Essential 8

Meeting the ACSC’s Eight Essential Strategies with PAM

Meeting the ACSC’s Eight Essential Strategies with PAM

Introduction

The Essential Eight was designed by the ACSC (Australian Cyber Security Centre) to mitigate cybersecurity incidents and help protect organizations IT networks from various threats. The most effective strategies that were prioritized for risk mitigation are the Essential Eight.

It was first published in June 2017 and has been updated since then. Essential Eight was prepared based on Australian Signals Directorate ASD’s learnings from producing cyber threat intelligence and conducting pen tests.

The eight strategies recommended by ACSC to mitigate risk are:

  1. Patch Applications
  2. Patch Operating Systems
  3. Utilize Multi-factor Authentication
  4. Restrict administrative privileges
  5. Control Applications
  6. Restrict Microsoft Office Macros
  7. Implement User Application Hardening
  8. Take Regular Backups

Essential Eight - Levels of Maturity

ACSC has defined four levels of maturity (Level Zero through Three) to assist organizations with their implementation of Essential Eight. Each level of maturity shows how aligned an organization is with the intent of the mitigation strategy.

Maturity levels are based on mitigating increasing levels of tactics, techniques and tools used by attackers against targets. ACSC recommends that organizations consider what level of tradecraft and targeting they are prone to, rather than which malicious actors they are aiming to mitigate.

Requirements as per Maturity Levels

Requirements for Maturity Level One through to Maturity Level Three build upon one another like layers. So, if you have satisfied a level 2 maturity level – you will only need to satisfy some additional controls to obtain a level 3 maturity.

We will discuss the essential eight requirements under each category and specify which controls help satisfy which maturity level.

Download The Essential8 WhitepaperDownload this page as a whitepaper (PDF) to learn what the eight essential controls are, how organizations can prepare, and how leveraging Securden Unified PAM can help address key security controls.

Download Whitepaper

Securden’s Unified Privileged Access Management Solution

Securden Unified PAM is a solution designed to restrict privileged access, manage local administrative rights and control applications on Windows, Linux, Unix and Mac devices. It helps prevent malware execution and assists organizations to satisfy up to Maturity Level 3 for specific requirement categories.

Multi-factor authentication (MFA)

Specific Security Control

Multi-factor authentication is used to authenticate users to their organization's/third-party services that process, store or communicate internal/external sensitive data.

Corresponding Maturity Levels

Level 1,Level 2,Level 3

How Securden Unified PAM Helps

Securden acts as the centralized repository of all accounts used to access online services.

Sensitive organizational data is also stored in the encrypted repository.

For any user in the organization to access these online services/data - they need to go through PAM.

Multifactor Authentication can be enforced to access this repository - so users can access these resources securely after authentication through one or more factors.

Specific Security Control

Multi-factor authentication is used to authenticate privileged and unprivileged users of systems and data repositories.

Corresponding Maturity Levels

Level 1,Level 2,Level 3

How Securden Unified PAM Helps

Privileged and unprivileged users who connect to remote systems and servers through SSH/RDP/SQL Unified PAM can only do so after authenticating through multiple factors.

Specific Security Control

Multi-factor authentication uses either: something users have and something users know, or something users have that is unlocked by something users know or are.

Corresponding Maturity Levels

Level 1,Level 2,Level 3

How Securden Unified PAM Helps

Unified PAM integrates with several 2FA providers such as Duo, YubiKey, Google Auth, Microsoft Auth, Mail OTP etc.

One of the factors can be a password/OTP that the users know.

It can be a Yubikey or a physical authentication device that the user has.

Or the user can authenticate through their own biometrics (what they are).

Specific Security Control

Successful and unsuccessful multi-factor authentication events are centrally logged.

Corresponding Maturity Levels

Level 2,Level 3

How Securden Unified PAM Helps

Securden Unified PAM logs and audits all events including when users have a failed attempt at authenticating through MFA to access sensitive resources.

