AB
Uploaded byAlexander Benoit
PDF, PPTX798 views

Experts Live Europe 2017 - Best Practices to secure Windows 10 with already included features

The document outlines best practices for securing Windows 10 using its built-in features, addressing the evolving threat landscape including phishing and ransomware. Key security measures discussed include Microsoft BitLocker for encryption, Windows Defender features for threat detection, and isolation techniques to prevent credential theft and browser vulnerabilities. It emphasizes the importance of layered defenses and user education to effectively mitigate risks.

Embed presentation

Download as PDF, PPTX
Best Practices to secure Windows 10 with already included features Alexander Benoit Head of Competence Center Microsoft @sepago @ITPirate
Alexander Benoit Senior Consultant / Head of Competence Center Microsoft „Future Workplace“, Security SCCM, Intune, Windows 10, Defender Framework,… Alexander.Benoit@sepago.de @ITPirate http://it-pirate.com/
We have a firewall We can‘t get hacked!
Agenda: The threat landscape No-brainers to secure Windows 10 Latest & greatest mitigation features in Windows 10
The discussion is always about tools!
Threat Landscape Phishing Keylogger Ransomware Spyware Worm Compromised accounts
Analysis: High-level vulnerability & exploit trends Vulnerabilities are increasing while evidence of actual exploits is decreasing due to mitigation investments
How to Secure Windows 10 ?
Windows 10 Security on Modern Devices Breach detection investigation & response Device protection Identity protection Information protection Threat resistance
No-Brainer: Microsoft BitLocker • Full drive encryption solution provided natively with Windows 10 Professional and Enterprise • Used to protect the operating system drive, secondary data drives and removable devices • System Center Configuration Manager, MDT and Intune can be used to deploy BitLocker Overview
No-Brainer: Microsoft BitLocker Hack not encrypted client
Windows Defender Credential Guard • Uses virtualization-based security to isolate secrets in the Local Security Authority (LSA) . • Only privileged system software can access secrets when stored locally. • Mitigates credential theft attacks, such as Pass-the-Hash (PtH) or Pass-The-Ticket (PtT). Overview
Windows Defender Credential Guard Overview • Credential Guard isolates secrets that previous versions of Windows stored in the Local Security Authority (LSA) by using virtualization-based security. • The LSA process in the operating system talks to the isolated LSA by using remote procedure calls. • Data stored by using VBS is not accessible to the rest of the operating system.
Get deeper into attack scenarios Good to know Exploit: Computercode that takes advantage of a vulnerability in a software system. Payload: Payloads carry the functionality for the greater access into the target.
Scenario Attack PayloadExploit Common way‘s to share payloads: • Fake Hyperlink • PowerPoint Macro • as „JPG“ File
Create a payload with Metasploit Create Metasploit payload and configure listener port and host IP.
Share Payload Hide payload behind fake Link
Windows Defender Smart Screen Block at first sight support in Microsoft Edge
Windows Defender SmartScreen • The Windows Defender SmartScreen provides an early warning system to notify users of suspicious websites that could be engaging in phishing attacks or distributing malware through a socially engineered attack. • Windows Defender SmartScreen is one of the multiple layers of defense in the anti-phishing and malware protection strategies Check downloaded files Windows Defender Cloud Protection Click! Attacker Generate new malware file Send file metadata Evaluate metadata Verdict: Malware – Block! Malware Block! Including Machine Learning, proximity, lookup heuristics Command & Control User
Windows Defender Application Guard Call managed and unmanaged hompages
Windows Defender Application Guard • Windows Defender Application Guard protects the device from advanced attacks launched against Microsoft Edge. • Malware and vulnerability exploits targeting the browser, including zero days, are unable to impact the operating system, apps, data and network. • Application Guard uses virtualization based security to hardware to isolate Microsoft Edge and any browsing activity away from the rest of the system. • Closing Microsoft Edge wipes all traces of attacks that may been encountered while online. Call managed and unmanaged hompages
Windows Defender Application Guard Call managed and unmanaged hompages
Windows Defender Application Guard Call managed and unmanaged hompages
Windows Defender Application Guard Call managed and unmanaged hompages
Share Payload Hide payload behind fake “jpg”
Run Payload Run hidden payload an establish connection
User Account Control • User Account Control (UAC) helps prevent malware from damaging PCs and helps organizations deploy a better-managed desktop. • Apps and tasks always run in the security context of a standard user account, unless an administrator specifically authorizes elevated access to the system Protect clients from unwanted software
Windows Defender Device Guard Device Guard Kernel Mode Code Integrity • Protects kernel mode processes and drivers from “zero day” attacks and vulnerabilities by using HVCI. • Drivers will must signed. Device Guard User Mode Code Integrity • Enterprise-grade application white-listing that achieves PC lockdown for enterprise that runs only trusted apps. • Untrusted apps and executables, such as malware, are unable to run. driver and application white-listing
Windows Defender Device Guard driver and application white-listing
Metasploit - Meterpreter Compromise the client
Windows Defender Exploit Guard stops the attacker from manipulating processes • Windows Defender Exploit Guard helps you audit, configure, and manage Windows system and application exploit mitigations . • In addition Exploit Guard delivers a new class of capabilities for intrusion prevention. While it provides legacy app protections including: • Arbitrary Code Guard • Block Low Integrity Images • Block Remote Images • Block Untrusted Fonts • Code Integrity Guard • Disable Win32k system calls • Validate Stack Integrity • Do Not Allow Child Processes • Export Address Filtering • Import Address Filtering • Simulate Execution • Validate API Invocation (CallerCheck) • Validate Image Dependency Integrity
Windows Defender Exploit Guard stops the attacker from manipulating processes
Educate your users!

