Measuring your

Cyber Security Posture

The Essential 8 Scorecard continuously measures your
cyber security posture across a range of key security
performance indicators. The eight controls identified are as
a result of analysis of organisations that have succumbed
to cyber attacks and malware.
The Essential 8 Scorecard focuses on the eight controls that
have been found to have the highest impact on preventing a
cyber attack and improving your ability to recover from one.
Measuring control effectiveness is a key element of any
risk management process.
You cannot manage what you
cannot measure
The number of UK firms reporting cyber incidents
in 2019 is 61%.
Hiscox Cyber Readiness Report 2019
Australia’s Notifiable Data Breaches Scheme
received 215 notifications in Q1 2019, 61% of
these were malicious or criminal attacks.
OAIC Notifiable Data Breaches Quarterly Statistics Report
1 Jan–31 Mar 2019
Many of these attacks could have been
prevented, or the impact reduced, by adopting
basic cyber security measures.

The 8 essential controls

• Application white listing
These 4 controls alone have been assessed to
• Patching applications
Top 4 reduce the likelihood of suffering a cyber attack
• Patch operating systems
by up to 85%
• Restrict administrative privileges

These controls plus the Top 4 are key recommendations

• Daily back up of data
+ • Multifactor authentication
from the NCSC and the ACSC for protection against the most
common cyber attacks

• Disable untrusted Microsoft

Implementing these controls helps keep your business safe
++ Office macros
• User application hardening
from users falling victim to cyber attacks targeting endpoints

Security Posture at a glance

HUNTSMAN SECURITY CONTINUOUS MONITORING RESTRICTED

Essential 8 Scorecard Sample Company Name

To help mitigate cyber security risks the Security Scorecard is a powerful Report on the cyber security posture within your monitored environment Time Period: 1 Jan 2019 18.35 – 25 Jun 2019 16.35

toolset that provides: Cyber Security Posture

The Essential 8 Scorecard uses the ACSC Essential 8 maturity model as a
measurement baseline to compare the organisation’s maturity against each
CYBER SECURITY MATURITY

Maturity
Level 1
Partly aligned with intent
of mitigation strategy
of the eight controls.
Maturity Mostly aligned with intent
Defined assets, policies and organisational units combine with the flow Level 2 of mitigation strategy

 Executive Summary Report and detailed control reports

of events from the organisation’s infrastructure to inform the analytics
Maturity Fully aligned with intent
engine, to produce indicators of security posture which feed the real-time Level 3 of mitigation strategy
dashboards and reports.

CONTROLS TO PREVENT CYBER THREATS

Application TOP Patching TOP Disable untrusted Microsoft User application

 Clear Visibility of current security posture

whitelisting 4 applications 4 Office macros hardening

Running in enforcement mode.
An approved whitelisting method
covering executables, software
libraries, scripts and installers.
Patches for extreme risk security
vulnerabilities in Adobe Flash, web
browsers, Microsoft Office, Oracle
Java and PDF viewers are applied
and verified within 48 hours for all
workstations.
Only Microsoft Office macros in
appropriately configured trusted
locations can execute.
Web browsers are hardened
using vendor hardening guides.
Adobe Flash uninstalled and both
web advertisements and Java
from the Internet blocked.

 Guidance on where vulnerabilities exist

Compliance posture 90% Compliance posture 95% Compliance posture 76% Compliance posture 82%

CONTROLS TO LIMIT EXTENT OF INCIDENTS AND RECOVER DATA

Patch Operating TOP Restrict administrative TOP Daily backup of data & Multi-factor
Systems 4 privileges 4 systems availability authentication

The Essential 8 Scorecard gives you a measure of the efficiency and

Patches for extreme risk security
vulnerabilities in operating
systems are applied and
verified within 48 hours for all
workstations.
Duties-based restrictions on
privileged accounts are applied.
All privileged accounts are
blocked from reading emails and
web browsing using technical
Backups of important new/
changed data, software and
configuration settings are
performed daily. Backups are
stored offline.
Multi-factor authentication is
implemented for users using
remote access solutions, users
performing privileged actions and
users accessing important data

effectiveness of your security controls and reveals the direction your

controls. repositories.
Compliance posture 76% Compliance posture 91% Compliance posture 99% Compliance posture 40%

cyber security posture is moving. Applicability & Effectiveness

SYSTEMS
Applications

All servers and workstations which are monitored by Huntsman Security

software fall within the scope of the event collection. For those systems
Servers

