With the continuing rise of ransomware, malware defenses are more critical than ever before with regard to securing the enterprise. Anti-Malware technologies have become an afterthought in many organizations, a technology that they’ve always had, always used, and never really thought about. This control serves as a reminder that this technology is as critical as it ever was and lays out the minimum requirements for ensuring your malware defenses are up to the task.
Key Takeaways for Control 10
At the core of CIS Control 10 is basic security hygiene. We all know that we’re supposed to use anti-malware, that it should update automatically, that it should be centrally managed in an enterprise, and that we should take extra steps like disabling autorun and enabling anti-exploitation features. These are things that every IT and IS professional learns at the start of their careers. This is just about reinforcing it and reminding us that these systems need some TLC every now and then.
The biggest takeaway from Control 10 is that malware needs an entry point into your enterprise. This is why anti-malware is critical, it is a last line of defense after another control has potentially failed you.
Safeguards for Control 10
10.1) Deploy and Maintain Anti-Malware Software
Description: Deploy and maintain anti-malware software on all enterprise assets.
Notes: The security function associated with this safeguard is Protect. This may seem obvious, but everything always forgets about the maintenance after the deployment. It is just as critical that you keep your anti-malware software up-to-date as it is that you deploy it in the first place.
10.2) Configure Automatic Anti-Malware Signature Updates
Description: Configure automatic updates for anti-malware signature files on all enterprise assets.
Notes: The security function associated with this safeguard is Protect. While sometimes it seems like a more ideal situation to verify updates before they are pushed out, enterprises are 24/7 operations and require a rapid response. It is important that you trust your anti-malware vendor and allow your systems to update signatures as soon as possible.
10.3) Disable Autorun and Autoplay for Removable Media
Description: Disable autorun and autoplay auto-execute functionality for removable media.
Notes: The security function associated with this safeguard is Protect. It is sad that this still has to be mentioned in 2021, but disable autorun and autoplay. While there are still other USB related risks, this is a big one that is still sometimes forgotten on new deployments. Your configuration management software can help you manage and monitor this setting.
10.4) Configure Automatic Anti-Malware Scanning of Devices Removable Media
Description: Configure anti-malware software to automatically scan removable media.
Notes: The security function associated with this safeguard is Detect. From a safety standpoint this makes sense. Malware spreads via USB, people still plug in USB drives they find, and conference attendees still often receive free drives. Keep your enterprise safe by enduring all removable media is scanned as soon as it is connected to your device.
10.5) Enable Anti-Exploitation Features
Description: Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and GatekeeperTM.
Notes: The security function associated with this safeguard is Protect. The development of this software really changed the game for defenders, but it isn’t always used to the best of its ability. Ensure that software that can prevent or reduce attacks on your systems is utilized whenever possible.
10.6) Centrally Manage Anti-Malware Software
Description: Centrally manage anti-malware software.
Notes: The security function associated with this safeguard is Protect. There’s nothing worse than having to go system to system to verify that software is up-to-date. If that is your AV software and you have a remote workforce, it becomes an administrative nightmare. This is why modern anti-malware can be centrally managed, it makes your life easier.
10.7) Use Behavior-Based Anti-Malware Software
Description: Use behavior-based anti-malware software.
Notes: The security function associated with this safeguard is Protect. Signatures only go so far, there will always be previously unknown pieces of malware that put your organization at risk. Running behavior-based anti-malware will ensure that even if signatures are available, your organization still stands a chance against newly released malware.
Read more about the 18 CIS Controls here:
CIS Control 10: Malware Defenses