SlideShare a Scribd company logo

Experts Live Europe 2017 - Best Practices to secure Windows 10 with already included features

A
Alexander Benoit

AppLocker, Windows Information Protection, Device Guard, Windows Defender Application Guard- there are many ways to secure Windows 10. Not all ways are compatible with Enterprise requirements. In the session, we will have a look at what we are able to do and I will add some experiences from the field about what works well and what doesn’t. In addition, we will check how ConfigMgr can support us.

Technology
1 of 33
Download to read offline
Best Practices to secure Windows 10 with already included features Alexander Benoit Head of Competence Center Microsoft @sepago @ITPirate
Alexander Benoit Senior Consultant / Head of Competence Center Microsoft „Future Workplace“, Security SCCM, Intune, Windows 10, Defender Framework,… Alexander.Benoit@sepago.de @ITPirate http://it-pirate.com/
We have a firewall We can‘t get hacked!
Agenda: The threat landscape No-brainers to secure Windows 10 Latest & greatest mitigation features in Windows 10
The discussion is always about tools!
Threat Landscape Phishing Keylogger Ransomware Spyware Worm Compromised accounts
Analysis: High-level vulnerability & exploit trends Vulnerabilities are increasing while evidence of actual exploits is decreasing due to mitigation investments
How to Secure Windows 10 ?
Windows 10 Security on Modern Devices Breach detection investigation & response Device protection Identity protection Information protection Threat resistance
No-Brainer: Microsoft BitLocker • Full drive encryption solution provided natively with Windows 10 Professional and Enterprise • Used to protect the operating system drive, secondary data drives and removable devices • System Center Configuration Manager, MDT and Intune can be used to deploy BitLocker Overview
No-Brainer: Microsoft BitLocker Hack not encrypted client
Windows Defender Credential Guard • Uses virtualization-based security to isolate secrets in the Local Security Authority (LSA) . • Only privileged system software can access secrets when stored locally. • Mitigates credential theft attacks, such as Pass-the-Hash (PtH) or Pass-The-Ticket (PtT). Overview
Windows Defender Credential Guard Overview • Credential Guard isolates secrets that previous versions of Windows stored in the Local Security Authority (LSA) by using virtualization-based security. • The LSA process in the operating system talks to the isolated LSA by using remote procedure calls. • Data stored by using VBS is not accessible to the rest of the operating system.
Get deeper into attack scenarios Good to know Exploit: Computercode that takes advantage of a vulnerability in a software system. Payload: Payloads carry the functionality for the greater access into the target.
Scenario Attack PayloadExploit Common way‘s to share payloads: • Fake Hyperlink • PowerPoint Macro • as „JPG“ File
Create a payload with Metasploit Create Metasploit payload and configure listener port and host IP.
Share Payload Hide payload behind fake Link
Windows Defender Smart Screen Block at first sight support in Microsoft Edge
Windows Defender SmartScreen • The Windows Defender SmartScreen provides an early warning system to notify users of suspicious websites that could be engaging in phishing attacks or distributing malware through a socially engineered attack. • Windows Defender SmartScreen is one of the multiple layers of defense in the anti-phishing and malware protection strategies Check downloaded files Windows Defender Cloud Protection Click! Attacker Generate new malware file Send file metadata Evaluate metadata Verdict: Malware – Block! Malware Block! Including Machine Learning, proximity, lookup heuristics Command & Control User
Windows Defender Application Guard Call managed and unmanaged hompages
Windows Defender Application Guard • Windows Defender Application Guard protects the device from advanced attacks launched against Microsoft Edge. • Malware and vulnerability exploits targeting the browser, including zero days, are unable to impact the operating system, apps, data and network. • Application Guard uses virtualization based security to hardware to isolate Microsoft Edge and any browsing activity away from the rest of the system. • Closing Microsoft Edge wipes all traces of attacks that may been encountered while online. Call managed and unmanaged hompages
Windows Defender Application Guard Call managed and unmanaged hompages
Windows Defender Application Guard Call managed and unmanaged hompages
Windows Defender Application Guard Call managed and unmanaged hompages
Share Payload Hide payload behind fake “jpg”
Run Payload Run hidden payload an establish connection
User Account Control • User Account Control (UAC) helps prevent malware from damaging PCs and helps organizations deploy a better-managed desktop. • Apps and tasks always run in the security context of a standard user account, unless an administrator specifically authorizes elevated access to the system Protect clients from unwanted software
Windows Defender Device Guard Device Guard Kernel Mode Code Integrity • Protects kernel mode processes and drivers from “zero day” attacks and vulnerabilities by using HVCI. • Drivers will must signed. Device Guard User Mode Code Integrity • Enterprise-grade application white-listing that achieves PC lockdown for enterprise that runs only trusted apps. • Untrusted apps and executables, such as malware, are unable to run. driver and application white-listing
Windows Defender Device Guard driver and application white-listing
Metasploit - Meterpreter Compromise the client
Windows Defender Exploit Guard stops the attacker from manipulating processes • Windows Defender Exploit Guard helps you audit, configure, and manage Windows system and application exploit mitigations . • In addition Exploit Guard delivers a new class of capabilities for intrusion prevention. While it provides legacy app protections including: • Arbitrary Code Guard • Block Low Integrity Images • Block Remote Images • Block Untrusted Fonts • Code Integrity Guard • Disable Win32k system calls • Validate Stack Integrity • Do Not Allow Child Processes • Export Address Filtering • Import Address Filtering • Simulate Execution • Validate API Invocation (CallerCheck) • Validate Image Dependency Integrity
Windows Defender Exploit Guard stops the attacker from manipulating processes
Educate your users!

