8: Malware Defenses
Threats Addressed:
Control Statement
Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]
Subcontrols
8.1: Utilize Centrally Managed Anti-malware Software
Utilize centrally managed anti-malware software to continuously monitor and defend each of the organization's workstations and servers.
8.2: Ensure Anti-Malware Software and Signatures Are Updated
Ensure that the organization's anti-malware software updates its scanning engine and signature database on a regular basis.
8.3: Enable Operating System Anti-Exploitation Features/Deploy Anti-Exploit Technologies
Enable anti-exploitation features such as Data Execution Prevention (DEP) or Address Space Layout Randomization (ASLR) that are available in an operating system or deploy appropriate toolkits that can be configured to apply protection to a broader set of applications and executables.
8.4: Configure Anti-Malware Scanning of Removable Devices
Configure devices so that they automatically conduct an anti-malware scan of removable media when inserted or connected.
8.5: Configure Devices to Not Auto-Run Content
Configure devices to not auto-run content from removable media.
8.6: Centralize Anti-Malware Logging
Send all malware detection events to enterprise anti-malware administration tools and event log servers for analysis and alerting.
8.7: Enable DNS Query Logging
Enable Domain Name System (DNS) query logging to detect hostname lookups for known malicious domains.
8.8: Enable Command-Line Audit Logging
Enable command-line audit logging for command shells, such as Microsoft PowerShell and Bash.