{"id":11473,"date":"2017-05-25T15:06:52","date_gmt":"2017-05-25T19:06:52","guid":{"rendered":"http:\/\/www.analystik.ca\/blogue\/?p=11473"},"modified":"2019-04-18T15:43:04","modified_gmt":"2019-04-18T19:43:04","slug":"security-features-enticing-the-enterprise-to-migrate-to-windows-10","status":"publish","type":"post","link":"https:\/\/analystik.ca\/blogue\/language\/en\/security-features-enticing-the-enterprise-to-migrate-to-windows-10\/","title":{"rendered":"Security features enticing the enterprise to migrate to Windows 10"},"content":{"rendered":"

Damage from security attacks are all over the news and here comes Microsoft boasting unprecedented protection from malware and advanced security threats with security features more than convincing for the enterprise to migrate to Windows 10, such as Windows Hello, Microsoft Passport,<\/strong> Windows Information\u00a0Protection, Device Guard<\/strong> and Credential Guard<\/strong>.<\/p>\n

Although everyone will agree that Windows 7, the most successful OS in Microsoft history, has served enterprises well for the last five years, it doesn\u2019t offer adequate protection features needed to face today\u2019s security threats and, nor will third-party products.<\/p>\n

New challenges require new abilities or at least, a new vision; having doubts, just chat with IT executives who are still running Windows XP for which Microsoft is no longer offering security updates as of April 2014.<\/p>\n

Here are security features convincing enough for the enterprise to migrate to Windows 10:<\/strong><\/p>\n

<\/p>\n

IDENTITY PROTECTION<\/strong><\/h2>\n

Today\u2019s multi-factor solutions are often cumbersome and costly to deploy if\u00a0your computer fleet is bulky.<\/p>\n

Microsoft Passport <\/strong>is an easy-to-use and easy-to-deploy, multi-factor, password alternative that you use to securely authenticate to other network locations; it works with your enterprise Active Directory<\/strong> or Azure Active Directory<\/strong>.<\/p>\n

 <\/p>\n

Phishing attacks on users\u2019 passwords are increasingly successful and enterprises should be worried.<\/p>\n

So, Windows Hello <\/strong>uses biometrics to provide a more secure way of accessing your device, Microsoft Passport, apps, data, and online resources. Windows Hello<\/strong> is Windows 10\u2019s attempt to get rid of passwords which are often stolen and reused. Hello<\/strong> supports three methods of biometric authentication (facial, iris, and fingerprint) in concert with a simple PIN.<\/p>\n

 <\/p>\n

Persistent attacks rely on the ability to steal domain and user hashed credentials to move around the network and access other computers in \u201cpass-the-hash\u201d attacks, and evade detection.<\/p>\n

Credential Guard<\/strong> protects corporate identities by isolating them in a hardware-based virtual environment. Microsoft isolates critical Windows services in the virtual machine to block attackers from tampering with the kernel and other sensitive processes. Also, Microsoft Azure Active Directory <\/strong>provides a comprehensive identity and access management solution for the Cloud.<\/p>\n

 <\/p>\n

DATA PROTECTION<\/strong><\/h2>\n

BitLocker<\/strong> used to offer optionally configurable disk encryption but BitLocker <\/strong>is much improved in Windows 10 security, it is now highly manageable and can be automatically provisioned on most new devices.\u00a0Any user who backs up confidential data on his device should create an encrypted partition with BitLocker<\/strong>.<\/p>\n

 <\/p>\n

Data Loss Prevention (DLP) requires the use of additional software and frequently, third-party capability. Windows Information\u00a0Protection <\/strong>addresses the needs for DLP, it includes a deeply integrated data separation and containerisation solution, and provides encryption at the file level.<\/p>\n

 <\/p>\n

On the other hand, DLP solutions often compromise the user experience in the interest of security, resulting in low adoption and varying experience between the desktop and mobile devices.<\/p>\n

Windows Information Protection <\/strong><\/a>provides a seamless user experience across mobile devices and the desktop, and it is integrated with Azure Active Directory and Rights Management Services.<\/p>\n

 <\/p>\n

THREAT RESISTANCE<\/strong><\/h2>\n

Before, all apps were trusted until they were determined to be a threat or were blocked. Device Guard <\/strong>offers protection on the desktop that is similar to lockdown on a mobile platform (full app lockdown).\u00a0\u00ab\u2009Device Guard<\/strong> includes a Code Integrity policy that you create; a whitelist of trusted apps\u2014the only apps allowed to run in your organization. Device Guard<\/strong> also includes a powerful system mitigation called hypervisor-protected code integrity (HVCI<\/strong>), which leverages virtualization-based security (VBS) to protect Windows\u2019 kernel-mode code integrity validation process. HVCI has specific hardware requirements, and works with Code Integrity policies to help stop attacks even if they gain access to the kernel. Device Guard<\/strong> is included in Windows\u00a010 Enterprise and Windows Server\u00a02016.\u2009<\/em>\u00bb<\/p>\n

 <\/p>\n

With more than 300,000 new threats per day, blocking them through detection is a losing battle. With Device Guard, <\/strong>an application must prove itself to be trustworthy before it can be run.<\/p>\n

 <\/p>\n

Windows 7 provides a series of defense solutions but too many malware threats impact users before detection-based antivirus solutions can catch up.<\/p>\n

