The Australian Signals Directorate (ASD) published the “Strategies to Mitigate Cyber Security Incidents”, a prioritized list of mitigation strategies to assist organizations in protecting their systems against a range of adversaries. These are customizable to your organization’s risk profile and the types of adversaries you are protecting against. The “essential” in the title refers to the effectiveness of the strategy to mitigate security risks.
No single mitigation strategy will prevent all potential incidents, and organizations should apply all 8 of the mitigation strategies. These eight strategies form the Essential Eight and are detailed below.
These strategies are assessed for potential user resistance, upfront costs (staffing, support and hardware) and ongoing maintenance costs, with a rating provided for each.
The Australian Cyber Security Centre (ACSC) also details other mitigation strategies which businesses may require. There are nine mitigation strategies rated as having the effectiveness of “Excellent”, fifteen as “Very Good”, one as “Good”, and four with an effectiveness rating of “Limited”.
The process of checking for compliance within your VMware environments can be arduous and costly, and any kind of manual checks are subject to human error, so it is crucial to automate as much as possible.
Runecast Analyzer automates the process of checking VMware vSphere resources for compliance against Essential Eight standards – almost 30 cross-referenced checks. Each finding maps to a specific Essential Eight mitigation strategy. As with all other standards covered within Runecast Analyzer, we show the details of all of the impacted objects and both the wording from the standard and a technical translation and details of how to audit the finding and remediate any non-compliances manually.
With Runecast Analyzer, you get year-round, 24/7 visibility into your audit compliance posture. It allows you to get immediate visibility into risks and non-compliances inherent in your environment, allowing you to identify gaps between where you are and a fully compliant state and show as soon as any objects move out of compliance.
The solution runs entirely on-premises, with no data leaving your control. All analysis takes place on the Runecast Analyzer appliance. Move to a more proactive way of handling your compliance requirements!