maturity Level of 2 to be reached.

  5. Restrict Administrative Privileges to operating systems and applications based on user duties. Admin accounts are the “keys to the kingdom” and so must be managed with critical importance. DriveLock’s Native Security module aids in managing local accounts and administrative permissions to effectively prevent privilege escalation, allowing DriveLock to cover up to Maturity Level 2 for this requirement.

  6. Patch Operating Systems refers to patching vulnerabilities in operating systems within 48 hours. DriveLock’s Vulnerability Management identifies, evaluates and reports all risks in the inbuilt operations centre. However, not every patch is installed as existing applications may run into trouble. So, DriveLock achieves Maturity Level 2. 

  7. Multi-Factor Authentication (MFA) is the protection of sensitive systems and data with strong authentication. DriveLock’s Pre-Boot Authentication provides full support of multi-factor authentication. Additionally, DriveLock’s console is integrated into Identity and Access Management to add to a strong multi-factor authentication. So, DriveLock can cover up to Maturity Level 2.

  8. Daily Backups of data that should be retained for at least three months. DriveLock’s File Protection or Encryption 2-Go can be used to prevent admins from accessing classified information while also implementing a backup strategy as needed on a daily basis. Of particular highlight, when fulfilling the level 3 requirement of storing data on non-rewritable / non-erasable media, DriveLock’s use of encrypted backups makes the process of decommissioning media much easier. Overall, DriveLock covers up to Maturity Level 3.

Complying with the Essential 8 is a necessary and crucial first step for businesses looking to strengthen their security, however, it doesn’t stop there.

DriveLock makes the first step easy and can ultimately help maximise your endpoint security. Get in touch with us today, to find out more.

Free 30 days trial 

Essential 8 Infographic

 

DriveLock support to achieve mandated CMMC and NIST certifications

DriveLock support to achieve mandated CMMC and NIST certifications

U.S. companies seeking contracts from the U.S. Department of Defense (DoD) and other federal agencies are required to demonstrate strict IT security...

Read More
DriveLock Delivers Zero Trust Platform to the Endpoint

DriveLock Delivers Zero Trust Platform to the Endpoint

The German IT security specialist supports the paradigm shift in IT security with its fully integrated Zero Trust Platform Munich, Germany. 28...

Read More
Modern Endpoint Security & EDR

Modern Endpoint Security & EDR

The importance of endpoint security continues to be prevalent in today's threat landscape as 70% of all breaches are found to have originated from...

Read More