/
Windows 10 – the safest and most secure version of Windows Windows 10 – the safest and most secure version of Windows

Windows 10 – the safest and most secure version of Windows - PowerPoint Presentation

cheryl-pisano
cheryl-pisano . @cheryl-pisano
Follow
346 views
Uploaded On 2019-11-19

Windows 10 – the safest and most secure version of Windows - PPT Presentation

Windows 10 the safest and most secure version of Windows Chris Riggs Principal Program Manager Agenda Creators Update New Features Calls to Action Windows 10 Security Journey Mischief Script Kiddies ID: 765519

microsoft windows device security windows microsoft security device guard edge table https memory protection application credential defender encryption platform

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "Windows 10 – the safest and most secur..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Windows 10 – the safest and most secure version of Windows Chris Riggs Principal Program Manager

Agenda Creators Update New Features Calls to Action Windows 10 Security Journey

Mischief Script Kiddies Unsophisticated Fraud and Theft Organized Crime More sophisticated Damage and Disruption Nations, Terror Groups, Activists Very sophisticated and well resourced Evolution of attacks

Malicious Attachment Execution Browser or Doc Exploit Execution Stolen Credential Use Internet Service Compromise Kernel-mode Malware Kernel Exploits Pass-the-Hash Malicious Attachment Delivery Browser or Doc Exploit Delivery Phishing Attacks ATTACK ESPIONAGE, LOSS OF IP DATA THEFT RANSOM LOST PRODUCTIVITY BUSINESS DISRUPTION ENTER ESTABLISH EXPAND ENDGAME NETWORK DEVICE USER Anatomy of an attack

Threat protection over time Attackers take advantage of periods between releases Product Release Threat sophistication Time Capability Game change with Windows and Software as a Services Disrupt and out innovate our adversaries by design Protection Gap

Windows 10Security Journey

YOUR IT ENVIRONMENT YOUR SECURITY POSTURE ! DETECT using targeted signals, behavioral monitoring, and machine learning RESPOND closing the gap between discovery and action PROTECT across all endpoints, from sensors to the datacenter

OUR APPROACH PLATFORM Identity Device Apps & Data Infrastructure Advanced Threat Protection Anti-Spam / Anti-Malware Message Encryption Customer Lockbox Data Loss Prevention Windows Trusted Boot Device Encryption Device Guard Credential Guard Microsoft Edge Windows Hello Windows Defender Application Guard Windows Defender ATP Windows Update for Business Windows Information Protection Azure Active Directory Azure Security Center Azure Storage Service Encryption Azure Key Vault OUR SECURITY PLATFORM Advanced Threat Analytics Cloud App Security Intune Windows Server 2016 SQL Server 2016

INTELLIGENCE User log-ins Unauthorized data access Data encryption Malware Spam System updates Enterprise security Attacks Phishing Denial of service User accounts Device log-ins Multi-factor authentication PLATFORM PARTNERS INTELLIGENCE

OUR UNIQUE INTELLIGENCE 300B user authentications each month 1B Windows devices updated 200B emails analyzed for spam and malware

Respond Windows Trusted Boot Microsoft Edge Windows Defender Companion Device Framework Windows Information Protection Windows Defender Advanced Threat Protection Legacy Devices (Upgraded from Win 7 or 32-bit Win 8.x) Virtualization based security UEFI Secure Boot Device Guard Credential GuardWindows Defender Application GuardWindows HelloDevice Encryption Security managementConditional Access Modern Devices (Fresh install or upgrade from 64-bit Win 8.x ) Detect Protect

Windows 10 empowers people of action to do great things.

“I don’t pay any attention to those things anymore…People get weary from being bombarded by watch out messages.” “Years ago, you had 1 password to keep up with at work,” she said. “Now people are being asked to remember 25 or 30. We haven’t really thought about cybersecurity expanding and what it has done to end users.” What we’ve heard…

Consumers need security too… TPM 2.0 on every device – helping protect your credentials and other key data Windows Hello , fingerprint or face authentication – helping solve the ever confusing world of passwords Device encryption – helping protect your local data if it is accessed or if your device is stolen Smart Screen filter in Edge – helping protect you against malicious web sites

You can see & control your security and device health features in one unified experience 

* User interface and category names subject to change. Windows & Partners Protect my Digital Life

