Jellyfish for Government
Jellyfish for All Levels of Government
Jellyfish is a responsive platform designed to bring agility through the creation of a secure organisational ecosystem. Jellyfish provides organisations with the capability to aggregate Identity and Access Management and full Credential Management.
Jellyfish achieves this through modules that address system integration pain points. Designed as an integrated, cohesive stack, Jellyfish can address a single pain point or evolve with your security requirements. Each module is created with connectivity and emerging technologies in mind and can be layered to ensure clients can combat new and emerging threats in the cyber landscape.
While no single mitigation strategy is guaranteed to prevent cyber security incidents, the Australian Signals Directorate (ASD) has created a list of 8 baseline strategies, known as the Essential Eight. These strategies make it harder for adversaries to compromise systems and administrator accounts.
The Essential 8 represents an effective strategy for preventing, rather than having to respond to, a large-scale cyber security incident.
The ASD Essential 8 are shown below.
ASD Essential 8
Before implementing any of the mitigation strategies, organisations should:
1. Identify which systems require protection
2. Identify which adversaries are most likely to target their systems, and
3. Identify what level of protection is required.
Application Whitelisting
Create a list of approved/trusted programs to prevent execution of unapproved/malicious programs.
This strategy ensures that all non-approved applications, including malicious code, are prevented from executing.
Patch Applications
Patch/mitigate computers with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest version of applications.
This strategy prevents the possibility of security vulnerabilities in applications being used to execute malicious code in systems.
Configure Microsoft Office Macro Settings
Block macros from the Internet, and only allow vetted macros – with trusted locations, limited write access or a digitally signed a trusted certificate – in.
User Application Hardening
Configure web browsers to block Flash, ads, and Java on the Internet. Disable unneeded features in Microsoft Office, web browsers and PDF viewers.
Restrict Administrative Priveledges
Restrict administrative privileges to operating systems and applications based on user duties. Regularly re-validate the need or privileges.
Admin accounts are the ‘keys to the kingdom’ and adversaries use these accounts to gain full access to information and systems.
Patch Operating Systems
Patch/mitigate computers (including network devices) with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest operation system version. Do not use unsupported versions.
Security vulnerabilities in operating systems can be used to further the compromise of systems.
Multi-Factor Authentication
Stronger user authentication makes it harder for adversaries to access sensitive information and systems. Multi-factor authentication should be used for all users performing privileged actions or accessing an important data repository
Daily Backups
Daily backups should be made for new, important/changed data, software, and configuration settings. The backups should be stored, disconnected, and retained for at least three months to ensure information can be accessed again following a cyber security incident.
