ThreatDefence is the only SecOps as a Service company providing broad coverage across your entire technology stack with evidence-based security.
We provide security teams with full-stack SecOps infrastructure – you get deep visibility from day one, gain control over your security data, and get access to a comprehensive set of ready-to-use tools, detections, workflows, playbooks and scenarios.
24×7 managed detection and response across endpoint, network, cloud, identity, and log sources
Eyes-on-glass SOC and continuous threat hunting
Protect your entire technology stack and build your SecOps on your own pace
Launch your SOC business without any upfront investment
Get ultimate assurance that your environment is free from threat actors
Visibility and actionable insights for all IT assets
Leverage our Cyber Range to train defenders based on real-world scenarios and simulations
Quickly recover from cyber attacks and breaches
Cloud-based SIEM platform providing visibility across all your data sources
Manage your external footprint, publicly available data, and Dark Web leaks
Quick alert triage and integrated SOC metrics
Fully featured distrubuted NDR for on-premises and public cloud environments
Deploy honeypots and honeytokens and stay ahead of threat actors
Quick investigations and Threat Hunting with our cyber AI
Integrated endpoint agent providing deep visibility, response and forensics
Log management and threat detection across any of your log sources
ThreatDefence puts security and compliance at the heart of our service, keeping your data protected at all times.
See how we keep your data secure.
Read what our customers say about us
Solution briefs and datasheets
Technical support and knowledge base
Essential Eight monitoring, reporting, and evidence for ongoing compliance
Privacy Act reform impacts, obligations, and practical security considerations
Monitoring and compliance support for critical infrastructure environments
A practical guide to Incident Response and Digital Forensics
Read how cyber range helps to train cyber defenders
We provide end-to-end SecOps solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs).
Find out how you can become a ThreatDefence partner.
AI SOC hyperautomation transforms cybersecurity ops by autonomously detecting, analyzing, and remediating threats.
Honored to Support the Launch of the University of Technology Sydney Cybersecurity Precinct!
ThreatDefence Cyber had the privilege of meeting with Honeywell Dubai’s Digital City leadership to explore synergies in OT/SCADA and…
Read More
Equinox to support companies with ready to use, end-to-end SecOps infrastructure, including a full stack platform able to capture and…
ThreatDefence had an amazing time at AISA CyberCon 2024, connecting with industry leaders and advancing cyber security conversations.
The Australian Signals Directorate’s Essential Eight is the baseline for cyber resilience across Australian government and private sector organisations. But achieving a maturity level means nothing if you can’t maintain it, measure it, and demonstrate it.
ThreatDefence provides continuous Essential Eight monitoring, automated evidence collection, and board-ready compliance reports — all from a single platform.
The Essential Eight Mitigation Strategies are a prioritised set of baseline cybersecurity controls developed by the Australian Signals Directorate (ASD) to protect organisations against the most common cyber threats.
The full framework and official guidance is published by the ASD at the Australian Cyber Security Centre (ACSC).
The eight strategies are:
Remediate vulnerabilities in internet-facing and high-risk applications.
Keep OS patching current, especially for internet-facing systems.
Require MFA for privileged accounts, remote access and sensitive data.
Limit admin access to only what’s needed.
Prevent execution of unapproved software.
Block or restrict macros from the internet.
Disable or configure risky browser and application features.
Maintain and test backups to recover from ransomware and data loss
Each strategy is assessed at Maturity Level 0 through 3, with ML3 representing full alignment with the strategy’s intent. The ASD publishes the full Essential Eight Maturity Model including assessment guidance for each level.
Essential Eight is a mandatory cyber security baseline across much of Ausralian government, and its influence now extends well beyond the Commonwealth. State agencies, critical infrastructure operators, and private sector organisations are increasingly being asked to demonstrate Essential Eight alignment by regulators, insurers, and enterprise customers.
Assessing Essential Eight compliance is not just about checking whether controls exist. It is about determining whether they are implemented correctly, operating consistently, and aligned to the maturity level your organisation is expected to achieve. Effective assessment should show where gaps exist, where control performance is drifting, and whether your security posture can be sustained over time.
Many organisations still treat Essential Eight compliance as a one-off exercise. An assessment is performed, a report is delivered, remediation work is completed, and the organisation moves on. The problem is that security posture changes constantly. A new vulnerability may emerge, a patch cycle may slip, a configuration may drift, or an administrative shortcut may be introduced. When that happens, maturity can quietly decline long before the next formal review.
A point-in-time assessment only shows where you stood on a particular day. It does not prove that your controls remain effective over time. Continuous monitoring provides that assurance by identifying drift early, surfacing new weaknesses, and helping organisations maintain Essential Eight maturity on an ongoing basis.
Many Essential Eight requirements are not just about putting preventive controls in place. They also depend on ongoing monitoring, timely analysis, incident handling, escalation, and evidence-based response. This is where continuous Security Operations plays a critical role. A properly run SIEM, SOC, and DFIR capability helps organisations maintain oversight of control effectiveness, detect when controls are failing or being bypassed, and respond quickly when suspicious activity occurs.
