Locking Down Windows 10: 6 New Features
With expanded identity and access controls, advanced Bitlocker encryption and malware protection, Windows 10 is Microsoft's most secure operating system ever.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt628d2564530dc8b7/64f0dab4b6d11306215a6c62/image-1.jpg?width=700&auto=webp&quality=80&disable=upscale)
For enterprises the number one reason to upgrade to Windows 10 is improved security, but the critical enhancements that rely on hardware protection will be difficult to adopt until you buy new PCs, says Simon Crosby, co-founder and CTO of Bromium, a Microsoft partner that delivers hardware enforced security to deployed Windows endpoints.
Windows 10 is designed to protect against known and emerging security threats across the spectrum of attack vectors, according to Microsoft. As a result, Microsoft has laid out three broad categories of security work that has been incorporated into Windows 10: identity and access control features, information protection, and malware resistance.
Identity and access control features have been expanded to simplify and enhance user authentication security, and features that utilize virtualization-based security to protect the Windows authentication subsystems and users’ credentials. Information protection focuses on guarding information at rest, in use, and in transit offering advanced encryption. Meanwhile, malware resistance includes architectural changes aimed at isolating critical systems and security components from threats.
“Microsoft has adopted a device-centric view of security now,” Crosby says. Hardware-based security is a fundamental component of all the three categories – identity and access control, information protection and malware resistance. “Microsoft is increasingly moving down the path using additional hardware features on a device to do security.” For instance, Microsoft provides hardware-assisted security technologies in the new feature called Device Guard, which ensures devices are booted securely, whitelists kernel code and offers credential protection and biometric authentication, Crosby notes.
“The primary benefit of Windows 10 is security, but few organizations can contemplate the complex and labor-intensive task of upgrading existing PCs or shoulder the cost of a hardware refresh just to protect credentials and benefit from kernel whitelisting,” according to a Bromium whitepaper. This means the adoption of Windows 10 might be stalled pending a hardware refresh with OEM configurations for Secure Boot and Windows 10 with virtualization-based security.
Here are seven security features that Microsoft says makes Windows 10 the most secure version of Windows ever.
Antimalware software has evolved since Microsoft shipped its first anti-virus software in 1993. Now it is crucial for organizations to have multilayered defenses with interoperability in order for cybersecurity professionals to manage modern threats effectively. Windows Defender uses the operating system extensively to achieve interoperability across the varying layers of defense. It is important to have an effective antimalware solution in place as an important obstacle between malware and enterprise assets, and one that complements features like Device Guard. For example, an antimalware solution could help detect malicious behavior in memory or even within trusted applications, an area that Device Guard is not designed to address. Windows Defender has evolved to meet the growing complexity of IT and the challenges that come with this complexity, Microsoft says. Windows included Windows Defender, an inbox antimalware solution, starting with Windows 8.
With Windows 10, Microsoft has significantly improved Windows Defender. Windows Defender in Windows 10 uses a four-pronged approach to improve antimalware, incorporating rich local context, extensive global sensors, tamper proofing, and the empowerment of IT security professionals.
Antimalware software has evolved since Microsoft shipped its first anti-virus software in 1993. Now it is crucial for organizations to have multilayered defenses with interoperability in order for cybersecurity professionals to manage modern threats effectively. Windows Defender uses the operating system extensively to achieve interoperability across the varying layers of defense. It is important to have an effective antimalware solution in place as an important obstacle between malware and enterprise assets, and one that complements features like Device Guard. For example, an antimalware solution could help detect malicious behavior in memory or even within trusted applications, an area that Device Guard is not designed to address. Windows Defender has evolved to meet the growing complexity of IT and the challenges that come with this complexity, Microsoft says. Windows included Windows Defender, an inbox antimalware solution, starting with Windows 8.
With Windows 10, Microsoft has significantly improved Windows Defender. Windows Defender in Windows 10 uses a four-pronged approach to improve antimalware, incorporating rich local context, extensive global sensors, tamper proofing, and the empowerment of IT security professionals.
For enterprises the number one reason to upgrade to Windows 10 is improved security, but the critical enhancements that rely on hardware protection will be difficult to adopt until you buy new PCs, says Simon Crosby, co-founder and CTO of Bromium, a Microsoft partner that delivers hardware enforced security to deployed Windows endpoints.
Windows 10 is designed to protect against known and emerging security threats across the spectrum of attack vectors, according to Microsoft. As a result, Microsoft has laid out three broad categories of security work that has been incorporated into Windows 10: identity and access control features, information protection, and malware resistance.
Identity and access control features have been expanded to simplify and enhance user authentication security, and features that utilize virtualization-based security to protect the Windows authentication subsystems and users’ credentials. Information protection focuses on guarding information at rest, in use, and in transit offering advanced encryption. Meanwhile, malware resistance includes architectural changes aimed at isolating critical systems and security components from threats.
“Microsoft has adopted a device-centric view of security now,” Crosby says. Hardware-based security is a fundamental component of all the three categories – identity and access control, information protection and malware resistance. “Microsoft is increasingly moving down the path using additional hardware features on a device to do security.” For instance, Microsoft provides hardware-assisted security technologies in the new feature called Device Guard, which ensures devices are booted securely, whitelists kernel code and offers credential protection and biometric authentication, Crosby notes.
“The primary benefit of Windows 10 is security, but few organizations can contemplate the complex and labor-intensive task of upgrading existing PCs or shoulder the cost of a hardware refresh just to protect credentials and benefit from kernel whitelisting,” according to a Bromium whitepaper. This means the adoption of Windows 10 might be stalled pending a hardware refresh with OEM configurations for Secure Boot and Windows 10 with virtualization-based security.
Here are seven security features that Microsoft says makes Windows 10 the most secure version of Windows ever.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024