SlideShare una empresa de Scribd logo

Experts Live Europe 2017 - Best Practices to secure Windows 10 with already included features

A
Alexander Benoit

AppLocker, Windows Information Protection, Device Guard, Windows Defender Application Guard- there are many ways to secure Windows 10. Not all ways are compatible with Enterprise requirements. In the session, we will have a look at what we are able to do and I will add some experiences from the field about what works well and what doesn’t. In addition, we will check how ConfigMgr can support us.

Tecnología
1 de 33
Descargar para leer sin conexión
Best Practices to secure Windows 10 with already included features Alexander Benoit Head of Competence Center Microsoft @sepago @ITPirate
Alexander Benoit Senior Consultant / Head of Competence Center Microsoft „Future Workplace“, Security SCCM, Intune, Windows 10, Defender Framework,… Alexander.Benoit@sepago.de @ITPirate http://it-pirate.com/
We have a firewall We can‘t get hacked!
Agenda: The threat landscape No-brainers to secure Windows 10 Latest & greatest mitigation features in Windows 10
The discussion is always about tools!
Threat Landscape Phishing Keylogger Ransomware Spyware Worm Compromised accounts
Analysis: High-level vulnerability & exploit trends Vulnerabilities are increasing while evidence of actual exploits is decreasing due to mitigation investments
How to Secure Windows 10 ?
Windows 10 Security on Modern Devices Breach detection investigation & response Device protection Identity protection Information protection Threat resistance
No-Brainer: Microsoft BitLocker • Full drive encryption solution provided natively with Windows 10 Professional and Enterprise • Used to protect the operating system drive, secondary data drives and removable devices • System Center Configuration Manager, MDT and Intune can be used to deploy BitLocker Overview
No-Brainer: Microsoft BitLocker Hack not encrypted client
Windows Defender Credential Guard • Uses virtualization-based security to isolate secrets in the Local Security Authority (LSA) . • Only privileged system software can access secrets when stored locally. • Mitigates credential theft attacks, such as Pass-the-Hash (PtH) or Pass-The-Ticket (PtT). Overview
Windows Defender Credential Guard Overview • Credential Guard isolates secrets that previous versions of Windows stored in the Local Security Authority (LSA) by using virtualization-based security. • The LSA process in the operating system talks to the isolated LSA by using remote procedure calls. • Data stored by using VBS is not accessible to the rest of the operating system.
Get deeper into attack scenarios Good to know Exploit: Computercode that takes advantage of a vulnerability in a software system. Payload: Payloads carry the functionality for the greater access into the target.
Scenario Attack PayloadExploit Common way‘s to share payloads: • Fake Hyperlink • PowerPoint Macro • as „JPG“ File
Create a payload with Metasploit Create Metasploit payload and configure listener port and host IP.
Share Payload Hide payload behind fake Link
Windows Defender Smart Screen Block at first sight support in Microsoft Edge
Windows Defender SmartScreen • The Windows Defender SmartScreen provides an early warning system to notify users of suspicious websites that could be engaging in phishing attacks or distributing malware through a socially engineered attack. • Windows Defender SmartScreen is one of the multiple layers of defense in the anti-phishing and malware protection strategies Check downloaded files Windows Defender Cloud Protection Click! Attacker Generate new malware file Send file metadata Evaluate metadata Verdict: Malware – Block! Malware Block! Including Machine Learning, proximity, lookup heuristics Command & Control User
Windows Defender Application Guard Call managed and unmanaged hompages
Windows Defender Application Guard • Windows Defender Application Guard protects the device from advanced attacks launched against Microsoft Edge. • Malware and vulnerability exploits targeting the browser, including zero days, are unable to impact the operating system, apps, data and network. • Application Guard uses virtualization based security to hardware to isolate Microsoft Edge and any browsing activity away from the rest of the system. • Closing Microsoft Edge wipes all traces of attacks that may been encountered while online. Call managed and unmanaged hompages
Windows Defender Application Guard Call managed and unmanaged hompages
Windows Defender Application Guard Call managed and unmanaged hompages
Windows Defender Application Guard Call managed and unmanaged hompages
Share Payload Hide payload behind fake “jpg”
Run Payload Run hidden payload an establish connection
User Account Control • User Account Control (UAC) helps prevent malware from damaging PCs and helps organizations deploy a better-managed desktop. • Apps and tasks always run in the security context of a standard user account, unless an administrator specifically authorizes elevated access to the system Protect clients from unwanted software
Windows Defender Device Guard Device Guard Kernel Mode Code Integrity • Protects kernel mode processes and drivers from “zero day” attacks and vulnerabilities by using HVCI. • Drivers will must signed. Device Guard User Mode Code Integrity • Enterprise-grade application white-listing that achieves PC lockdown for enterprise that runs only trusted apps. • Untrusted apps and executables, such as malware, are unable to run. driver and application white-listing
Windows Defender Device Guard driver and application white-listing
Metasploit - Meterpreter Compromise the client
Windows Defender Exploit Guard stops the attacker from manipulating processes • Windows Defender Exploit Guard helps you audit, configure, and manage Windows system and application exploit mitigations . • In addition Exploit Guard delivers a new class of capabilities for intrusion prevention. While it provides legacy app protections including: • Arbitrary Code Guard • Block Low Integrity Images • Block Remote Images • Block Untrusted Fonts • Code Integrity Guard • Disable Win32k system calls • Validate Stack Integrity • Do Not Allow Child Processes • Export Address Filtering • Import Address Filtering • Simulate Execution • Validate API Invocation (CallerCheck) • Validate Image Dependency Integrity
Windows Defender Exploit Guard stops the attacker from manipulating processes
Educate your users!