Security Operations directly supports requirements such as cybersecurity events being analysed in a timely manner to identify cybersecurity incidents, cybersecurity incidents being reported to the Chief Information Security Officer or their delegate as soon as possible after they occur or are discovered, and the cybersecurity incident response plan being enacted following the identification of an incident. These are operational responsibilities. They rely on continuous log collection, alerting, triage, investigation, escalation, case management, and coordinated response, which sit squarely within the remit of the SOC.
This also extends to monitoring of privileged user activity, administrative account use, authentication anomalies, suspicious PowerShell or script execution, unauthorised software execution, unusual remote access, policy changes, and other indicators that a control may have failed or that an attacker may be attempting to bypass it. While the Essential Eight includes controls such as application control, patching, macro restrictions, hardening, MFA, and privileged access restrictions, continuous Security Operations helps verify that these controls remain effective in practice and identifies when gaps emerge over time.
A SIEM supports this by centralising logs and telemetry from endpoints, servers, identity providers, cloud services, firewalls, and security tools, then correlating that data to surface meaningful security events. The SOC uses that visibility to investigate activity, distinguish real incidents from noise, escalate material issues, and ensure response actions are initiated. Where an incident is more serious or complex, DFIR provides deeper investigation, forensic evidence collection, scoping, containment guidance, and post-incident analysis. Together, these functions help organisations move beyond point-in-time compliance and maintain an active, defensible security posture.
The following section maps ThreatDefence platform capabilities directly to each of the eight ASD mitigation strategies.For each control, we outline what ThreatDefence monitors, detects, and reports on — and how this supports your maturity level assessment and reporting.
ASD Guidance: Internet-facing and high-risk applications must be patched within defined timeframes — 48 hours for critical vulnerabilities, two weeks for other security patches.
How ThreatDefence helps:
Reporting: Automated patch compliance reports mapped to ASD timeframe requirements for ongoing evidence.
ASD Guidance: Operating systems must be patched within ASD-mandated timeframes, with end-of-life operating systems removed from the environment.
Reporting: OS patch currency evidence and end-of-life detection.
ASD Guidance: MFA must be enforced for all remote access, privileged accounts, and access to important data repositories.
Reporting: MFA coverage, MFA associated incidents, event log monitoring for MFA events.
ASD Guidance: Admin privileges must be limited to only those who need them, with privileged accounts used only for administrative tasks — not email, web browsing, or general use.
Reporting: Full privileged account inventory and behaviour monitoring, anomalous privileged account behaviour triggers immediate alerts for investigation.
ASD Guidance: The goal is to prevent the execution of unapproved or malicious programs, including executables, software libraries, scripts, and installers.
Reporting: Evidence for all execution attempts and policy enforcement status.
ASD Guidance: Macros from the internet are a primary delivery mechanism for malware. Organisations should block or tightly restrict macro execution.
Reporting: Event evidence and policy enforcement monitoring, including detection of policy bypass attempts.
ASD Guidance: Web browsers, PDF readers, and Microsoft Office should be configured to block or disable risky features including Flash, Java, and web advertisements.
Reporting: Configuration compliance evidence and deviation alerting.
ASD Guidance: Backups of important data, software, and configuration settings must be performed and tested regularly. Backups must be disconnected from the network and protected from unauthorised access.
Reporting: Backup monitoring and ransomware-targeting detection, evidence of backup access controls and integrity.
No control is perfect. Even well-implemented Essential Eight controls can be misconfigured, bypassed or defeated by a determined attacker.
That is why incident response remains a critical part of a mature Essential Eight program. When a control fails, the organisation needs to detect it quickly, understand what happened, contain the impact, and restore normal operations with clear evidence and accountability. This is not just a technical task. It is an operational discipline that connects monitoring, investigation, decision-making, escalation, and recovery.
In practice, incident response begins when suspicious activity is detected through logs, alerts, behavioural analytics, user reports, or external notification. When ThreatDefence detects an Essential Eight control failure or active threat, our 24×7 SOC responds immediately.
Our IR capability includes:
Our analysts review every alert and determine severity within minutes, eliminating false positive noise.
Full forensic investigation using rich endpoint, network and cloud telemetry, and identity logs to establish scope.
Guided or automated containment actions to isolate affected
Full forensic evidence chain maintained for regulatory and legal
Step-by-step remediation instructions mapped to the specific Essential Eight control that failed.
Detailed incident report with timeline, root cause, and recommendations to prevent recurrence.
ThreatDefence generates automated Essential Eight reports that map directly to the ASD’s Essential Eight Assessment Process Guide:
Reports can be scheduled, automated, and delivered to stakeholders on any cadence.
ThreatDefence SecOps platform is designed and operated in Australia, with deep understanding of the local regulatory landscape.