Recommended

Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...
Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...
Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...
Alexander Benoit
 
Experts Live Europe 2017 - Windows 10 Servicing - the do’s and don'ts
Experts Live Europe 2017 - Windows 10 Servicing - the do’s and don'tsExperts Live Europe 2017 - Windows 10 Servicing - the do’s and don'ts
Experts Live Europe 2017 - Windows 10 Servicing - the do’s and don'ts
Alexander Benoit
 
Windows 10 and the cloud: Why the future needs hybrid solutions
Windows 10 and the cloud: Why the future needs hybrid solutionsWindows 10 and the cloud: Why the future needs hybrid solutions
Windows 10 and the cloud: Why the future needs hybrid solutions
Alexander Benoit
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Qualys
 
Patch Management Best Practices 2019
Patch Management Best Practices 2019Patch Management Best Practices 2019
Patch Management Best Practices 2019
Ivanti
 
Windows 10 Migration Tips, Tricks, and Strategies
Windows 10 Migration Tips, Tricks, and StrategiesWindows 10 Migration Tips, Tricks, and Strategies
Windows 10 Migration Tips, Tricks, and Strategies
Ivanti
 
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Qualys
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
Qualys
 

Recommended

Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...
Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...
Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...
Alexander Benoit
 
Experts Live Europe 2017 - Windows 10 Servicing - the do’s and don'ts
Experts Live Europe 2017 - Windows 10 Servicing - the do’s and don'tsExperts Live Europe 2017 - Windows 10 Servicing - the do’s and don'ts
Experts Live Europe 2017 - Windows 10 Servicing - the do’s and don'ts
Alexander Benoit
 
Windows 10 and the cloud: Why the future needs hybrid solutions
Windows 10 and the cloud: Why the future needs hybrid solutionsWindows 10 and the cloud: Why the future needs hybrid solutions
Windows 10 and the cloud: Why the future needs hybrid solutions
Alexander Benoit
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Qualys
 
Patch Management Best Practices 2019
Patch Management Best Practices 2019Patch Management Best Practices 2019
Patch Management Best Practices 2019
Ivanti
 
Windows 10 Migration Tips, Tricks, and Strategies
Windows 10 Migration Tips, Tricks, and StrategiesWindows 10 Migration Tips, Tricks, and Strategies
Windows 10 Migration Tips, Tricks, and Strategies
Ivanti
 
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Qualys
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
Qualys
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices
Ivanti
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud Infrastructure
Qualys
 
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Qualys
 
Windows Active Directory Security with IS Decisions
Windows Active Directory Security with IS DecisionsWindows Active Directory Security with IS Decisions
Windows Active Directory Security with IS Decisions
IS Decisions
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Qualys
 
Ivanti Patch Tuesday for November 2019
Ivanti Patch Tuesday for November 2019Ivanti Patch Tuesday for November 2019
Ivanti Patch Tuesday for November 2019
Ivanti
 
Transforming your Security Products at the Endpoint
Transforming your Security Products at the EndpointTransforming your Security Products at the Endpoint
Transforming your Security Products at the Endpoint
Ivanti
 
The New Security Practitioner
The New Security PractitionerThe New Security Practitioner
The New Security Practitioner
Adrian Sanabria
 
June Patch Tuesday 2018
June Patch Tuesday 2018June Patch Tuesday 2018
June Patch Tuesday 2018
Ivanti
 
May 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday AnalysisMay 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday Analysis
Ivanti
 
