CIS Control 10: Malware Defenses


With the continuing rise of ransomware, malware defenses are more critical than ever before with regard to securing the enterprise. Anti-Malware technologies have become an afterthought in many organizations, a technology that they’ve always had, always used, and never really thought about. This control serves as a reminder that this technology is as critical as it ever was and lays out the minimum requirements for ensuring your malware defenses are up to the task.

Key Takeaways for Control 10

At the core of CIS Control 10 is basic security hygiene. We all know that we’re supposed to use anti-malware, that it should update automatically, that it should be centrally managed in an enterprise, and that we should take extra steps like disabling autorun and enabling anti-exploitation features. These are things that every IT and IS professional learns at the start of their careers. This is just about reinforcing it and reminding us that these systems need some TLC every now and then.

The biggest takeaway from Control 10 is that malware needs an entry point into your enterprise. This is why anti-malware is critical, and it is a last line of defense after another control has potentially failed you.

Safeguards for Control 10

10.1) Deploy and Maintain Anti-Malware Software

Description: Deploy and maintain anti-malware software on all enterprise assets.

Notes: The security function associated with this safeguard is Detect. This may seem obvious, but everyone always forgets about the maintenance after the deployment. It is just as critical that you keep your anti-malware software up-to-date as it is that you deploy it in the first place.

10.2) Configure Automatic Anti-Malware Signature Updates

Description: Configure automatic updates for anti-malware signature files on all enterprise assets.

Notes: The security function associated with this safeguard is Protect. While sometimes it seems like an ideal situation to verify updates before they are pushed out, enterprises are 24/7 operations and require a rapid response. It is important that you trust your anti-malware vendor and allow your systems to update signatures as soon as possible.

10.3) Disable Autorun and Autoplay for Removable Media

Description: Disable autorun and autoplay auto-execute functionality for removable media.

Notes: The security function associated with this safeguard is Protect. It is sad that this still has to be mentioned in 2021 but disable autorun and autoplay. While there are still other USB related risks, this is a big one that is still sometimes forgotten on new deployments. Your configuration management software can help you manage and monitor this setting.

10.4) Configure Automatic Anti-Malware Scanning of Devices Removable Media

Description: Configure anti-malware software to automatically scan removable media.

Notes: The security function associated with this safeguard is Detect. From a safety standpoint, this makes sense. Malware spreads via USB, people still plug in USB drives they find, and conference attendees still often receive free drives. Keep your enterprise safe by ensuring all removable media is scanned as soon as it is connected to your device.

10.5) Enable Anti-Exploitation Features

Description: Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and GatekeeperTM.

Notes: The security function associated with this safeguard is Protect. The development of this software really changed the game for defenders, but it isn’t always used to the best of its ability. Ensure that software that can prevent or reduce attacks on your systems is utilized whenever possible.

10.6) Centrally Manage Anti-Malware Software

Description: Centrally manage anti-malware software.

Notes: The security function associated with this safeguard is Protect. There’s nothing worse than having to go system to system to verify that software is up-to-date. If that is your AV software and you have a remote workforce, it becomes an administrative nightmare. This is why modern anti-malware can be centrally managed; it makes your life easier.

10.7) Use Behavior-Based Anti-Malware Software

Description: Use behavior-based anti-malware software.

Notes: The security function associated with this safeguard is Detect. Signatures only go so far; there will always be previously unknown pieces of malware that put your organization at risk. Running behavior-based anti-malware will ensure that even if signatures are available, your organization still stands a chance against newly released malware.

See how simple and effective security controls can create a framework that helps you protect your organization and data from known cyber-attack vectors by downloading this guide here.

Read more about the 18 CIS Controls here:

CIS Control 1: Inventory and Control of Enterprise Assets

CIS Control 2: Inventory and Control of Software Assets

CIS Control 3: Data Protection

CIS Control 4: Secure Configuration of Enterprise Assets and Software

CIS Control 5: Account Management

CIS Control 6: Access Control Management

CIS Control 7: Continuous Vulnerability Management

CIS Control 8: Audit Log Management

CIS Control 9: Email and Web Browser Protections

CIS Control 10: Malware Defenses

CIS Control 11: Data Recovery

CIS Control 12: Network Infrastructure Management

CIS Control 13: Network Monitoring and Defense

CIS Control 14: Security Awareness and Skill Training

CIS Control 15: Service Provider Management

CIS Control 16: Application Software Security

CIS Control 17: Incident Response Management

CIS Control 18: Penetration Testing



Source link

Leave a Comment