Recomendados

Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...
Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...
Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...Alexander Benoit
 
Experts Live Europe 2017 - Windows 10 Servicing - the do’s and don'ts
Experts Live Europe 2017 - Windows 10 Servicing - the do’s and don'tsExperts Live Europe 2017 - Windows 10 Servicing - the do’s and don'ts
Experts Live Europe 2017 - Windows 10 Servicing - the do’s and don'tsAlexander Benoit
 
Windows 10 and the cloud: Why the future needs hybrid solutions
Windows 10 and the cloud: Why the future needs hybrid solutionsWindows 10 and the cloud: Why the future needs hybrid solutions
Windows 10 and the cloud: Why the future needs hybrid solutionsAlexander Benoit
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationQualys
 
Patch Management Best Practices 2019
Patch Management Best Practices 2019Patch Management Best Practices 2019
Patch Management Best Practices 2019Ivanti
 
Windows 10 Migration Tips, Tricks, and Strategies
Windows 10 Migration Tips, Tricks, and StrategiesWindows 10 Migration Tips, Tricks, and Strategies
Windows 10 Migration Tips, Tricks, and StrategiesIvanti
 
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Qualys
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceQualys
 

Recomendados

Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...
Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...
Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...Alexander Benoit
 
Experts Live Europe 2017 - Windows 10 Servicing - the do’s and don'ts
Experts Live Europe 2017 - Windows 10 Servicing - the do’s and don'tsExperts Live Europe 2017 - Windows 10 Servicing - the do’s and don'ts
Experts Live Europe 2017 - Windows 10 Servicing - the do’s and don'tsAlexander Benoit
 
Windows 10 and the cloud: Why the future needs hybrid solutions
Windows 10 and the cloud: Why the future needs hybrid solutionsWindows 10 and the cloud: Why the future needs hybrid solutions
Windows 10 and the cloud: Why the future needs hybrid solutionsAlexander Benoit
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationQualys
 
Patch Management Best Practices 2019
Patch Management Best Practices 2019Patch Management Best Practices 2019
Patch Management Best Practices 2019Ivanti
 
Windows 10 Migration Tips, Tricks, and Strategies
Windows 10 Migration Tips, Tricks, and StrategiesWindows 10 Migration Tips, Tricks, and Strategies
Windows 10 Migration Tips, Tricks, and StrategiesIvanti
 
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Qualys
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceQualys
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices Ivanti
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Qualys
 
Windows Active Directory Security with IS Decisions
Windows Active Directory Security with IS DecisionsWindows Active Directory Security with IS Decisions
Windows Active Directory Security with IS DecisionsIS Decisions
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveyQualys
 
Ivanti Patch Tuesday for November 2019
Ivanti Patch Tuesday for November 2019Ivanti Patch Tuesday for November 2019
Ivanti Patch Tuesday for November 2019Ivanti
 
Transforming your Security Products at the Endpoint
Transforming your Security Products at the EndpointTransforming your Security Products at the Endpoint
Transforming your Security Products at the EndpointIvanti
 
The New Security Practitioner
The New Security PractitionerThe New Security Practitioner
The New Security PractitionerAdrian Sanabria
 
