5. WE DRIVE BUSINESS EVOLUTION FORWARD
Luck vs Solution
Luck
- Honesty
- No Judgment
- Response time
Bad Luck
- (Just about)Only local Admin user
- User permission
Mitigation
- Monitoring (ATA)
- User Training
- Procedures, monitoring and alerts (ATP/ATA)
6. WE DRIVE BUSINESS EVOLUTION FORWARD
Affected Client
Bad Luck
• USB Backup Disk
• Local Admin (Exception)
Mitigation
• Azure Backup
• LAPS
• Local Administrator Password Solution
• Device Guard
https://www.microsoft.com/en-us/download/details.aspx?id=46899
9. WE DRIVE BUSINESS EVOLUTION FORWARD
Old School Security
o User Education
o Traditional best practices
o Avoid Exceptions
o Etc.
Think!!!
10. WE DRIVE BUSINESS EVOLUTION FORWARD
Windows Security History
November 2006August 2004
https://en.wikipedia.org/wiki/Timeline_of_Microsoft_Windows
11. WE DRIVE BUSINESS EVOLUTION FORWARD
Windows Vista
UAC:
• Stopped more than 50% of 2000
backdoors, keyloggers, rootkits, mass
mailers, trojan horses, spyware, adware, and
various others directly
• Less then 5% survived UAV during reboot
http://us.norton.com/support/premium_services/malware_removal_guide.pdf
12. WE DRIVE BUSINESS EVOLUTION FORWARD
The Windows 10 Defense Stack
PROTECT, DETECT & RESPOND
PRE-BREACH POST-BREACH
Windows Defender
ATP
Breach detection
investigation &
response
Device
protection
Device Health
attestation
Device Guard
Device Control
Security policies
Information
protection
Device protection /
Drive encryption
Enterprise Data
Protection
Conditional access
Threat
resistance
SmartScreen
AppLocker
Device Guard
Windows Defender
Network/Firewall
Built-in 2FA
Account lockdown
Credential Guard
Microsoft Passport
Windows Hello ;)
Identity
protection
Breach detection
investigation &
response
Device
protection
Information
protection
Threat
resistance
Conditional Access
Windows Defender
ATP
Device integrity
Device control
BitLocker and
BitLocker to Go
Windows
Information
Protection
SmartScreen
Windows Firewall
Microsoft Edge
Device Guard
Windows Defender
Windows Hello ;)
Credential Guard
Identity
protection
13. WE DRIVE BUSINESS EVOLUTION FORWARD
POST-BREACHPRE-BREACH
Breach detection
investigation &
response
Device
protection
Identity
protection
Information
protection
Threat
resistance
Windows 10 Security on Legacy or Modern Devices
(Upgraded from Windows 7 or 32-bit Windows 8)
27. WE DRIVE BUSINESS EVOLUTION FORWARD
VIRTUALIZATION BASED SECURITY
Kernel
Windows Platform
Services
Apps
Kernel
SystemContainer
Trustlet#1
Trustlet#2
Trustlet#3
Hypervisor
Device Hardware
Windows Operating System
Hyper-VHyper-V
28. WE DRIVE BUSINESS EVOLUTION FORWARD
Device guard in vbs environment
decisive mitigation
Kernel
Windows Platform
Services
Apps
Kernel
SystemContainer
DEVICE
GUARD
Trustlet#2
Trustlet#3
Hypervisor
Device Hardware
Windows Operating System
Hyper-VHyper-V
29. WE DRIVE BUSINESS EVOLUTION FORWARD
Credential Guard
Not currently supported on Windows Server2016
38. WE DRIVE BUSINESS EVOLUTION FORWARD
Config Manager
https://blogs.technet.microsoft.com/enterprisemobility/2015/10/30/managing-windows-10-device-guard-with-
configuration-manager/
45. Olav Tvedt
Senior Principal Architect
Lumagate A/S
Blog: olavtvedt.blogspot.com
Twitter: OlavTwitt
Epost: Olav.Tvedt@Lumagate.com
Cloud and Datacenter Management
Windows and Devices for IT
31. Mai – www.mvpdagen.no