Today, I will be going over Control 8 from version 7 of the CIS top 20 Critical Security Controls – Malware Defenses. I will go through the eight requirements and offer my thoughts on what I’ve found.

Key Takeaways for Control 8

  • Back to the basics. Install AV and run updates regularly. This has been ingrained in IT professionals for decades. The only key aspects is to make sure the AV solution meets the needs of your organization in terms of capabilities.
  • Integrate your security tools. So many security tools can work together to orchestrate the response to a malware infection. While an AV product can quarantine and delete an infected file, integrating with change management and other SCM tools can remediate an entire system back to a clean state.

Requirement Listing for Control 8

1. Utilize Centrally Managed Anti-malware Software

Description: Utilize centrally managed anti-malware software to continuously monitor and defend each of the organization’s workstations and servers.

AWS Builder Community Hub

Notes: Any enterprise class AV software will have this capability. By having a centrally managed AV, you can easily enable requirements 2 and 6 below.

2. Ensure Anti-Malware Software Signatures are Updated

Description: Ensure that the organization’s anti-malware software updates its scanning engine and signature database on a regular basis.

Notes: The AV is only as good as it’s signatures. While pure signature-based detection is no longer viable, even anomaly-based engines need to be updated on a regular basis. Ensure that the updates are rolled out automatically and use tools to verify that the signatures are actually up-to-date. Tripwire Enterprise can help with the latter, ensuring that your AV is installed, running, and up-to-date.

3. Enable Operating System Anti-Exploitation Features/Deploy Anti-Exploit Technologies

Description: Enable anti-exploitation features such as Data Execution Prevention (DEP) or Address Space Layout (Read more...)