By: Shimon Brathwaite
March 11, 2022
Windows Security Fundamentals In A Corporate Environment
By: Shimon Brathwaite
March 11, 2022
Windows is one of the most commonly used operating systems on the planet, with as much as 65% of laptops users in the United States and 77% of users globally owning a windows machine. Regardless of which company you work for, there is a good chance that someone at your company will have windows installed on their computer. Because of this, you need to take care of your computer by maintaining its security and protecting it from viruses and other malware. As an IT administrator or cybersecurity specialist, you should understand the basics of protecting the windows operating system in a corporate environment. Here are some fundamental controls that every technology professional should understand when securing their windows computers.
You should first understand the windows update, a windows patch management tool. This is probably the most important security tool for any Windows device, and it’s responsible for keeping all software up to date at all times. A 2015 Verizon breach report found that over 70% of successful cyber attacks exploited vulnerabilities that had patches available. By properly using this tool to keep your systems fully patched, you can prevent over two-thirds of cyberattacks from being successful.
Microsoft Defender for Endpoint
This is an enterprise endpoint security platform and provides several different features that help to protect windows machines from threats. The Defender app uses a combination of three technologies to provide endpoint protection.
Endpoint Behavioral Sensors: These sensors are embedded in Windows 10 and collect and process signals from the operating system. Then the sensors send the data they gather to your private cloud instance of Microsoft Defender for an endpoint to be aggregated and analyzed.
Cloud Security Analytics: It leverages big data to generate useful insights, detections, and recommended responses to potential threats based on information collected via the endpoint sensors.
Threat Intelligence: Microsoft threat hunters, security teams, and threat intelligence provided by Microsoft partners are fed into Defender for the endpoint. This allows the tool to identify attacker tools, techniques, and procedures and generate alerts when they are found in the collected sensor data.
The result of these three integrated pieces of technology are six main security features:
Threat & Vulnerability Management: The ability to discover, prioritize and remediate vulnerabilities on endpoint machines.
Attack Surface Reduction: This allows defenders to ensure that the configuration settings of endpoints are properly set, and mitigation techniques are being applied that will resist cyber-attacks.
Next-Generation Protection: This uses behavior-based, heuristic, and real-time antivirus protection to reinforce the security perimeter of your network. It provides cloud-deliver protection, allowing near-instant detection and blocking new and emerging threats. Lastly, it includes updates that help keep Microsoft Defender Antivirus up to date on the latest security threats.
Endpoint Detection and Response: This includes additional detection and response capabilities for finding and responding to threats that have made it past the first two features. One of the most important is advanced threat hunting, which allows you to proactively find breaches and create custom detection rules.
Automated Investigation and Remediation: Microsoft Defender for Endpoint allows you to automate the investigation and remediation of alerts, significantly reducing the volume of alerts you have to resolve manually.
Microsoft Secure Score for Devices: This secure score allows you to assess the security state of your endpoints in a quantifiable way. This helps you identify unprotected machines and get recommendations to improve your organization’s overall security.
Find my Device
As the name suggests, this feature can help you locate a stolen device when connected to the internet and even lock it down to prevent someone from accessing any data stored on that machine.
This is an easy-to-use tool for encrypting your entire drive with AES encryption. This will make it very difficult for someone to access your information, even if they are able to steal data from your system once it’s been encrypted. In addition, it causes almost no negative system performance, and the only thing you will need to start is your windows user account password.
Windows Secure Boot
Secure boot is a feature that will require any code that runs immediately after the start of the OS to be signed by Microsoft or the hardware maker. It can also create a Windows 10 save point, which is an image of the system configuration and settings in windows at that moment. You can restore your machine to this image (state of the device) at any time. Secure boot is a great way to prevent hardware-based malware installations, prevent malware from running on your machine, and provide a safety net if something goes wrong.
This is an essential tool if you are ever in a situation where you need to run an application or a piece of code that has not been vetted or situations where you want to give a user more freedom than usual. Windows sandbox allows you to run applications in their isolated virtual silos, protecting other areas of the device or the network from potential harm.
Multi-factor authentication has become a critical aspect of security authentication. Windows Hello is a multi-factor authentication platform that allows for many forms of authentication, including fingerprints and facial recognition. It can also be paired with many devices such as smartphones, smartwatches, etc. This allows you to implement MFA for any computer on which Windows 10 is installed.
This tool helps protect users against phishing and malware websites when browsing Microsoft Edge. SmartScreen analyzes web pages and determines if they may be malicious as you browse the web. If it suspects a page, it will display a warning message. Also, it can check websites that you visit against a dynamic list of phishing and malicious sites maintained by Microsoft and can be set to block those websites for users automatically. Lastly, it performs the same functionality for files downloaded from the web. It can be configured to automatically block files that match a dynamic blacklist maintained by Microsoft and to warn users when they download files that people on the internet don’t commonly download.
Windows is still the most popular operating system globally, and it dominates the corporate environment. As a cybersecurity professional, you must understand the tools at your disposal for protecting your windows endpoints. Windows update is your most important tool for applying security updates. Microsoft defender is your overall endpoint solution that provides vulnerability management, threat detection and response, and threat intelligence for your windows machines. Other significant security features include Find My Device, Bitlocker, Secure Boot, Sandbox, Windows Hello, and Smartscreen.