Using automation to link evidence to compliance controls for the Essential 8

Wednesday
 
19
 
March
, 
2:40 pm
 - 
3:20 pm
Location
Murray Room
Theme
Governance / Risk & Compliance
Agenda

Speakers

Gavin Coulthard

Gavin Coulthard

Director, Engineering A/NZ
Swimlane

Synopsis

Leveraging SOAR Platforms to Automate the Essential 8 Controls

Understanding the Essential 8 Framework

  • The Essential 8 defined..
  • Purpose: Aimed at preventing malware, mitigating attacks, and minimising incidents.
  • Challenges: Manual compliance can be time-consuming and error-prone.

Overview of SOAR Platforms

  • Definition.
  • Capabilities: Integrates with various systems, automates repetitive tasks, and correlates data.
  • Value: Reduces response time, ensures consistency, and enhances evidence collation for compliance efforts.

But didn’t Gartner just say SOAR is dead ?

  • Challenges: In the technology word-association game, SOAR has become associated with alert triage, and that’s it..
  • SOAR’s bad rap..
    • Hard to implement : they automate processes, things go wrong when processes aren’t defined well. Dumb stuff gets done quicker..
    • Set and Forget? : no platform in IT is set and forget, assuming SOAR’s are any different is a path to disappointment.
    • Redefining their purpose, everything old is new again. : SOAR platforms have done a lot of heavy lifting with connectivity and the ability to transform information.

What’s this got to do with the Essential 8 ?

  • Challenges: Manually collecting, linking, and reporting on cybersecurity controls can be overwhelming.
  • Benefits of Automation:

1. Efficiency: Automation of evidence collection where applicable.

2. Accuracy and Timeliness :

3. Compliance: Ensures continuous and consistent monitoring.

Mapping SOAR capabilities to the Essential 8

  • SOAR Capabilities: Can automate the implementation and evidence collection across all 8 controls:

Automating Application Whitelisting & Patching

  • Application Whitelisting: Automatically detects unauthorised applications and responds to incidents.
  • Patching: SOAR integrates with patch management systems to automate patch verification and reporting.

Managing Administrative Privileges & MFA

  • Restrict Admin Privileges: Automates privilege escalation processes, generates alerts for unauthorized changes.
  • Multi-Factor Authentication (MFA): SOAR can enforce MFA, monitor access logs, and respond to suspicious logins.

Backup Management and Response

  • Regular Backups: Monitors backup status, sends alerts for failed backups, and can trigger remediation workflows.
  • Incident Response: SOAR can automate and orchestrate incident response, correlating logs with Essential 8 control failures.

Key Benefits of SOAR for Essential 8

  • Increased Visibility: Centralises evidence from different systems. Many can also act as a system of record for management and visualisation of the control status.
  • Faster Response: Real-time monitoring and incident response.
  • Continuous Monitoring: Ensures that compliance is maintained 24/7.
  • Reporting: Automated generation of audit reports aligned with Essential 8.

Summary: SOAR platforms can transform how organisations manage and maintain compliance with the Essential 8. It just takes a review of what an automation platform can be used for.

View Program
View Workshops
My Agenda

Acknowledgement of Country

We acknowledge the traditional owners and custodians of country throughout Australia and acknowledge their continuing connection to land, waters and community. We pay our respects to the people, the cultures and the elders past, present and emerging.