Enterprise Mobility and Security Blog

RSS

What’s new:

When it comes to cyber-attacks, there are two primary angles of attack: One way is to steal a user’s identity and enter the network, and the other way is to get malicious software running from within the organization. Often the attacks do a bit of both.

Stopping these attacks is another area where Windows 10 really shines. When I received a phishing attack e-mail on a Windows 10 machine with Device Guard, the installation of the app is blocked because that app is not signed by a pre-determined trustworthy source. The intrusion is stopped before it can even get started.

How this helps:

Device Guard is an indispensable part of your security arsenal – especially for the Windows devices that are in mission critical roles such as operating an assembly line or in a hospital.

Detection alone is never going to catch every intrusion – there are simply too many new attacks created every minute (we receive more than 1M new pieces of malware every day). Device Guard demands that every app attempting to access your network has to be proven safe before it enters, and, even more importantly, Device Guard’s capabilities are protected in an unprecedented way that uses virtualization to protect itself even in the event that the Windows Kernel is fully compromised.

For this reason, Device Guard can block zero day exploits and unknown malware threats because it isn’t dependent on the latest AV signatures or behavior monitoring. It also neutralizes common intrusion workarounds because Device Guard protects users even when they have full admin privileges.

Why you need this in your life:

  • This feature is ideal for a very wide range of devices, like PoS’s, ATM’s, and any other assets that serve a critical business function and contain sensitive data.
  • As noted above: It blocks zero day exploits and protects users with admin privileges.
  • This enables IT to provide a much higher level of assurance that malware will not be running on devices.

What you’ll need to get started:

  • Windows 10
  • Policy provision software (e.g. SCCM or Intune)

Get to work!

  • Windows 10’s data separation and containment features will be coming soon to members of the Windows Insider Program.
  • Join the program now so you can start testing these Windows 10 features as soon as they become available.

 

To read the recaps for the other ten demos, visit aka.ms/BradIgniteRecap.