Deploy as a cloud service or on-premises. Integrate with your existing Microsoft, CrowdStrike, or other security tooling. Get 24×7 SOC coverage with dedicated Essential Eight alerting.
Monitor Essential Eight compliance across all your client tenants from a single pane of glass. Deliver automated monthly compliance reports under your own brand.
The Essential Eight is a set of eight baseline cybersecurity mitigation strategies developed by the Australian Signals Directorate (ASD) to help organisations reduce the risk of common cyber attacks. It is widely used across Australia as a practical framework for improving cyber resilience.
The Essential Eight focuses on security measures that materially reduce the likelihood of compromise, limit attacker movement, and strengthen an organisation’s ability to recover. It is practical, well understood in the Australian market, and increasingly used as a benchmark for cyber security maturity.
The Essential Eight is not universally mandatory for all Australian businesses. However, many Commonwealth and state government entities may be required to meet specific maturity levels, and private sector organisations are increasingly being asked to demonstrate alignment by customers, regulators, insurers, and procurement teams.
The Essential Eight is relevant to government agencies, critical infrastructure operators, regulated industries, and private sector organisations of all sizes. Even where it is not mandatory, it provides a strong baseline for reducing cyber risk.
The eight strategies are application control, patch applications, configure Microsoft Office macro settings, user application hardening, restrict administrative privileges, patch operating systems, multi-factor authentication, and regular backups.
Maturity Level 1 focuses on reducing risk from basic opportunistic threats. Maturity Level 2 is aimed at more capable adversaries and requires stronger, more consistent implementation. Maturity Level 3 represents a more robust and resilient security posture aligned to defending against more advanced tradecraft. The ASD maturity model provides the full criteria for each level.
No. The Essential Eight significantly reduces cyber risk, but it does not eliminate it. Controls can be misconfigured, bypassed, or degrade over time. That is why monitoring, detection, incident response, and continuous improvement remain important.
An assessment typically reviews your environment against the ASD maturity model to determine how effectively each control is implemented. This usually involves reviewing policies, configurations, technical evidence, system settings, and operational practices.
A traditional assessment is a point-in-time snapshot. Continuous monitoring provides ongoing visibility into your security posture, helping you identify control drift, new vulnerabilities, missed patches, configuration changes, and policy violations as they occur.
Security posture changes constantly. New software is installed, systems are reconfigured, accounts are created, patch cycles slip, and exceptions accumulate. An organisation may pass an assessment and still fall out of alignment weeks later. Continuous oversight helps reduce that gap.
Control drift refers to a situation where a control that was once correctly implemented is no longer operating as intended. This may happen because of configuration changes, missing updates, new assets, operational exceptions, or human error.
Yes. The Essential Eight remains relevant in cloud and hybrid environments, although implementation details may differ depending on the platforms and services in use. Controls still need to be interpreted in the context of modern identity, endpoint, workload, and SaaS environments.
Yes. The Essential Eight is not only for large enterprises or government. Smaller organisations can also use it as a practical baseline to improve security, prioritise investment, and reduce exposure to common attack paths.Yes. The Essential Eight is not only for large enterprises or government. Smaller organisations can also use it as a practical baseline to improve security, prioritise investment, and reduce exposure to common attack paths.Yes. The Essential Eight is not only for large enterprises or government. Smaller organisations can also use it as a practical baseline to improve security, prioritise investment, and reduce exposure to common attack paths.
Not meeting a target maturity level means there are gaps between your current state and the required control intent. The next step is usually to identify those gaps, prioritise remediation, and put in place a plan for uplift, validation, and ongoing monitoring.
It should be reviewed regularly, not just once a year. Formal assessments may happen periodically, but control effectiveness should ideally be monitored continuously so that issues can be identified and addressed as they emerge.
SIEM and SOC do not replace the Essential Eight controls, but they help support them operationally. They provide visibility, monitoring, alerting, investigation, incident escalation, and reporting when controls fail, drift, or are bypassed.
Incident response is critical when preventive controls fail. It helps organisations analyse cyber security events quickly, identify incidents, escalate them appropriately, activate the incident response plan, contain malicious activity, preserve evidence, and improve controls after the event.
Yes. Monitoring privileged user activity is an important operational measure that supports the intent of several Essential Eight strategies, particularly around restricting administrative privileges, detecting misuse, and identifying suspicious behaviour early.
ThreatDefence helps organisations monitor and assess coverage across all eight strategies through mapped visibility, detection content, dashboards, and reporting. It supports continuous oversight, control validation, and identification of gaps that may affect Essential Eight alignment.
No. A formal assessment still has its place. ThreatDefence complements that process by providing ongoing monitoring and operational visibility, helping organisations maintain alignment between formal reviews and detect when posture changes.
Yes. ThreatDefence can support self-assessment, evidence collection, reporting, and continuous monitoring, helping organisations understand their current posture, track progress, and prioritise remediation activities.