Security Control V2: Endpoint Security
Note
The most up-to-date Azure Security Benchmark is available here.
Endpoint Security covers controls in endpoint detection and response. This includes use of endpoint detection and response (EDR) and anti-malware service for endpoints in Azure environments.
To see the applicable built-in Azure Policy, see Details of the Azure Security Benchmark Regulatory Compliance built-in initiative: Endpoint Security
ES-1: Use Endpoint Detection and Response (EDR)
| Azure ID | CIS Controls v7.1 ID(s) | NIST SP 800-53 r4 ID(s) |
|---|---|---|
| ES-1 | 8.1 | SI-2, SI-3, SC-3 |
Enable Endpoint Detection and Response (EDR) capabilities for servers and clients and integrate with SIEM and Security Operations processes.
Microsoft Defender for Endpoint provides EDR capability as part of an enterprise endpoint security platform to prevent, detect, investigate, and respond to advanced threats.
Responsibility: Customer
Customer Security Stakeholders (Learn more):
ES-2: Use centrally managed modern anti-malware software
| Azure ID | CIS Controls v7.1 ID(s) | NIST SP 800-53 r4 ID(s) |
|---|---|---|
| ES-2 | 8.1 | SI-2, SI-3, SC-3 |
Use a centrally managed endpoint anti-malware solution capable of real time and periodic scanning
Azure Security Center can automatically identify the use of a number of popular anti-malware solutions for your virtual machines and report the endpoint protection running status and make recommendations.
Microsoft Antimalware for Azure Cloud Services is the default anti-malware for Windows virtual machines (VMs). For Linux VMs, use third-party antimalware solution. Also, you can use Azure Defender for Storage to detect malware uploaded to Azure Storage accounts.
Responsibility: Customer
Customer Security Stakeholders (Learn more):
ES-3: Ensure anti-malware software and signatures are updated
| Azure ID | CIS Controls v7.1 ID(s) | NIST SP 800-53 r4 ID(s) |
|---|---|---|
| ES-3 | 8.2 | SI-2, SI-3 |
Ensure anti-malware signatures are updated rapidly and consistently.
Follow recommendations in Azure Security Center to ensure all endpoints are up to date with the latest signatures. Microsoft Antimalware will automatically install the latest signatures and engine updates by default. For Linux, ensure the signatures are updated in the third-party antimalware solution.
Responsibility: Customer
Customer Security Stakeholders (Learn more):
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for