Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

The Key New Security Features & Capabilities to Know in Windows 10

October 23, 2018

  • Blog
  • Archive

Cybersecurity-Global.jpg

Last year’s WannaCry and Petya malware outbreaks couldn’t breach Windows 10’s latest security defenses, but companies still running outdated and unpatched versions of Windows were vulnerable. In this blog post, I’ll look at the key new security features in Windows 10. For an even more in depth overview, check out my webinar on the subject here.

Virtualization-Based Security

Windows 10 uses hardware virtualization to isolate critical parts of the operating system. Virtualization-based security (VBS) runs a secure kernel at a higher trust level (VTL-1) than the NT kernel (VTL-0). When Windows executes code and stores data at the higher trust level (VTL-1), the normal NT kernel and user-mode processes cannot directly access the protected code and data. Data is transferred between the two trust levels using a set of APIs.

The isolation VBS provides protects critical parts of the operating system--even if the NT kernel is compromised. For example, security features like Windows Defender Device Guard can continue to operate with integrity even if the NT kernel is compromised because it uses VBS to protect the processes that apply code integrity policies to the system. Windows 7 cannot provide the same security guarantee.

Windows Defender System Guard in the Windows 10 Fall Creators Update (version 1709) and later reorganizes critical system components to protect them using a hardware-based isolation container at boot time, and continues to provide protection when Windows is running.

Windows Defender Device Guard and Credential Guard

Two new security features in Windows 10 use VBS. Windows Device guard is a new application control feature that uses configurable code integrity policies to allow list both kernel-mode and user-mode code. It is more secure than AppLocker because it can be protected by VBS and cannot be easily disabled by local administrators.

Similarly, Credential Guard uses VBS to protect domain, NTLM, and Kerberos credentials from attack. If an attacker gets administrative access in Windows 7, it is easy to harvest credentials and credential derivatives from memory.

Windows Defender Exploit Guard

Exploit Guard replaces the Enhanced Mitigation Experience Toolkit (EMET) for Windows 7. Exploit Guard is built into Windows 10, provides the mitigation features that were available in (EMET), and adds many new security features. Exploit Guard consists of four main features.

  1. Exploit protection contains OS mitigation features, many of which were available in previous versions of Windows, such as Data Execution Prevention (DEP) and Control Flow Guard, which was first available in Windows 8.1.
  2. Attack Surface Reduction Rules are available to Windows 10 Enterprise customers. These rules provide extra mitigation techniques for attack vectors in Office, scripts, and email.
  3. Network protection expands Windows SmartScreen and blocks all outbound HTTP(S) traffic to low-repute domains. Previously SmartScreen only blocked traffic from Microsoft browsers.
  4. Finally, Controlled Folder Access is designed to stop ransomware encrypting files in common system folders, like Documents. Controlled Folder Access allows you to add folders to the default list and add trusted applications.

Windows Defender Advanced Threat Protection

Available to customers using Windows Enterprise E5, or purchased as a separate product, Advanced Threat Protection is built-in to Windows 10 and uses the Intelligent Security Graph to collect information from Windows Defender, providing an overview of your clients’ security posture. Next-generation protection technologies provide holistic preventative and post-breach protection, and can respond automatically to security incidents using machine learning and security analytics.

Microsoft Edge

Microsoft Edge replaces Internet Explorer in Windows 10 as the default inbox browser. Edge runs in an app sandbox and includes other security mitigation, like 64-bit processes and Address Space Layout Randomization (ASLR).

If you need an especially secure environment, Windows Defender Application Guard starts Edge in a container that uses hardware virtualization to isolate the browser from the OS.

Windows Hello

Windows Hello aims to rid the world of passwords. Windows Hello and Windows Hello for Business allow users to log in to Windows and other applications using gestures, which might be something as simple as a PIN code or biometric security, like face recognition or a fingerprint. Microsoft Edge integrates with Windows Hello, allowing users to sign in to websites and applications using a gesture.

Microsoft Store and MSIX Installer Technology

Finally, the Microsoft Store is a curated app store that includes touch-friendly UWP apps and legacy Win32 applications. The Microsoft Store for Business lets organizations create their own private stores, which can be used to manage the full lifecycle of applications.

In the next version of Windows 10, Microsoft is introducing an installer technology that promises to allow organizations to package any kind of application using a simple wizard. The new MSIX installer uses containers to make it easier to port legacy apps to the Microsoft Store, even in cases where you don’t have access to the source code.

If you’d like to find out more about the new security features in Windows 10, check out my on-demand webinar, What’s New in Windows 10 Security, where I go into more technical detail about the new security technologies in Windows 10.

Russell Smith

IT Consultant & Security MVP

Russell Smith specializes in the management and security of Microsoft-based IT systems. In addition to blogging about Windows and Active Directory for the Petri IT Knowledgebase, Russell is a Contributing Editor at CDW’s Biztech Magazine.

Russell has more than 15 years of experience in IT, has written a book on Windows security, co-authored one for Microsoft’s Official Academic Course (MOAC) series and has delivered several courses for Pluralsight.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.