Please enable JavaScript.
Coggle requires JavaScript to display documents.
:star: G8 Malware Defenses (:checkered_flag: G8-1 Employ automated tools…
:star:
G8
Malware Defenses
:checkered_flag:
G8-1
Employ automated tools to continuously monitor
workstations
servers
and mobile devices with
anti-virus,
anti-spyware,
personal firewalls,
and host-based IPS functionality.
All malware detection events should be sent to
enterprise anti-malware administration tools
and event log servers.
:checkered_flag:
G8-2
Employ anti-malware software
that offers a centralized infrastructure
that compiles information on file reputations
or have administrators manually push updates
to all machines.
After applying an update
automated systems should verify that
each system has received its signature update.
:checkered_flag:
G8-3
Limit use of external devices
to those with an approved, documented business need.
Monitor
attempted use of external devices.
for use and
Configure
laptops, workstations and servers
so that they will not auto-run content from removable media
like USB tokens
(i.e.., "thumb drivers")
USB hard drives
CDs/DVDs,
FireWire devices,
external serial advanced technology attachment devices,
and mounted network shares.
systems so that they automatically conduct
an anti-malware scan of removable media when inserted.
Log all URL requests from each of the organization's systems,
whether onsite or a mobile device,
in order to
identify potentially malicious activity
and assist incident handlers with identifying potentially compromised systems.
:checkered_flag:
G8-4
Enable anti-exploitation features such as
Data Execution Prevention (DEP)
Address Space Layout Randomization (ASLR)
virtualization/containerization, etc.
For increased protection
Deploy capabilities such as Enhanced Mitigation Experience Toolkit (EMET)
that can be configured to apply these protections
to a broader set of applications and executables.
:checkered_flag:
G8-5
Use
netwok-based anti-malware tools
to identify executables in all network traffic
and use techniques other than signature-based detection
to identify and filter out malicious content
before it arrives at the endpoint.
:checkered_flag:
G8-6
Enable domain name system (DNS) query logging
to detect hostname lookup
for known malicious C2 domains.