Microsoft Enablement Docs # Area Description & URL 1 Overall Windows 10 security High level details on all our great security features https://www.microsoft.com/en-us/windows/comprehensive-security 2 TPM 2.0 This walks through the great benefits of TPM https://technet.microsoft.com/en-us/itpro/windows/keep-secure/trusted-platform-module-overview 3 Windows Hello Getting a Windows Hello enabled device https://www.microsoft.com/en-us/windows/comprehensive-security 4 Device Encryption This walks through device encryption enablement https://technet.microsoft.com/en-us/itpro/windows/keep-secure/windows-10-security-guide#deploy-hard-drive-encryption 5 Smart Screen for Edge Protect your family and friends from unwanted malware in Edge https://technet.microsoft.com/en-us/itpro/windows/keep-secure/windows-10-security-guide#the-smartscreen-filter

Virtualization Based Security (VBS)

Device Hardware Kernel Windows Platform Services Apps Windows 7 platform stack

Kernel Windows Platform Services Apps Windows Operating System Kernel Windows Platform Services Microsoft Edge Windows Defender Application Guard System Container Kernel Device Guard Credential Guard Trustlet #3 Device Hardware Hyper-V Hyper-V Hypervisor Microsoft Edge Protected by Windows Defender Application Guard

Creators Update: Preparing for Device Guard, Credential Guard Virtualization Based Security (VBS) Create a static Windows Security Mitigation Table (WSMT) in the ACPI namespace of the platform to help secure BIOS configurations and protect against SMM attacks Length Bit offset Description 1 0 FIXED_COMM_BUFFERS If set, expresses that for all synchronous SMM entries, SMM will validate that input and output buffers lie entirely within the expected fixed memory regions. 1 1 COMM_BUFFER_NESTED_PTR_PROTECTION If set, expresses that for all synchronous SMM entries, SMM will validate that input and output pointers embedded within the fixed communication buffer only refer to address ranges that lie entirely within the expected fixed memory regions. 1 2 SYSTEM_RESOURCE_PROTECTION Firmware setting this bit is an indication that it will not allow reconfiguration of system resources via non-architectural mechanisms.   31:3 Reserved; must return 0 when read. ACPI Standard Header Field Byte Length Byte Offset Description Signature 40Signature for the WSMT Length 4 4 Length, in bytes, of the WSMT. Must be 40 for Revision 1. Revision 1 8 1 Checksum 1 9 Entire table, which must sum to zero OEMID 6 10 Original equipment manufacturer (OEM) identifier (ID) OEM Table ID 8 16 Manufacturer model ID OEM Revision 4 24 OEM revision for supplied OEM table ID Creator ID 4 28 Vendor ID of the ASL compiler utility that created the table Creator Revision 4 32 Revision of the ASL compiler utility that created the table Protection Flags 4 36 Container of a bitmask of the system implemented WSMT protections. Bits in this field represent that certain protections/enforcements are enabled and active for firmware executing in SMM context after ExitBootServices (). See Table 2 for a detailed description of this field. Table 1. Windows SMM Security Mitigations Table Table 2. Protection Flags Field  

Creators update: preparing for Device Guard, Credential Guard Virtualization Based Security (VBS) To help mitigate vulnerabilities that happen at UEFI runtime such as updating the capsule or setting variables, we are requiring the following: Implement key UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE for EFI_MEMORY_RO and EFI_MEMORY_XP No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writeable and non-executable www. uefi.org/sites/default/files/resources/UEFI%20Spec%202_6.pdf

Microsoft Enablement Docs # Area Description & URL 1 HVCI Compliant Drivers Since Anniversary update, all kernel drivers must be Hypervisor Code Integrity Compliant and pass the HLK test: https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10/ 2 Pass the Hardware Security Interface Spec Test (ver. 1.1.a) HSTI protects against misconfiguration of security features on Windows devices https://msdn.microsoft.com/en-us/library/windows/hardware/mt712332(v=vs.85).aspx 3 PC OEM Device / Credential Guard Requirements This walks through end to end requirements against each Windows release https://msdn.microsoft.com/library/windows/hardware/mt767514(v=vs.85).aspx 4 Device Guard / Credential Guard Readiness Tool A tool that helps OEMs, ODMs, or enterprise customers to check if their systems are DG/CG ready : https://www.microsoft.com/en-us/download/details.aspx?id=53337 New for Creators Update partner requirements for Device Guard, Credential Guard 5 UEFI NX Protections This outlines the security requirements: Must implement UEFI 2.6 specification’s EFI_MEMORY_ATTRIBUTES_TABLE. The entire UEFI runtime must be described by this table. All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both No entries must be left with neither of the above attribute, indicating memory that is both executable and writable. Memory MUST be either readable and executable OR writeable and non-executable. 6 Firmware Support for SMM Protection (WSMT table) This table helps secure UEFI runtime functions to protect VBS, firmware and attacks against SMM https://msdn.microsoft.com/en-us/library/windows/hardware/dn495660(v=vs.85).aspx#wsmt

