Control Summary
Prevent or control the installation, spread, and execution of malicious applications, code, or scripts on enterprise assets.
Why is it needed?
Malicious software, often categorised as viruses or Trojans, constitutes a pervasive and perilous facet of internet threats. Its objectives can span a wide spectrum, including capturing credentials, pilfering data, identifying potential targets within a network, and encrypting or obliterating data. Malware displays a continuous evolution and adaptability, with contemporary iterations harnessing machine learning techniques to enhance their efficacy.
The ingress of malware into an enterprise transpires through a multitude of entry points, encompassing vulnerabilities within the enterprise itself and end-user devices, email attachments, webpages, cloud services, mobile devices, and removable media. Frequently, the success of malware relies on exploiting insecure end-user behaviors, such as clicking on dubious links, opening suspicious attachments, installing unverified software or profiles, or connecting USB flash drives. Modern malware is meticulously crafted to circumvent, deceive, or incapacitate defensive measures, perpetually posing a formidable challenge to cybersecurity efforts.
Implementing Control
The ability to detect and block malware can be achieved using traditional malware prevention and detection solutions.
Implementation Group 1 requires the following three safeguards:
10.1 Deploy and Maintain Anti-Malware Software
At the basic level, an organisation should ensure anti-malware solutions are deployed and maintained on all enterprise assets.
10.2 Configure Automatic Anti-Malware Signature Updates
The organization should guarantee that malware signature files are updated automatically. Enabling automatic updates from vendors will ensure that Indicators of Compromise (IOCs) stay up-to-date in a rapidly evolving landscape and enhance threat detection capabilities.
10.3 Disable Autorun and Autoplay for Removable Media
Disabling autorun and autoplay options for all removable media is also a basic safeguard to protect against malware, and configuring automatic anti-malware scanning of removable media will help detect its presence.
Additional safeguards at level 2 or 3:
10.4 Configure Automatic Anti-Malware Scanning of Removable Media
10.5 Enable Anti-Exploitation Features
10.6 Centrally Manage Anti-Malware Software
10.7 Use Behavior-Based Anti-Malware Software
Incident Response Solutions 