When it comes to cyber-attacks, there are two primary angles of attack: One way is to steal a user’s identity and enter the network, and the other way is to get malicious software running from within the organization. Often the attacks do a bit of both.
Stopping these attacks is another area where Windows 10 really shines. When I received a phishing attack e-mail on a Windows 10 machine with Device Guard, the installation of the app is blocked because that app is not signed by a pre-determined trustworthy source. The intrusion is stopped before it can even get started.
How this helps:
Device Guard is an indispensable part of your security arsenal – especially for the Windows devices that are in mission critical roles such as operating an assembly line or in a hospital.
Detection alone is never going to catch every intrusion – there are simply too many new attacks created every minute (we receive more than 1M new pieces of malware
). Device Guard demands that every app attempting to access your network has to be proven safe before it enters, and, even more importantly, Device Guard’s capabilities are protected in an unprecedented way that uses virtualization to protect itself even in the event that the Windows Kernel is fully compromised.
For this reason, Device Guard can block zero day exploits and unknown malware threats because it isn’t dependent on the latest AV signatures or behavior monitoring. It also neutralizes common intrusion workarounds because Device Guard protects users even when they have full admin privileges.
Why you need this in your life:
This feature is ideal for a very wide range of devices, like PoS’s, ATM’s, and any other assets that serve a critical business function and contain sensitive data.
As noted above: It blocks zero day exploits and protects users with admin privileges.
This enables IT to provide a much higher level of assurance that malware will not be running on devices.