In this digital era, "cybersecurity issues and risks” are one of the main concerns for every individual and business house. Every day cybercriminals and nation-states alike have improved their targeting, speed, and accuracy as the world adapted to working outside the office.
According to Microsoft, in 2021 security protection built into Windows, Azure, Microsoft 365, and Microsoft Defender for Office 365 have blocked more than 9.6 billion malware threats, more than 35.7 billion phishing and other malicious emails, and 25.6 billion attempts to hijack enterprise customers by brute-forcing stolen passwords—that’s more than 800 password attacks per second.
Malware, stolen credentials, phishing attacks, devices that lack security updates, user error, and physical attacks on lost or stolen devices are major concerns for security and IT teams as they try to protect their workforce.
Enhance Windows 11 with Core Security Updates
The combination of modern hardware and software required for Windows 11 enables a more secure environment for its users from wherever and however they choose to work. Microsoft emphasizes that in upcoming updates on Windows 11 users are going to see significant security updates that add even more protection from the chip to the cloud.
In the post, Microsoft says —
"In upcoming releases of Windows, we are advancing security even further with built-in protections to help defend from advanced and targeted phishing attacks. We’re also adding more protection for your applications, personal data, and devices and empowering IT with the ability to lock security configurations as more enterprise devices are sent directly to users."
Zero Trust security, from the chip to the cloud, is rooted in hardware.
Microsoft Pluton: The hardware and silicon-assisted security features in Windows 11which include the TPM 2.0, firmware and identity protection, Direct Memory Access, and Memory Integrity protection—help protect core parts of the OS as well the user’s credentials as soon as the device powers on.
In today's attack scenario, hackers are mainly targeting the hardware and this makes Microsoft work on Microsoft Pluton Security Processor as an innovative solution to securing that critical layer of computing. Microsoft Pluton has several key capabilities that stem from its direct integration into the CPU and the operating system.
"Pluton is the only security processor which is kept regularly up to date with key security and functionality updates coming through Windows Update just like any other Windows component." - says Microsoft. "Pluton does not require enterprises to take the traditional manual steps to update firmware, making it much easier to stay secure." - they added.
Pluton is optimized for the best performance and reliability in Windows 11.
Securing App with Smart App Control
Microsft introduce the Smart App Control feature that enhances the Windows 11 security model that prevents users from running malicious applications on Windows devices that default block untrusted or unsigned applications. The new Smart App Control only allows processes to run that are predicted to be safe based on either code certificates or an AI model for application trust within the Microsoft cloud.
Smart App Control goes beyond previous built-in browser protections and is woven directly into the core of the OS at the process level.
When a user runs any application on Windows 11, its core signing and core features are checked against this model, ensuring only known safe applications are allowed to run on the device. Smart App Control will come on new devices with Windows 11 installed. Devices running previous versions of Windows 11 will have to be reset and have a clean installation of Windows 11 to take advantage of this feature.
Enhanced Credential Security
Microsoft Defender SmartScreen, it will enhance phishing detection and protection built into Windows systems. This will help to protect users from phishing attacks by identifying and alerting users when they are entering their Microsoft credentials into a malicious application or hacked website. With these enhancements, Windows 11 becomes the world’s first operating system with phishing safeguards built directly into the platform and shipped out-of-box to help users stay productive and secure without having to learn to be their own IT department.
Credential Guard by default: Windows 11 makes use of hardware-backed, virtualization-based security capabilities to help protect systems from credential theft attack techniques like pass-the-hash or pass-the-ticket. It also helps prevent malware from accessing system secrets even if the process is running with admin privileges. In the future, Credential Guard will be enabled by default for organizations using the Enterprise edition of Windows 11.
Furthermore, Microsoft will also make the Local Security Authority (LSA), a process, responsible for handling user credentials, like passwords, and tokens used to provide single sign-on to Microsoft accounts and Azure services, enabled by default in the enterprise-joined Windows 11 devices that make it significantly more difficult for attackers to steal credentials by ensuring LSA loads only trusted, signed code.
Securing Users' Data with Encryption
The new Personal Data Encryption coming to Windows 11 provides a platform, available for use by applications and IT, to protect user files and data when the user is not signed into the device. To access the data, the user must first authenticate with Windows Hello for Business, linking data encryption keys with the user’s passwordless credentials so that even if a device is lost or stolen, data is more resistant to attack and sensitive data has another layer of protection built-in.
Block vulnerable drivers by HVCI
Malware attacks have increased significantly from last year by leveraging driver vulnerabilities to compromise systems. To defends this situation, Microsoft will enable HVCI (Hypervisor-Protected Code Integrity) by default on the next windows release, on a broader set of devices running Windows 11. This feature prevents attackers from injecting their own malicious code and helps ensure that all drivers loaded onto the OS are signed and trustworthy.
The Microsoft Vulnerable and Malicious Driver Reporting Center helps enable Windows to automatically block known vulnerable drivers. The vulnerable driver blocklist leverages Windows Defender Application Control (WDAC) to help prevent advanced persistent threats (APTs) and ransomware attacks abusing and exploiting known vulnerable drivers.
Devices running HVCI or Windows SE have the blocklist enabled by default. Additionally, the feature can be enabled by the new experience in the Core isolation page within the Windows Security App.
More Advanced [AI] Features Introduced
Along with the security improvement, Microsoft has also announced tons of new features that are coming to Windows 11.
The first one is the tabbed File Explorer. Microsoft is offering a tabbed interface, that will enable users to multitask and move between different File Explorer directories without needing to spin up duplicate apps.
Microsoft has also highlighted a refreshed experience for File Explorer which will surface contextualized recommendations regarding files that you should access. Users will also be able to pin their most-accessed files and folders to File Explorer favorites.
Other features coming to Windows 11 are touch-optimized Snap Layouts, improvements to Focus including an integrated focus timer and do not disturb capabilities, and Live Captions for enhanced accessibility for the deaf and hard of hearing.
Microsoft is making it easier for users to do online meetings in hybrid working environments, where Windows 11 will be able to use AI on capable hardware for Voice Clarity, Automatic Framing, Portrait Background Blur, and Eye Contact to make meetings more personal.
This is not the end, Microsoft has introduced more enterprise-focused, capabilities within Windows 11. You can check the below video for a brief demo of the newly introduced features.