Essential 8
Meeting the ACSC’s Eight Essential Strategies with PAM
Introduction
The Essential Eight was designed by the ACSC (Australian Cyber Security Centre) to mitigate cybersecurity incidents and help protect organizations IT networks from various threats. The most effective strategies that were prioritized for risk mitigation are the Essential Eight.
It was first published in June 2017 and has been updated since then. Essential Eight was prepared based on Australian Signals Directorate ASD’s learnings from producing cyber threat intelligence and conducting pen tests.
The eight strategies recommended by ACSC to mitigate risk are:
- Patch Applications
- Patch Operating Systems
- Utilize Multi-factor Authentication
- Restrict administrative privileges
- Control Applications
- Restrict Microsoft Office Macros
- Implement User Application Hardening
- Take Regular Backups
Essential Eight - Levels of Maturity
ACSC has defined four levels of maturity (Level Zero through Three) to assist organizations with their implementation of Essential Eight. Each level of maturity shows how aligned an organization is with the intent of the mitigation strategy.
Maturity levels are based on mitigating increasing levels of tactics, techniques and tools used by attackers against targets. ACSC recommends that organizations consider what level of tradecraft and targeting they are prone to, rather than which malicious actors they are aiming to mitigate.
Requirements as per Maturity Levels
Requirements for Maturity Level One through to Maturity Level Three build upon one another like layers. So, if you have satisfied a level 2 maturity level – you will only need to satisfy some additional controls to obtain a level 3 maturity.
We will discuss the essential eight requirements under each category and specify which controls help satisfy which maturity level.
Download The Essential8 WhitepaperDownload this page as a whitepaper (PDF) to learn what the eight essential controls are, how organizations can prepare, and how leveraging Securden Unified PAM can help address key security controls.
Download WhitepaperSecurden’s Unified Privileged Access Management Solution
Securden Unified PAM is a solution designed to restrict privileged access, manage local administrative rights and control applications on Windows, Linux, Unix and Mac devices. It helps prevent malware execution and assists organizations to satisfy up to Maturity Level 3 for specific requirement categories.
Multi-factor authentication (MFA)
Specific Security Control
Multi-factor authentication is used to authenticate users to their organization's/third-party services that process, store or communicate internal/external sensitive data.
Corresponding Maturity Levels
Level 1,Level 2,Level 3
How Securden Unified PAM Helps
Securden acts as the centralized repository of all accounts used to access online services.
Sensitive organizational data is also stored in the encrypted repository.
For any user in the organization to access these online services/data - they need to go through PAM.
Multifactor Authentication can be enforced to access this repository - so users can access these resources securely after authentication through one or more factors.
Specific Security Control
Multi-factor authentication is used to authenticate privileged and unprivileged users of systems and data repositories.
Corresponding Maturity Levels
Level 1,Level 2,Level 3
How Securden Unified PAM Helps
Privileged and unprivileged users who connect to remote systems and servers through SSH/RDP/SQL Unified PAM can only do so after authenticating through multiple factors.
Specific Security Control
Multi-factor authentication uses either: something users have and something users know, or something users have that is unlocked by something users know or are.
Corresponding Maturity Levels
Level 1,Level 2,Level 3
How Securden Unified PAM Helps
Unified PAM integrates with several 2FA providers such as Duo, YubiKey, Google Auth, Microsoft Auth, Mail OTP etc.
One of the factors can be a password/OTP that the users know.
It can be a Yubikey or a physical authentication device that the user has.
Or the user can authenticate through their own biometrics (what they are).
Specific Security Control
Successful and unsuccessful multi-factor authentication events are centrally logged.
Corresponding Maturity Levels
Level 2,Level 3
How Securden Unified PAM Helps
Securden Unified PAM logs and audits all events including when users have a failed attempt at authenticating through MFA to access sensitive resources.
Specific Security Control
Event logs are protected from unauthorized modification and deletion.
Corresponding Maturity Levels
Level 2,Level 3
How Securden Unified PAM Helps
All audit logs generated are tamper resistant and cannot be deleted or modified.
Specific Security Control
Event logs from servers and workstations are analyzed in a timely manner to detect cyber security events.
Corresponding Maturity Levels
Level 3
How Securden Unified PAM Helps
All Windows security events occurring on endpoints are detected and logged in real time. These events can be notified to the administration when they occur.
Specific Security Control
Cyber security events are analyzed in a timely manner to identify cyber security incidents.
Corresponding Maturity Levels
Level 3
How Securden Unified PAM Helps
All events that occur in Unified PAM are logged and these event logs can be sent to an SIEM tool to analyze.
Restrict Administrative Privileges
Specific Security Control
Requests for privileged access to systems, applications and data repositories are validated when first requested.
Corresponding Maturity Levels
Level 1, Level 2, Level 3
How Securden Unified PAM Helps
Requests raised by users access to systems, applications and sensitive data can be validated by one or more approvers and automatically approved based on factors such as the user having a valid ticket corresponding to his/her access request.
Specific Security Control
Privileged access to systems, applications and data repositories is disabled after 12 months unless revalidated.
Corresponding Maturity Levels
Level 1, Level 2, Level 3
How Securden Unified PAM Helps
Privileged access to remote systems, applications, and sensitive data can be granted to users for a specific time-period, after which they will not be able to access these resources unless a request is raised and validated.
Specific Security Control
Privileged access to systems and applications is disabled after 45 days of inactivity.
Corresponding Maturity Levels
Level 1
How Securden Unified PAM Helps
Unified PAM detects inactive users and provides a report of all the systems they have access to. This report can help disable their access provisions in a timely manner.
Specific Security Control
Privileged users are assigned a dedicated privileged account to be used solely for duties requiring privileged access.
