The Essential Eight.

There's no single strategy to mitigate cyber security risk. There are eight. The Essential Eight.

Developed by the Australian Signals Directorate and the Australian Cyber Security Centre, the Essential Eight is a list of prioritised strategies for your department to protect itself from cyber threats.

1. Application Whitelisting

Whitelist only trusted programs and ensure only authorised applications and code are allowed to execute.

2. Patch Applications

Make sure all applications have been properly patched with vendor approved fixes.

3. Patch Operating Systems

Install updates and patches within 48 hours to computers and networks devices with 'extreme risk' vulnerabilities. Use the latest supported version of the operating system.

4. Restrict Admin Privileges

Admin privileges should be restricted to authorised personnel only and limted to activities that are absolutely necessary.

5. Disable Untrusted Macros

Prevent Microsoft Office macros from executing to disable any embedded malicious code.

6. User Application Hardening

User applications should block common vectors for attack such as untrusted code executing in web browsers: Block or remove Flash, Java and pop‑ups; elevate browser security configurations.

7. MultiFactor Authentication

To deter attack and access to sensitive data, strengthen user validation by creating multiple levels of authentication, especially for remote access.

8. Daily Backup

Backup data, system configurations and other critical parts of the infrastructure every day and store it offline for easy restoration.

So, are you ready to take on the
Essential Eight?


Know and trust your transforming environment.

By ensuring key E8 baseline security measures (strategies) are implemented across your various business assets, both in the cloud and on-premise, your department can have more confidence and trust in your digital environment.

The challenge is how to continuously monitor and ensure these controls are effectively being maintained across all of your assets.

The Essential Eight

The Thales Essential Eight Managed Service combines Huntsman's SIEM and Security Analytics technology – the preferred tool for law enforcement, defence and intelligence – with Thales' expertise in governance, risk and compliance in the Australian Government.

Choosing the Thales Essential Eight Managed Service means entering into a partnership to help your organisation determine and realise the security level required to achieve Essential Eight compliance.

This managed service becomes an integral component of how you proactively manage risks to key assets, through providing real-time management and operational dashboards and relevant alerting of key threats and risks to operational teams.

Where do we start?
Thales proven methodology with four key steps:
  1. IDENTIFY critical assets (physical, information, configuration).
  2. ASSESS the risk and implemented controls for those assets for security weaknesses and compliance to security standards.
  3. SECURE the assets with Essential Eight key mitigation strategies.
  4. MANAGE an optimal security and compliance posture by providing a common operating picture through monitoring and situational awareness services.
Daily proactive visibility of your key risks and threats

The capability provides:

  • Continuous monitoring of your environment including on-premise, cloud and hybrid.
  • Pre-defined alerts, live dashboard, queries and reporting.
  • Executive summary report and detailed control report (including key cyber and compliance metrics).
  • Clear visibility of current security posture.
  • Guidance on where vulnerabilities exist.


We are holding a series of Essential Eight events.

We'd love you to join us:


ASPI Panel Discussion
ASPI Office, Canberra

As the cost of cyber-attacks rockets to eye-watering levels and the risks to government and business increase, why do cyber defenders find it so hard to implement comprehensive mitigation strategies? Even government departments find it difficult to implement the Australian Cyber Security Centre's Essential Eight Strategies, the top four of which have been mandated since June 2014.

This will take you to the ASPI website for registration

friday NOVEMBER 23RD 2018

Essential Eight Workshop
National Press Club, Canberra

If you manage your department's cyber security posture, or you're responsible for auditing cyber resilience then this workshop is for you. Come along and learn (a) how you can create and deliver a plan for implementing the Essential Eight Controls, (b) how you can have ongoing visibility of the effectiveness of the controls, and (c) how you can improve compliance to the controls.

This will take you to the Huntsman website for registration