Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
The Australian Signals Directorate (ASD) has published what it calls the “Essential 8”: a set of fundamental mitigation strategies as a baseline for securing an organization. It is intended to be a pragmatic set of mitigation strategies designed to address the most common adversary behaviors. They are:
There is often a feeling of “security nihilism” when it comes to reporting around intrusions, especially those conducted by nation-states or other types of APT threat actor groups. However, pragmatic approaches such as the Essential 8 framework go a long way to mitigating many typical adversary behaviors. That is, it increases the costs for an attacker to attack a particular organization. This is the name of the game. In order to demonstrate this, we took our recent work on the Mitre ATT&CK framework and various indictments of cyber criminals and nation state actors and mapped them to the Essential 8 framework:
The mapping exercise was very instructive and yielded a number of key insights:
Essential 8 is an excellent framework for mitigating many common adversary behaviors. By mapping some well-known adversaries to the ATT&CK framework we can see how, by using Essential 8, an organization can significantly obstruct adversaries. However, Essential 8 is just the beginning of a cyber security program. As the above mapping clearly demonstrates, detection is an important part of a cyber security program, especially at the earlier and later stages of the attack lifecycle.