UEM-09: Anti-Malware Detection and Prevention

CSF v1.1 References:

Info icon.

Control is new to this version of the control set.

Control Statement

Configure managed endpoints with anti-malware detection and prevention technology and services.

Implementation Guidance

Organizations should consider the following:

  1. Managed endpoints should be protected through anti-malware software, security awareness, appropriate system access, and change management controls.
  2. Organizations should have formal policies and technologies implemented to install and upgrade protective measures promptly. These measures include installing and regularly updating anti-malware software and virus definitions (automatically) and whenever updates are available. Additionally, organizations should periodically review and scan installed software and system data content to identify and remove unauthorized software (when possible).
  3. Wherever possible, organizations should also:
  4. Disable universal serial bus (USB) ports.
  5. Prohibit writable media use (e.g., DVD-R).
  6. Restrict read-only media (e.g., DVD-ROM) used to legitimate commercial sources for legitimate business reasons (e.g., Linux installation disks) and allow only whitelisted software to run on the endpoint.
  7. Employ anti-malware software that offers a centralized infrastructure that compiles information on file reputations or has administrators manually push updates to all machines. After updating, automated systems should verify that each system has received its signature update.
  8. Define procedures to respond to malicious code or unauthorized software identification. Checking antivirus or anti-spyware software generates audit logs of checks performed. Malicious code detection and repair software checks to scan computers and media include:
  9. Checking files on electronic or optical media and files received over networks for malicious code before use.
  10. Checking electronic mail attachments and downloads for malicious code or file types that are unnecessary for organizational business before use. This check occurs at different places (e.g., electronic mail servers, desktop computers, and when entering the organization’s network).
  11. Checking web traffic—such as hypertext markup language (HTML), JavaScript, and hypertext transfer protocol (HTTP)—for malicious code.
  12. Checking removable media (e.g., USB tokens and hard drives, CDs/DVDs, FireWire devices, and external serial advanced technology attachment devices) when inserted.
  13. Have formal policies to prohibit using or installing unauthorized software, including restricting on obtaining data and software from external networks. User awareness and training on these policies and methods should be provided for all users regularly.
  14. Bring your own device (BYOD) users should use anti-malware software (where supported).

Auditing Guidance

  1. Examine the organization's anti-malware policy.
  2. Determine if such controls are in place and evaluated as effective.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.