The Australian Signals Directorate (ASD) has developed a list of strategies to mitigate targeted cyber intrusions. The recommended mitigation strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious cyber intrusions and performing vulnerability assessments and penetration testing for Australian Government Agencies. This document provides an overview of these recommendations and references to BeyondTrust solutions by report, screenshot, or user interface. This includes BeyondTrust’s Privileged Account Management (PAM) and Vulnerability Management (VM) solutions and various modules that satisfy the individual mitigation strategies. Below are all 35 recommended mitigation strategies:
1 Application whitelisting of permitted/trusted programmes, to prevent execution of malicious or unapproved programmes including .DLL files, scripts and installers.
2 Patch applications e.g. Java, PDF viewer, Flash, web browsers and Microsoft Office. Patch/mitigate systems with "extreme risk" vulnerabilities within two days. Use the latest version of applications.
3 Patch operating system vulnerabilities. Patch/mitigate systems with "extreme risk" vulnerabilities within two days. Use the latest suitable operating system version. Avoid Microsoft Windows XP.
4 Restrict administrative privileges to operating systems and applications based on user duties. Such users should use a separate unprivileged account for email and web browsing.
Once organisations have effectively implemented the top 4 migration strategies, firstly on workstations of users who are most likely to be targeted by cyber intrusions and then on all workstations and servers, additional mitigation strategies can then be selected to address security gaps until an acceptable level of rebuild risk is reached
5 User application configuration hardening, disabling: running Internetbased Java code, untrusted Microsoft Office macros, andunneeded/undesired web browser and PDF viewer features.
6 Automated dynamic analysis of email and web content run in a sandbox to detect suspicious behaviour including network traffic, new or modified files, or other configuration changes.
7 Operating system generic exploit mitigation e.g. Data Execution Prevention (DEP), Address Space Layout Randomisation (ASLR) andEnhanced Mitigation Experience Toolkit (EMET).