eBOOK

Mastering the
Essential Eight
Framework
Mastering the Essential Eight Framework with Fortinet EBOOK

Cyber security has become a

critical concern for businesses
and individuals alike.

This paper explores how Fortinet

can help Australian companies
bolster their security measures,
especially in the wake of a new
wave of cyber incidents affecting
Australian businesses.

2
Mastering the Essential Eight Framework with Fortinet EBOOK

Data Breach Incidents

in Australia
Recent cyber incidents are a stark reminder of businesses' pressing need for
robust cyber security measures. These incidents compromised the personal
information of past and present customers, including sensitive data such as
passport numbers, driver's licence numbers, names, addresses, telephone
numbers, dates of birth, and income and expense details.

These incidents have also highlighted the importance of cyber resilience for
businesses. Cyber resilience refers to the ability of companies to prepare
effectively before the onset of cyber attacks, to withstand the onslaught of active
attacks, to recover and restore business operations speedily, and to adapt and
improve their posture by incorporating the learnings from the incidents.

Considering the spike in such cyber incidents, a proactive stance is essential

to navigate today's dynamic threat landscape and the responsibilities it brings.
Continuously monitoring the environment and adapting to evolving conditions
is crucial. The question arises: can a well-defined framework provide the
necessary guidance for companies to become more cyber resilient?

3
Mastering the Essential Eight Framework with Fortinet EBOOK

Commitment to Secure
Digital Business
Incorporating change management models like ADKAR offers a
strategic path to fulfil this commitment. Elevating change
awareness and emphasising cultural elements empowers
organisations to fortify their security stance, aligning more
closely with the Australian Cyber Security Centre (ACSC)
Essential Eight framework.

4
Mastering the Essential Eight Framework with Fortinet EBOOK

What is the Essential As of November 2023,

these eight mitigation
Eight Framework? strategies are:
The Essential Eight is a set of cyber security mitigation
strategies developed by the ACSC to help organisations mitigate 1. Patch Applications
and defend against various cyber threats. The Essential Eight
provides a prioritised list of key mitigation strategies that, when 2. Patching Operating Systems
implemented effectively, can significantly reduce an
organisation's exposure to cyber security incidents. 3. Multi-factor Authentication

4. Restrict Administrative Privileges

The Essential Eight framework is a cybersecurity model that can
help businesses improve their cybersecurity posture. It provides a 5. Application Control
maturity pathway for mitigating attacks from increasing levels of
TTP's (i.e., tactics, techniques, and procedures) by threat actors. 6. Restrict Microsoft Office Macros
By adopting these eight key strategies, businesses can
significantly reduce their exposure to various cyber threats, 7. User Application Hardening
including malware infections, data breaches, and ransomware
attacks. 8. Regular Backups

5
Mastering the Essential Eight Framework with Fortinet
Fortinet's Role in Supporting the Essential Eight Framework
Fortinet is a leading cyber security company renowned for offering
comprehensive solutions that help organisations protect their
networks, systems, and data from various cyber threats.
Fortinet’s tightly integrated fabric approach is its distinct
advantage. This integration enables a synchronised, multi-level
approach, providing comprehensive protection. Even if
adversaries breach one layer of defence, Fortinet’s Security Fabric
can halt their progress, preventing further compromise.
Fortinet's Security Fabric offers a range of security solutions and
services aligned with the ACSC Essential Eight cyber security
strategies to enhance an organisation's security posture and meet
the recommended security practices. These solutions cover
next-generation firewalls, intrusion prevention systems, endpoint
security, email and web security, and more, aligning with various
aspects of the ACSC Essential Eight.
The integration, automation, and scalability features of Fortinet's
Security Fabric can help organisations streamline the
implementation and management of the Essential Eight strategies
while providing much needed visibility to the organisation’s cyber
posture.
EBOOK
By combining the power of Fortinet’s Security Fabric with the
Essential Eight guidelines, organisations can build a robust and
adaptable security framework to mitigate cyber threats and
protect sensitive data.
Fortinet's approach is centred on two critical principles: visibility
and adaptability. It focuses on providing visibility into the
ever-evolving cyber landscape while assisting organisations in
adapting to the dynamic responsibilities within the cyber security
domain. Fortinet's approach aligns seamlessly with industry
recommendations by highlighting the importance of primary
controls and compensating controls, enhancing the effectiveness
of a layered defence strategy.
Fortinet's integration-by-design approach ensures that
organisations can efficiently monitor every device within their
distributed network. This approach allows for streamlined
day-to-day operations through a centralised dashboard,
facilitating a closer examination of network traffic and application
usage. In case of any abnormal activity, organisations can respond
swiftly, enhancing their ability to protect against advanced
threats.
6
Mastering the Essential Eight Framework with Fortinet EBOOK