More Related Content

PDF
Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...
byAlexander Benoit
 
PPTX
Patch Management Best Practices 2019
byIvanti
 
PPTX
Windows 10 Migration Tips, Tricks, and Strategies
byIvanti
 
PDF
Avoid Meltdown from the Spectre - How to measure impact and track remediation
byQualys
 
PPTX
Automating Critical Security Controls for Threat Remediation and Compliance
byQualys
 
PPTX
Windows 10 and the cloud: Why the future needs hybrid solutions
byAlexander Benoit
 
PPTX
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
byQualys
 
PDF
Experts Live Europe 2017 - Windows 10 Servicing - the do’s and don'ts
byAlexander Benoit
 
Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...
byAlexander Benoit
 
Patch Management Best Practices 2019
byIvanti
 
Windows 10 Migration Tips, Tricks, and Strategies
byIvanti
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
byQualys
 
Automating Critical Security Controls for Threat Remediation and Compliance
byQualys
 
Windows 10 and the cloud: Why the future needs hybrid solutions
byAlexander Benoit
 
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
byQualys
 
Experts Live Europe 2017 - Windows 10 Servicing - the do’s and don'ts
byAlexander Benoit
 

What's hot

PDF
introduction to Azure Sentinel
byRobert Crane
 
PPTX
Patch Management Best Practices
byIvanti
 
PPTX
Securing Your Public Cloud Infrastructure
byQualys
 
PPTX
Transforming your Security Products at the Endpoint
byIvanti
 
PPTX
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
byQualys
 
PDF
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
byAlert Logic
 
PPTX
Web Application Firewall (WAF) DAST/SAST combination
byTjylen Veselyj
 
PPTX
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
byimagazinepl
 
PPTX
BalaBit 2015: Control Your IT Staff
bySectricity
 
PDF
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
byQualys
 
PDF
Effective Patch and Software Update Management
byQuest
 
PDF
Windows Active Directory Security with IS Decisions
byIS Decisions
 
PPTX
June Patch Tuesday 2018
byIvanti
 
PPTX
October Patch Tuesday Analysis 2018
byIvanti
 
PPTX
The New Security Practitioner
byAdrian Sanabria
 
PPTX
December 2018 Patch Tuesday Analysis
byIvanti
 
PPTX
KACE End Point Security Update
bykenross15
 
PPTX
Ivanti Patch Tuesday for November 2019
byIvanti
 
PPTX
May 2018 Patch Tuesday Analysis
byIvanti
 
PPTX
Cyber Tech Israel 2016: Get Your Head in the Cloud
bySymantec
 
introduction to Azure Sentinel
byRobert Crane
 
Patch Management Best Practices
byIvanti
 
Securing Your Public Cloud Infrastructure
byQualys
 
Transforming your Security Products at the Endpoint
byIvanti
 
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
byQualys
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
byAlert Logic
 
Web Application Firewall (WAF) DAST/SAST combination
byTjylen Veselyj
 
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
byimagazinepl
 
BalaBit 2015: Control Your IT Staff
bySectricity
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
byQualys
 
