ManageEngine
  • Request callback
  • Download resource
Banner Creative

What does this model mean
for my organization?

Organisations are recommended to implement these eight essential mitigation strategies as a baseline. Once organisations have implemented Level One mitigation strategies, they should strive to reach Maturity Level Three to ensure maximum protection for their organisational data.

Mitigation strategies to prevent malware delivery and execution
  • Application whitelisting of approved/trusted programs to prevent execution of unapproved/malicious programs.
  • Patch applications with high-risk vulnerabilities within 48 hours. Use the latest version of applications.
  • User application hardening Configure web browsers to block Flash, ads, and Java on the internet. Disable unneeded features in Microsoft Office, web browsers, and PDF viewers.
  • Configure Microsoft Office macro settings to block macros from the internet, and only allow vetted macros either in trusted locations with limited write access or digitally signed with a trusted certificate.
Mitigation strategies to limit the extent of cybersecurity incidents
  • Restrict administrative privileges to operating systems and applications based on user duties. Regularly re-evaluate the need for privileges.
  • Implement multi-factor authentication for all users when they perform a privileged action or access a sensitive data repository.
  • Patch operating systems with high-risk vulnerabilities within 48 hours. Use the latest operating system version. Don't use unsupported versions.
Mitigation strategies to recover data and system availability
  • Daily backups of important, new, or changed data, software, and configuration settings should be stored off-site and retained for at least three months. Test restoration initially, annually, and after any IT infrastructure change.

Take the assessment

The Essential Eight Quiz

The Essential Eight Quiz

Is your organisation prepared to tackle advanced cyberattacks?
Take our quiz to determine your organisation's maturity level and security preparedness.

Get our Essential Eight guide upon taking the assessment


  • #Question 1


    Which of the following practices does your organization follow regarding the installation of software applications and executables in your environment?


    • We allow only pre-approved executables and software libraries to be installed on workstations or servers. We also use the latest Microsoft recommended block rules to ward off attacks.
    • Users can download any pre-approved executables in our organization.
    • We allow only pre-approved executables and software libraries in our organization.
    • We freely allow the installation of all kinds of software applications and executables.
    Next
  • #Question 2


    How often does your organization scan applications and patch any vulnerabilities that are detected?


    • Our organization allows users to install patches themselves.
    • We have automated systems to monitor and confirm our network endpoints are patched constantly, and all high-risk vulnerabilities are patched within 48 hours.
    • We monitor our network, and patch all high-risk vulnerabilities within two weeks.
    • We scan our environment, and patch all high-risk vulnerabilities within a month.
    Next
  • #Question 3


    How does your organization manage Microsoft Office macro settings?


    • Our organization allows all digitally signed macros to run by default. Macros from documents originating from the internet are blocked automatically
    • We can execute macros but only from trusted locations, and all the macros that are downloaded from the internet are disabled.
    • All Microsoft Office macros, irrespective of their source, are allowed upon approval by the user.
    • Macros are allowed in our organization as and when the need arises.
    Next
  • #Question 4


    What steps does your organization take to harden and secure user applications?


    • We have configured our web browsers to disable Flash content.
    • We have disabled flash, web advertisements, Java, and Flash content that are part of Microsoft Office documents. Additionally, object linking and embedded packages are also disabled.
    • We have disabled Flash, web advertisements, and Java.
    • We freely allow all browser plug-ins and extensions.
    Next
  • #Question 5


    How does your organization authorize and monitor administrative privileges to systems and applications?


    • Privileged access to critical resources is granted upon initial validation, and is revalidated annually. The access granted is limited only to the required information.
    • Privileged access is given whenever requested.
    • Privileged access is given upon initial validation and is revalidated annually.
    • Privileged access is given based on requirement and initial validation.
    Next
  • #Question 6


    How often does your organization scan and patch operating systems?


    • We have automated systems to monitor our systems, and patch all high-risk vulnerabilities within 48 hours.
    • We monitor our systems and patch all high-risk vulnerabilities within two weeks.
    • Our organizations allows users to install system patches themselves.
    • We scan our environment and patch all high-risk vulnerabilities within a month.
    Next
  • #Question 7


    Has your organization implemented multi-factor authentication? If yes, what policies govern the MFA practices your organization follows?


    • We have enforced multi-factor authentication for remote access and privileged access.
    • We have implemented multi-factor authentication for remote access only.
    • We have implemented multi-factor authentication for remote access, privileged access, and accessing sensitive data stores.
    • We have not adopted multi-factor authentication yet.
    Next
  • #Question 8


    Are daily backups considered an important part of your organization's security strategy?