Mastering Essential Eight’s Mitigation Strategies (Maturity Level 1)

1. Patch Applications
Automated asset discovery is conducted fortnightly, followed by daily vulnerability scanning for online
services and weekly scanning for office productivity suites. Patch/mitigate computers with ‘extreme risk’
vulnerabilities within 48 hours. Use the latest version of applications. Remove unsupported applications.

Fortinet’s Recommendation

A practical application patch strategy is built on a solid
foundation of several fundamental principles. Firstly, it
is imperative to have a comprehensive and automated
asset discovery that continually identifies and takes
inventory of all devices, systems, and software within
your network. This ongoing process ensures that you
clearly understand your infrastructure and can adapt
to changes.
Timely vulnerability scanning is another critical aspect
of patch management. Conducting regular, automated,
scans help to identify vulnerabilities across your
network promptly. Synchronising these scans with the
latest vulnerability data ensures a precise assessment
of your system's security.
To achieve this mitigation, Fortinet provides a range of
solutions designed to protect your organisation from
vulnerable applications.
Included in the FortiSASE solution is a vulnerability
management tool that is a part of the endpoint client,
and has the ability to perform vulnerability
scanning, helping to identify known vulnerabilities
on your endpoints. You can set tags and policies
based on vulnerability criticality and restrict access
to applications or the network based on these tags.
FortiClient EMS (Endpoint Management System) can
automate patching for over 600 vendors.
FortiNAC, on the other hand, can discover assets on
your network and recommend running vulnerability
scans on these devices. As for FortiEDR, it offers
asset discovery, vulnerability scanning, and patch
management. It automates attack surface policy
control, conducts vulnerability assessments, and
provides virtual patching to safeguard your systems
from vulnerabilities.
Keeping this vulnerability database updated with the
latest threat intelligence and known vulnerabilities is
essential. Regularly incorporating data from sources
like Common Vulnerabilities and Exposures (CVE)
ensures that your organisation can accurately assess
the evolving threat landscape.
FortiEDR categorises applications and their versions
using the globally recognised and widely used Common
Vulnerability Scoring System (CVSS) CVE scheme.
FortiEDR provides a vulnerability scoring system that
helps assess vulnerabilities and identifies weaknesses
in your setup that attackers could exploit in the future.
It can be combined with virtual patching to prevent
applications with known serious vulnerabilities from
establishing network connections until they are patched
for the listed CVEs. This capability allows FortiEDR to
provide a level of automated risk mitigation for critical
vulnerabilities before a patch can be applied.
Fortinet recommends to not just focus on applying
patches but also on identifying missing patches as well
and utilising vulnerability assessment tools that reveal
existing vulnerabilities and provide a comprehensive
risk assessment. By assigning a risk score to each
missing patch, you can prioritise critical components
that require immediate attention, aligning your patch
management strategy with your specific business
needs and risk tolerance.

