"Hi, my name is Michael, and I'm a Cyber Security Consultant here at AC3.
In this video, I'll be discussing one of the ACSC's Essential Eight mitigation strategies, Application Control.
Application control looks to prevent the execution of malicious programs and installers, including executables, scripts and privileged utility programs.
Instead of antivirus software that seeks only to block malicious programs, Application control stops anything that isn't a known requirement of your business from running.
Organisations that are at Level One focus their mitigation efforts on workstations within standard user profiles and temporary folders used by the operating system, web browsers, and email clients.
Moving up to Level Two, organisations expand their strategy to include internet-facing servers and look at all the executions on an asset rather than those associated with user profile directories.
At this level, logging of allowed and blocked executions is also required.
At Level Three, organisations expand the strategy again to include all workstations and servers, implement Microsoft's recommended block rules and driver block rules, validate their application control rule set on an annual or more frequent basis and centrally log and protect their allowed and blocked executions whilst monitoring for signs of compromise and taking action if cyber security events are detected.
It is important to understand each level of maturity and target the most appropriate level for your organisation's environment.
If you'd like guidance on which maturity level is right for your organisation or how effective your application controls are, please reach out to the team. We'd love to help you."
AC3's Essential Eight Security Control Assessment can benchmark your current strategies against the ACSC's Essential Eight maturity models. Find out more here.