Strategy
configured by enterprise software and change management tools, these
Users

will be encapsulated within the appropriate controls for application

versioning validation and patch level conformance.
Application whitelisting ✓  – ✓
USERS
Restrict adminstrative privileges ✓ ✓ ✓ Site-defined groups and organisational units of privileged users are

For more information Patch operating systems

Patching applications
✓

 –
 –

 ?
 –

Disable untrusted Microsoft Office macros
✓
linked to activity monitoring to detect inappropriate useage of software
which may introduct risk into the environment. In addition, site specific
implementation of interfaces to multi-factor authentication inherently
involve the activity of users within that environment.
✗  ?  ?
APPLICATIONS

www.huntsmansecurity.com/products/essential-8-security-scorecard/ User application hardening
Multi-factor authentication
Daily backup of important data
 –  ? ✓ Determination of the authorised nature of software in teh environment
is derived from policy extracted from the site and its enterprise software
✗ ✗ ✗ and change management tools. Monitoring for violations of policy
is achieved through monitoring of systems on which unauthorised
✓  – ✓
applications may be launched.

Compliant   Partially compliant   Non-compliant    NA

02531 0719

Page 1 of 9
COMMERCIAL IN CONFIDENCE © 2019 Tier-3 Pty Ltd, All rights reserved
Product Essential 8 Scorecard
Information Measuring your Cyber Security Posture

The 8 essential controls HUNTSMAN SECURITY CONTINUOUS MONITORING COMMERCIAL IN CONFIDENCE

Application
Whitelisting <Insert Company Name>

Each of the controls is reported in detail on a weekly basis and is Mitigation strategy to prevent malware from running Time Period: 14 Mar 2018 14:10 - 21 Mar 2018 14:10

What does the control cover? CYBER SECURITY MATURITY

automatically compared to the previous week so you can see if Only authorised applications and code should be allowed to execute.

Why is this control important?

By only allowing pre-approved applications and executables to run, the
Maturity
Level 3
(Workstations)
Implemented on all workstations
Running in enforcement mode
ability of malware to affect the system is severely curtailed. Whitelisting also An approved whitelisting method covering

your security posture is going in the right direction. The controls provides a greater defence against new malicious code which may not yet be
detected by gateway and end-point scanning technologies. A whitelist-based
approach to application/executable security also has the benefit of
restricting users from running unauthorised or unlicensed software in the Maturity
executables, software libraries, scripts and
installers

Implemented on important servers (e.g. Active

fit into two categories:

environment. Level 3 Directory, email servers and other servers
(Servers) handling user authentication)
How does Huntsman Security’s Executive Cyber Scorecard achieve
Running in enforcement mode
the goal of this control?
An approved whitelisting method covering
For this control, the software extracts and analyses application whitelisting
executables, software libraries, scripts and
policy defined by the organisation’s security administrator. Whitelisted
installers
applications are extracted from the policy, and any executions of
HUNTSMAN SECURITY CONTINUOUS MONITORING COMMERCIAL IN CONFIDENCE
applications outside of the pre-defined approved list result in alerts which
inform the status of the control. In addition, the software monitors for



Controls to mitigate against cyber threats:
changes to the whitelisting policies themselves to prevent circumvention of
policy by privileged users.


 <Insert Company Name> Control Failures Vulnerable

Unique
Whitelisting Control Workstations Servers Total
Mitigation strategies to prevent malware from running Time Period: 14 Mar 2018 14:10 - 21 Mar 2018 14:10 Endpoints
Failed attempts to apply Applocker policy updates 0 0 0 0

• Application Whitelisting – running in enforcement mode What does the control cover?
Ensure that application software has had all relevant vendor-supplied

Why is this control important?