7
Mastering the Essential Eight Framework with Fortinet
Mastering Essential Eight’s Mitigation Strategies (Maturity Level 1)
1. Patch Applications
Fortinet’s Recommendation Continued
FortiSASE using Endpoint Client mode streamlines
vulnerability scanning, ensuring prompt identification
of missing patches and updates. FortiSASE integrates
with FortiGuard Labs' vulnerability database to enable
regular scans and prioritised remediation based
on vulnerability severity, while offering integrated
security features such as anti-ransomware, removable
media access control, antivirus / anti-malware and
cloud-based sandboxing protection that protects
against known and unknown vulnerabilities in web
applications and other internet-facing services.
FortiSASE features zero trust network access
(ZTNA) tags (posture checks) which can tag
and identify endpoints as company-compliant or
non-compliant. These tags control their access to
Software-as-a-Service (SaaS) applications, general
web browsing, and private access to company internal
applications.
Virtual patching is an essential security measure to
protect against vulnerabilities and reduce the window
of exposure while official patches are developed and
applied. Fortinet's solutions provide a robust virtual
patching framework, especially valuable in dynamic
and rapidly evolving threat environments.
EBOOK
Fortinet can assist organisations with virtual patching
through its security solutions and services, specifically
via its hybrid mesh firewall – FortiGate (physical, virtual,
secure access service edge (SASE) and operational
technology (OT)), which helps mitigate vulnerabilities
and threats before official patches are available or
applied. Virtual patching, also known as security
patching or intrusion prevention, involves creating
security rules and policies to protect vulnerable
systems from exploits until official patches can be
deployed.
Keeping internet-facing services secure involves
regularly updating applications to fix vulnerabilities,
with best practices including asset inventory,
risk-based grouping, patch testing, and documentation.
If timely patching is not possible, compensating
controls like network segmentation and intrusion
detection systems can reduce the risk of attacks.
Several Fortinet solutions, including FortiSASE,
FortiEDR, FortiClient, and FortiNAC, collectively
help shrink the attack surface, prevent malware
infections, detect and defuse potential threats, and
automate response and remediation procedures using
customisable playbooks.
8
Mastering the Essential Eight Framework with Fortinet
2. Patch Operating Systems
Patch/mitigate the operating systems of servers (including network devices) with ‘extreme risk’ vulnerabilities
within 48 hours. Use the latest operating system version. Do not use unsupported versions.
Fortinet’s Recommendation
This strategy recommends using automated asset
discovery methods at least every two weeks as part
of their “Patch Operating System” strategy. This
involves scanning the network, identifying all devices
and software, and creating an inventory to account for
all software, including unauthorised software. After
discovery, follow-on vulnerability scans are conducted
to identify vulnerabilities that require patching, reducing
the risk of exploits of those vulnerabilities.
Fortinet provides solutions to implement this strategy,
including FortiNAC or FortiSIEM for device discovery;
FortiGate, FortiSASE, and FortiNAC for security policy
enforcement; FortiAnalyzer, FortiSIEM, and FortiSASE
for vulnerability management, and FortiGuard Labs for
threat intelligence and patching guidance.
Regular vulnerability scanning with an up-to-date database
to identify software weaknesses marks the top requirement
of this mitigation strategy. Vulnerability scanning helps
organisations prioritise patching to stay ahead of security
threats. FortiSASE offers comprehensive security
capabilities, including advanced vulnerability scanning
and ZTNA tagging (posture checks), to comply with this
strategy and enhance cybersecurity.
EBOOK
Another requirement of this mitigation strategy is using In addition, the mitigation strategy underscores the
daily vulnerability scanning for internet-facing services importance of replacing unsupported operating
to detect missing patches or updates, reducing the risk systems to eliminate security risks. FortiSASE offers
of cyber security. FortiSASE offers a cloud-based SASE modern security solutions that are compatible with
platform with automatically scan for vulnerabilities that newer operating systems. It assists organisations in
can be scheduled daily, weekly, and monthly to support transitioning to more secure platforms while enforcing
this strategy. access controls and policies to prevent unsupported
systems from accessing the network.
The mitigation strategy also uses a vulnerability scanner
to detect missing patches for workstations, servers, and
network devices. Fortinet's Security Fabric architecture,
combined with the FortiGuard Threat Intelligence
Platform, enables efficient vulnerability detection and
patch management across various network components.
Lastly, the mitigation strategy advises timely patching
within one month of release for workstations, servers,
and network devices to prevent cyber attacks within 48
hours for critical vulnerabilities or when a known exploit
exists. Fortinet's security solutions, including FortiGate
next-generation firewall and FortiClient EMS, offer
automated patching capabilities, integrating with other
security tools and providing real-time threat detection
and response capabilities to enhance cybersecurity.
9
Mastering the Essential Eight Framework with Fortinet EBOOK

3. Multi-factor Authentication
Multi-factor authentication (MFA) is employed for third-party online services handling sensitive and
non-sensitive data, as well as for online customer services with sensitive customer data. The authentication
involves something users have and something users know, ensuring a secure access approach.