Effective Patch and Software Update Management
Effective Patch and Software Update ManagementEffective Patch and Software Update Management
Effective Patch and Software Update Management
Quest
 
Cyber Tech Israel 2016: Get Your Head in the Cloud
Cyber Tech Israel 2016: Get Your Head in the CloudCyber Tech Israel 2016: Get Your Head in the Cloud
Cyber Tech Israel 2016: Get Your Head in the Cloud
Symantec
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
Robert Crane
 
KACE End Point Security Update
KACE End Point Security UpdateKACE End Point Security Update
KACE End Point Security Update
kenross15
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Alert Logic
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday Analysis
Ivanti
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combination
Tjylen Veselyj
 
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
imagazinepl
 
October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018
Ivanti
 
BalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffBalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT Staff
Sectricity
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included features
Alexander Benoit
 
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
blusmurfydot1
 

More Related Content

What's hot

Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices
Ivanti
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud Infrastructure
Qualys
 
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Qualys
 
Windows Active Directory Security with IS Decisions
Windows Active Directory Security with IS DecisionsWindows Active Directory Security with IS Decisions
Windows Active Directory Security with IS Decisions
IS Decisions
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Qualys
 
Ivanti Patch Tuesday for November 2019
Ivanti Patch Tuesday for November 2019Ivanti Patch Tuesday for November 2019
Ivanti Patch Tuesday for November 2019
Ivanti
 
Transforming your Security Products at the Endpoint
Transforming your Security Products at the EndpointTransforming your Security Products at the Endpoint
Transforming your Security Products at the Endpoint
Ivanti
 
The New Security Practitioner
The New Security PractitionerThe New Security Practitioner
The New Security Practitioner
Adrian Sanabria
 
June Patch Tuesday 2018
June Patch Tuesday 2018June Patch Tuesday 2018
June Patch Tuesday 2018
Ivanti
 
May 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday AnalysisMay 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday Analysis
Ivanti
 
Effective Patch and Software Update Management
Effective Patch and Software Update ManagementEffective Patch and Software Update Management
Effective Patch and Software Update Management
Quest
 
Cyber Tech Israel 2016: Get Your Head in the Cloud
Cyber Tech Israel 2016: Get Your Head in the CloudCyber Tech Israel 2016: Get Your Head in the Cloud
Cyber Tech Israel 2016: Get Your Head in the Cloud
Symantec
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
Robert Crane
 
KACE End Point Security Update
KACE End Point Security UpdateKACE End Point Security Update
KACE End Point Security Update
kenross15
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Alert Logic
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday Analysis
Ivanti
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combination
Tjylen Veselyj
 
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
imagazinepl
 
October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018
Ivanti
 
BalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffBalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT Staff
Sectricity
 

What's hot (20)

Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud Infrastructure
 
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
 
Windows Active Directory Security with IS Decisions
Windows Active Directory Security with IS DecisionsWindows Active Directory Security with IS Decisions
Windows Active Directory Security with IS Decisions
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
 
Ivanti Patch Tuesday for November 2019
Ivanti Patch Tuesday for November 2019Ivanti Patch Tuesday for November 2019
Ivanti Patch Tuesday for November 2019
 
Transforming your Security Products at the Endpoint
Transforming your Security Products at the EndpointTransforming your Security Products at the Endpoint
Transforming your Security Products at the Endpoint
 
The New Security Practitioner
The New Security PractitionerThe New Security Practitioner
The New Security Practitioner
 
June Patch Tuesday 2018
June Patch Tuesday 2018June Patch Tuesday 2018
June Patch Tuesday 2018
 
May 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday AnalysisMay 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday Analysis
 
Effective Patch and Software Update Management
Effective Patch and Software Update ManagementEffective Patch and Software Update Management
Effective Patch and Software Update Management
 
Cyber Tech Israel 2016: Get Your Head in the Cloud
Cyber Tech Israel 2016: Get Your Head in the CloudCyber Tech Israel 2016: Get Your Head in the Cloud
Cyber Tech Israel 2016: Get Your Head in the Cloud
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
 
KACE End Point Security Update
KACE End Point Security UpdateKACE End Point Security Update
KACE End Point Security Update
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday Analysis
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combination
 
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
 
October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018
 
BalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffBalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT Staff
 

Similar to Experts Live Europe 2017 - Best Practices to secure Windows 10 with already included features

Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included features
Alexander Benoit
 
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
blusmurfydot1
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
Quick Heal Technologies Ltd.
 
