CIS Controls v8 Overview- Control 10

This week we will cover the 10th control in the CIS Controls Version 8.

Control 10: Malware Defenses - prevent or control the installation, spread, and execution of malicious applications, code, or scripts on enterprise assets.

Why is this control important?

Malicious software (aka Malware) is a real and active danger to all organizations. It is sometimes called a “virus” or a “trojan” and it's often used to capture a user’s credentials. It can also steal, encrypt (lock), or destroy data. Another factor that adds to its threat is that is ever-evolving and adaptive and is often designed to avoid, deceive, or disable defenses.

Malware usually enters an organization thru end-user devices, email attachments, webpages, mobile devices, removable media, and cloud services which are influenced by insecure end-user behavior.

And its Safeguards?

The control has seven (7) Safeguards that cover the key actions to establish and maintain secure configurations. The Safeguards include the use and central management of Anti-Malware software along with ensuring its signatures remain updated. In addition, removable media should be scanned with the Anti-Malware software and should not be allowed to autorun and/or autoplay. Anti-Exploitation Features should be enabled on enterprise assets and software, i.e., Microsoft Data Execution Prevention (DEP). Anti-Malware software that also leverages behavior-based protection should also be used where possible.

How is this control implemented?

As noted in the Safeguards review, Anti-Malware software is the cornerstone of detection and prevention. Malware defenses are most effective when centrally implemented, followed by the use of automation for deployment and timely updates from the vendor. All entry points within an organization MUST be protected to prevent spread and to limit malicious code running in the first place.

Key Reminder(s)

Anti-Malware software MUST be implemented and used across the organization. In addition, the best practice is to configure updates to be automatically made to the software to ensure ongoing protection. Finally, ensure that the software logging is enabled to properly support Incident Response Management which will be covered in the CIS Control 17 overview.

In the next post, we will look at Control 11: Data Recovery. Need to make sure your Malware Defenses are up to the task? Contact Temples Consulting Group for a no-cost consultation to schedule a Risk Assessment based on the CIS Controls.

If you enjoyed this article, please like and click follow for more Cybersecurity articles!

#cybersecurity #security #infosec #informationsecurity #riskmanagement #ciscontrols #cissecuresuite #safeguards #ciscontrolsv8 #templesconsultinggroup #security #clarity #delivery #riskassessment #riskremediation #risk2remediation #software #cyber #governance #GRC #implementations #dataprotection #datasecurity