Windows 7 has been the most successful and ubiquitous operating system in Microsoft history.
While it has served us well for the last five years, the reality is that it doesn’t offer the level of protection you need to deal with the new security threats that we’re all facing. Although you can add layers of defense with 3rd party products, keep in mind that all of the organisations we’ve been reading about in the news already did that and it wasn’t enough. These modern challenges require a new platform. Here are some of the ways in which Windows 10 provides that platform.
Phishing attacks on your users’ passwords are increasingly successful.
Today’s multifactor solutions, like smartcards, are often cumbersome and costly to deploy.
Pass the hash attacks enable hackers to steal identities, traverse the network and evade detection.
BYOD devices have limited network access due to security risk.
Windows Hello is an easy to use and deploy multi-factor password alternative that can use biometrics* or other factors for authentication.*(Mandiant, 2016)
Windows Hello Companion Devices² such as wristbands, smart watches, phones etc. allow customers to quickly sign in to their Windows 10 PC and authenticate to their business resources without using a password.
Credential Guard helps protect user access tokens (e.g. NTLM Hash) from being stolen and misused by storing them inside a secured hardware isolated container.
Microsoft Azure Active Directory³ provides a comprehensive identity and access management solution for the cloud.
BitLocker offers optionally configurable disk encryption.
Prevention of accidental data leakage requires the use of additional and frequently third-party capability.
Information protection often compromise the user experience in the interest of security, resulting in low adoption and varying experience between the desktop and mobile devices.
BitLocker ⁴ is much improved, is highly manageable, and can be automatically provisioned on many new devices.
Windows Information Protection⁵ (WIP) makes it easier to safeguard your business data. WIP gates user and app access to protected data based on policies you define. So you can help protect data wherever it lives on your devices—without affecting your user experience.
Most OS breaches are initiated in the browser and are executed quickly, leaving the user and IT with little to no ability to respond.
All apps are trusted until they are determined to be a threat or are explicitly blocked. With over 300K new threats per day, blocking harmful apps through detection is a losing battle.
Anti-virus (AV) protection not included in-box requiring additional software.
Network breaches go undetected on average of 200 days**. Once detected, organisations have little to no information on the source of the breach. **(AV Test - The Independent IT Security Institute , 2015) https://www.av-test.org/en/antivirus/home-windows/windows-8/december- 2015/microsoft-windows-defender-4.8-154547/
Microsoft Edge uses sandboxing technology to isolate the browser from the OS and plugins, like Flash. If there is a breach, OS can’t be compromised.
Device Guard offers full app lockdown protection by ensuring an application proves itself trustworthy before it can run.
Windows Defender provides enterprise-grade anti-virus support and has 99.8% detection prevalence according to industry AV tests.²
Windows Defender Advanced Threat Protection (ATP) enables Windows enterprise customers to detect, investigate, and remediate advanced persistent threats and data breaches on their networks. Running alongside any anti-virus (AV) solution, Windows Defender ATP is continuously up to date and can help lower costs.
Platform security is based entirely on what software can do on its own, and once infected there is no assurance that system defenses can perform their function tamper free.
Malware can hide within the hardware or in the operating system itself, and there is in no trustworthy way to validate integrity once it has been compromised.
If an attacker gets kernel level control, they have sweeping access to system.
Hardware based security and the level of trust it offers helps to maintain and validate hardware and system integrity.
UEFI Secure Boot helps prevent malware from embedding itself within hardware or starting before the OS. Trusted Boot helps maintain the integrity of the rest of the OS.
Virtualisation-based security (VBS) powered by Hypervisor technology, moves some of the most sensitive Windows processes into a secured execution environment to help prevent tampering and when the Windows kernel itself has been fully compromised. In Windows 10, VBS powers features such as Device Guard , Credential Guard, Virtual TPM and Windows Hello biometrics capabilities which greatly deter malware, hacking tools, and breaches.