Effective Patch and Software Update Management
byQuest
 
Windows Active Directory Security with IS Decisions
byIS Decisions
 
June Patch Tuesday 2018
byIvanti
 
October Patch Tuesday Analysis 2018
byIvanti
 
The New Security Practitioner
byAdrian Sanabria
 
December 2018 Patch Tuesday Analysis
byIvanti
 
KACE End Point Security Update
bykenross15
 
Ivanti Patch Tuesday for November 2019
byIvanti
 
May 2018 Patch Tuesday Analysis
byIvanti
 
Cyber Tech Israel 2016: Get Your Head in the Cloud
bySymantec
 

Similar to Experts Live Europe 2017 - Best Practices to secure Windows 10 with already included features

PPTX
Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Defender for E...
bymartijnhoffie
 
PPTX
Best practices to secure Windows10 with already included features
byAlexander Benoit
 
PPTX
Microsoft Defender para ponto de extremidade
byleotcerveira
 
PPTX
pr-host-intrusion-prevention-customer-presentation (5).pptx
bymaash3
 
PPTX
Microsoft-Defender-for-Business-Customer-Ready-Deck copy.pptx
byNhanT3
 
PPTX
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
byMichael Noel
 
PDF
Cyber security-briefing-presentation
bysathiyamaha
 
PDF
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
byNCCOMMS
 
PPTX
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
byBlueHat Security Conference
 
DOCX
21030241005_PlatformSecurityCaseStudy..docx
bySubhabrataRoy16
 
PPTX
An inconvenient truth: Evading the Ransomware Protection in windows 10 @ Hack...
bySoya Aoyama
 
PDF
Turning the tables talk delivered at CCISDA conference
byDean Iacovelli
 
PPTX
Protecting Windows Networks From Malware
byRishu Mehra
 
PPTX
Protecting Windows Networks From Malware 31 Jan09
bytechnext1
 
PDF
Beveilig je data met windows 10
byAvanade Nederland
 
PPTX
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
byMichael Noel
 
PDF
OSB120 Beat Ransomware
byIvanti
 
PDF
Smau Milano 2016 - Paola Presutto, Microsoft
bySMAU
 
PDF
Windows 10: Windows 10 de ITPros a ITPros
byJuan Ignacio Oller Aznar
 
PDF
Av is dead long live managed endpoint security
bySolarwinds N-able
 
Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Defender for E...
bymartijnhoffie
 
Best practices to secure Windows10 with already included features
byAlexander Benoit
 
Microsoft Defender para ponto de extremidade
byleotcerveira
 
pr-host-intrusion-prevention-customer-presentation (5).pptx
bymaash3
 
Microsoft-Defender-for-Business-Customer-Ready-Deck copy.pptx
byNhanT3
 
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
byMichael Noel
 
Cyber security-briefing-presentation
bysathiyamaha
 
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
byNCCOMMS
 
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
byBlueHat Security Conference
 
21030241005_PlatformSecurityCaseStudy..docx
bySubhabrataRoy16
 
An inconvenient truth: Evading the Ransomware Protection in windows 10 @ Hack...
bySoya Aoyama
 
Turning the tables talk delivered at CCISDA conference
byDean Iacovelli
 
Protecting Windows Networks From Malware
byRishu Mehra
 
Protecting Windows Networks From Malware 31 Jan09
bytechnext1
 
Beveilig je data met windows 10
byAvanade Nederland
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
byMichael Noel
 
OSB120 Beat Ransomware
byIvanti
 
Smau Milano 2016 - Paola Presutto, Microsoft
bySMAU
 
Windows 10: Windows 10 de ITPros a ITPros
byJuan Ignacio Oller Aznar
 
Av is dead long live managed endpoint security
bySolarwinds N-able
 

Recently uploaded

PDF
IDSECCONF2025 - Budi Rahardjo - Cyber Security and AI.pdf
byidsecconf
 
PDF
November 2025 OpenMetadata Community Spotlight - Astronomer & Airflow 3
byOpenMetadata
 
PDF
Oracle MySQL HeatWave - Complete - Version 3
byLuca Bonesini
 
PDF
IDSECCONF2025 - Aan Wahyu - Maze–Malware Analysis Platform.pdf
byidsecconf
 
PDF
Supervised Machine Learning Approaches for Log-Based Anomaly Detection: A Cas...
byMohammed BEKKOUCHE
 