CYBER SECURITY MATURITY

Maturity
Applocker detects the running of an unauthorised program

Applocker Enforcement mode disabled (Audit mode enabled)*

Patches for extreme risk security vulnerabilities
2,755

N/A
71

0
2,826

0
47

0
Level 3 in AdobeApplocker
Flash, webGroup
browsers,
PolicyMicrosoft
Deleted*Office, N/A 0 0 0
Malicious software often gains access and propagates through the use of

• Patching Applications – for extreme risk security vulnerabilities

(Workstations) Oracle Java and PDF viewers are applied and
known software vulnerabilities. Application vulnerabilities are often used to Total 2,755 71 2,826 47
verified within 48 hours for all workstations.
gain unauthorised access to all data to which the user account would
legitimately have access, and also for the execution and propagation of Only vendor-supported yet deprecated
malicious software such as ransomware which impacts data to which the
Indicators - last 2 weeks
versions of the above applications are used.
user has write access.
Maturity Patches for extreme risk security vulnerabilities

in Adobe Flash, web browsers etc. How does Huntsman Security’s Executive Cyber Scorecard achieve Level 3 in web server software, other server
the goal of this control? (Servers) applications that store important (sensitive or
high-availability) data, and all other internet-
For this control, the software monitors for inconsistencies between the
accessible server applications, are applied and
patch state of installed applications and the published list of security-critical
verified within 48 hours.
patches defined by the security administrator.

• Disable untrusted Microsoft Office Macros

Only vendor-supported yet deprecated
versions of applications are used for web
server software, other server applications that
store important data and all other internet-
accessible server applications.

• User Application Hardening.

Control Failures Vulnerable
Unique
Patch Applications Control Workstations Servers Additional
Total Data
Endpoints
Huntsman Score
Extreme Risk Security Patch not applied within 48 hours 75 24 99 4 Total The current "Application whitelisting" control is indicated as
Non-Supported Application Version Detected 0 0 Number of Monitored
0 Endpoints0 131 being partially effective.In the current reporting period, the
64.1% number of alerts raised is less than in the previous reporting
Total 75 24 99
Number of Monitored Endpoints4 that failed the Control 47 period.In the current reporting period, there were 47


     
Controls to limit the extent of incidents and
deviations by endpoints, compared to 47 in the previous
Number of times Applocker blocks an executable from reporting period.Overall, the indicative score for the current
1,535
running period (64.1%) is the same as the previous period (64.1%).

recover data:
Page 2 of 9
COMMERCIAL IN CONFIDENCE
© 2018 Tier-3 Pty Ltd, All rights reserved

• Patch operating systems – patch for extreme risk

vulnerabilities with 48 hours 
 
HUNTSMAN SECURITY CONTINUOUS MONITORING
Huntsman Score
COMMERCIAL IN CONFIDENCE

Total  !"#$%&!'(
The current "Patch applications" control is indicated as being
Number of Monitored Endpoints
)!*+,!"&%!"',
generally effective.In the current reporting period, the

• Restrict administrative privileges – duties-based restrictions

131
96.9% number of alerts raised is more than in the previous <Insert Company Name>
Number of new Critical Security Updates 1 reporting period.In the current reporting period, there were
Number of different non-compliant Applications - Mitigation 4strategies
deviations to
by limit
endpoints, compared
the extent to 1 in theand
of incidents previous
recover data Time Period: 14 Mar 2018 14:10 - 21 Mar 2018 14:10
reporting period.Overall, the indicative score for the current
Number of Monitored Endpoints that failed the Control 4 period
What does the (96.9%)
control is the same as the previous period (96.9%).
cover? CYBER SECURITY MATURITY

• Daily back-up of data

Requiring multiple factors makes it harder for an attacker to use credentials
by requiring additional elements in order to complete an authentication to Maturity Multi-factor authentication is implemented for
the system. Level 3 users using remote access solutions, users
Page 3 of 9
COMMERCIAL IN CONFIDENCE (Workstations performing privileged actions and users
Why is this control important?© 2018 Tier-3 Pty Ltd, All rights reserved
& Servers) accessing important (sensitive or high-
By brute-forcing or guessing passwords, or gaining unauthorised knowledge
availability) data repositories.
of a password, an attacker can often gain complete control of a user’s

