Anti-malware software SHALL be installed, configured, and regularly updated (automatic updates if possible) on all endpoints and servers in the business environment.
Anti-malware software is one of the most used cybersecurity controls. It has been around for a long time and continues to help many individuals and businesses stay safe online. Anti-malware software is a program that monitors a computer or network to identify all major types of malware and prevent or contain malware incidents. Generally, anti-malware software is an umbrella term that describes security software with potentially different focuses when it comes to malware types. For example, there are anti-virus, anti-spyware, anti-rootkit, and anti-ransomware. As part of the procurement process for third-party anti-malware software, businesses should closely study the exact functionality of the software to ensure it addresses the specific categories of malicious software that the business wants to detect and prevent.
Anti-malware software utilizes a database of known malware signatures that have been obtained from previous malware infections across the world. The software scans the user’s file system for any data that matches a signature in the database. If a malware signature is detected, the program will present the end user with an alert and several options. This includes the option to quarantine the malicious program to prevent it from interacting with the rest of the system. This does not purge the malware from the system, instead allowing the user to assess the validity of the detection. In addition to quarantining, the anti-malware program gives the option to remove the malicious program completely. This can be done immediately or after putting the malicious program in quarantine. Anti-malware software is known for being vulnerable to false positives, so it is important to assess the validity of detected malware before completely removing it.
Since anti-malware software utilizes signatures, users need to ensure the program stays updated. Without updates, the software cannot pull down the latest malware signatures, meaning brand new strains of malware will not be detected by it. It is also important to recognize that no database of signatures is going to have every single piece of malware within it. This means some brand-new malware programs could infect systems without being detected by the anti-malware software. This highlights the need for a defense-in-depth approach to workplace cybersecurity; anti-malware software should not be the only security control in place on end systems. More anti-malware programs are making use of heuristic detection mechanisms rather than just signatures. Heuristics review system activity and compare it to a clean baseline of regular activity, generating alerts for strange behavior outside of normal trends. This is crucial for addressing new cyber threats like fileless malware.
Businesses should carefully assess the need for anti-malware software in their environments. Many operating systems have anti-malware programs built in, such as Windows Defender. If properly managed, these programs can be sufficient on their own. However, businesses may desire a third-party solution. If so, a cost-benefit analysis should be carried out to justify the need for an external solution. Businesses must also carefully review their options for anti-malware software suites before purchasing one. Many popular anti-malware programs have undergone scrutiny for issues relating to data privacy and use of intrusive advertising on end systems. It is the responsibility of the business to research products to catch issues like these. In an environment with ten or more endpoints in use, the business should opt for a centralized anti-malware suite. In this deployment method, anti-malware software is deployed to individual hosts, but the software itself is managed by a central dashboard controlled by IT or Incident Response staff. This enables quicker response measures during malware incidents. In addition to employee endpoints, anti-malware software should be installed on all servers hosted on the business network.