Security Bytes

Amidst all the complexities of managing IT environments, increased regulation more than anything else is single handedly responsible for cost overruns and an increased war on talent. On the positive side, this has meant better protected environments, accountability and retirement of legacy technologies and architectures.

The PSPF (Protective Security Policy Framework) Directive 002-2024 which is targeted at Australian Government entities outlines 3 mandatory directives

1. Identify indicators of Foreign Ownership, Control, or Influence risk as they relate to procurement and maintenance of technology assets and appropriately manage and report those risks
2. Conduct technology asset stocktakes on all internet-facing systems or services to identify and actively manage the risks associated with vulnerable technologies they manage, including those they manage for other entities
3. Participate in the Australian Signals Directorate’s Cyber Security Partnership Program and for those using threat intelligence sharing platforms to share cyber threat information with the Australian Signals Directorate

How will Endpoint Management tools help address this Directive?

1. Discovering assets: This is a foundational activity and is essential for any management and security approach to be effective. It is also imperative to understand if and where high-risk assets and services are located within your internal network.
2. Improve cyber hygiene standards: Real-time visibility and control make the difference here; it is like turning a light on in your environment. This activity is extremely important as it reduces and ultimately removes the attack surface adversaries are searching for to access your environment.
3. Hunting and detection: If an adversary has made their way inside your environment, it is important to find them quickly before they become more deeply entrenched and activate any nefarious goals.
4. Incident response: After a breach has been identified, the priority then shifts to investigation to assess its scope, collection of all relevant evidence, quarantine implicated endpoints for containment, and ultimately remediation to expel the intruder and negate their activities to that point.