Define a fixed security suite
Summary
All the workstations in production must have an unalterable security suite (Anti-virus, Antispyware, Host Firewall, Host-IDS, Host-IPS).
Description
The type of suites, such as Host-IDS, Host-Firewall and IPS are designed to detect and prevent unauthorized access, suspicious activities, and potential security breaches. They can identify patterns that indicate attacks and take proactive measures to block or mitigate them. In other words, the controls implemented by an unalterable security suite provides a multi-layered defense against a wide range of cybersecurity risks, including viruses, malware or spyware.
Supported In
This requirement is verified in following services
Plan | Supported |
---|---|
Essential | 🟢 |
Advanced | 🟢 |
References
- BSIMM-CR3_4:_3. Automate malicious code detection
- CAPEC™-169. Footprinting
- CAPEC™-442. Infected software
- CAPEC™-549. Local execution of code
- CAPEC™-676. NoSQL Injection
- CAPEC™-697. DHCP Spoofing
- CIS-4_4. Implement and manage a firewall on servers
- CIS-10_6. Centrally manage anti-malware software
- CIS-13_4. Perform traffic filtering between network segments
- CIS-13_10. Perform application layer filtering
- CWE™-923. Improper restriction of communication channel to intended endpoints
- CWE™-512. Spyware
- NERC CIP-003-8_5_1. Transient cyber asset and removable media malicious code risk mitigation
- NERC CIP-005-5_R1_5. Electronic security perimeter
- Agile Alliance-11. Best architectures, requirements, and designs
- CCPA-1798_105. Consumer's right to delete personal information
- NYDFS-500_2. Cybersecurity program
- NYDFS-500_15. Encryption of nonpublic information
- MITRE ATT&CK®-M1049. Antivirus/antimalware
- MITRE ATT&CK®-M1057. Data loss prevention
- PA-DSS-6_1. The wireless technology must be implemented securely
- PA-DSS-8_1. Secure network environment
- CMMC-CM_L2-3_4_2. Security configuration enforcement
- CMMC-PE_L1-3_10_1. Limit physical access
- CMMC-PE_L2-3_10_6. Alternative work sites
- CMMC-CA_L2-3_12_2. Plan of action
- ISO/IEC 27002-8_7. Protection against malware
- ISO/IEC 27002-8_27. Secure system architecture and engineering principles
- WASSEC-6_2_3_1. Client-side attacks - Content spoofing
- OSSTMM3-10_5_2. Telecommunications security (access verification) - Services
- NIST SSDF-RV_2_2. Assess, prioritize, and remediate vulnerabilities
- ISSAF-E_1. Network security - Switch security assessment
- ISSAF-G_13_4. Network security - Firewalls (application level)
- ISSAF-J_4. Network security - Anti-virus system (objective)
- ISSAF-J_6_1. Network security - Anti-virus system (methodology)
- ISSAF-J_7_2. Network security - Anti-virus system (check end user antivirus)
- PTES-6_2_1. Exploitation - Countermeasures (anti-virus)
- PTES-6_2_5. Exploitation - Countermeasures (web application firewall)
- PTES-7_3_1_6. Post exploitation - Network infrastructure analysis (ARP entries)
- MVSP-3_3. Application implementation controls - Vulnerability prevention
- NIST 800-171-1_18. Control connection of mobile devices
- SWIFT CSCF-3_1. Physical security
- C2M2-9_2_f. Implement network protections for cybersecurity architecture
- C2M2-9_3_f. Implement IT and OT asset security for cybersecurity architecture
- PCI DSS-1_5_1. Implement security controls on any computing devices
- PCI DSS-5_2_1. Deploy an anti-malware solution on system components
- SIG Lite-SL_162. Is there an anti-malware program that has been approved by management, communicated to appropriate constituents and an owner to maintain?
- SIG Core-D_6_6. Asset and information management
- ISO/IEC 27001-8_7. Protection against malware
- ISO/IEC 27001-8_27. Secure system architecture and engineering principles
- NIST CSF-PR_AA-06. Physical access to assets is managed, monitored, and enforced commensurate with risk
Vulnerabilities
- 077. ARP spoofing
- 084. MDNS spoofing
- 104. USB flash drive attacks
- 115. Security controls bypass or absence
- 182. Email spoofing
- 206. Security controls bypass or absence - Anti hooking
- 207. Security controls bypass or absence - SSLPinning
- 208. Security controls bypass or absence - Antivirus
- 209. Security controls bypass or absence - Emulator
- 210. Security controls bypass or absence - Facial Recognition
- 392. Security controls bypass or absence - Firewall
- 436. Security controls bypass or absence - Fingerprint
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.