Author: Martin McGregor, Co-founder and CEO, Devicie
With most enterprises now adopting some form of remote working arrangements, the need and demand for robust security to protect employee devices has never been greater. This is where the vast majority of successful cybercrime attacks, including ransomware, currently happen.
The Essential Eight Maturity Model from the Australian Cyber Security Centre (ASCS) is one of the strongest forms of cyber defence organisations can leverage in their fight against cybercrime.
Yet despite its importance, many organisations struggle to implement the Essential Eight controls effectively.
The Attorney General’s Department has already confirmed its intention to mandate all Essential Eight controls for public sector entities. That was in June this year after a 2020 parliamentary committee report found that no federal government entity had implemented the mandated controls. In November 2021 the Audit Office of NSW found that none of NSW’s lead cluster agencies had implemented all Essential Eight controls.
The good news is that innovation in cloud-native technology and automation means that implementing defence in depth across end-user devices in line with the Essential Eight is now much easier to do. What’s more, it will not only deliver security benefits, but end-user experience, efficiency and productivity outcomes as well.
How Devicie automates Essential Eight controls
Devicie enables organisations, large and small, to quickly automate hundreds of security controls on end-user devices, in line with best practice frameworks, including the ASD Essential Eight. This could happen within days or weeks.
I have outlined below Devicie’s specific capabilities that enable organisations to meet maturity levels 1, 2 and 3 across each of the Essential Eight controls on end-user devices. To be clear, infrastructure other than end-user devices are outside our scope.
1. Application controls
• Devicie can control the execution of applications and components on workstations through Windows Defender Application Control and Applocker.
• Devicie can also provide basic risk assessment guidance on new application requests and on the back-catalogue applications.
• Through these technologies, Devicie can help organisations achieve levels 1 through 3 on the employee endpoints.
2. Patch applications
• Devicie provides patches for applications available through Microsoft Intune within 24-48 hours of release and enforces updates on a standard 30/60/90 day cycle.
• Devicie can tailor release of patches and updates to suit the Essential Eight two-week cycle for third party applications, meeting the level 2 requirements for workstations.
• Devicie can expedite urgent patches through the Intune ecosystem as required in 8-24 hours.
3. Configure Microsoft Office macro settings
• Devicie can control Microsoft Office macros at the user and machine level and enforces these controls at the end-user device.
• Through management of the native Office defences, Devicie enables organisations to achieve level 3 maturity
4. User application hardening
• Devicie can enforce browser, office and third party software configurations and settings where available.
• Devicie can deny-list and remove deprecated or risky applications, such as IE11 and PowerShell 2.0, achieving level 3 requirements.
• Additional software security controls can also be applied for key applications such as Acrobat Reader.
• Devicie can provide the appropriate intel feeds to support the SOC in alerting and acting on possible violations and attacks.
• Devicie can support all of the controls one end-user devices to level 3 maturity for organisations that require them.
5. Restrict administrative privileges
• Devicie provides and enforces controls over local administration access to end-user devices.
• Users are not provided with admin credentials by default.
• Local default admin accounts are renamed and disabled. A centrally-controlled local admin account is created.
• Customers can add privileged users to a specific group which enables them to elevate to local admin.
• Devicie can establish secondary privileged accounts as local admin users. These users are managed by customers through their AAD.
• Through these controls, Devicie can help organisation configure their administrative access to end-user devices in line with maturity levels 1 to 3.
6. Patch operating systems maturity
• Devicie makes patches for the operating systems available through Intune within 24-48 hours of release and enforces updates on a standard 30/60/90 day cycle.
• As with the application updates, Devicie can tailor release of patches and updates to suit the Essential Eight 2-week cycle, meeting the level 2 requirements for end-user devices.
• Devicie can enforce migration to latest operating system releases within required time windows and provides a pilot programme over the first 14 days of release to achieve this.
• Devicie only deploys supported operating systems, ensuring compliance with the level 3 requirement.
7. Multi-factor authentication maturity
• This is largely out of scope for Devicie, as it is focussed at the workstation for devices accessed through AAD accounts, and therefore cannot enforce meaningful controls over MFA ASD8 requirements.
• However, with additional Intune API rights, Devicie can monitor and report on MFA status across user accounts.
• This auditing and logging, and associated visualisations, is pivotal for organisations to achieve level 1 to 3 maturities.
8. Regular backups maturity
• Devicie ensures user data is located on cloud storage, such as OneDrive, and as a result it subject to the versioning controls and backups inherent to the services.
• Software and configuration are packaged within Devicie, allowing for rapid rebuild of workstations and their return to a ‘known good’ state in the event of a failure or other loss of integrity or data.
• This supports persistence of data, and restoration of end-user devices and configurations, assisting organisations with their data recovery and business continuity strategies and solution, key aspects of successfully implementing regular and reliable backups to meet maturity levels 1 to 3.
Devicie prides itself on harnessing the power of cloud-native technology and automation to enable organisations to apply defence in depth controls across their end-user device fleet. If you’d like to know more, and to see some sample dashboards, be sure to download our Essential Eight Capabilities Statement.
Alternatively, contact us for a chat. We’d love to walk you through our platform and answer questions pertaining to your environment.