Windows 10 for government agencies: helping protect, detect and respond to cyber-attacks
By Rick Engle, Principal Windows Technologies Architect, Federal Government, Microsoft Corporation on February 23, 2017
Filed under Microsoft in Government
Microsoft Secure – Protecting from Evolving Security Threats Part 2
The number $3.5 million is a huge financial amount—and a figure that troubles every CIO. That’s because $3.5 million is the average cost of a single data breach. Even more alarming is the estimated $3 trillion in lost productivity and growth each year, according to McKinsey & Company research.
While cybersecurity is top-of-mind for all CIOs, our federal government agencies have even more at stake than material risk: protecting our national security, intelligence and information. State and local government (SLG) organizations also must safeguard extremely sensitive data, including personally identifiable information.
Federal agency and SLG networks are under attack virtually every day and, despite strong cyber-defense initiatives, challenges remain to thwart malicious hackers. That’s why I’m always eager to meet with federal and SLG CIOs and IT teams to explain how Windows 10 is disrupting increasingly sophisticated cyber-attacks through revolutionary security measures. This is especially true since the U.S. Department of Defense directed all DoD agencies to standardize on Windows 10—the largest enterprise deployment to date—and recent news that Windows 10-powered Surface devices have gained approval for classified workloads. Note: this blog is the second in our ongoing Microsoft Secure – Protecting from Evolving Security Threats series.
Protect, detect and respond are the core elements of our Windows 10 security mission statement. Our goal for federal, SLG and all customers is to enable Windows 10 devices to be protected from today’s sophisticated attacks and, if a breach does occur, provide immediate visibility to respond. Windows 10 carries out the protect-detect-respond mission through four pillars of built-in defense:
- Device (hardware) protection: We recognized that older hardware was susceptible to attacks since hackers could more easily drop malicious code onto devices as a rootkit before the operating system starts up. As a result, we’ve made device protection requirements much more robust for manufacturers of Windows 10 devices. By implementing a more modern and secure replacement for BIOS (basic input/output system) for device startup called UEFI (Unified Extensible Firmware Interface) Secure Boot, introducing virtualization-based security protection and mandating the use of Trusted Platform Module, Windows 10 devices can address hardware-level tampering. Windows 10 device protection is especially important to federal and SLG customers as they replace older, more vulnerable PCs.
- Threat resistance is aimed at addressing viruses, Trojans and malware that can result from clicking on unsafe website links opening up executables and documents that look legitimate but are not. The newest forms of Windows 10 threat protection include Device Guard and Microsoft Edge Application Guard, which join Microsoft Edge, Windows Defender, Windows Firewall and SmartScreen. These technologies work together to provide comprehensive threat resistance since most cyber-attacks are aimed at end users either clicking on legitimate-looking websites, opening malicious email or running harmful apps. This is especially the case for federal and SLG agencies, which recognize that user desktops or PCs are often a primary point of attack.
- Identity protection: One of the ways that government agencies have been attacked is through compromise or theft of a user’s password or credentials, allowing a hacker to retrieve sensitive data or inject malware on a network. We’re defending against attacks like “pass the hash” on Windows 10 through Credential Guard, which provides authentication services through a virtualized, secure “kernel” that defends a user’s passwords and credentials. Credential Guard coupled with Windows Hello for Business deliver a superior level of protection for user login, passwords and credentials. Identity protection is a key concern to government agencies due to potential compromises to national intelligence, employee records and other sensitive information.
- Information protection: Information is moving around all the time and Windows 10 has many technologies to provide integrated protection against accidental data loss. BitLocker and BitLocker to Go, along with BitLocker Admin and Monitoring, provide comprehensive data at rest Windows Information Protection. Azure Rights Management encrypts and restricts files so that they are rendered useless if such data should fall into the wrong hands—especially important in the federal and SLG space.
Windows 10 also leads the way in breach detection, investigation and response. In today’s modern world of cyber threats, we must always assume there’s potential for a breach so it’s vital to be able to detect advanced threats and have remediation tools to respond. With the newest version of Windows 10, we’ve introduced post-breach protection with Windows Defender Advanced Threat Protection, which provides a security center portal to identify if, where and how an attack is taking place, and provide insights about who the attackers might be. These “post-breach” technologies are enhanced when coupled with Office 365 Advanced Threat Protection and Advanced Threat Analytics.
When talking about the benefits of Windows 10 security for federal and SLG customers, I would be remiss if I didn’t mention that our newest operating system complies with key U.S. government certifications, including: NIST Federal Information Processing Standard (FIPS) 140-2, Defense Information Systems Agency Security Technical Implementation Guides (DISA STIGs) for desktop and mobile, Common Criteria and others required by U.S. agencies. Our engineering teams work diligently to ensure Windows 10 and other Microsoft products meet the most stringent security mandates and certification programs.
In addition to the links embedded throughout this blog, you can learn more about Windows 10 security features that protect, detect and respond at the following sites: