Patch Operating Systems
The patch Operating Systems requirement of Essential 8 requires 2 things. Firstly, you need to have a vulnerability scanner that can make you aware of required updates and active exploits within the Windows Operating System and secondly, a method to deploy these updates to machines as they are required. Zoi has the capability to achieve both of these in the base user and base server protection packages using our multi tiered vulnerability scanning (so nothing is missed) and a valuable deployment tool to automatically push these updates when needed, and the ability to manually push in the case of emergency
Regular Backup
Zoi utilises its Star Vault platform to protect your data. This solution is very flexible, allowing for backups of Virtual Machines, Physical Machines and Microsoft 365 Data that you deem critical (MS Teams, SharePoint, OneDrive and Exchange). We evaluate each customer case by case, but we can install it as a Virtual Server onsite if you have already have a server we can leverage or a software agent that can be installed on any Windows or Linux machine.
We like to have multiple backup locations, so not only do you backup locally to your network (either a storage appliance like a NAS or even just a hard drive plugged into a machine) but also to our Cloud Repository for safe keeping. We even have data immutability, so if someone compromises your network (or worse ours), you can feel safe knowing that no one is allowed to delete backups until the immutability period has ended. By default, we set everything to 30 days of immutability for extra data loss protection.
Restrict Administrative Privilege
Restricting administrative privilege is achieved by either Group Policy if you utilise Active Directory, or by our management agent if you don’t. If you do not use Active Directory, we can create new Administrator accounts across all your devices utilising out management agent and scripting.
The end goal is to ensure no standard user account is capable of elevating commands to an administrator level unless they have been granted special permission to do so via use of a second monitored account.
Account use monitoring is achieved by our Celestial SIEM platform which ingests logs from all devices to track system operations and tasks to ensure no suspicious or malicious behaviour is occurring on any device.
Configure Office Macro Settings
This can easily be achieved with a Group Policy update if you operate on an Active Directory Domain. If you don’t, Zoi has developed scripts that can be automatically be run through our management agents to ensure compliance across the board. We run this regularly to ensure the settings remains consistent across your organisation.
We can also enforce this bahaviour through use of our Application Control powered by ThreatLocker
Patch Applications
The patch applications requirement of Essential 8 requires 2 things. Firstly, you need to have a vulnerability scanner that can make you aware of required updates and active exploits and secondly, a method to deploy these updates to machines as they are required. Zoi has the capability to achieve both of these in the base user and base server protection packages using our multi tiered vulnerability scanning (so nothing is missed) and a valuable deployment tool to automatically push these updates when needed, and the ability to manually push in the case of emergency
User Application Hardening
By default, most browsers do not allow processing of Java within them, but we like to make sure and run some checks to confirm with our management agent.
This is the same for Internet Explorer 11, if you are running Windows 10 or above, it will not be allowed to run.
In order to block Ads from running within your browser, we deploy DefensX. This agent runs on minimal resources and monitors and blocks access to malicious websites and any website advised by you to block or allow. It also enables Enterprise Browser features such as blocking the ability to upload or download from any site, monitoring or blocking the user of credentials on sites and recommending good passwords when you are required to create one.
Web browser security settings can be controlled by Group Policy if you have Active Directory, we also can run scripts with our management agent to stop settings from being adjusted from the required compliant defaults.
Multi-Factor Authentication
Zoi has partnered with Duo to offer you the most robust, comprehensive set of MFA tools available on the market. We can protect multiple applications ranging from Microsoft 365, Microsoft Remote Desktop to Dropbox and OpenVPN.
We like to create a foundational SSO platform for you to integrate all possible logins to in order it simplify your workload whilst remaining highly secure.
We do this by integrating SSO functions with your Microsoft 365 platform, leveraging its directory of logins you have already built to assist in authenticating all your other services.
*Active Directory Premium P1 is required in some circumstances, speak to Zoi to get an evaluation on what you need
Application Control
Zoi has partnered with ThreatLocker to provide you with world leading, world class application control capabilities. Not only can we control applications, we can provide Privilege Access Management and Storage/Network Control in your environment to ensure your data is secure and your users operate their systems and environments safely.
Zoi always deploys ThreatLocker in in a way that is least disruptive to your work flow, as this can be quite impactful if not done with utmost care. Trust us, we got this one for you.
Other Services
On top of the services required for aligning to the Essential 8, we also offer services we believe are integral to your Security and Management, see below for what we can also offer you. Many of these services come bundled in our Basic and Advanced packages.
User Support (Helpdesk, Ticketing)
End Point Protection (Anti-Virus, EDR and XDR)
Email Security (SPAM and Malware)
Cloud Office Security (MS Teams, SharePoint, OneDrive)
Phishing Simulation Exercises
Online Security Awareness Training