Amping Up Security for Windows 10

istock 956916704
istock

Enhancing endpoint security can be a real challenge, yet it remains a critical component of effective cyberdefenses. With a cloud-based, modern management framework for Windows 10, best-in-class digital workspaces can provide improved protection against real-time threats while requiring fewer IT and SecOps resources.

Microsoft has dramatically improved the security inherent in the operating system with Windows 10. Many features, including Windows Defender Application Guard, Exploit Guard, and Credential Guard, are far superior to what was available in Windows 7. VMware Workspace ONE provides real-time manageability of Windows 10 and works together with the OS security features to add another set of cyberdefenses. These two solutions are a synergistic cybersecurity duo.

Workspace ONE features a unified endpoint management (UEM) platform that helps IT teams meet the challenge of enforcing consistent security across numerous discrete devices without increasing the workload of IT or security staff. This platform also automates many of the tasks that ensure proactive deployment of security. Some of the most notable ways Workspace ONE amps up Windows 10 security are:

  • Consistent deployment of security policies and protection – Unprotected endpoints or endpoints with out-of-date software are often a focal point for attackers. The expansion of BYOD and the use of a greater number of contract and temporary workers increase the odds that an unprotected or poorly protected device will get on the network. Workspace ONE ensures consistent and comprehensive deployment of security policies for every endpoint, regardless of location, OS, or ownership.
  • Delivery of a secure enterprise app environment – Rogue and compromised apps are a common attack vector. In addition, some apps don’t meet security standards or can create vulnerabilities based on their design. Workspace ONE provides a secure enterprise app environment in which users can download not only the organization’s standard products but also known good versions of them.
  • Zero-day compliance model for Windows 10 patch management – Poor patching hygiene has been the opening for many well-known and impactful attacks. Not only does Workspace ONE provide a comprehensive and proven model for automating patching and ensuring patch delivery but this digital workspace platform also offers a zero-day capability that ensures that vulnerabilities are addressed and remediated as quickly as possible. This eliminates one common attack vector.
  • Detection of compromised devices in real time – A key stage of any cyberattack is the lateral spread of malware from an infected system. Workspace ONE performs health checks of the OS boot status, so compromised devices are detected in real time. This makes it possible to either eliminate or dramatically reduce the lateral spread of malware and contain the attack more quickly.
  • Integration of data loss prevention (DLP) capabilities with Windows Information Protection – The true impact of a cyberattack is not the penetration of the systems but the loss of data that results. This has put a much greater focus on DLP capabilities. Stopping data loss is often seen as the most important cybersecurity priority. Workspace ONE works with Windows Information Protection to provide a greater barrier to data loss.

Cybersecurity has the attention of everyone from the boardroom to the factory floor. In this regard, Windows 10 represents a major improvement over Windows 7. Adding the management and security capabilities of Workspace ONE to the mix substantially improves an organization’s defensive posture. It’s a combination that can thwart attacks before they start.

For more about Workspace ONE and how it provides security for Windows 10, go here.

Copyright © 2019 IDG Communications, Inc.