Use automated and centralised tools to handle known threats

Centrally select and install malware detection and repair programs and update them regularly for preventive or regular scanning of computers and media.

Programs should check at least the following:

• files received over the network or storage media are scanned for malware before use
• email attachments and downloaded files are scanned for malware before use
• websites are scanned for malware

Malware protection systems automatically check for and install updates at desired intervals and also run the desired scans at the selected frequency without needed user actions.

The anti-malware software used by the organisation must be configured to automatically scan files. The scan should be done when a file is downloaded, opened and when it is opened from network storage.

Examples of traffic filtering and monitoring systems are firewalls, routers, intrusion detection or prevention systems (IDS / IPS) and network devices / servers / applications with similar functionalities.

To ensure the functionality of filtering and monitoring:

• An owner has been appointed for the systems, who takes care of the proper operation of the system throughout the life cycle of the data processing environment
• It is the responsibility of the system owner to add, change, and delete settings for systems that filter or control traffic
• Documentation of the network and associated filtering and control systems is maintained throughout its lifecycle as an integral part of the change and settings management process
• The settings and desired operation of the systems are checked periodically during the operation and maintenance of the data processing environment and in the event of exceptional situations

Security systems (e.g. firewall, malware protection) often have the ability to record a log of events. At regular intervals, make sure that a comprehensive log is accumulated and try to identify suspicious activity. The log is also useful in investigating disturbances or violations.