6.3 Ensure an anti-spyware profile is configured to block on all spyware severity levels, categories, and threats

Information

If a single rule exists within the anti-spyware profile, configure it to block on any spyware severity level, any category, and any threat. If multiple rules exist within the anti-spyware profile, ensure all spyware categories, threats, and severity levels are set to be blocked. Additional rules may exist for packet capture or exclusion purposes.

Rationale:

Requiring a blocking policy for all spyware threats, categories, and severities reduces the risk of spyware traffic from successfully exiting the organization. Without an anti-spyware profile assigned to any potential hostile zone, the first protection in the path against malware is removed, leaving in most cases only the desktop endpoint protection application to detect and remediate any potential spyware.

Solution

Navigate to Objects > Security Profiles > Anti-Spyware.
Set a rule within the anti-spyware profile that is configured to perform the reset-both on any Severity level, any Category, and any Threat Name.

Default Value:

Two Anti-Spyware Security Profiles are configured by default 'strict' and 'default'.

See Also

https://workbench.cisecurity.org/benchmarks/17915

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3, CSCv7|8.3

Plugin: Palo_Alto

Control ID: ed62fbc0a80ecbee3f5ba1b70926d761d92344368625df287b7bd0cb061a5c26