• Multi-factor authentication – for users performing controls account. Users also often use the same password for multiple services or
applications, which can result in significant damage. By enforcing the use of
multiple factors, knowledge of just a password does not give an attacker
access.
In addition to passphrases, only additional
authentication methods from the following list
are used: U2F security keys, physical OTP
tokens, biometrics and/or smartcards.

improves likelihood of an increases your ability to terms. How does Huntsman Security’s Executive Cyber Scorecard achieve
the goal of this control?
For this control, the software monitors the organisation’s particular multi-
factor authentication technology. The software matches authentication
events against defined lists of privileged users to ensure that they are
enabled with multi-factor authentication.

Implementation of these eight controls improves cyber Multi-Factor Authentication Control Login <= 30 days
Control Failures

Login > 30 days Total

Vulnerable
Unique Users

resilience, minimises the likelihood of an attack being

Admin User not in MFA group 3 8 11 10

Remote User not in MFA group 36 22 58 40

Total 39 30 22 49

-./0123456 7 8263 9 :;;<6

successful and increases your ability to recover from one
in real terms.

=//0304.28 >232 Huntsman Score

Total The current "Multi-factor authentication" control is indicated
Number of Monitored Admin Users 14 as being less than effective.In the current reporting period,
37.2% the number of alerts raised is more than in the previous
Number of Monitored Remote Users 64 reporting period.In the current reporting period, there were
Number of times a Monitored Admin User logon was 49 deviations by users, compared to 32 in the previous
56
authenticated with MFA reporting period.Overall, the indicative score for the current
Number of times a Monitored Remote User logon was period (37.2%) is the same as the previous period (37.2%).

HUNTSMAN SECURITY: authenticated with MFA

Number of Monitored Users that fail the Control

287

49

FGGHIJKLM N OPQRHPLRS COMMERCIAL IN CONFIDENCE ?@ABCDEC

© 2018 Tier-3 Pty Ltd, All rights reserved

APPLICATION TOP PATCH TOP PATCH OPERATING TOP RESTRICT ADMIN TOP
WHITELISTING 4 APPLICATIONS 4 SYSTEMS 4 PRIVILEGES 4

Alerts 1hr 24hr Alerts 1hr 24hr Alerts 1hr 24hr Alerts 1hr 24hr

High 0 6 High 0 0 High 0 0 High 0 3

Status Dashboard
Medium

Low
0

0
0

1
Medium

Low
0

0
0

0
Medium

Low
0

0
4

1
Medium

Low
0

0
0

Monitoring of your environment

Incidents: Open 0 Closed 0 Incidents: Open 0 Closed 0 Incidents: Open 0 Closed 0 Incidents: Open 0 Closed 0 Status Dashboard
including on-premise, cloud
DISABLE UNTRUSTED USER APPLICATION MULTI-FACTOR DAILY BACKUP OF Monitoring of your environment including
and hybrid.
MICROSOFT Pre-defined
OFFICE MACROS alerts,
HARDENING AUTHENTIFICATION IMPORTANT DATA
on-premise, cloud and hybrid.
dashboards, queries and reports.
Alerts 1hr 24hr Alerts 1hr 24hr Alerts 1hr 24hr Alerts 1hr 24hr

High 0 0 High 0 0 High 0 0 High 0 0

Pre-defined alerts, dashboards, queries
Medium 0 0 Medium 0 0 Medium 0 0 Medium 0 0

Low 0 0 Low 0 0 Low 0 0 Low 0 0 and reports.

Incidents: Open 0 Closed 0 Incidents: Open 0 Closed 0 Incidents: Open 0 Closed 0 Incidents: Open 0 Closed 0

Want to find out more?

e: info@huntsmansecurity.com
w: https://www.huntsmansecurity.com/products/security-scorecard/
02531 0719

huntsmansecurity.com linkedin.com/company/tier-3-pty-ltd twitter.com/Tier3huntsman

© 2019 Tier-3 Pty Ltd, All rights reserved