Corresponding Maturity Levels
Level 1
How Securden Unified PAM Helps
Unified PAM acts as the centralized repository that stores all privileged accounts.
All users onboarded in PAM can be assigned privileged account with granularity in the level of privileged access based on their duties and job responsibilities.
Specific Security Control
Privileged access to systems, applications and data repositories is limited to only what is required for users and services to undertake their duties
Corresponding Maturity Levels
Level 1
How Securden Unified PAM Helps
Securden PAM helps enforce the Principle of Least Privilege (PoLP). Users are limited only to the systems and data that they require.
Specific Security Control
Secure Admin Workstations are used in the performance of administrative activities.
Corresponding Maturity Levels
Level 1
How Securden Unified PAM Helps
Agents deployed on workstations ensure that the local administrative privileges are removed, and all admin activity is performed in a time-restricted fully monitored manner.
Specific Security Control
Unprivileged accounts cannot log on to privileged operating environments.
Corresponding Maturity Levels
Level 1
How Securden Unified PAM Helps
Only the privileged accounts mapped to assets will be able to launch connections to them.
Specific Security Control
Just-in-time administration is used for administering systems and applications.
Corresponding Maturity Levels
Level 1
How Securden Unified PAM Helps
All access to system and applications can be administered in a Just-in-time fashion.
After the duration ends, all access is revoked.
Specific Security Control
Administrative activities are conducted through jump servers.
Corresponding Maturity Levels
Level 1
How Securden Unified PAM Helps
Privileged sessions to remote resources are carried out through jump servers.
Specific Security Control
Credentials for break glass accounts, local administrator accounts and service accounts are long, unique, unpredictable and managed.
Corresponding Maturity Levels
Level 1
How Securden Unified PAM Helps
Securden Unified PAM ensures that all passwords – local admin account passwords, domain passwords, Windows service accounts and dependencies are all long, unique, complex, and strong as per the password policy defined.
Specific Security Control
Privileged access events are centrally logged.
Corresponding Maturity Levels
Level 1
How Securden Unified PAM Helps
All events relating to privileged access are logged centrally and can be exported as reports.
Specific Security Control
Privileged account and group management events are centrally logged.
Corresponding Maturity Levels
Level 1
How Securden Unified PAM Helps
All events relating to privileged accounts and account groups are logged centrally.
Specific Security Control
Event logs are protected from unauthorized modification and deletion.
Corresponding Maturity Levels
Level 1
How Securden Unified PAM Helps
Event logs generated are tamper proof- and cannot be modified or deleted.
Application Control
Specific Security Control
Application control is implemented on workstations.
Corresponding Maturity Levels
Level 1
How Securden Unified PAM Helps
Through centralized control policies, Unified PAM lets administrators define which applications are allowed and blocked for users.
Specific Security Control
Application control is implemented on internet-facing servers.
Corresponding Maturity Levels
Level 1
How Securden Unified PAM Helps
Through the lightweight agent, applications can be controlled on internet facing and non-internet facing servers.
Specific Security Control
Application control is applied to user profiles and temporary folders.
How Securden Unified PAM Helps
Application control can be specifically applied to profiles of users who log in to systems.
Specific Security Control
Application control restricts the execution of executables, software libraries, scripts, installers, compiled HTML, HTML applications and control panel applets to an organization-approved set.
Corresponding Maturity Levels
Level 1
How Securden Unified PAM Helps
Through application control policies, execution of various scripts, installers, apps and applets etc. can be restricted.
Specific Security Control
Microsoft’s recommended application blocklist is implemented.
Corresponding Maturity Levels
Level 1
How Securden Unified PAM Helps
Applications recommended by Microsoft to be blocked can be restricted through a blocklist policy.
Specific Security Control
Application control rulesets are validated on an annual or more frequent basis.
Corresponding Maturity Levels
Level 1
How Securden Unified PAM Helps
Application control rulesets/policies can be reviewed and validated by the administrator through reports.
Specific Security Control
Allowed and blocked application control events are centrally logged.
How Securden Unified PAM Helps
All application allowed and blocked events are logged centrally and can be downloaded as reports when needed.
Specific Security Control
Event logs are protected from unauthorized modification and deletion.
Corresponding Maturity Levels
Level 1
How Securden Unified PAM Helps
Event logs are tamper proof and protected from unauthorized modification and deletion.
User Application Hardening
Specific Security Control
Internet Explorer 11 is disabled or removed.
Corresponding Maturity Levels
Level 1, Level 2, Level 3
How Securden Unified PAM Helps
Internet Explorer 11 can be blocked from usage. No user will be able to run or install this software.
Specific Security Control
PowerShell module logging, script block logging and transcription events are centrally logged.
Command line process creation events are centrally logged.
Corresponding Maturity Levels
Level 2, Level 3
How Securden Unified PAM Helps
All processes that require admin rights such as PowerShell and Command Line are centrally logged.
Specific Security Control
Windows PowerShell 2.0 is disabled or removed.
Corresponding Maturity Levels
Level 3
How Securden Unified PAM Helps
Windows PowerShell 2.0 can be blocked from usage. No user will be able to run or install this software.
Overview of Security Controls Satisfied by Unified PAM
Securden Unified PAM addresses multiple requirement categories under Essential Eight, specifically:
- Application Control
- User Application Hardening
- Admin Privileges Restriction and
- Multifactor Authentication
While other PAM solutions require multiple solutions and separate modules to satisfy these requirements – Securden Unified PAM is a single solution to cover security aspects across Privileged Account & Session Management, Remote Access Management, Password Management and Privilege Elevation and Delegation Management.
Request Personalised Demo
Explore how Unified PAM features help safeguard your IT infrastructure by controlling privileged access and enforcing least privilege controls.