Fortinet’s Recommendation
MFA requires users to provide two or more forms of identification
for system access, significantly increasing data and system
security. This approach is effective against cyber threats like
phishing, password spraying, and credential stuffing.

Fortinet provides solutions for MFA implementation, including

FortiAuthenticator for central authentication services, FortiToken
for hardware tokens or mobile apps, and FortiGate firewalls
for MFA policy enforcement. FortiSASE offers MFA policies for
corporate remote users and collaborates with other Fortinet
products for comprehensive security. FortiCASB (which is part
of the FortiSASE solution) is recommended for third-party cloud
service security, offering real-time monitoring, threat detection,
and alerts for any suspicious login events based on configured
threat protection policies.

Enabling MFA by default for non-organisational users accessing

internet-facing services is advisable, making it challenging for
attackers to gain unauthorised access. Various MFA solutions,
such as hardware tokens, mobile apps, and push notifications,
can integrate with identity and access management systems for
a secure authentication experience. Fortinet's FortiAuthenticator
and FortiToken solutions can be valuable assets in this effort,
ensuring secure access to both Fortinet and third-party resources.

10
Mastering the Essential Eight Framework with Fortinet EBOOK

4. Restrict Administrative Privileges

Requests for privileged access are validated initially, with privileged users assigned dedicated accounts.
Privileged accounts (excluding those authorised for online services) are restricted from internet access.
Online-service-enabled privileged accounts are strictly limited and are prevented from reading email and web
browsing. Privileged users operate in separate environments. Unprivileged accounts cannot access privileged
environments and vice versa.

Fortinet’s Recommendation
This mitigation strategy underscores the importance
of privileged access management. Privileged access
allows for administrative tasks, such as installing
patches. However, to mitigate risks, validating requests
for privileged access to systems and applications is
crucial, ensuring authorisation and appropriateness and
preventing unauthorised access or modifications.
Fortinet offers a range of products and services to
support this strategy. Fortinet's FortiAuthenticator
solution supports MFA and granular access controls.
This is instrumental in ensuring that only authorised
users can access critical systems.
FortiPAM (Privileged Access Management) offers
precise control over privileged access. It includes
features such as password management, session
recording, and access control policies. Notably, it
enforces policies such as requiring MFA for privileged
access and restricts unprivileged users from
accessing privileged systems. This real-time visibility
into privileged access activities aids in monitoring and
auditing, helping to identify and respond to potential
security threats like unauthorised access attempts or
suspicious actions by privileged users.
Furthermore, this mitigation strategy emphasises the
importance of segregating environments for privileged
and unprivileged users. This practice enhances
cybersecurity by limiting access and reducing
the risk of unauthorised access or data breaches.
FortiGate and FortiSASE provide network security
features and cloud-delivered secure access, which
allow organisations to implement such segregation
effectively.
FortiSASE integrates with various authentication
sources and offers authentication controls for managing
user access to network resources, aligning well with
this mitigation strategy. Fortinet's comprehensive
security fabric approach strengthens an organisation's
overall cybersecurity posture, encompassing network
access controls, privileged access management, and
threat detection and response capabilities.
FortiClient ZTNA, which can also be included as part
of FortiSASE, is a solution provided by Fortinet that
enables organisations to enforce cyber-safe practices
by implementing a zero trust security model. Zero
trust is an approach that assumes no entity, whether
inside or outside the organisation, can be trusted by
default and verifies the identity and security posture
of every user, device, and application attempting to
access network resources.
ZTNA enforces network access only for hosts compliant
with corporate policy. It blocks or moves to an isolation
segment all other hosts with unsafe configurations,
missing patches, or unsanctioned processes running.
Fortinet's FortiSIEM (Security Information and
Event Management) and FortiSOAR (Security
Orchestration, Automation, and Response) solution
can detect privileged user logins to network devices
through a combination of log and event monitoring,
correlation, and alerting. Through remediation actions
and playbooks, they can alert the local team and take
action to block access for the device by reconfiguring
the security enforcement devices.

