
Security features in Windows 10
Some of the top security capabilities in Windows 10 include the following. Device Guard- Designed to allow only trusted applications to run
- Applications must be signed by a trusted signature, but businesses can sign their own software or software purchased from third parties
- Key services are isolated in a virtual container to prevent spoofing legitimate signatures
- Stores domain credentials in a virtual container
- Aims at protecting against Pass-the-Hash attacks
- Provides a two factor authentication mechanism to log into the OS
- Can use biometric or facial recognition
- Additional functionality to Defender’s AV/AM software
- Designed to help see threats across an organization
- Every Windows 10 machine running AT Protection becomes an additional tracking node
- Provides actionable intelligence as part of the OS
- These features are free with Windows 10
- Updates are included as part of standard OS update procedures
- By collecting data from all Windows 10 machines running these features, they can react to threats and provides updates quickly
- Some of these features require Secure Boot, 64bit virtualization support, Unified Extensible Firmware Interface (UEFI) firmware, and the Trusted Platform Module (TPM) chip
- “Standard” technology often do not meet these requirements, (for example older hardware or “light weight” laptops)
- Implementing these features will likely affect existing workflows
Is there room for a commercial least privilege solution?
And as we dig in a bit deeper we must take other factors into account where a commercial solution like PowerBroker for Windows is still required. Consider the following:- REGARDLESS OF HOW MANY LAYERS YOU PUT IN FRONT OF A MAL-INTENTED USER, HAVING ADMIN RIGHTS REMAINS THE ACHILLES HEEL OF COMPUTER SECURITY
- PowerBroker for Windows is still required for true Application Rights Management for security and operations teams
- Most of these features are new. We don’t yet know all the limitations, effects to the enterprise, and the real security of those features. Microsoft has never created an un-breachable feature after all
- Historically, Microsoft features embedded into the OS have lacked true enterprise functionality
- A full upgrade to Windows 10 will take time, and PowerBroker for Windows works across multiple operating systems, as well as with the BeyondTrust PAM/VMS suite

Jason Silva, Sr. Solutions Engineer, BeyondTrust
Jason Silva brings over 25 years of solutions and management experience to the industry. Currently serving as Senior Solutions Engineer for BeyondTrusts' Universal Privilege Management Platform, he uses this knowledge to help customers realize the value of our solutions throughout the product lifecycle. Earlier in his career, he found success as a software developer in a global consulting company and spent over four years managing IT and Regulatory Compliance in the banking industry.
Specialties: Microsoft Active Directory, Microsoft Group Policy, Pre and Post Sales Training, Sales Engineering, Enterprise Security Tools, Privileged Access Management