Australia, Mar 7, 2024
Published by Logicalis Australia
Author: Shane Borczuch
Make Cyber-attacks Harder with Application Hardening
For a head of IT or a Chief Security Officer, there's nothing greater than power and control, except perhaps for coming in under budget and on time for a project.
In the battle against cyber criminals and human error, greater control can make all the difference. That's where cybersecurity strategies like application hardening emerge as a crucial component. Application hardening fortifies software to only allow trusted, verified and required applications and system functions to operate, making it harder for attackers to exploit.
Application hardening is an essential cybersecurity strategy
Application hardening is a security practice that reduces an application's attack surface by whitelisting only trusted and verified applications deployed to managed endpoints to minimise risk. The practice falls under another common security principle of providing the least functionality. While applications often sell their functionality by spruiking the 'bells and whistles', application hardening is about limiting the capabilities and functions back to what is necessary.
Application hardening and limiting administrative privileges are two of the eight mitigation strategies recommended by the Australian Signal Directorate (ASD) to protect Australian organisations from growing cyber threats. These Essential Eight strategies are the most effective approach to improving an organisation's security posture. Other strategies include multi-factor authentication (MFA), regular backups and patches for apps and operating systems, and restricting macro settings.
In 2018, Australia introduced the Security of Critical Infrastructure Act (SOCI Act) to protect critical assets across the energy, utilities and ports sectors. In response to the COVID-19 pandemic, the Government then extended these sectors to other essential services, including financial services, transport, healthcare, food and groceries and education. The Essential Eight is a vital security framework that helps organisations in these industries comply with the SOCI Act.
Why is application hardening important?
If being part of the Essential Eight isn't enough reason to adopt user application hardening, here are some additional points to consider.
An application hardening solution from Logicalis involves a complete implementation of partner products to achieve application whitelisting and privilege access control. The solution protects against a range of threats, including malicious websites, ads that run malicious scripts and exploiting vulnerabilities in unsupported software. The attacks can look and act like legitimate functionality and repurpose them for malicious intent, including phishing. Phishing remains one of the most common attack methods for individuals and businesses.
In its latest annual cyber threat report, the ASD shared details on recent critical cybersecurity incidents in Australia. Using a 6-tier category system, C1 to C6, where C1 is the worst, there were no C1, 5 C2 and 171 C3 level incidents over the year. One in five of the incidents at the C3 level, which includes attacks on critical infrastructure, featured exploits from public-facing applications.
In actual examples provided in the report, the ASD showed that cyber criminals were also targeting application exploits in less than 48 hours from patch release dates and were still successful with attacks even two years later after patches were released.
Many organisations don't know how many apps they have, and the actual number can come as a shock. According to the latest connectivity report from Mulesoft, organisations have an average of 991 applications across their digital estate. That's a significant number of applications for any IT team to stay on top of.
An excellent place to begin with application hardening is to audit and identify the apps running across an organisation. A trusted partner like Logicalis can help an organisation understand their overall environment. They can advise how to reduce the number of unnecessary apps, find alternatives and streamline processes and techniques for efficient application lifecycle management.
Another action to take is application whitelisting or allowlisting. Although considered part of Application Control in Essential Eight, application whitelisting focuses on indexing and providing only approved software and executable files. Application hardening goes beyond whitelisting to specify what applications can run and do on a specific device. In the same way that staying on top of the fine print is crucial for legal matters, for information technology, the detail is in the configuration settings.
By limiting the complexity of applications, it can make it easier to monitor and detect suspicious activity in a hardened environment. All these actions help to improve an organisation's overall security posture.
So, regardless of whether your organisation needs to comply with the SOCI Act, or you just want to improve your overall security posture, application hardening is an essential cybersecurity strategy to explore.
With more than 25 years of experience, the team at Logicalis are ready to help you understand your environment and improve your cybersecurity stance. With a global team of more than 7,000 architects, your organisation can benefit from the deep expertise and strong partnerships that Logicalis have with products and technologies from leading vendors such as Microsoft and Ivanti.
