Why Windows 10 is the Most Secure Windows Ever

Posted on Nov 30, 2017 7:42 AM by:

Why Windows 10 is the Most Secure Windows EverFrom an IT perspective, the most important reason to upgrade to Windows 10 is to improve security.  Losses due to security breaches are sky high and will only continue to grow. The cost of damage from cyber crime expected to rise to $6 trillion annually by 2021 from $3 trillion in 2016, according to the 2017 Annual Cybercrime Report. Windows 10 mitigates these risks by delivering the most security ever.

Windows 10 delivers a series of defensive mechanisms—identity protection, threat resistance and information protection--so that if one fails, another is at the ready to thwart an attack.  Identity protection safeguards user identities with more than just a password. Threat resistance protects, removes or defends against malware, hacking attacks, advanced threats or data breaches on the network. Encryption protects data, both in motion and at rest.

Among the most notable features in the initial Windows 10 release are those that improve convenience for end users and protect against malware and advanced persistent threats.  Additionally, with its new Windows as a service model, Microsoft has committed to new releases two-to-three times a year to patch newly discovered vulnerabilities and add capabilities, including security features. The latest Windows Fall Creators Update offers substantial security improvements.   

Convenience and security for end users

End user identity and access management solutions have traditionally involved tradeoffs between user convenience and strong security. Long, complex, passwords with letters, numbers, and special characters are more secure. But they’re difficult to remember and use. Moreover, all passwords are susceptible to phishing attacks in which hackers trick users into revealing their user credentials and passwords. As a result, 80% of hacking-related breaches leveraged either stolen passwords and/or weak or guessable passwords, according to the Verizon 2017 Data Breach Investigations Report.

Windows 10 improves both end user convenience and system security—and eliminates the threat from stolen passwords.  Windows Hello enables three methods of non-duplicative biometric authentication. Rather than using complex passwords to access corporate systems and data, users simply submit to a facial, iris or fingerprint scan and enter a simple pin. Once authenticated, they can use Windows Passport for single sign-on to multiple applications.

Protection from malware and advanced persistent threats

Among the most common cyber attacks today against enterprises are malware and advanced persistent threats.  Hackers and governments use malware to steal personal, financial or business information or to launch ransomware attacks that encrypt users’ data, making it unavailable until a ransom is paid.  This malware often remains undetected on the network for months or years. Malware can also move on to infect other vulnerable machines on the network or to remotely control user machines, creating botnets that can be used to launch distributed denial of service attacks. 

A number of Windows 10 capabilities protect against malware and advanced persistent threats:

  •  Device Guard allows only trusted applications to run on devices, protecting the device from malware and preventing attackers from remotely taking control of the machine.
  • Credential Guard isolates corporate identities to prevent attackers from accessing credentials; even if the machine is compromised, the attacker can’t steal domain and user credentials to move around the network and access other computers.
  • Virtualized based security uses hardware and software mechanisms to block attackers from tampering with the kernel and other sensitive processes. With VBS, even if malware gains access to the kernel, the effects are limited because the hypervisor prevents the malware from executing code.
  • Secure boot makes it more difficult for hackers to inject low level malware, such as rootkits.

 

Windows 10 Fall Creators Update Adds Security Capabilities

With Windows 10, Microsoft makes patches and feature upgrades available on a regular basis. Among the most notable security releases of the latest Windows 10 Fall Creator’s Update are numerous updates to Windows Defender. Originally developed for Windows 8, Windows Defender provides a wide range of protections against malware and helps identify and remove viruses, spyware and other malicious software. New capabilities bolster security for the Microsoft Edge browser; simplify management; expand Device Guard controls to more devices; protect against new fileless attacks that don’t write anything to disk; and safeguard against advanced attacks that get past the user’s primary defenses.

Another new protection, Controlled Folder Access blocks ransomware and other unauthorized applications by preventing unauthorized access to important files.

The new Windows Assigned Access allows organizations to customize and lock-down Windows devices to specific tasks or experiences for first line workers and kiosks while cloud-based tools enable IT to maintain these devices remotely. This capability simplifies management of device security when multiple users share a computer, for example in education, manufacturing and service industry scenarios. This capability secures end-user sessions and provides reliable and consistent configuration that users cannot alter.

Windows 10 also enables organizations to comply with Global Data Protection Regulation (GDPR). Slated to go into effect in the spring of 2018, GDPR will regulate how companies protect the personal data of European Union citizens in each member state. Any company that markets good and services to EU residents, regardless of location, is subject to this regulation.

By offering Windows 10 as a service, Microsoft has simplified the patching/upgrade process.  When Microsoft releases a patch or update, organizations must test their existing applications and environments for compatibility. With the Servicing model, Microsoft makes this process easier. Microsoft makes updates/patches available first to the R&D community so IT can test them and find bugs, which Microsoft then fixes before putting out the general release. This process eliminates surprises when releases become generally available.

For organizations that need to bolster security—and who doesn’t—now’s the time to upgrade to Windows 10. This latest version of Windows continually adds capabilities that enable your organization to address the latest threats and comply with evolving regulations.  

Contact us today to see if your organization qualifies for a Microsoft-funded Windows 10 Enterprise Compatibility Workshop or a Microsoft 365 powered device Proof of Concept. We’ll partner with you to unlock the value of Windows 10 and Office 365 through workshops around security, deployment and compatibility.

Topics: Windows 10, Security