June Patch Tuesday 2018
June Patch Tuesday 2018June Patch Tuesday 2018
June Patch Tuesday 2018Ivanti
 
May 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday AnalysisMay 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday AnalysisIvanti
 
Effective Patch and Software Update Management
Effective Patch and Software Update ManagementEffective Patch and Software Update Management
Effective Patch and Software Update ManagementQuest
 
Cyber Tech Israel 2016: Get Your Head in the Cloud
Cyber Tech Israel 2016: Get Your Head in the CloudCyber Tech Israel 2016: Get Your Head in the Cloud
Cyber Tech Israel 2016: Get Your Head in the CloudSymantec
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure SentinelRobert Crane
 
KACE End Point Security Update
KACE End Point Security UpdateKACE End Point Security Update
KACE End Point Security Updatekenross15
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alAlert Logic
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisIvanti
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationTjylen Veselyj
 
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...imagazinepl
 
October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018Ivanti
 
BalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffBalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffSectricity
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresAlexander Benoit
 
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10blusmurfydot1
 

Más contenido relacionado

La actualidad más candente

Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices Ivanti
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Qualys
 
Windows Active Directory Security with IS Decisions
Windows Active Directory Security with IS DecisionsWindows Active Directory Security with IS Decisions
Windows Active Directory Security with IS DecisionsIS Decisions
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveyQualys
 
Ivanti Patch Tuesday for November 2019
Ivanti Patch Tuesday for November 2019Ivanti Patch Tuesday for November 2019
Ivanti Patch Tuesday for November 2019Ivanti
 
Transforming your Security Products at the Endpoint
Transforming your Security Products at the EndpointTransforming your Security Products at the Endpoint
Transforming your Security Products at the EndpointIvanti
 
The New Security Practitioner
The New Security PractitionerThe New Security Practitioner
The New Security PractitionerAdrian Sanabria
 
June Patch Tuesday 2018
June Patch Tuesday 2018June Patch Tuesday 2018
June Patch Tuesday 2018Ivanti
 
May 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday AnalysisMay 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday AnalysisIvanti
 
Effective Patch and Software Update Management
Effective Patch and Software Update ManagementEffective Patch and Software Update Management
Effective Patch and Software Update ManagementQuest
 
Cyber Tech Israel 2016: Get Your Head in the Cloud
Cyber Tech Israel 2016: Get Your Head in the CloudCyber Tech Israel 2016: Get Your Head in the Cloud
Cyber Tech Israel 2016: Get Your Head in the CloudSymantec
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure SentinelRobert Crane
 
KACE End Point Security Update
KACE End Point Security UpdateKACE End Point Security Update
KACE End Point Security Updatekenross15
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alAlert Logic
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisIvanti
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationTjylen Veselyj
 
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...imagazinepl
 
October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018Ivanti
 
BalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffBalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffSectricity
 

La actualidad más candente (20)

Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud Infrastructure
 
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
 
Windows Active Directory Security with IS Decisions
Windows Active Directory Security with IS DecisionsWindows Active Directory Security with IS Decisions
Windows Active Directory Security with IS Decisions
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
 
Ivanti Patch Tuesday for November 2019
Ivanti Patch Tuesday for November 2019Ivanti Patch Tuesday for November 2019
Ivanti Patch Tuesday for November 2019
 
Transforming your Security Products at the Endpoint
Transforming your Security Products at the EndpointTransforming your Security Products at the Endpoint
Transforming your Security Products at the Endpoint
 
The New Security Practitioner
The New Security PractitionerThe New Security Practitioner
The New Security Practitioner
 
June Patch Tuesday 2018
June Patch Tuesday 2018June Patch Tuesday 2018
June Patch Tuesday 2018
 
May 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday AnalysisMay 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday Analysis
 
Effective Patch and Software Update Management
Effective Patch and Software Update ManagementEffective Patch and Software Update Management
Effective Patch and Software Update Management
 
Cyber Tech Israel 2016: Get Your Head in the Cloud
Cyber Tech Israel 2016: Get Your Head in the CloudCyber Tech Israel 2016: Get Your Head in the Cloud
Cyber Tech Israel 2016: Get Your Head in the Cloud
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
 
KACE End Point Security Update
KACE End Point Security UpdateKACE End Point Security Update
KACE End Point Security Update
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday Analysis
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combination
 
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
 
October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018
 
BalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffBalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT Staff
 

Similar a Experts Live Europe 2017 - Best Practices to secure Windows 10 with already included features

Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresAlexander Benoit
 
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10blusmurfydot1
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareQuick Heal Technologies Ltd.
 