    • Our organization performs backups daily, and partial restoration is tested quarterly. The data backup is stored for more than three months.
    • We perform backups weekly, and partial restoration is tested biannually. The data backup is stored for one-three months.
    • We perform backups monthly and partial restoration is tested on an annual basis. The data backup is stored for one-three months.
    • We perform data backups as required, but we do not test restoration.
    Next
  • Fill in your details to access your score report and download our comprehensive guide to the Essential Eight Maturity Model


    Please enter your name

    Please enter your email

    Please enter phone no

    Please enter your organization name

    By clicking 'Access score report', you agree to processing of personal data according to the Privacy Policy.

  • Score

    Maturity Level One

         

    Great news! Your organisation is aligned with the Level One of the Essential Eight Maturity Model, which means that you have the basic recommended security measures in place. Now that your baseline security has been taken care of, it is highly recommended that your organisation strives towards the highest level of maturity. To learn how you can move up the ladder, check out our comprehensive guide to the Essential Eight.

    Download e-book

    Score

    Maturity Level Two

         

    Good work! Your organisation is aligned with the Level Two of the Essential Eight Maturity Model, which means that you have all the standard recommended security measures in place. However, with new attack vectors emerging everyday, it is recommended that your organisation constantly strives to reach the highest level of maturity. To learn how you can improve your security posture, check out our comprehensive guide to the Essential Eight.

    Download e-book

    Score

    Maturity Level Three

         

    Congratulations! Your organisation is aligned with the highest maturity level of the Essential Eight Maturity Model. Your organisation has implemented advanced security measures to keep your business-critical data protected at all times. However, be careful not to become complacent, as sophisticated attack vectors are emerging every day. To stay on top of your game, check out our comprehensive guide to the Essential Eight.

    Download e-book
    Retake Quiz

How can I improve my
maturity level?

The right solutions and configurations can greatly simplify the process of reaching the highest maturity level. Although there is no single solution that can address all the strategies you need to implement, the right combination of processes and IT tools can make reaching Maturity Level Three easy.

  • Application whitelisting

    • Block applications—identify and auto-uninstall prohibited software.
    • Lock a device to a single application or group of applications.
    • Block executables and script execution.
    • Deploy block rules on workstations and servers.
    • Allow or block apps on mobile devices running Android, iOS, or Windows
  • Patch applications

    • Patch over 300 Microsoft, non-Microsoft, macOS, and Linux applications.
    • Update drivers and BIOS versions.
    • Detect, approve, download, test, install, and validate patches and service packs.
    • Schedule patch scans and deployment.
    • Achieve patch compliance using advanced analytics and audits.
    • Manage workstations and servers on a LAN or WAN.
  • Configure MS Office macro settings

    • Manage MS Office settings out of the box.
    • Manage MS Office macro settings through execution of custom scripts.
    • Control browser plug-ins, extensions, and allowed sites for Internet Explorer, Edge, Firefox, and Chrome.
  • User application hardening

    • Control browser plug-ins, extensions, and allowed sites.
    • Leverage browser lockdown and isolation, download restrictions, and data leak prevention tools.
    • Provide or restrict access to web applications.
  • Restrict administrative privileges

    • Manage privileged access to systems, applications, and network devices.
    • Exert granular control over users' accesses to resources and passwords.
    • Delegate role-based access to AD, Exchange, and Office 365.
    • Gain visibility on and manage privileged permissions.
    • Set role-based access to computers and mobile devices running Android, iOS, or Windows.
  • Patch operating systems

    • Test and deploy OS patches for Windows, macOS, and Linux based on severity.
    • Validate the status of patch deployment.
    • Schedule patch scans, and identify the health status of devices.
    • Identify and manage firmware vulnerabilities.
    • Perform remote firmware upgrades and OS image transfers.
  • Multi-factor authentication

    • Use one or more authentication techniques to verify users' identities during the password reset and account unlock process.
    • Use a secure password vault for privileged and personal accounts.
    • Enable authentication through AD/LDAP, PhoneFactor, email, RSA SecurelD, etc.
    • Remotely log in to a wide range of systems and network devices on a LAN or WAN, and record privileged sessions.
  • Daily backups

    • Perform comprehensive scheduled, incremental object and item-level backups in AD, on-premises Exchange, and Exchange Online.
    • Back up the entire database of application configurations, system settings, and password share permissions through scheduled tasks or live data backup.
    • Perform restart-free granular restoration.
    • Automate configuration backups from over 200 multi-vendor firewalls, routers, switches, etc.

Thank you for reaching out. We’ll get in touch with you shortly.

Loading ...

Loading ...

popup close

Request callback

Please enter your name

Please enter your email

Please enter phone no

Please enter your organization name

Please select the date

By clicking 'Submit', you agree to processing of personal data according to the Privacy Policy.

Download resource

Please enter your name

Please enter your email

Please enter phone no

Please enter your organization name

By clicking 'Submit', you agree to processing of personal data according to the Privacy Policy.