Specific Security Control

Event logs are protected from unauthorized modification and deletion.

Corresponding Maturity Levels

Level 2,Level 3

How Securden Unified PAM Helps

All audit logs generated are tamper resistant and cannot be deleted or modified.

Specific Security Control

Event logs from servers and workstations are analyzed in a timely manner to detect cyber security events.

Corresponding Maturity Levels

Level 3

How Securden Unified PAM Helps

All Windows security events occurring on endpoints are detected and logged in real time. These events can be notified to the administration when they occur.

Specific Security Control

Cyber security events are analyzed in a timely manner to identify cyber security incidents.

Corresponding Maturity Levels

Level 3

How Securden Unified PAM Helps

All events that occur in Unified PAM are logged and these event logs can be sent to an SIEM tool to analyze.

Restrict Administrative Privileges

Specific Security Control

Requests for privileged access to systems, applications and data repositories are validated when first requested.

Corresponding Maturity Levels

Level 1, Level 2, Level 3

How Securden Unified PAM Helps

Requests raised by users access to systems, applications and sensitive data can be validated by one or more approvers and automatically approved based on factors such as the user having a valid ticket corresponding to his/her access request.

Specific Security Control

Privileged access to systems, applications and data repositories is disabled after 12 months unless revalidated.

Corresponding Maturity Levels

Level 1, Level 2, Level 3

How Securden Unified PAM Helps

Privileged access to remote systems, applications, and sensitive data can be granted to users for a specific time-period, after which they will not be able to access these resources unless a request is raised and validated.

Specific Security Control

Privileged access to systems and applications is disabled after 45 days of inactivity.

Corresponding Maturity Levels

Level 1

How Securden Unified PAM Helps

Unified PAM detects inactive users and provides a report of all the systems they have access to. This report can help disable their access provisions in a timely manner.

Specific Security Control

Privileged users are assigned a dedicated privileged account to be used solely for duties requiring privileged access.

Corresponding Maturity Levels

Level 1

How Securden Unified PAM Helps

Unified PAM acts as the centralized repository that stores all privileged accounts.

All users onboarded in PAM can be assigned privileged account with granularity in the level of privileged access based on their duties and job responsibilities.

Specific Security Control

Privileged access to systems, applications and data repositories is limited to only what is required for users and services to undertake their duties

Corresponding Maturity Levels

Level 1

How Securden Unified PAM Helps

Securden PAM helps enforce the Principle of Least Privilege (PoLP). Users are limited only to the systems and data that they require.

Specific Security Control

Secure Admin Workstations are used in the performance of administrative activities.

Corresponding Maturity Levels

Level 1

How Securden Unified PAM Helps

Agents deployed on workstations ensure that the local administrative privileges are removed, and all admin activity is performed in a time-restricted fully monitored manner.

Specific Security Control

Unprivileged accounts cannot log on to privileged operating environments.

Corresponding Maturity Levels

Level 1

How Securden Unified PAM Helps

Only the privileged accounts mapped to assets will be able to launch connections to them.

Specific Security Control

Just-in-time administration is used for administering systems and applications.

Corresponding Maturity Levels

Level 1

How Securden Unified PAM Helps

All access to system and applications can be administered in a Just-in-time fashion.

After the duration ends, all access is revoked.

Specific Security Control

Administrative activities are conducted through jump servers.

Corresponding Maturity Levels

Level 1

How Securden Unified PAM Helps

Privileged sessions to remote resources are carried out through jump servers.

Specific Security Control

Credentials for break glass accounts, local administrator accounts and service accounts are long, unique, unpredictable and managed.

Corresponding Maturity Levels

Level 1

How Securden Unified PAM Helps

Securden Unified PAM ensures that all passwords – local admin account passwords, domain passwords, Windows service accounts and dependencies are all long, unique, complex, and strong as per the password policy defined.

Specific Security Control

Privileged access events are centrally logged.

