The Australian Signals Directorate’s (ASD) ‘Essential 8’ strategies to mitigate cyber security incidents represent a set of cyber security best practices that, when implemented successfully, will provide your agency with a baseline cyber security posture.
The Essential 8 expand upon the ‘Top 4’ mitigation strategies, part of the government’s Protective Security Policy Framework, which have been mandatory for federal agencies since 2014. ASD has stated that implementing the Top 4 mitigation strategies will be able to prevent over 85% of unauthorised intrusions. There are a total of 37 mitigation strategies which, taken together, provide a comprehensive set of guidelines that can provide a basis for your agency’s appropriate use policy.
Fortinet’s security fabric is ideally situated to support almost all of the 37 mitigation strategies. With the FortiGate next generation firewall, the FortiOS secure operating system, and realtime updates from the FortiGuard threat intelligence service, you can ensure compliance and, indeed, automate many of these strategies. And ancillary solutions, such as FortiSandbox, FortiAuthenticator, and FortiAnalyzer, not only add critical additional features, but are able to scale up to the largest workloads.
The advantage of Fortinet’s Security Fabric is that all components are tightly integrated. This enables a synchronized, multi-level approach that provides comprehensive protection even if adversaries manage to break through one layer of your defensive measures, meaning they’ll be stopped before they can go further. Integration by design also means you can see every device on your distributed network, manage most of the day-to-day activities from a centralised dashboard, monitor traffic and application usage, and take quick action if any anomalous activity is detected. This is especially critical for advanced threat protection.
The Essential 8 strategies go a long way toward protecting your agency from security breaches and potentially damaging malware for a comparatively modest financial investment. While implementing these strategies will entail an investment of staff time and possible hardware / software upgrades, the costs involved will be considerably lower than cleaning up in the wake of a compromise.
Here is a quick overview of the strategies.
The remaining four Essential 8 mitigation strategies are recommended but not yet mandatory. However, they are essential for securing your networks.
These ASD Essential 8 mitigation strategies, when implemented correctly as an integral component of your overall security fabric, provide a compliance framework for your agency to ensure that your security defences are working together to provide optimal protection. These guidelines provide an excellent opportunity for you to systematically examine your complete network infrastructure, ensure that every component is correctly configured, and that you have installed the basic security features and procedures necessary to ensure business continuity.
The ASD’s Essential 8 mitigation strategies, along with the other 29 strategies, provide an excellent blueprint for security best practices. At the very least, you should download the checklist and do a quick stock-take on which you already employ, which are on your ‘to-do’ list, which ones are slated for later, and which you hadn’t considered.
More work? Probably. More expense? Possibly. More protection? Absolutely. The Australian Signals Directorate has laid down the challenge: Are you doing all you can to protect your agency, people, data and applications? You owe it to your stakeholders – and the public - to ensure that these mitigation strategies are implemented and maintained. Fortinet’s family of integrated and automated security solutions and professional security consultants are here to help.