11
Mastering the Essential Eight Framework with Fortinet
5. Application Controls
Application control limits execution to approved sets on workstations, including .exe, DLL, scripts (e.g.,
Windows Script Hosts, PowerShell, and HTA) and installers. It extends to user profiles and temporary folders
for operating systems, web browsers, and email clients.
Fortinet’s Recommendation
Application Control, also known as Application
Allowlisting or Endpoint Application Allowlisting, is a
security practice that involves controlling and managing
the applications and software that are allowed to run
on individual endpoints (computers, servers, mobile
devices) within an organisation. This security measure
is designed to enhance endpoints' security by explicitly
specifying which applications are permitted to run and
blocking all others.
Application Control offers several security benefits,
including preventing malware and unauthorised
applications from executing on endpoints. It helps
organisations maintain a strong security posture,
reduce the risk of data breaches, and ensure that only
trusted and approved applications are allowed to run
on their systems.
To achieve this mitigation, Fortinet provides a range of
primary and secondary controls designed to protect
your organisation by preventing the execution of
executables, software libraries, scripts, installers,
compiled HTML, HTML applications, and control
panel applets on workstations from within standard
user-profiles and temporary folders used by the
operating system, web browsers, and email clients.
This control is also focusing on protecting the user
environment.
FortiSASE offers granular application control policies,
allowing administrators to regulate and control user
access to applications and their specific features. The
FortiSASE client includes endpoint protection features
consisting of real-time protection against viruses, as
well as cloud-based malware detection. Cloud-based
malware protection protects endpoints from high-risk
file types coming from external sources such as the
Internet or network drives by querying FortiGuard to
determine whether files are malicious. FortiSASE using
the same endpoint client is providing our customers
with cloud-based sandboxing that is raising their
defence against zero-day threats by testing untrusted
files in an isolated environment while blocking the
users access until we receive the results. In addition,
our capability to detect and list all the installed
software of our endpoint managed devices using a
central portal gives our customers full visibility of what
applications are used across the organisation and the
count of endpoints with each specific application.
On top of this, FortiSASE has a cloud-based firewall
that is configurable to block the transmission of specific
types of traffic, such as executables, documents, audio,
encoded, images, videos, and compressed files while
allowing our seep SSL inspection, intrusion prevention
and anti-virus to inspect the rest of the allowed
EBOOK
files to make sure they are safe for the customer's
organisation.
Fortinet NGFW – FortiGate, can be configured to
prevent the transmission of specific types of traffic,
particularly those containing executables or other files
commonly used by malware. Administrators can create
firewall policies to prohibit the transfer of such files to
workstations.
FortiEDR also presents compelling reasons to be
considered as part of this mitigation strategy. FortiEDR
can effectively block suspicious script executions,
offering a vital layer of security. It automates
protection against advanced threats both before and
after execution and provides real-time orchestrated
incident response capabilities. Additionally, FortiEDR
features an Application Control Manager that enables
administrators to block predefined applications from
running and launching, restricting the use of undesired
applications on specific endpoints.
12
Mastering the Essential Eight Framework with Fortinet
6. Restrict Microsoft Office Macros
Block macros from the Internet, and only allow vetted macros either in ‘trusted locations’ with limited write
access or digitally signed with a trusted certificate.
Fortinet’s Recommendation
Striking the right balance between security and
operational requirements is critical. While blocking
macros is one option, it is essential to acknowledge
that some users may genuinely need them for their
work; hence, careful management and monitoring are
supported by well-defined policies and procedures in
such use cases.
To address the issue of potential threats involving
malicious code in macros, Fortinet emphasises
the importance of taking proactive measures that
prioritise human judgment and understanding over
a one-size-fits-all enable/disable approach. Instead,
Fortinet encourages a thoughtful examination of data
before it reaches its destination on your computer. This
involves considering your business's specific needs
and requirements when it comes to using macros. At
the same time, maintaining visibility when handling
documents received via email or downloaded from
the internet, as merely disabling macros may only
sometimes be a practical solution.
In addition to these precautions, patching software
vulnerabilities remains a critical way to mitigate risks
associated with macros. Fortinet recommends a
multi-layered defense strategy. This strategy may
include the implementation of Fortinet's Endpoint
