CIS Control 8: Malware Defenses

Home  »  Blog  »  Cyber Security  »  CIS Control...

By Bill Minahan   |   March 2, 2021   |   0 Comments

CIS Control 13

CIS Control 8: Malware Defenses

What is CIS Control 8?

CIS Control 8 is one of the 20 critical CIS Controls. CIS controls are a set of actions that protect your organization from the most pervasive cyber attacks. There are 20 total critical controls that prioritize the most essential actions your organization can take in order to gain the highest pay-off results.

CIS Control 8 focuses on controlling the installation, spread, and execution of malicious code at multiple points of the organization.

In addition, it focuses on optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action.

Why is CIS Control 8 Critical?

The CIS Controls are based on actionable guidance from today’s biggest threats, formed by the consensus of the world’s leading experts across a variety of sectors.

CIS Control 8 is critical because malicious software is an integral and dangerous aspect of Internet threats, as it is designed to attack your systems, devices, and your data.

Furthermore, it is fast-moving, fast-changing, and enters through any number of points. For instance, end-user devices, email attachments, web pages, cloud services, user actions, and removable media.

Unfortunately, modern malware is designed to avoid defenses, and attack or disable them.

As a result, malware defenses must be able to operate in this dynamic environment through large-scale automation, rapid updating, and integration with processes like incident response plans.

Furthermore, defenses must also be deployed at all possible attack vectors in order to detect, stop the spread, or control the execution of malicious software.

Enterprise endpoint security suites provide administrative features to verify that all defenses are active and current on every managed system.

How to Implement CIS Control 8

Sub-Control

Asset Type

Security Function

Control Title

Control Descriptions

8.1

Devices Protect Utilize Centrally Managed Anti-Malware Software  

Utilize centrally managed anti-malware software to continuously monitor and defend each of the organization’s workstations and servers.

8.2

Devices Protect Ensure Anti-Malware Software and Signatures Are Updated  

Ensure that the organization’s anti-malware software updates its scanning engine and signature database on a regular basis.

8.3

Devices Detect Enable Operating System Anti-Exploitation Features/ Deploy Anti Exploit Technologies  

Enable anti-exploitation features such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) that are available in an operating system or deploy appropriate toolkits that can be configured to apply protection to a broader set of applications and executables.

8.4

Devices Detect Configure Anti-Malware Scanning of Removable Media  

Configure devices so that they automatically conduct an anti-malware scan of removable media when inserted or connected.

8.5

Devices Protect Configure Devices to Not Auto-Run Content  

Configure devices to not auto-run content from removable media

8.6

Devices Detect Centralize Anti-Malware Logging  

Send all malware detection events to enterprise anti-malware administration tools and event log servers for analysis and alerting.

8.7

Network Detect Enable DNS Query Logging  

Enable Domain Name System (DNS) query logging to detect hostname lookups for known malicious domains.

8.8

Devices Detect Enable Command-Line Audit Logging  

Enable command-line audit logging for command shells, such as Microsoft PowerShell and Bash.

 

Implementing CIS Control 8

If your team is struggling to implement CIS Control 8 and could use the assistance of a third-party security provider, aNetworks is here to help. Our team of experts can assist with whatever level of service you require from consulting to complete implementation.

If you are interested in learning more about CIS Controls, view our comprehensive list here.

If you are interested, then please contact us below.

Contact Us

Furthermore, if you are looking for more information, check out our resource center here.

Finally, you can always find us on TwitterLinkedIn, and Facebook.


Category: Cyber Security