At BeyondTrust we see a lot of trends in the industry. We see commercial software that has been on the market for some time suddenly become popular, or a recent update cause unforeseen issues in an environment. We see new software hit the market and gain immediate recognition and customers understandably like to confirm everything will continue to play nice together.
One of the more notable trends is when Microsoft releases a new OS. Windows 7 was massively popular with our customers; Windows 8 not so much. As we approach the one-year mark for the Windows 10 release we are beginning to see adoption in production networks; and rightfully so. Windows 10 is, in my and many others’ opinions, a huge leap forward for the Microsoft platform. It is clear security was a keystone while developing this latest OS.
When a major new release of the Windows operating system ships, we inevitably hear the question, “Do I still need PowerBroker for Windows if I’m running Windows X?” Let’s take a look at some of the security features available in Windows 10, what they are intended to do, and why the answer to that question is wholeheartedly, Yes!
Security features in Windows 10
Some of the top security capabilities in Windows 10 include the following. Device Guard- Designed to allow only trusted applications to run
- Applications must be signed by a trusted signature, but businesses can sign their own software or software purchased from third parties
- Key services are isolated in a virtual container to prevent spoofing legitimate signatures
- Stores domain credentials in a virtual container
- Aims at protecting against Pass-the-Hash attacks
- Provides a two factor authentication mechanism to log into the OS
- Can use biometric or facial recognition
- Additional functionality to Defender’s AV/AM software
- Designed to help see threats across an organization
- Every Windows 10 machine running AT Protection becomes an additional tracking node
- Provides actionable intelligence as part of the OS
- These features are free with Windows 10
- Updates are included as part of standard OS update procedures
- By collecting data from all Windows 10 machines running these features, they can react to threats and provides updates quickly
- Some of these features require Secure Boot, 64bit virtualization support, Unified Extensible Firmware Interface (UEFI) firmware, and the Trusted Platform Module (TPM) chip
- “Standard” technology often do not meet these requirements, (for example older hardware or “light weight” laptops)
- Implementing these features will likely affect existing workflows
Is there room for a commercial least privilege solution?
And as we dig in a bit deeper we must take other factors into account where a commercial solution like PowerBroker for Windows is still required. Consider the following:- REGARDLESS OF HOW MANY LAYERS YOU PUT IN FRONT OF A MAL-INTENTED USER, HAVING ADMIN RIGHTS REMAINS THE ACHILLES HEEL OF COMPUTER SECURITY
- PowerBroker for Windows is still required for true Application Rights Management for security and operations teams
- Most of these features are new. We don’t yet know all the limitations, effects to the enterprise, and the real security of those features. Microsoft has never created an un-breachable feature after all
- Historically, Microsoft features embedded into the OS have lacked true enterprise functionality
- A full upgrade to Windows 10 will take time, and PowerBroker for Windows works across multiple operating systems, as well as with the BeyondTrust PAM/VMS suite
