Blog Details

Hybrid Work will be Protected by New Security Mechanisms for Windows 11

Posted by Marbenz Antonio on August 9, 2022

Attackers haven’t been slow to take advantage of the quick transition to hybrid work. As the world adapted to working outside the office, cybercriminals and nation-states alike have increased their targeting, speed, and accuracy every day. According to new information from Microsoft’s 2022 Work Trend Index, these shifts have elevated “cybersecurity issues and risks” to the top of the list of worries or concerns for company decision-makers in the upcoming year. Security and IT teams are very concerned about malware, stolen credentials, phishing attacks, devices lacking security updates, user mistakes, and physical attacks on lost or stolen devices as they attempt to protect their workforce.

More than 9.6 billion malware threats, more than 35.7 billion phishing and other malicious emails, and 25.6 billion attempts to hijack our enterprise customers by brute-forcing stolen passwords were all stopped in 2021 by protections built into Windows, Azure, Microsoft 365, and Microsoft Defender for Office 365. This amounts to more than 800 password attacks per second. We have a unique understanding of what our customers need to do to protect themselves from threats both now and in the future thanks to the intelligence we receive from this, along with the 8,500 security professionals we employ and the 24 trillion security signals processed by our cloud every 24 hours. We will be able to assist in protecting our customers from wherever and however they choose to work thanks to the latest hardware and software required for Windows 11, which is offered alongside our ecosystem partners.

Hybrid work-focused security

You’ll find substantial security enhancements that, by blending modern technology and software, protect the chip to the cloud in a later version of Windows 11. Microsoft has made ground-breaking investments in hardware security breakthroughs like Secured-core PCs to help protect our Windows users. Our research reveals that compared to PCs that don’t follow the Secured-core requirements, these systems are 60% more resistant to malware. The Windows 11 hardware baselines were built on a basis that was aided by the enhanced security these devices offer. We are expanding security even further in the next versions of Windows with integrated protections that can help stop sophisticated and focused phishing assaults. As more corporate devices are delivered directly to consumers, we’re also enhancing security for your applications, sensitive data, and devices and giving IT the power to lock security configurations. Here’s a glimpse at what Windows 11 has in store to help our clients in overcoming the greatest security challenges posed by distributed work environments and the evolving threat landscape.

Hardware-based Zero Trust security, from the chip to the cloud

• Microsoft Pluton: The hardware and silicon-assisted security features in Windows 11—such as the TPM 2.0, firmware and identity protection, Direct Memory Access, and Memory Integrity protection—help secure essential components of the operating system as well as the user’s credentials as soon as the device powers on. These features are based on the Zero Trust approach. We know that attackers have turned their attention to hardware, so even while those features protect against many of the attack patterns we see today, we’re looking to the Microsoft Pluton Security Processor as a cutting-edge way to secure that important layer of computing.
• Due to Microsoft Pluton’s close connection with the CPU and OS, it includes some important features. First off, unlike other Windows components, Pluton is the only security processor that receives constant updates to important security and functionality through Windows Update. Pluton makes it considerably simpler to keep secure by eliminating the need for businesses to perform the standard manual methods for updating firmware. Additionally, the same Windows team that creates features like Windows Hello and Bitlocker also creates the Pluton firmware. Pluton is therefore tuned for Windows 11’s best reliability and performance.To maintain its security, Pluton also goes through top-notch penetration testing and participates in outside bug bounties. Pluton provides more than simply enhanced firmware; thanks to its close interaction with the CPU, it also provides defense against physical assaults. Removing any additional attack surfaces improves security and reduces the complexity of additional configuration that is typically required to defend against physical attacks. Pluton is evidence of the money spent on our chip, the success of Secured-core PCs, and the cloud security plan.

App security without the app store from Smart App Control

• Smart App Control is a significant improvement to the security model in Windows 11 that stops users from launching malicious programs on Windows systems that by default block untrusted or unsigned programs. Beyond prior built-in browser security, Smart App Control is integrated into the OS’s core at the process level. Our new Smart App Control uses code signing and AI to only permit the execution of processes that are believed to be secure based on either code certificates or an AI model for application trust within the Microsoft cloud. On the most recent threat intelligence, which provides trillions of signals, model inference happens continuously. When a new application is executed on Windows 11, its important features and signing are compared to this model to make sure that only well-known secure applications are permitted to run. As a result, users of Windows 11 may be sure that only secure and dependable software is being used on their brand-new Windows PCs. New devices will come pre-installed with Windows 11 and Smart App Control. To use this functionality on devices running earlier versions of Windows 11, Windows 11 must be reset and a new installation must be performed.

