CIS Control 8: Malware Defenses¶
Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action.
Why is this CIS Control Critical?
Malicious software is an integral and dangerous aspect of Internet threats, as it is designed to attack your systems, devices, and your data. It is fast-moving, fast-changing, and enters through any number of points like end-user devices, email attachments, web pages, cloud services, user actions, and removable media. Modern malware is designed to avoid defenses, and attack or disable them.
Malware defenses must be able to operate in this dynamic environment through large-scale automation, rapid updating, and integration with processes like incident response. They must also be deployed at multiple possible points of attack to detect, stop the movement of, or control the execution of malicious software. Enterprise endpoint security suites provide administrative features to verify that all defenses are active and current on every managed system.
- 8.1: Utilize Centrally Managed Anti-Malware Software
- 8.2: Ensure Anti-Malware Software and Signatures Are Updated
- 8.3: Enable Operating System Anti-Exploitation Features/Deploy Anti-Exploit Technologies
- 8.4: Configure Anti-Malware Scanning of Removable Media
- 8.5: Configure Devices to Not Auto-Run Content
- 8.6: Centralize Anti-Malware Logging
- 8.7: Enable DNS Query Logging
- 8.8: Enable Command-Line Audit Logging