Improving Company Security with Windows 10

This month Windows 10 will mark the end of its first year of general availability to the public.

In the past, when it came to previous versions of Windows, the focus and discussions around the operating system at this point in its evolution would likely be focused on when the first Service Pack might be coming out however, the times have changed with Windows 10.

Under the premise of Windows as a Service (WaaS), the OS is being updated on a regular basis with cumulative updates being released monthly and the second major update expected to become widely available in just a little less than a month from now.

That means considering this operating system for your company/organization is something you are hopefully already looking at and making serious strides towards as a migration target.

One reason Windows 10 should be high on the list for your companies next OS upgrade is the additions that have been made in the area of security and I am not just talking about the biometric additions.

Over on the Windows for Your Business blog, Rob Lefferts the Director of Program Management for Windows Enterprise and Security, shared an in depth list of the layers of security that are part of Windows 10.

He begins by talking about the threat environment we all face these days:

"The adversaries that enterprises face today are increasingly well-funded and they are experts at breaching well-fortified environments and deriving economic value from the attack. The reality is that the tactics adversaries use against enterprises are regularly exceeding what the platforms and security infrastructure were designed to defend against, leaving organizations in what effectively is a “breach at will” state. Even organizations with the largest security budgets are getting breached, regularly."

According to Lefferts, these new threats require a new approach:

"...one where the very architecture of the platform has been designed to protect you from the inside out, rather than just protecting with a series of perimeter defenses that will eventually get circumvented. From the very earliest days of planning and design, we’ve built Windows 10 to harden against attacks from every direction and at every layer of the stack."

The areas of Windows 10 which provide these new layers of protection include:

Platform Architecture

- Hardware based isolation using Virtualization Based Security, Virtual TPM, Device Guard and Credential Guard.

- The Windows 10 Anniversary Update, expected on 02 August, will see its components and data moved into this secure environment as well.

Pre-Breach Defense

- Avoid any threats by never reaching them using SmartScreen technology in Microsoft Edge and Internet Explorer

- Improvements in Microsoft Edge security using AppContainer sandboxes, new plug-in model, hardening the browser from code injection and memory corruption attacks and blocking untrusted and malicious fonts.

- In the Windows 10 Anniversary Update Flash will be isolated outside of the browser to prevent attacks and Microsoft Edge and Internet Explorer have restricted access to non-critical Windows subsystems.

- Windows Defender, which is the default anti-virus/malware protection in Windows 10, has been updated in the Anniversary Update to keep systems more secure. Over the last 12 months detection scores have improved to 99.8% - an 11% improvement in the past year.

Identity Protection

- Windows Hello, Microsoft's biometric identity verification framework, will now be fully integrated as one single software stack. It will now be able to support a full range of biometric factors and manage user credentials.

- Windows Hello Companion Devices and Apps, will allow users to validate their identity using wearables, phones and employee badges.

Post-Breach Defense

- Windows Defender Advanced Threat Protection, which will be available with next month's Windows 10 Anniversary Update, will provide tools to help companies/organizations to detect, investigate and respond to attacks on their network.

Other areas that will be addressed under Windows 10 include information protection and compliance/certification of Windows 10 not only in the United States but in regions and countries around the world.

You can read more on these new security related efforts in Windows 10 over on the Windows for Your Business blog.

But, wait...there's probably more so be sure to follow me on Twitter and Google+.

----------

Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and Devops? Check out IT/Dev Connections!