PPTX
Neo4j Fraud GraphTalk Singapore Nov 2025
bygourisachdeva2
 
PDF
Build an AI/ML-driven image archive processing workflow: Image archive, analy...
bywesley chun
 
PPTX
How Design Systems and AI Agents Accelerate Product Delivery Sixt
byBoyan Dimitrov
 
PDF
Linux Foundation Certified System Administrator (LFCS) Exam.pdf
byLinuxCert Guru
 
PDF
IDSECCONF2025 - Rama Tri Nanda - Hunting Stingray GSM on Budget.pdf
byidsecconf
 
PPTX
Explaining ourselves – people, computers and AI
byAlan Dix
 
PDF
SELinux Basics: Managing SELinux Modes and Context - RHCSA+.pdf
byLinuxCert Guru
 
PDF
Beyond Basics: How to Build Scalable, Intelligent Imagery Pipelines
bySafe Software
 
PPTX
Opening Plenary - Esri UK Welsh Conference 2025
byEsri UK
 
PPTX
Redcentric Data Centres: vision, mission and values
byRedcentric
 
PDF
Mastering UiPath Maestro – Session 2 – Building a Live Use Case - Session 2
byDianaGray10
 
PDF
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
PDF
Building Powerful Web Apps to Improve Productivity and Engagement - Esri UK W...
byEsri UK
 
PPTX
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
PDF
Command Line Text Processing - RHCSA +.pdf
byLinuxCert Guru
 
IDSECCONF2025 - Budi Rahardjo - Cyber Security and AI.pdf
byidsecconf
 
November 2025 OpenMetadata Community Spotlight - Astronomer & Airflow 3
byOpenMetadata
 
Oracle MySQL HeatWave - Complete - Version 3
byLuca Bonesini
 
IDSECCONF2025 - Aan Wahyu - Maze–Malware Analysis Platform.pdf
byidsecconf
 
Supervised Machine Learning Approaches for Log-Based Anomaly Detection: A Cas...
byMohammed BEKKOUCHE
 
Neo4j Fraud GraphTalk Singapore Nov 2025
bygourisachdeva2
 
Build an AI/ML-driven image archive processing workflow: Image archive, analy...
bywesley chun
 
How Design Systems and AI Agents Accelerate Product Delivery Sixt
byBoyan Dimitrov
 
Linux Foundation Certified System Administrator (LFCS) Exam.pdf
byLinuxCert Guru
 
IDSECCONF2025 - Rama Tri Nanda - Hunting Stingray GSM on Budget.pdf
byidsecconf
 
Explaining ourselves – people, computers and AI
byAlan Dix
 
SELinux Basics: Managing SELinux Modes and Context - RHCSA+.pdf
byLinuxCert Guru
 
Beyond Basics: How to Build Scalable, Intelligent Imagery Pipelines
bySafe Software
 
Opening Plenary - Esri UK Welsh Conference 2025
byEsri UK
 
Redcentric Data Centres: vision, mission and values
byRedcentric
 
Mastering UiPath Maestro – Session 2 – Building a Live Use Case - Session 2
byDianaGray10
 
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
Building Powerful Web Apps to Improve Productivity and Engagement - Esri UK W...
byEsri UK
 
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
Command Line Text Processing - RHCSA +.pdf
byLinuxCert Guru
 

Experts Live Europe 2017 - Best Practices to secure Windows 10 with already included features