How Endpoint Security works ?
How Endpoint Security works ?How Endpoint Security works ?
How Endpoint Security works ?
William hendric
 
Session 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry TessierSession 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry Tessier
CTE Solutions Inc.
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimukset
Teemu Tiainen
 
IT6701-Information Management Unit 2
IT6701-Information Management Unit 2IT6701-Information Management Unit 2
IT6701-Information Management Unit 2
SIMONTHOMAS S
 
Windows 10: Security Focus (part II)
Windows 10: Security Focus (part II)Windows 10: Security Focus (part II)
Windows 10: Security Focus (part II)
Juan Ignacio Oller Aznar
 
Methods Hackers Use
Methods Hackers UseMethods Hackers Use
Methods Hackers Use
brittanyjespersen
 
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a FlashWeb Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Trend Micro
 
An inconvenient truth: Evading the Ransomware Protection in windows 10 @ Hack...
An inconvenient truth: Evading the Ransomware Protection in windows 10 @ Hack...An inconvenient truth: Evading the Ransomware Protection in windows 10 @ Hack...
An inconvenient truth: Evading the Ransomware Protection in windows 10 @ Hack...
Soya Aoyama
 
Ransomware
RansomwareRansomware
Ransomware
m3 Networks Limited
 
The Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityThe Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day Reality
Lumension
 
New VIPRE_DS_EndpointSecurity_2016
New VIPRE_DS_EndpointSecurity_2016 New VIPRE_DS_EndpointSecurity_2016
New VIPRE_DS_EndpointSecurity_2016
Cyd Isaak Francisco
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning Presentation
Graeme Wood
 
Comodo advanced endpoint protection
Comodo advanced endpoint protectionComodo advanced endpoint protection
Comodo advanced endpoint protection
David Waugh
 
ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptx
dawitTerefe5
 
Windows 7 Application Compatibility
Windows 7 Application CompatibilityWindows 7 Application Compatibility
Windows 7 Application Compatibility
micham
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
Orbid
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint Security
Ivanti
 

Similar to Experts Live Europe 2017 - Best Practices to secure Windows 10 with already included features (20)

Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included features
 
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 
How Endpoint Security works ?
How Endpoint Security works ?How Endpoint Security works ?
How Endpoint Security works ?
 
Session 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry TessierSession 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry Tessier
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimukset
 
IT6701-Information Management Unit 2
IT6701-Information Management Unit 2IT6701-Information Management Unit 2
IT6701-Information Management Unit 2
 
Windows 10: Security Focus (part II)
Windows 10: Security Focus (part II)Windows 10: Security Focus (part II)
Windows 10: Security Focus (part II)
 
Methods Hackers Use
Methods Hackers UseMethods Hackers Use
Methods Hackers Use
 
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a FlashWeb Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
 
An inconvenient truth: Evading the Ransomware Protection in windows 10 @ Hack...
An inconvenient truth: Evading the Ransomware Protection in windows 10 @ Hack...An inconvenient truth: Evading the Ransomware Protection in windows 10 @ Hack...
An inconvenient truth: Evading the Ransomware Protection in windows 10 @ Hack...
 
Ransomware
RansomwareRansomware
Ransomware
 
The Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityThe Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day Reality
 
New VIPRE_DS_EndpointSecurity_2016
New VIPRE_DS_EndpointSecurity_2016 New VIPRE_DS_EndpointSecurity_2016
New VIPRE_DS_EndpointSecurity_2016
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning Presentation
 
Comodo advanced endpoint protection
Comodo advanced endpoint protectionComodo advanced endpoint protection
Comodo advanced endpoint protection
 
ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptx
 
Windows 7 Application Compatibility
Windows 7 Application CompatibilityWindows 7 Application Compatibility
Windows 7 Application Compatibility
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint Security
 

Recently uploaded

5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Hiike
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
flufftailshop
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Tatiana Kojar
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Jeffrey Haguewood
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 

Recently uploaded (20)

5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 

Experts Live Europe 2017 - Best Practices to secure Windows 10 with already included features