How Endpoint Security works ?
How Endpoint Security works ?How Endpoint Security works ?
How Endpoint Security works ?William hendric
 
Session 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry TessierSession 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry TessierCTE Solutions Inc.
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeemu Tiainen
 
IT6701-Information Management Unit 2
IT6701-Information Management Unit 2IT6701-Information Management Unit 2
IT6701-Information Management Unit 2SIMONTHOMAS S
 
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a FlashWeb Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a FlashTrend Micro
 
An inconvenient truth: Evading the Ransomware Protection in windows 10 @ Hack...
An inconvenient truth: Evading the Ransomware Protection in windows 10 @ Hack...An inconvenient truth: Evading the Ransomware Protection in windows 10 @ Hack...
An inconvenient truth: Evading the Ransomware Protection in windows 10 @ Hack...Soya Aoyama
 
The Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityThe Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityLumension
 
New VIPRE_DS_EndpointSecurity_2016
New VIPRE_DS_EndpointSecurity_2016 New VIPRE_DS_EndpointSecurity_2016
New VIPRE_DS_EndpointSecurity_2016 Cyd Isaak Francisco
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationGraeme Wood
 
Comodo advanced endpoint protection
Comodo advanced endpoint protectionComodo advanced endpoint protection
Comodo advanced endpoint protectionDavid Waugh
 
ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxdawitTerefe5
 
Windows 7 Application Compatibility
Windows 7 Application CompatibilityWindows 7 Application Compatibility
Windows 7 Application Compatibilitymicham
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...Orbid
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityIvanti
 

Similar a Experts Live Europe 2017 - Best Practices to secure Windows 10 with already included features (20)

Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included features
 
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 
How Endpoint Security works ?
How Endpoint Security works ?How Endpoint Security works ?
How Endpoint Security works ?
 
Session 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry TessierSession 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry Tessier
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimukset
 
IT6701-Information Management Unit 2
IT6701-Information Management Unit 2IT6701-Information Management Unit 2
IT6701-Information Management Unit 2
 
Windows 10: Security Focus (part II)
Windows 10: Security Focus (part II)Windows 10: Security Focus (part II)
Windows 10: Security Focus (part II)
 
Methods Hackers Use
Methods Hackers UseMethods Hackers Use
Methods Hackers Use
 
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a FlashWeb Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
 
An inconvenient truth: Evading the Ransomware Protection in windows 10 @ Hack...
An inconvenient truth: Evading the Ransomware Protection in windows 10 @ Hack...An inconvenient truth: Evading the Ransomware Protection in windows 10 @ Hack...
An inconvenient truth: Evading the Ransomware Protection in windows 10 @ Hack...
 
Ransomware
RansomwareRansomware
Ransomware
 
The Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityThe Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day Reality
 
New VIPRE_DS_EndpointSecurity_2016
New VIPRE_DS_EndpointSecurity_2016 New VIPRE_DS_EndpointSecurity_2016
New VIPRE_DS_EndpointSecurity_2016
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning Presentation
 
Comodo advanced endpoint protection
Comodo advanced endpoint protectionComodo advanced endpoint protection
Comodo advanced endpoint protection
 
ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptx
 
Windows 7 Application Compatibility
Windows 7 Application CompatibilityWindows 7 Application Compatibility
Windows 7 Application Compatibility
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint Security
 

Último

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Último (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Experts Live Europe 2017 - Best Practices to secure Windows 10 with already included features

