The Essential Eight is a set of cybersecurity strategies designed to form a baseline for robust organisational cyber defences. It’s recommended by the ACSC (Australian Cyber Security Centre) and is also something we’re big on here at Smile IT. Why? Because conforming with the Essential Eight strategies is a surefire way to shore up your cyber defences. The ACSC is pushing it because it works well.
We want to talk about the first of the eight strategies today, regarded as one of the main cornerstones in the approach – ‘Application Control.’ Applications play an increasingly large role in day-to-day business operations, whether they’re web-based, cloud-based or from a third party. Staying on top of the data security threats they present, while maintaining efficiency, is an ongoing challenge. Enter Application Control.
Application Control Defined
Application control is a security approach that prevents malicious code from executing on your systems. It ensures that only approved executables, software libraries, scripts, installers, and drivers are authorized. When implemented properly, application control stops anything that isn’t a known and authorised requirement of your systems from running.
This bolsters your security and ensures that only approved apps can be implemented or executed. It also ensures that users have relevant authorisation levels as determined by your IT administrators.
Control is configured according to user roles, the devices being used and a range of other criteria, preventing the execution of any unapproved programs. Application use policies can also be enforced, putting time limits on apps if necessary and monitoring their usage.
A fundamental part of the application control process is application whitelisting. Let’s look into that a bit further.
Application Whitelisting
Application whitelisting is an approach to application use that does not allow any applications to run unless they are authorised ‘whitelisted’ ones. This greatly reduces the attack surface malicious actors can work with.
It’s the opposite of ‘blacklisting’, the approach traditionally taken by antivirus software. In this scenario any applications can run, but those known to be malicious are blocked. They each have their place, but whitelisting gives you a far higher degree of control over your application environment.
Successful Application Whitelisting Implementation
All businesses are different and require varied apps and platforms to run. There are also hundreds of thousands of malicious programs being discovered every day… together, this makes the job of whitelisting apps difficult, but oh so very important. There are three steps to it:
- Identify and build an inventory of applications to whitelist. Assess all the software currently used and determine which is vital to the running of various departments. Figure out which tasks are core to each department, and what software those tasks depend on. That software stays, other non-crucial software goes. This is a golden opportunity to trim down on the applications in use and reduce your attack surface.
- Specify the rules within which whitelisted applications can operate. Different attributes can be used to determine how whitelisted applications operate, including cryptographic hashes, publisher certificates, absolute paths and parent folders. Care needs to be taken that the methods you use follow cybersecurity best practices – your IT support company can guide you in this regard.
- Maintain the whitelisted application list and the associated rules. Routine audits of the control measures in place will keep things ticking over as they should, as will regular reviewing and updates of the whitelisted apps themselves.
The Benefits of Application Control
The cyber landscape can be a bit of a Wild West, with the Essential Eight bringing a semblance of law and order to proceedings (there’s got to be a Magnificent Seven pun in there somewhere!) Application Control prevents your team from polluting your endpoints with unsanctioned software that drastically increase your odds of having a cyber incident. Obviously, there’s a huge security benefit here, with this being an essential stepping stone to Essential Eight compliance.
There are other benefits too, including:
- A ‘zero trust’ IT environment is created, where explicit rules and control are built around your data and processes.
- When implementing application control, you get clarity around the software currently installed and what is useful.
- Only having applications relevant to your workflow in place will improve productivity. There will be fewer distractions and more targeted use of tools.
- It helps maintain compliance – not just with the Essential Eight but with any other industry rules and regulations that may apply to your organisation.
Get the Essential Eight Ball Rolling
Cybersecurity can seem overwhelming at the best of times, and if this isn’t your wheelhouse then all the tech talk around the Essential Eight is pretty daunting. Luckily it is our wheelhouse! We’ve been helping businesses across Australia determine their Essential Eight Maturity Level, and advising on what controls need to be implemented and improved to reach their maturity target. This, of course, includes Application Control and Whitelisting.
So, if you have any questions about the above, or would like to discuss getting your business Essential Eight compliant, we’re here to help. Contact us here or give us a ring on 1300 766 720.
When he’s not writing tech articles or turning IT startups into established and consistent managed service providers, Peter Drummond can be found kitesurfing on the Gold Coast or hanging out with his family!