Corresponding Maturity Levels

Level 1

How Securden Unified PAM Helps

All events relating to privileged access are logged centrally and can be exported as reports.

Specific Security Control

Privileged account and group management events are centrally logged.

Corresponding Maturity Levels

Level 1

How Securden Unified PAM Helps

All events relating to privileged accounts and account groups are logged centrally.

Specific Security Control

Event logs are protected from unauthorized modification and deletion.

Corresponding Maturity Levels

Level 1

How Securden Unified PAM Helps

Event logs generated are tamper proof- and cannot be modified or deleted.

Application Control

Specific Security Control

Application control is implemented on workstations.

Corresponding Maturity Levels

Level 1

How Securden Unified PAM Helps

Through centralized control policies, Unified PAM lets administrators define which applications are allowed and blocked for users.

Specific Security Control

Application control is implemented on internet-facing servers.

Corresponding Maturity Levels

Level 1

How Securden Unified PAM Helps

Through the lightweight agent, applications can be controlled on internet facing and non-internet facing servers.

Specific Security Control

Application control is applied to user profiles and temporary folders.

How Securden Unified PAM Helps

Application control can be specifically applied to profiles of users who log in to systems.

Specific Security Control

Application control restricts the execution of executables, software libraries, scripts, installers, compiled HTML, HTML applications and control panel applets to an organization-approved set.

Corresponding Maturity Levels

Level 1

How Securden Unified PAM Helps

Through application control policies, execution of various scripts, installers, apps and applets etc. can be restricted.

Specific Security Control

Microsoft’s recommended application blocklist is implemented.

Corresponding Maturity Levels

Level 1

How Securden Unified PAM Helps

Applications recommended by Microsoft to be blocked can be restricted through a blocklist policy.

Specific Security Control

Application control rulesets are validated on an annual or more frequent basis.

Corresponding Maturity Levels

Level 1

How Securden Unified PAM Helps

Application control rulesets/policies can be reviewed and validated by the administrator through reports.

Specific Security Control

Allowed and blocked application control events are centrally logged.

How Securden Unified PAM Helps

All application allowed and blocked events are logged centrally and can be downloaded as reports when needed.

Specific Security Control

Event logs are protected from unauthorized modification and deletion.

Corresponding Maturity Levels

Level 1

How Securden Unified PAM Helps

Event logs are tamper proof and protected from unauthorized modification and deletion.

User Application Hardening

Specific Security Control

Internet Explorer 11 is disabled or removed.

Corresponding Maturity Levels

Level 1, Level 2, Level 3

How Securden Unified PAM Helps

Internet Explorer 11 can be blocked from usage. No user will be able to run or install this software.

Specific Security Control

PowerShell module logging, script block logging and transcription events are centrally logged.

Command line process creation events are centrally logged.

Corresponding Maturity Levels

Level 2, Level 3

How Securden Unified PAM Helps

All processes that require admin rights such as PowerShell and Command Line are centrally logged.

Specific Security Control

Windows PowerShell 2.0 is disabled or removed.

Corresponding Maturity Levels

Level 3

How Securden Unified PAM Helps

Windows PowerShell 2.0 can be blocked from usage. No user will be able to run or install this software.

Overview of Security Controls Satisfied by Unified PAM

Securden Unified PAM addresses multiple requirement categories under Essential Eight, specifically:

  • Application Control
  • User Application Hardening
  • Admin Privileges Restriction and
  • Multifactor Authentication

While other PAM solutions require multiple solutions and separate modules to satisfy these requirements – Securden Unified PAM is a single solution to cover security aspects across Privileged Account & Session Management, Remote Access Management, Password Management and Privilege Elevation and Delegation Management.

Request Personalised Demo

Explore how Unified PAM features help safeguard your IT infrastructure by controlling privileged access and enforcing least privilege controls.

Enter a proper email address.
Securden Help Assistant

Thanks for sharing your details.
We will be in touch with you shortly

Thanks for sharing your details.
We will be in touch with you shortly