Security Control V2: Endpoint Security

Endpoint Security covers controls in endpoint detection and response. This includes use of endpoint detection and response (EDR) and anti-malware service for endpoints in Azure environments.

ES-1: Use Endpoint Detection and Response (EDR)

Azure ID CIS Controls v7.1 ID(s) NIST SP800-53 r4 ID(s)
ES-1 8.1 SI-2, SI-3, SC-3

Enable Endpoint Detection and Response (EDR) capabilities for servers and clients and integrate with SIEM and Security Operations processes.

Microsoft Defender Advanced Threat Protection provides EDR capability as part of an enterprise endpoint security platform to prevent, detect, investigate, and respond to advanced threats.

Responsibility: Customer

Customer Security Stakeholders (Learn more):

ES-2: Use centrally managed modern anti-malware software

Azure ID CIS Controls v7.1 ID(s) NIST SP800-53 r4 ID(s)
ES-2 8.1 SI-2, SI-3, SC-3

Use a centrally managed endpoint anti-malware solution capable of real time and periodic scanning

Azure Security Center can automatically identify the use of a number of popular anti-malware solutions for your virtual machines and report the endpoint protection running status and make recommendations.

Microsoft Antimalware for Azure Cloud Services is the default anti-malware for Windows virtual machines (VMs). For Linux VMs, use third-party antimalware solution. Also, you can use Azure Security Center's Threat detection for data services to detect malware uploaded to Azure Storage accounts.

Responsibility: Customer

Customer Security Stakeholders (Learn more):

ES-3: Ensure anti-malware software and signatures are updated

Azure ID CIS Controls v7.1 ID(s) NIST SP800-53 r4 ID(s)
ES-3 8.2 SI-2, SI-3

Ensure anti-malware signatures are updated rapidly and consistently.

Follow recommendations in Azure Security Center: "Compute & Apps" to ensure all endpoints are up to date with the latest signatures. Microsoft Antimalware will automatically install the latest signatures and engine updates by default. For Linux, use third-party antimalware solution.

Responsibility: Customer

Customer Security Stakeholders (Learn more):