Microsoft Edge Security

Increasingly effective vulnerability discovery We experienced a 3.5x y/y increase in 2013 and ~2x y/y in 2014 # of Microsoft web browser Remote Code Execution (RCE) CVEs addressed by patch year # of Microsoft Remote Code Execution (RCE) CVEs addressed by product area and patch year Web browser vulnerabilities have accounted for more than 50% of Microsoft’s RCEs each year since 2013 Researchers and attackers have become increasingly effective at finding web browser vulnerabilities

Measuring Microsoft Edge Security improvements Number of exploited web browser CVEs Number of days with known zero day exploit in the wild Number of Vulnerabilities (CVEs) by web browser No known exploits for Microsoft Edge CVEs 30% reduction in Microsoft Edge CVEs in the last 12 servicing months No known exploits in-the-wild that target Microsoft Edge Source: US National Vulnerability Database, November, 2015 – October, 2016 Source: Microsoft, as of August 22, 2016 Source: Microsoft, as of August 22, 2016

SHA1 – Are you ready? Today Internet Explorer and Microsoft Edge no longer show the lock icon for SHA1-TLS sites February 14, 2017 Internet Explorer and Microsoft Edge Warn for SHA1 TLS Sites Mixed-content doesn’t load; no user-facing error Other Windows functionality unaffectedMore info at http://aka.ms/sha1 Our goal : Match the industry, and balance customer experience and adjust as warranted by changes in technology.

Windows Defender Application Guard

Uses virtualization-based security to isolate Microsoft Edge, protecting Windows 10 against advanced attacks Malware and vulnerability exploits targeting the browser, including zero-day exploits, are unable to impact the operating system, apps, data and network Windows Defender Application Guard

https://microsoft.sharepoint.com/teams/winhec_internal/_layouts/15/guestaccess.aspx?guestaccesstoken=fiXvL84ODz5tv%2bGrDoLtSCpHUnza604j75y4P0FW%2f8U%3d&docid=2_1ff7b1ca1b5d54aebb5fb731c7b33b6a1&rev=1 Application Guard Video queue up

Windows 10 Deployment

As a partner for Microsoft, are you running Windows 10 today? If not, join the club now!

600 Engagement with hardware and software partners to detect and resolve compat issues 99% %age of millions of apps inferred as compatible from Windows telemetry 3K Top apps being tested with every release across consumers, gamers and information worker categories Millions Windows Insiders validating early Windows builds 2K Number of devices and peripherals tested 20K Number of user feedback processed for detecting compat issues Windows Compat Promise

Windows upgrade analytics Opt-in feedback from Windows 7 and 8.1 Track upgrade readiness Identify app and driver issues Remediate Drive deployment Sign up via http://www.microsoft.com/en-us/WindowsForBusiness/upgrade-analytics

“Ready for Windows” Ready for Windows makes it easy for ISVs to list their software solutions that support Windows 10 and generate market visibility. It also give access to the Windows as a Service compatible logo program. The Microsoft Ready for Windows program helps IT decision makers search and source business applications that are compatible and supported on Windows 10.

Ready for Windows portal Global reach and exposure App data from commercial Windows 10 installs ISV support declaration for WaaS Windows 10 compatible logo for Windows as a Service App Status Guidance Adopted This application has been installed on at least 10,000 commercial Windows 10 devices. Highly adopted This application has been installed on at least 100,000 commercial Windows 10 devices. Supported version available The ISV has declared support for a version of this application on Windows 10. Contact software provider There may be compatibility issues with this solution, and thus Microsoft recommends contacting the software provider to learn more.

What can you do? Run Upgrade Analytics internally as a partner, sign up here: https://www.microsoft.com/en-us/WindowsForBusiness/upgrade-analytics Getting Started Guide: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics Getting your app ready for Windows 10: https://developer.microsoft.com/en-us/windows/ready-for-windows#/

Wrap up

Recap – Windows 10 is the most secure OS we’ve ever shipped Be prepared to deliver on: Consumer security features and positioning (TPM 2.0, Windows Hello, Device Encryption, Smart Screen with Edge) Commercial security features such as Device Guard, Credential Guard, and Windows Defender Application Guard Get on Windows 10: Windows Upgrade Analytics helps you get to Windows 10 faster than ever, along with certifying your apps on Ready for Windows 10

Thank You Please follow WinHEC @ WinHEC.com 谢谢