Detection and Response (EDR) solution, FortiEDR,
and the use of a distributed firewall, FortiGate,
particularly in remote work scenarios. Additionally,
it suggests employing FortiMail for secure email
EBOOK
attachment scanning and FortiSandbox for analysing Fortinet's Content Disarm and Reconstruction (CDR) is
Office documents in a safe environment to detect any a security technology available in multiple Security Fabric
malicious content. products such as FortiProxy, FortiGate, or FortiMail
designed to protect organisations from advanced threats
Another essential aspect of this strategy is applying
and malware that may be hidden within documents and
application control to block or restrict the use of
files. CDR is a crucial part of Fortinet's overall security
Microsoft Office macros for specific users or groups.
ecosystem and is employed to enhance cybersecurity
This can be further enhanced by employing sandboxing
defence by neutralising potential threats in content that
and signature analysis to scrutinise code that is
is downloaded or uploaded to an organisation's network
executed. In addition to its On-Prem/Cloud FortiSandbox
embedded into document files.
solutions, FortiSASE offers a cloud-based sandbox via
the endpoint client. This feature protects remote users
regardless of their location and can integrate seamlessly
with the On-Prem FortiSandbox solution.
In situations where primary security measures fall
short, having secondary safeguards in place becomes
imperative to protect against potential malicious
code. Fortinet's approach underscores the need for a
comprehensive threat model, which is firmly established
in the Essential Eight framework. This involves identifying
your digital assets, recognising vulnerabilities, and
assessing when macros could pose a threat.
Ultimately, Fortinet advocates a holistic approach to
cyber security, emphasising the need for a well-rounded
strategy, continuous monitoring, and prompt responses
to potential threats. This includes leveraging Fortinet's
capabilities in integration, risk assessment, content
security, sandboxing, endpoint protection, and real-time
threat intelligence.
13
Mastering the Essential Eight Framework with Fortinet
7. User Application Hardening
Disable/remove Internet Explorer 11. Configure web browsers to block Flash (uninstall it),
ads, and Java from the internet. Disable unneeded features in Windows (e.g., PowerShell
2.0, .NET framework), Microsoft Office (e.g., OLE), web browsers, and PDF viewers.
Fortinet’s Recommendation
Fortinet recommends implementing a "layered security"
defence approach to support this strategy effectively.
One key measure is ensuring web browsers do not
process Java from the Internet.
Content Disarm and Reconstruction (CDR) allows
FortiProxy, FortiMail, or FortiGate unit to sanitise
Microsoft Office documents and PDF files by removing
active content, such as hyperlinks, embedded media,
JavaScript, macros, and so on from the files (disarm)
without affecting the integrity of its textual content
(reconstruction).
It also has the capability to remove or filter out active
content from HTML pages. Active content typically
includes scripts, JavaScript, and other elements that
can pose security risks if not properly controlled.
FortiClient EMS (the same agent used with FortiSASE)
has an anti-exploit detection feature that collectively
filters Java applets, ActiveX, and cookies from web
traffic. Additionally, File Filter allows you to block or
monitor certain file types. It is worth considering a
solution with content filtering capabilities to inspect web
traffic and provide endpoint security for detecting and
blocking Java applets. This comprehensive approach
significantly reduces the risk of cyber attacks.
The second component of this strategy involves
browsers not supporting web advertisements from the
EBOOK
Internet. To address this, it is advisable to configure Browser isolation also prevents data exfiltration by
web browsers to block web advertisements and employ isolating and controlling the flow of data between
a web content filter or proxy to mitigate further risks the user's device and the web content, allowing
associated with malicious ads. You can also block web organisations to maintain data confidentiality.
advertisements through the FortiGate and FortiSASE
security controls using deep SSL inspection.
It is strongly recommended to disable or remove
Internet Explorer 11 from the business environment. If it
must be used, employ application control at the firewall
level to restrict its functionality and prevent potential
vulnerabilities. To bolster security settings, particularly
in cases where users may attempt to bypass them,
the inclusion of FortiEDR, is recommended. This
compensating control acts as an additional layer of
defence against malware threats.
Fortinet's browser isolation technology (FortiIsolator)
is designed to protect organisations from web-based
threats by executing web content in a secure, isolated
environment, preventing malicious code from reaching
the endpoint.
Many cyber attacks, including phishing and zero-day
threats, rely on tricking users into downloading malicious
files or revealing sensitive information. Browser isolation
prevents users from interacting with phishing websites,
as the content is executed in an isolated environment,
protecting users from social engineering attacks.
14
Mastering the Essential Eight Framework with Fortinet EBOOK

