FRAMEWORKS AND STANDARDS

CIS Critical Controls Explained

An overview of CIS control ten, its purpose, and how to implement the control.

Published Date: October 28, 2024

Product Line: CIS Controls

Audience: Executives, Security Administrators

Get your copy of the CIS Controls V8.1 here.

What is Malware?

Malware includes any type of vulnerable software, that when executed, can perform malicious activity on a device. Malicious activities include but are not limited to stealing credentials, stealing data, locking services, and much more. Examples include viruses such as Trojan Horses, a malicious malware disguised as a legitimate file or program and ransomware, a type of software used to encrypt devices and prevent access to systems.

Malware Defenses

Malware defenses encompass a variety of techniques deployed at all enterprise entry points and assets to prevent/control the install, spread, and execution of malicious software/code/scripts. These techniques can be automated for constant protection and combined with vulnerability management to enhance accuracy and prioritization.

Why is this Control Critical?

Malware enters enterprises through pre-existing vulnerabilities in a variety of attack vectors like email attachments, web pages, mobile devices, removable storage media, and more. Once inside a system, malware can be difficult to detect and spread quickly. As this malicious software continues to evolve and become more complex, implementation of malware defenses is more critical than ever. Through malware defense techniques, the discovery, deterrence, and regulation of malicious software can prevent exploitation of critical enterprise systems. 

Malware Defense Techniques:

1. Deploy Anti-Malware Software: utilize anti-malware software on enterprise assets to detect malicious software. 
2. Configure Automatic Anti-Malware Signature Updates: validate your anti-malware software can detect the newest malware signatures (patterns used to help detect malware) for increased protection. 
   • Update your anti-malware software regularly. 
3. Disable Autorun and Autoplay for Removable Media: turn off autorun and autoplay for external devices to prevent malware from automatically executing when removable media is plugged into or connected to a device. 
4. Automatically Scan Removable Media: configure anti-malware software to automatically scan removable media when connected or plugged into a device.
   Ensure there is no malware on removable media. 
5. Enable Anti-Exploitation Features: enable system features that prevent malware from exploiting vulnerabilities (e.g., Microsoft DEP, Apple SIP). 
6. Centrally Manage Anti-Malware Software: centrally manage anti-malware software to ensure uniform protection across the organization. 
7. Use Behavior-Based Detection: use behavior-based anti-malware software to catch threats based on suspicious activities, not just known malware signatures.

Extra Tips:

1. Receive automatic updates from vendors.
2. Collect event logs to identify malware and support altering of incidents. 

• Event logs can help detect “living-off-the-land” binaries or LOL bins which are attacks that utilize existing tools/features such as Windows PowerShell.
• See Control 8 for more information about event logging.

By combining these safeguards with proper logging and incident response procedures, organizations can effectively prevent, detect, and respond to malware threats.