Device Guard <\/strong>will be the most disruptive malware-resistance capability Microsoft has ever shipped in the desktop. Device Guard<\/strong> relies on Windows 10\u2019s virtualization-based security to allow only trusted applications to run on devices.<\/p>\n

 <\/p>\n

DEVICE SECURITY<\/strong><\/h2>\n

Platform security is based entirely on what software can do on its own, and once infected there is no assurance that system defenses can perform their function and remain tamper free.<\/p>\n

Hardware-based security <\/strong>and the level of trust it offers helps to maintain and validate hardware and system integrity.<\/p>\n

 <\/p>\n

Malware can hide within the hardware or in the OS itself and there is no way to validate integrity once it has been compromised.<\/p>\n

UEFI Secure Boot <\/strong>helps prevent malware from embedding itself within hardware or starting before the OS (bootkits \/ rootkits). Trusted Boot helps maintain the integrity of the rest of the OS.<\/p>\n

 <\/p>\n

CONLUSION<\/strong><\/h3>\n

New security challenges require new security features; many may argue that Windows 10 security provides those much-needed new security features for the \u00a0enterprise. Although, they come at a cost, one must never underestimate the cost of a security breach!<\/p>\n

Incidently, in our opinion and considering the threats, these security features certainly\u00a0are certainly enticing enough for any enterprise to migrate to Windows 10.<\/p>\n

For more information on how to implement these, Microsoft has published technical guides for both\u00a0Device Guard<\/strong><\/a>\u00a0and\u00a0Credential Guard<\/strong><\/a>.<\/p>\n

 <\/p>\n

Denis Paul & Michel<\/strong><\/p>\n

Source: Microsoft, <\/em><\/strong>InfoWorld<\/em><\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Damage from security attacks are all over the news and here comes Microsoft boasting unprecedented protection from malware and advanced security threats with security features more than convincing for the enterprise to migrate to Windows 10, such as Windows Hello, Microsoft Passport, Windows Information\u00a0Protection, Device Guard and Credential Guard. Although everyone will agree that Windows… Read more »<\/a><\/p>\n","protected":false},"author":3,"featured_media":11602,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"Security features enticing the enterprise to migrate to Windows 10","_seopress_titles_desc":"Enticing Security features to migrate to Windows 10: Windows Hello, Microsoft Passport, Windows Information Protection, Device Guard, Credential Guard","_seopress_robots_index":"","content-type":"","footnotes":""},"categories":[3429,3413],"tags":[3585,3587,3591,1137,3593,3598],"better_featured_image":{"id":11602,"alt_text":"windows-10-Reuters","caption":"","description":"","media_type":"image","media_details":{"width":620,"height":413,"file":"2017\/05\/windows-10-Reuters.jpg","sizes":{"thumbnail":{"file":"windows-10-Reuters-150x150.jpg","width":150,"height":150,"mime-type":"image\/jpeg","source_url":"https:\/\/analystik.ca\/blogue\/wp-content\/uploads\/2017\/05\/windows-10-Reuters-150x150.jpg"},"medium":{"file":"windows-10-Reuters-300x200.jpg","width":300,"height":200,"mime-type":"image\/jpeg","source_url":"https:\/\/analystik.ca\/blogue\/wp-content\/uploads\/2017\/05\/windows-10-Reuters-300x200.jpg"},"bones-thumb-600":{"file":"windows-10-Reuters-600x397.jpg","width":600,"height":397,"mime-type":"image\/jpeg","source_url":"https:\/\/analystik.ca\/blogue\/wp-content\/uploads\/2017\/05\/windows-10-Reuters-600x397.jpg"},"bones-thumb-300":{"file":"windows-10-Reuters-300x199.jpg","width":300,"height":199,"mime-type":"image\/jpeg","source_url":"https:\/\/analystik.ca\/blogue\/wp-content\/uploads\/2017\/05\/windows-10-Reuters-300x199.jpg"},"post-thumbnail":{"file":"windows-10-Reuters-125x125.jpg","width":125,"height":125,"mime-type":"image\/jpeg","source_url":"https:\/\/analystik.ca\/blogue\/wp-content\/uploads\/2017\/05\/windows-10-Reuters-125x125.jpg"}},"image_meta":{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0","keywords":[]}},"post":null,"source_url":"https:\/\/analystik.ca\/blogue\/wp-content\/uploads\/2017\/05\/windows-10-Reuters.jpg"},"_links":{"self":[{"href":"https:\/\/analystik.ca\/blogue\/wp-json\/wp\/v2\/posts\/11473"}],"collection":[{"href":"https:\/\/analystik.ca\/blogue\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/analystik.ca\/blogue\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/analystik.ca\/blogue\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/analystik.ca\/blogue\/wp-json\/wp\/v2\/comments?post=11473"}],"version-history":[{"count":10,"href":"https:\/\/analystik.ca\/blogue\/wp-json\/wp\/v2\/posts\/11473\/revisions"}],"predecessor-version":[{"id":11598,"href":"https:\/\/analystik.ca\/blogue\/wp-json\/wp\/v2\/posts\/11473\/revisions\/11598"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/analystik.ca\/blogue\/wp-json\/wp\/v2\/media\/11602"}],"wp:attachment":[{"href":"https:\/\/analystik.ca\/blogue\/wp-json\/wp\/v2\/media?parent=11473"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/analystik.ca\/blogue\/wp-json\/wp\/v2\/categories?post=11473"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/analystik.ca\/blogue\/wp-json\/wp\/v2\/tags?post=11473"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}