5. Patch
8. Regular
Operating
BackupsSystems
Regular backups of new/changed data, applications and settings, stored, disconnected, and retained for at
least three months. Test restoration initially, annually, and when IT infrastructure changes. Access controls
prevent unauthorised access, modification, and deletion of backups by unprivileged accounts.

Fortinet’s Recommendation
Fortinet recommends using secure storage devices like
encrypted hard drives or tape drives stored offsite and
cloud-based backup solutions with redundancy.

Testing backups is crucial to identify and address

issues in the recovery process before disasters occur.
Fortinet offers backup and recovery for all of its
solutions. System backups can be saved to a remote
file store manually or automatically through secure
channels. The system backups can be password
protected for enhanced security and protection of the
integrity of those files.

Restoring them can also be automated or manually

uploaded to the system. Access control measures are
essential to prevent unauthorised access to backups.
Fortinet provides access controls, permissions, and
auditing capabilities in its products to restrict access
to authorised users and detect suspicious activities.

Safeguarding data integrity in backups is a priority, and

Fortinet solutions help prevent unauthorised alterations
or deletions. FortiAnalyzer offers granular access
controls and maintains an audit trail. FortiGate provides
advanced access controls and can detect and block
unauthorised access attempts in real-time.

15
Mastering the Essential Eight Framework with Fortinet EBOOK

Conclusion
The Essential Eight framework is a fundamental pillar in bolstering organisations' cyber security posture,
providing a structured approach to safeguarding against an evolving threat landscape. The recent
announcement by the Minister for Cyber Security regarding the Six Cyber Shields as part of the 2023-2030
Australian Cyber Security Strategy marks a significant milestone in the nation's journey towards becoming
more cyber resilient.

The introduction of these Six Cyber Shields represents a strategic and proactive approach to cyber security,
demonstrating the government's commitment to protecting not only its citizens but also the businesses and
critical infrastructure that underpin the nation's economy. Each shield addresses specific facets of cyber
security, ranging from empowering individuals and companies to strengthening the safety of technology
products and facilitating real-time threat intelligence sharing.

It is important to note that these cyber shields are not just standalone measures but complementary to
frameworks like the Essential Eight. Together, they form a holistic strategy for enhancing cyber security
across Australia. The Essential Eight framework provides the fundamentals for organisations to align their
cyber security practices with the Australian Government strategic intent, demonstrating a consistent, robust
and, most importantly, trusted approach to security.

As we move forward, it is imperative for organisations to embrace the synergy between the Essential Eight
framework and the Six Cyber Shields.

Book a Complimentary Workshop with Fortinet!

Eager to learn more? Fortinet is dedicated to supporting you every step of your cyber security journey.
We encourage you to contact us to help to enhance your understanding and delve more deeply into this
framework.
Please let us know if you are interested in booking a complimentary workshop. This workshop aims to help you
gain a deeper grasp of your organisation's risks, align precisely with the Essential Eight maturity framework, and
strategically assist you in mitigating vulnerabilities across people, processes, and technology.