  • 1. Best Practices to secure Windows 10 with already included features Alexander Benoit Head of Competence Center Microsoft @sepago @ITPirate
  • 2. Alexander Benoit Senior Consultant / Head of Competence Center Microsoft „Future Workplace“, Security SCCM, Intune, Windows 10, Defender Framework,… Alexander.Benoit@sepago.de @ITPirate http://it-pirate.com/
  • 3. We have a firewall We can‘t get hacked!
  • 4. Agenda: The threat landscape No-brainers to secure Windows 10 Latest & greatest mitigation features in Windows 10
  • 5. The discussion is always about tools!
  • 7. Analysis: High-level vulnerability & exploit trends Vulnerabilities are increasing while evidence of actual exploits is decreasing due to mitigation investments
  • 8. How to Secure Windows 10 ?
  • 9. Windows 10 Security on Modern Devices Breach detection investigation & response Device protection Identity protection Information protection Threat resistance
  • 10. No-Brainer: Microsoft BitLocker • Full drive encryption solution provided natively with Windows 10 Professional and Enterprise • Used to protect the operating system drive, secondary data drives and removable devices • System Center Configuration Manager, MDT and Intune can be used to deploy BitLocker Overview
  • 11. No-Brainer: Microsoft BitLocker Hack not encrypted client
  • 12. Windows Defender Credential Guard • Uses virtualization-based security to isolate secrets in the Local Security Authority (LSA) . • Only privileged system software can access secrets when stored locally. • Mitigates credential theft attacks, such as Pass-the-Hash (PtH) or Pass-The-Ticket (PtT). Overview
  • 13. Windows Defender Credential Guard Overview • Credential Guard isolates secrets that previous versions of Windows stored in the Local Security Authority (LSA) by using virtualization-based security. • The LSA process in the operating system talks to the isolated LSA by using remote procedure calls. • Data stored by using VBS is not accessible to the rest of the operating system.
  • 14. Get deeper into attack scenarios Good to know Exploit: Computercode that takes advantage of a vulnerability in a software system. Payload: Payloads carry the functionality for the greater access into the target.
  • 15. Scenario Attack PayloadExploit Common way‘s to share payloads: • Fake Hyperlink • PowerPoint Macro • as „JPG“ File
  • 16. Create a payload with Metasploit Create Metasploit payload and configure listener port and host IP.
  • 18. Windows Defender Smart Screen Block at first sight support in Microsoft Edge
  • 19. Windows Defender SmartScreen • The Windows Defender SmartScreen provides an early warning system to notify users of suspicious websites that could be engaging in phishing attacks or distributing malware through a socially engineered attack. • Windows Defender SmartScreen is one of the multiple layers of defense in the anti-phishing and malware protection strategies Check downloaded files Windows Defender Cloud Protection Click! Attacker Generate new malware file Send file metadata Evaluate metadata Verdict: Malware – Block! Malware Block! Including Machine Learning, proximity, lookup heuristics Command & Control User
  • 20. Windows Defender Application Guard Call managed and unmanaged hompages
  • 21. Windows Defender Application Guard • Windows Defender Application Guard protects the device from advanced attacks launched against Microsoft Edge. • Malware and vulnerability exploits targeting the browser, including zero days, are unable to impact the operating system, apps, data and network. • Application Guard uses virtualization based security to hardware to isolate Microsoft Edge and any browsing activity away from the rest of the system. • Closing Microsoft Edge wipes all traces of attacks that may been encountered while online. Call managed and unmanaged hompages
  • 22. Windows Defender Application Guard Call managed and unmanaged hompages
  • 23. Windows Defender Application Guard Call managed and unmanaged hompages
  • 24. Windows Defender Application Guard Call managed and unmanaged hompages
  • 26. Run Payload Run hidden payload an establish connection
  • 27. User Account Control • User Account Control (UAC) helps prevent malware from damaging PCs and helps organizations deploy a better-managed desktop. • Apps and tasks always run in the security context of a standard user account, unless an administrator specifically authorizes elevated access to the system Protect clients from unwanted software
  • 28. Windows Defender Device Guard Device Guard Kernel Mode Code Integrity • Protects kernel mode processes and drivers from “zero day” attacks and vulnerabilities by using HVCI. • Drivers will must signed. Device Guard User Mode Code Integrity • Enterprise-grade application white-listing that achieves PC lockdown for enterprise that runs only trusted apps. • Untrusted apps and executables, such as malware, are unable to run. driver and application white-listing
  • 29. Windows Defender Device Guard driver and application white-listing
  • 31. Windows Defender Exploit Guard stops the attacker from manipulating processes • Windows Defender Exploit Guard helps you audit, configure, and manage Windows system and application exploit mitigations . • In addition Exploit Guard delivers a new class of capabilities for intrusion prevention. While it provides legacy app protections including: • Arbitrary Code Guard • Block Low Integrity Images • Block Remote Images • Block Untrusted Fonts • Code Integrity Guard • Disable Win32k system calls • Validate Stack Integrity • Do Not Allow Child Processes • Export Address Filtering • Import Address Filtering • Simulate Execution • Validate API Invocation (CallerCheck) • Validate Image Dependency Integrity
  • 32. Windows Defender Exploit Guard stops the attacker from manipulating processes