Introduction to Windows 10 Security
Information security is becoming stronger, tighter and more effective. Microsoft is following this consumer trend, offering improved security within its Windows 10 operating system.
This article will detail the current security functionality offered by Windows 10 and will introduce the new security configuration framework SECCON, Microsoft BitLocker and a slew of notable Windows Defender features including SmartScreen, Application Guard, Device Guard, Exploit Guard and Credential Guard, as well as a look at the new changes to Windows 10 security introduced in the 1903 feature release.
New security configuration framework
The most notable Windows 10 security feature is the new security configuration framework that Microsoft called SECCON (which is a play on the United States Department of Defense’s defense readiness condition DEFCON framework).
Like DEFCON, SECCON uses five levels of readiness — ranging from the strictest security measures in Level 1 and regular security measures in Level 5. Below is a summary of each of these levels of cyberdefense readiness.
- Level 1: Administrator Workstation: Considered one of the most privileged access workstation levels along with Level 2, Level 1 faces the highest risk of data theft, alteration and service interruption
- Level 2: DevOps Workstation: Intended for developers and testers, this level is a target for credential theft attacks and supply chain attacks looking for access to systems and servers with high-value sensitive information
- Level 3: Enterprise VIP Security: Recommended for organizations with a sophisticated or large security team or organization users that face a uniquely high security risk. Security configurations for this level are complex and recommendations can take longer to fully implement than other levels (sometimes over 90 days)
- Level 4: Enterprise High Security: Intended for users with access to sensitive information. Controls may impact on app compatibility and will often need to use an audit-configure-enforce workflow when configuring. Most organizations will find these recommendations accessible and are generally deployable within 90 days
- Level 5: Enterprise Security: The minimum-security configuration with straightforward recommendations that are deployable within 30 days
Windows 10 security features
A new security configuration framework is just the start. Windows 10 offers many improved security features over previous versions of Windows and some are new.
Microsoft BitLocker is a throwback from previous versions of Windows. This native, full-drive encryption solution is available on Windows Pro and Windows Enterprise. Window 10’s BitLocker offers a new class of intrusion prevention capabilities which is an improvement over previous versions.
New Windows Defender features
Windows’ in-built antivirus and anti-malware solution, Windows Defender is not lacking for changes in Windows 10.
Windows Defender SmartScreen
This feature composes one of many layers phishing and malware defense. Using what is called “block at first sight,” Windows Defender SmartScreen has the ability to block sites that are notorious for phishing and containing malware.
Windows Defender Application Guard
This feature is intended to protect the Microsoft Edge web browser application from advanced targeted attacks. It uses whitelisting to allow free browsing of trusted sites.
When a site is not trusted, Windows Defender Application Guard will open the site in an isolated container. The result is similar to launching an untrusted executable in a sandbox, where valuable system and network resources are shielded from attacker activity if the site turns out to be malicious.
Windows Defender Device Guard
This feature uses driver- and application-based whitelisting to move from a mode where drivers and applications are trusted unless blocked by AV to a mode where Windows 10 trusts only enterprise-trusted drivers and applications. This is meant to frustrate attackers that focus on attacking or installing new device drivers and applications.
This feature offers exploit protection, network protection, rules for attack surface reduction and controlled folder access. Windows Defender Exploit Guard also provides solid protection of legacy applications with arbitrary code guard, blocking untrusted fonts, low-integrity images and exporting address filtering.
Windows Defender Credential Guard
Relying on virtualization-based security, this feature isolates credentials and only allows privileged system software access to them. This allows for enhanced protection from persistent threats and even some increased hardware protection.
Windows 10 feature release version 1903 changes
Windows 10 version 1903 offers some notable changes.
Most security-minded professionals prefer to have a good test environment to run untrusted executables and other programs in if resources allow. Microsoft responded to this desire and allows for an insulated environment on a Windows 10 PC, thereby removing the need for an expensive test environment (like a dedicated server). This feature is only available on Windows 10 Pro and Enterprise Insider with the following requirements:
- AMD64 architecture
- Virtualization enabled
- 8GB of recommended RAM
- Two CPU cores minimum
Windows Update has gotten a facelift in version 1903 with some enhanced user capabilities. Most notable of these changes is better user control over updates, including being able to pause any update as the user sees fit.
Better security baselines
Microsoft recommends that Windows 10 users tighten up their security baseline by enabling svchost.exe, starting in the 1903 release. This will enforce stricter Windows 10 security and will ultimately make your Windows 10 unlock its security potential.
Windows 10 offers some notable security improvements over previous Windows rollouts. These changes generally follow the increased desire of its users to have not only stronger security measures but more user control. Even home version users will see some of these changes trickle down to them, including the useful new ability to pause any updates.