Contact our team to discuss how user application hardening can improve your cybersecurity posture.
Related Insights
Australia , Apr 15, 2024
Logicalis named Australian Microsoft Leader
Logicalis has been named leader in two quadrants of the ISG Microsoft ecosystem report.
Australia , Apr 15, 2024
Top tech trends in cybersecurity spearheading digital change
Cybersecurity is an essential consideration for any organisation undergoing digital transformation. While the focus on cybersecurity in Australia has undoubtedly increased due to rising cybercrime and several high-profile attacks, current trends are causing businesses to rethink their approach.
Australia , Apr 1, 2024
A decade of insight reveals the future of tech leadership in the Logicalis Global CIO Report 2024
In the ever-changing landscape of tech leadership, we are pleased to deliver the first Australian CIO Report, offering a localised perspective on the global findings.
Australia , Mar 26, 2024
Building a Zero Trust Culture at Work
The way we work together in modern business has changed in recent years. We're increasingly relying on collaboration and co-delivery with partner organisations to achieve business goals and remain competitive.
Australia , Dec 8, 2023
ChatGPT and AI chatbots – Is my organisation at risk?
Learn from our Logicalis Australia experts about how ChatGPT and AI chatbots could either enable or shake-up your business processes.
Australia , Dec 8, 2023
IT Ops isn’t changing…it’s changed
For years, the management of IT has been moving away from reactive BAU support (break-fix) and moving towards a more proactive support model. For some organisations the change is still happening; however, for the vast majority, the change has already occurred.
Australia , Nov 13, 2023
Logicalis named 2023 Cisco Global Enterprise Networking and Meraki Partner of the Year for the second consecutive year
Last week, we proudly received the 2023 Cisco Global Enterprise Networking and Meraki Partner of the Year award during Cisco’s annual Partner Summit. The award recognised Logicalis' global capability in Enterprise networking, with Logicalis Portugal receiving a special mention for their standout contribution to driving Intelligent Connectivity managed services to customers in Portugal.
Australia , Nov 13, 2023
Logicalis named inaugural 2023 Cisco Global Sustainability Partner of the Year
Last week, we were honoured to receive the inaugural 2023 Cisco Global Sustainability Partner of the Year award during Cisco's Global Partner Summit event in Miami. This prestigious accolade acknowledges Logicalis' exceptional sustainability achievements and success in helping customers reduce the environmental impact of their digital ecosystems across the globe.
Australia , Oct 24, 2023
Choosing the right MSSP -Top 5 credentials to look for when selecting a Microsoft Managed Security Services provider (MSSP)
Our recent CIO survey shows over half of respondents plan to increase their risk management investment. They also consider malware and ransomware significant risks that their organisations will face in the coming year.
Australia , Sep 21, 2023
The power of next generation connectivity
To be able to succeed, leaders need to create environments that can adapt to maximise opportunities, mitigate risks and most importantly be able to scale both securely and sustainably. The key to this is connectivity.
Australia , Aug 9, 2023
Logicalis celebrates incredible growth of Microsoft performance
FY23 has been an extraordinary year for Logicalis’s Microsoft partnership. We’ve seen 60% year-on-year growth reflecting our unwavering commitment to helping customers deliver business value through digital transformation.
Australia , Jul 10, 2023
Employee Burnout: Addressing the Root Causes and Empowering Leaders to Combat It
Employee burnout has become an increasingly alarming concern in recent years, and the COVID-19 pandemic has only exacerbated the issue. With the pandemic forcing many employees to work remotely, isolation and blurred boundaries between work and home life have led to a significant increase in burnout cases.
Australia , May 12, 2023
Introducing our Managed Digital Fabric Platform
Hear from Logicalis CTO, Toby Alcock, as he describes the challenges customers are facing and how our Digital Fabric Platformm can enable them to drive business outcomes.