Book Now

16
Mastering the Essential Eight Framework with Fortinet EBOOK

Glossary
ADKAR ADKAR (Awareness, Desire, Knowledge, Ability, and Reinforcement) is a change management framework used to guide individuals and organizations through the change process.
CASB: Cloud access security broker (CASB) is software or hardware that sits between users and their cloud service to enforce security policies as they access cloud-based resources.
CDR: Content Disarm & Reconstruction (CDR) strips all active content from files in real-time, creating a flat sanitized file. All active content is treated as suspect and removed. CDR processes all incoming files, deconstructs them, and
removes all elements that do not match firewall policies. CDR can fortify your zero-day file protection strategy, by proactively removing any possibility of malicious content in your files.
CVE: Common Vulnerabilities and Exposures (CVE) are a set of security threats that are included in a reference system that outlines publicly known risks. The CVE threat list is maintained by the MITRE Corporation, a nonprofit organization
that runs federal government-sponsored research and development centers. CVE is sponsored by the U.S. Department of Homeland Security’s National Cyber Security Division (NCSD).
CVSS: Common Vulnerability Scoring System (CVEE) is used in line with the Common Vulnerabilities and Exposures (CVE), which is a glossary that categorizes vulnerabilities. CVSS scores vulnerabilities according to a set of criteria, assigning
each vulnerability a numerical value that represents how severe it is. This data is used by cybersecurity professionals to determine how dangerous vulnerabilities are.
Managed by the MITRE Corporation, the CVE glossary project is devoted to monitoring and recording flaws in information security. The U.S. Department of Homeland Security (DHS) provides funds to maintain it.
EDR: Endpoint detection and response (EDR) can detect threats on your organizations endpoints and then respond to them. It can analyse the nature of the threat and give your IT team information regarding how it was initiated, where it
has travelled to, what it is currently doing, and how to stop the attack altogether.
FWaaS: FWaaS is a firewall solution delivered as a cloud-based service that provides hyperscale, next-generation firewall (NGFW) capabilities, including web filtering, advanced threat protection (ATP), intrusion prevention system (IPS), and
Domain Name System (DNS) security.
IAM: Identity and Access Management (IAM) is a framework of policies, processes, and technologies that enable organizations to manage digital identities and control user access to critical corporate information.

Layered Layered security is having multiple products in place to address one single aspect of security. The products may be very similar and aim to do the same job, but in a layered security strategy, they are both necessary. Using redundant
Security: products strengthens the enterprise’s defense against threats.

MFA: Multi-factor authentication (MFA) is a security process that increases the likelihood that a person is who they say they are. The process requests users to provide two different authentication factors before they are able to access an
application or system, rather than simply their username and password.
NAC: Network access control (NAC), also known as network admission control, is the process of restricting unauthorised users and devices from gaining access to a corporate or private network. NAC ensures that only users who are
authenticated and devices that are authorised and compliant with security policies can enter the network.
PAM: Privileged access management (PAM) is a system that assigns higher permission levels to accounts with access to critical resources and admin-level controls. PAM is based on the principle of least privilege, which is crucial to modern
cybersecurity best practices.
SASE: Secure Access Service Edge (SASE) is a cloud architecture model that combines network and security-as-a-service functions together and delivers them as a single cloud service. Conceptually, SASE extends networking and security
capabilities beyond where they are typically available. This let work-from-anywhere and remote workers, to take advantage of firewall as a service (FWaaS), secure web gateway (SWG), zero-trust network access (ZTNA), and a medley
of threat detection functions. SASE is composed of Security Service Edge (SSE) and SD-WAN.
SIEM: Security information and event management (SIEM) solutions collect logs and analyse security events along with other data to speed threat detection and support security incident and event management, as well as compliance.
SSE: Security service edge (SSE) unites different network security services to enable safe access to cloud and web services, as well as private applications. SSE combines several security components, including cloud access security broker
(CASB), Zero Trust Network Access (ZTNA), and secure web gateway (SWG) solutions.
SWG: Secure web gateway (SWG) provides a secure web experience to protect users, devices and applications from both internal and external threats.
ZTNA: Zero trust network access (ZTNA) is an element of zero trust access that focuses on controlling access to applications. ZTNA extends the principles of ZTA to verify users and devices before every application session to confirm
that they meet the organizations policy to access that application. ZTNA supports multi-factor authentication to retain the highest levels of verification.

Authors
Cornelius Mare, Alex Chan References
1. https://www.oaic.gov.au/privacy/notifiable-data-breaches

Contributors
2. https://www.prosci.com/methodology/adkar

3. https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight
Dr. Mamello Thinyane (Optus Chair of Cyber Security and Data Science | Associate Professor),
4. https://www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/strategy/2023-2030-australian-cyber-security-strategy
Istvan Takacs, Robert Nobilo, Nicole Quinn, Mark Robson, Mohamed Abosree
5. https://www.fortinet.com/resources/cyberglossary

www.fortinet.com
Copyright © 2023 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser
that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any
such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise
revise this publication without notice, and the most current version of the publication shall be applicable.