With the continuing rise of ransomware, malware defenses are more critical than ever before with regard to securing the enterprise. Anti-Malware technologies have become an afterthought in many organizations, a technology that they’ve always had, always used, and never really thought about. This control serves as a reminder that this technology is as critical as it ever was and lays out the minimum requirements for ensuring your malware defenses are up to the task.

Key Takeaways for Control 10

At the core of CIS Control 10 is basic security hygiene. We all know that we’re supposed to use anti-malware, that it should update automatically, that it should be centrally managed in an enterprise, and that we should take extra steps like disabling autorun and enabling anti-exploitation features. These are things that every IT and IS professional learns at the start of their careers. This is just about reinforcing it and reminding us that these systems need some TLC every now and then.

The biggest takeaway from Control 10 is that malware needs an entry point into your enterprise. This is why anti-malware is critical, it is a last line of defense after another control has potentially failed you.

Safeguards for Control 10

1.  Deploy and Maintain Anti-Malware Software

Description: Deploy and maintain anti-malware software on all enterprise assets.

Notes: The security function associated with this safeguard is Protect. This may seem obvious, but everything always forgets about the maintenance after the deployment. It is just as critical that you keep your anti-malware software up-to-date as it is that you deploy it in the first place.

2.  Configure Automatic Anti-Malware Signature Updates

Description: Configure automatic updates for anti-malware signature files on all enterprise assets.

Notes: The security function associated with this safeguard is Protect. While sometimes it seems like (Read more...)