By Bill Minahan | March 2, 2021 | 0 Comments
CIS Control 8 is one of the 20 critical CIS Controls. CIS controls are a set of actions that protect your organization from the most pervasive cyber attacks. There are 20 total critical controls that prioritize the most essential actions your organization can take in order to gain the highest pay-off results.
CIS Control 8 focuses on controlling the installation, spread, and execution of malicious code at multiple points of the organization.
In addition, it focuses on optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action.
The CIS Controls are based on actionable guidance from today’s biggest threats, formed by the consensus of the world’s leading experts across a variety of sectors.
CIS Control 8 is critical because malicious software is an integral and dangerous aspect of Internet threats, as it is designed to attack your systems, devices, and your data.
Furthermore, it is fast-moving, fast-changing, and enters through any number of points. For instance, end-user devices, email attachments, web pages, cloud services, user actions, and removable media.
Unfortunately, modern malware is designed to avoid defenses, and attack or disable them.
As a result, malware defenses must be able to operate in this dynamic environment through large-scale automation, rapid updating, and integration with processes like incident response plans.
Furthermore, defenses must also be deployed at all possible attack vectors in order to detect, stop the spread, or control the execution of malicious software.
Enterprise endpoint security suites provide administrative features to verify that all defenses are active and current on every managed system.
Sub-Control |
Asset Type |
Security Function |
Control Title |
Control Descriptions |
8.1 |
Devices | Protect | Utilize Centrally Managed Anti-Malware Software |
Utilize centrally managed anti-malware software to continuously monitor and defend each of the organization’s workstations and servers. |
8.2 |
Devices | Protect | Ensure Anti-Malware Software and Signatures Are Updated |
Ensure that the organization’s anti-malware software updates its scanning engine and signature database on a regular basis. |
8.3 |
Devices | Detect | Enable Operating System Anti-Exploitation Features/ Deploy Anti Exploit Technologies |
Enable anti-exploitation features such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) that are available in an operating system or deploy appropriate toolkits that can be configured to apply protection to a broader set of applications and executables. |
8.4 |
Devices | Detect | Configure Anti-Malware Scanning of Removable Media |
Configure devices so that they automatically conduct an anti-malware scan of removable media when inserted or connected. |
8.5 |
Devices | Protect | Configure Devices to Not Auto-Run Content |
Configure devices to not auto-run content from removable media |
8.6 |
Devices | Detect | Centralize Anti-Malware Logging |
Send all malware detection events to enterprise anti-malware administration tools and event log servers for analysis and alerting. |
8.7 |
Network | Detect | Enable DNS Query Logging |
Enable Domain Name System (DNS) query logging to detect hostname lookups for known malicious domains. |
8.8 |
Devices | Detect | Enable Command-Line Audit Logging |
Enable command-line audit logging for command shells, such as Microsoft PowerShell and Bash. |
If your team is struggling to implement CIS Control 8 and could use the assistance of a third-party security provider, aNetworks is here to help. Our team of experts can assist with whatever level of service you require from consulting to complete implementation.
If you are interested in learning more about CIS Controls, view our comprehensive list here.
If you are interested, then please contact us below.
Furthermore, if you are looking for more information, check out our resource center here.
Finally, you can always find us on Twitter, LinkedIn, and Facebook.