Increased account and credential security

• Enhanced phishing detection and protection with Microsoft Defender SmartScreen: With Microsoft Defender for Office 365, we have stopped over 25.6 billion brute force authentication attempts against Microsoft Azure Active Directory (Azure AD) and 35.7 billion phishing emails over the past year. By identifying and warning users when they are typing their Microsoft credentials into a malicious program or compromised website, the improved phishing detection, and prevention built into Windows with Microsoft Defender SmartScreen will help protect users from phishing assaults. With these upgrades, Windows will become the first operating system in the world to come pre-installed with phishing protections, allowing users to stay secure and productive without having to become skilled in IT.
• Credential Guard by default: Windows 11 has hardware-backed, virtualization-based security features to help shield systems against attack methods that leverage pass-the-hash or pass-the-ticket to steal credentials. Additionally, even when the process is operating with administrative rights, it helps in preventing malware from accessing system secrets. Credential Guard will eventually be turned on by default for businesses using Windows 11 Enterprise.
• Additional protection for Local Security Authority (LSA) by default: Windows includes some vital procedures that it uses to confirm a user’s identity. One of such procedures, the LSA, is in charge of user authentication and Windows login verification. It is in charge of managing user login information, including passwords and tokens, for Azure services and Microsoft accounts. To take advantage of this procedure and steal passwords, attackers have created tools and abused Microsoft tools. Future new Windows 11 machines that are enterprise-joined will come standard with improved LSA protection, which will make it much harder for hackers to steal credentials by ensuring LSA loads only trusted, signed code.

Personal Data Encryption adds a second layer of security for personal data

• According to respondents to Verizon’s 2021 Mobile Security Index, mobile devices pose the highest danger to IT security, remote workers are more vulnerable than office workers (by 97%), and 56% of respondents are concerned about device loss or theft. The new Personal Data Encryption feature in Windows 11 offers a framework for programs and IT to use to secure user files and data when the user is not signed into the device, regardless of where users are working. The user must first authenticate with Windows Hello for Business to access the data. This links the data encryption keys with the user’s passwordless credentials to make data more secure even if a device is lost or stolen and to add a layer of protection for sensitive data.

Protect users from themselves with Config Lock

• The fact that they have little control over the device once it is in the user’s hands is a major factor in the over 60% of security decision-makers who claimed that adopting security solutions is challenging. Configuration Lock alters that. This functionality, which is already included in Windows 11, keeps track of registry keys through mobile device management (MDM) regulations to make sure that the devices in your ecosystem adhere to corporate and industrial security standards. Config Lock will instantly restore the impacted system to the IT-desired state if it notices a change in registry keys. IT managers can be sure that devices in their company are secure and that users haven’t altered important security settings thanks to Config Lock.

Block vulnerable drivers by default with HVCI

• Hypervisor-Protected Code Integrity (HVCI) default enhancements: The fact that they have little control over the device once it is in the user’s hands is a major factor in the over 60% of security decision-makers who claimed that adopting security solutions is challenging. Configuration Lock alters that. This feature, which is already included in Windows 11, keeps track of registry keys through mobile device management (MDM) regulations to make sure that the devices in your ecosystem adhere to corporate and industrial security standards. Config Lock will instantly restore the impacted system to the IT-desired state if it notices a change in registry keys. IT managers can be sure that devices in their company are secure and that users haven’t altered important security settings thanks to Config Lock.
• The Microsoft Vulnerable Driver Blocklist makes use of Windows Defender Application Control (WDAC) to stop known vulnerable drivers from being abused and exploited by advanced persistent threats (APTs) and ransomware assaults. By preventing certain drivers from being exploited by blocking their load in the Windows kernel, the kernel blocklisting feature reduces these dangers. The blocklist is by default activated on devices running Windows SE or HVCI. The enhanced experience in the Core Isolation tab of the Windows Security App can also be used to enable the capability.

Security redesigning from the chip to the cloud

Microsoft is committed to fixing gaps in popular attack vectors like the ones we discussed today while also making ongoing investments in enhancing Windows’ default security baseline. This initiative’s goal is to make and enhance Windows users’ security experiences by default. Windows 11 helps businesses handle the new security concerns of the hybrid workplace now and in the future with layers of security and a built-in chip to the cloud. As we continue to power the business of the future, we design additional defenses and make Windows more secure by default with each version.

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com