  • 1. Best Practices to secure Windows 10 with already included features Alexander Benoit Head of Competence Center Microsoft @sepago @ITPirate
  • 2. Alexander Benoit Senior Consultant / Head of Competence Center Microsoft „Future Workplace“, Security SCCM, Intune, Windows 10, Defender Framework,… Alexander.Benoit@sepago.de @ITPirate http://it-pirate.com/
  • 3. We have a firewall We can‘t get hacked!
  • 4. Agenda: The threat landscape No-brainers to secure Windows 10 Latest & greatest mitigation features in Windows 10
  • 5. The discussion is always about tools!
  • 7. Analysis: High-level vulnerability & exploit trends Vulnerabilities are increasing while evidence of actual exploits is decreasing due to mitigation investments
  • 8. How to Secure Windows 10 ?
  • 9. Windows 10 Security on Modern Devices Breach detection investigation & response Device protection Identity protection Information protection Threat resistance
  • 10. No-Brainer: Microsoft BitLocker • Full drive encryption solution provided natively with Windows 10 Professional and Enterprise • Used to protect the operating system drive, secondary data drives and removable devices • System Center Configuration Manager, MDT and Intune can be used to deploy BitLocker Overview
  • 11. No-Brainer: Microsoft BitLocker Hack not encrypted client
  • 12. Windows Defender Credential Guard • Uses virtualization-based security to isolate secrets in the Local Security Authority (LSA) . • Only privileged system software can access secrets when stored locally. • Mitigates credential theft attacks, such as Pass-the-Hash (PtH) or Pass-The-Ticket (PtT). Overview
  • 13. Windows Defender Credential Guard Overview • Credential Guard isolates secrets that previous versions of Windows stored in the Local Security Authority (LSA) by using virtualization-based security. • The LSA process in the operating system talks to the isolated LSA by using remote procedure calls. • Data stored by using VBS is not accessible to the rest of the operating system.
  • 14. Get deeper into attack scenarios Good to know Exploit: Computercode that takes advantage of a vulnerability in a software system. Payload: Payloads carry the functionality for the greater access into the target.
  • 15. Scenario Attack PayloadExploit Common way‘s to share payloads: • Fake Hyperlink • PowerPoint Macro • as „JPG“ File
  • 16. Create a payload with Metasploit Create Metasploit payload and configure listener port and host IP.
  • 18. Windows Defender Smart Screen Block at first sight support in Microsoft Edge
  • 19. Windows Defender SmartScreen • The Windows Defender SmartScreen provides an early warning system to notify users of suspicious websites that could be engaging in phishing attacks or distributing malware through a socially engineered attack. • Windows Defender SmartScreen is one of the multiple layers of defense in the anti-phishing and malware protection strategies Check downloaded files Windows Defender Cloud Protection Click! Attacker Generate new malware file Send file metadata Evaluate metadata Verdict: Malware – Block! Malware Block! Including Machine Learning, proximity, lookup heuristics Command & Control User
  • 20. Windows Defender Application Guard Call managed and unmanaged hompages
  • 21. Windows Defender Application Guard • Windows Defender Application Guard protects the device from advanced attacks launched against Microsoft Edge. • Malware and vulnerability exploits targeting the browser, including zero days, are unable to impact the operating system, apps, data and network. • Application Guard uses virtualization based security to hardware to isolate Microsoft Edge and any browsing activity away from the rest of the system. • Closing Microsoft Edge wipes all traces of attacks that may been encountered while online. Call managed and unmanaged hompages
  • 22. Windows Defender Application Guard Call managed and unmanaged hompages
  • 23. Windows Defender Application Guard Call managed and unmanaged hompages
  • 24. Windows Defender Application Guard Call managed and unmanaged hompages
  • 26. Run Payload Run hidden payload an establish connection
  • 27. User Account Control • User Account Control (UAC) helps prevent malware from damaging PCs and helps organizations deploy a better-managed desktop. • Apps and tasks always run in the security context of a standard user account, unless an administrator specifically authorizes elevated access to the system Protect clients from unwanted software
  • 28. Windows Defender Device Guard Device Guard Kernel Mode Code Integrity • Protects kernel mode processes and drivers from “zero day” attacks and vulnerabilities by using HVCI. • Drivers will must signed. Device Guard User Mode Code Integrity • Enterprise-grade application white-listing that achieves PC lockdown for enterprise that runs only trusted apps. • Untrusted apps and executables, such as malware, are unable to run. driver and application white-listing
  • 29. Windows Defender Device Guard driver and application white-listing
  • 31. Windows Defender Exploit Guard stops the attacker from manipulating processes • Windows Defender Exploit Guard helps you audit, configure, and manage Windows system and application exploit mitigations . • In addition Exploit Guard delivers a new class of capabilities for intrusion prevention. While it provides legacy app protections including: • Arbitrary Code Guard • Block Low Integrity Images • Block Remote Images • Block Untrusted Fonts • Code Integrity Guard • Disable Win32k system calls • Validate Stack Integrity • Do Not Allow Child Processes • Export Address Filtering • Import Address Filtering • Simulate Execution • Validate API Invocation (CallerCheck) • Validate Image Dependency Integrity
  • 32. Windows Defender Exploit Guard stops the attacker from manipulating processes