  • 1.
    Best Practices tosecure Windows 10 with already included features Alexander Benoit Head of Competence Center Microsoft @sepago @ITPirate
  • 2.
    Alexander Benoit Senior Consultant/ Head of Competence Center Microsoft „Future Workplace“, Security SCCM, Intune, Windows 10, Defender Framework,… [email protected] @ITPirate http://it-pirate.com/
  • 3.
    We have afirewall We can‘t get hacked!
  • 4.
    Agenda: The threat landscape No-brainersto secure Windows 10 Latest & greatest mitigation features in Windows 10
  • 5.
    The discussion isalways about tools!
  • 6.
  • 7.
    Analysis: High-level vulnerability& exploit trends Vulnerabilities are increasing while evidence of actual exploits is decreasing due to mitigation investments
  • 8.
    How to SecureWindows 10 ?
  • 9.
    Windows 10 Securityon Modern Devices Breach detection investigation & response Device protection Identity protection Information protection Threat resistance
  • 10.
    No-Brainer: Microsoft BitLocker •Full drive encryption solution provided natively with Windows 10 Professional and Enterprise • Used to protect the operating system drive, secondary data drives and removable devices • System Center Configuration Manager, MDT and Intune can be used to deploy BitLocker Overview
  • 11.
  • 12.
    Windows Defender CredentialGuard • Uses virtualization-based security to isolate secrets in the Local Security Authority (LSA) . • Only privileged system software can access secrets when stored locally. • Mitigates credential theft attacks, such as Pass-the-Hash (PtH) or Pass-The-Ticket (PtT). Overview
  • 13.
    Windows Defender CredentialGuard Overview • Credential Guard isolates secrets that previous versions of Windows stored in the Local Security Authority (LSA) by using virtualization-based security. • The LSA process in the operating system talks to the isolated LSA by using remote procedure calls. • Data stored by using VBS is not accessible to the rest of the operating system.
  • 14.
    Get deeper intoattack scenarios Good to know Exploit: Computercode that takes advantage of a vulnerability in a software system. Payload: Payloads carry the functionality for the greater access into the target.
  • 15.
    Scenario Attack PayloadExploit Common way‘s toshare payloads: • Fake Hyperlink • PowerPoint Macro • as „JPG“ File
  • 16.
    Create a payloadwith Metasploit Create Metasploit payload and configure listener port and host IP.
  • 17.
  • 18.
    Windows Defender SmartScreen Block at first sight support in Microsoft Edge
  • 19.
    Windows Defender SmartScreen •The Windows Defender SmartScreen provides an early warning system to notify users of suspicious websites that could be engaging in phishing attacks or distributing malware through a socially engineered attack. • Windows Defender SmartScreen is one of the multiple layers of defense in the anti-phishing and malware protection strategies Check downloaded files Windows Defender Cloud Protection Click! Attacker Generate new malware file Send file metadata Evaluate metadata Verdict: Malware – Block! Malware Block! Including Machine Learning, proximity, lookup heuristics Command & Control User
  • 20.
    Windows Defender ApplicationGuard Call managed and unmanaged hompages
  • 21.
    Windows Defender ApplicationGuard • Windows Defender Application Guard protects the device from advanced attacks launched against Microsoft Edge. • Malware and vulnerability exploits targeting the browser, including zero days, are unable to impact the operating system, apps, data and network. • Application Guard uses virtualization based security to hardware to isolate Microsoft Edge and any browsing activity away from the rest of the system. • Closing Microsoft Edge wipes all traces of attacks that may been encountered while online. Call managed and unmanaged hompages
  • 22.
    Windows Defender ApplicationGuard Call managed and unmanaged hompages
  • 23.
    Windows Defender ApplicationGuard Call managed and unmanaged hompages
  • 24.
    Windows Defender ApplicationGuard Call managed and unmanaged hompages
  • 25.
  • 26.
    Run Payload Run hidden payloadan establish connection
  • 27.
    User Account Control •User Account Control (UAC) helps prevent malware from damaging PCs and helps organizations deploy a better-managed desktop. • Apps and tasks always run in the security context of a standard user account, unless an administrator specifically authorizes elevated access to the system Protect clients from unwanted software
  • 28.
    Windows Defender DeviceGuard Device Guard Kernel Mode Code Integrity • Protects kernel mode processes and drivers from “zero day” attacks and vulnerabilities by using HVCI. • Drivers will must signed. Device Guard User Mode Code Integrity • Enterprise-grade application white-listing that achieves PC lockdown for enterprise that runs only trusted apps. • Untrusted apps and executables, such as malware, are unable to run. driver and application white-listing
  • 29.
    Windows Defender DeviceGuard driver and application white-listing
  • 30.
  • 31.
    Windows Defender ExploitGuard stops the attacker from manipulating processes • Windows Defender Exploit Guard helps you audit, configure, and manage Windows system and application exploit mitigations . • In addition Exploit Guard delivers a new class of capabilities for intrusion prevention. While it provides legacy app protections including: • Arbitrary Code Guard • Block Low Integrity Images • Block Remote Images • Block Untrusted Fonts • Code Integrity Guard • Disable Win32k system calls • Validate Stack Integrity • Do Not Allow Child Processes • Export Address Filtering • Import Address Filtering • Simulate Execution • Validate API Invocation (CallerCheck) • Validate Image Dependency Integrity
  • 32.
    Windows Defender ExploitGuard stops the attacker from manipulating processes
  • 33.