Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]
Utilize centrally managed anti-malware software to continuously monitor and defend each of the organization's workstations and servers.
Ensure that the organization's anti-malware software updates its scanning engine and signature database on a regular basis.
Enable anti-exploitation features such as Data Execution Prevention (DEP) or Address Space Layout Randomization (ASLR) that are available in an operating system or deploy appropriate toolkits that can be configured to apply protection to a broader set of applications and executables.
Configure devices so that they automatically conduct an anti-malware scan of removable media when inserted or connected.
Configure devices to not auto-run content from removable media.
Send all malware detection events to enterprise anti-malware administration tools and event log servers for analysis and alerting.
Enable Domain Name System (DNS) query logging to detect hostname lookups for known malicious domains.
Enable command-line audit logging for command shells, such as Microsoft PowerShell and Bash.