Cybersecurity is an evolving area as new threats emerge. Security threats are more common than people think and it is an issue that affects all organisations. Statistically, it takes 200 days for companies to detect a breach. It is said that there are two types of companies; those that know they have been breached and those that have not.
New security threats require a higher level of security
Viruses, malware and ransomware are daily threats to any business. Ransomware is malware that attackers use to encrypt organisations' data. In exchange for the organisation's data, a ransom is required. Intrusions are often associated with attacks, but sometimes the door is opened from the inside. For example, an employee may download an app that contains malware. In the modern workplace, we often use multiple devices both at home and at work. This means we need to protect more devices than we have historically. Windows 10 Enterprise gives us new security features needed to meet the needs of the modern workplace.
Device Guard and AppLocker are examples of features in Windows 10 Enterprise that secure all devices in your organisation down to the hardware level, so that only tested and allowed software and applications can run on computers and other devices such as mobiles and tablets. For example, if an employee downloads an app with ransomware, the malicious code won't have the opportunity to do any damage, because it's not approved, it won't be able to run.
"But we have antivirus"
Previously, antivirus was enough to protect their clients. Today's type of malware can be activated without the antivirus software detecting it. Intrusions can occur without a virus, and even if a virus is used during an intrusion, there is a good chance that the attackers have ensured that the malicious code is not detected by antivirus protection.
How to detect and respond to malware attacks?
Windows Defender Advanced Threat Protection (ATP) is an agent that uses machine learning technology to detect and respond to advanced threats. Machine learning creates data on behaviors and patterns that is used to identify broken patterns that may pose a security risk.
ATP provides clear notifications of risks and identifies where the threat is and why. The course of events is displayed on a timeline and you can drill down to the level of detail on each part of the attack. ATP also shows a holistic picture using data from around the world, which helps to analyse and identify actions.
The most common type of intrusion
One of the most common types of intrusion is the so-called "Pass the Hash" attack, where attackers open the door to a company's network through a user's device. From that device, attackers are able to access other users' devices. In this way, attackers can gain access to more privileges, allowing them to rewrite policies and add new users, for example.
Credential Guard protects users' login credentials to eliminate Pass the Hash attacks - the most common cause of unauthorised intrusion into corporate networks.
Windows 10 Enterprise also makes it easier to comply with regulatory requirements. Not only does the Enterprise version provide significantly better control over information and devices compared to Windows 10 Pro and older versions, but it also provides much greater flexibility to manage them based on specific needs and requirements. The new EU General Data Protection Regulation (GDPR), which comes into force in May 2018, will tighten these kinds of requirements for all businesses in the EU.
The evolution of security in Windows
The images below show the evolution that has taken place from Windows 7 to Windows 10 from a security perspective.
Image source: Microsoft
Image source: Microsoft
Security is the number one reason organisations choose Windows 10 Enterprise
Security is something that affects all organisations. It is no longer enough to simply protect your business from intrusion. We need to protect our users even more than before. Windows 10 Enterprise helps businesses both protect themselves from breaches and manage breaches. One of the easiest ways to ensure that you have access to the latest version of Windows 10 Enterprise is to subscribe to the licenses via a CSP (Cloud solution provider).
In order to activate Windows 10 Enterprise via CSP, there must be an updated Azure AD Connect in the environment and the user may only have one (same) identity on-premises and in the cloud.
Windows 10 comes in a new release, which has been given the version name Creators Update. This update is available after April 11 and will bring us even more security features. Among other things, we will have access to Windows Defender Application Guard which provides better protection against ransomware.
Windows Defender Application Guard can protect your computer and network if you accidentally click on a link that leads to malware. This is done by using Virtual Based Security in Windows 10 which basically works in conjunction with Edge, preventing the malicious code from accessing the computer or network if the solution is properly designed and implemented.
In May, we will organise a breakfast seminar where we will talk about the new generation of security for the modern workplace. Interested to know more? Register here