Looking to the future, two clear trends are emerging. First, organizations around the world are building technologies, deploying applications and deploying services across the cloud and the edge. Many customers have similar goals: to thrive through improved information collection, more accurate decision making and more responsive services. Associated with this, we see a tremendous investment in the infrastructure that ensures that these services are scalable and available. Unfortunately, attackers are evolving to target this high value infrastructure with advanced technical capabilities. One example are marketplaces such as the MagBo portal. This website provides access for a price to over 43,000 hacked servers, lowering the bar for entry to attack servers while providing attackers additional monetary incentives. Compromised servers are being used to mine cryptocurrency and also targeted for phishing and/or ransomware attacks.
Given the many incentives motivating these attacks, raising the bar for attackers is a clear and urgent need for Windows Server and Azure Stack HCI. Using our learnings from the Secured-core PC initiative, we are now bringing these innovations to Windows Server and Azure Stack HCI. In collaboration with our OEM partners and hardware ecosystem, we expect this effort to bring your devices advanced hardware-based protection, while maintaining ease of management.
Like PCs, Secured-core server is built on three key pillars:
When customers acquire a Secured-core server, there is an assurance that the OEM has provided a set of hardware, firmware and drivers that satisfy the Secured-core promise. Windows Server and Azure Stack HCI systems will have easy configuration experiences in the Windows Admin Center to enable the security features of Secured-core. With Integrated Azure Stack HCI systems, OEMs will also enable the operating system features by default, further simplifying the configuration for end customers.
Secured-core servers use hardware, firmware and operating system capabilities to the fullest extent to provide protection against current and future threats. The protections enabled by a Secured-core server are targeted to create a secure platform for critical applications and data used on that server. The Secured-core functionality spans the following areas:
Enabling Secured-core functionality helps proactively defend against and disrupt many of the paths attackers may use to exploit a system. This set of defenses also enables IT and SecOps teams better leverage their time across the many areas that need their attention.
Windows Admin Center now has capabilities to both report on the current state of Secured-core features and where applicable, allow customers to enable the features.
The Windows Admin Center security tool is currently available as a preview and can be accessed by the insider extensions feed. Navigate to aka.ms/WindowsAdminCenter to download the latest version of Windows Admin Center, and add aka.ms/wac-insiders-feed to your extension feed. Feedback can be shared through the Windows Admin Center User Voice: http://aka.ms/wacfeedback.
Secured-core servers complement other security capabilities in Windows Server 2022 across multiple areas. Taken together, Secured-core and Windows Server 2022 provide the comprehensive protection that servers need today.
For customers deploying Windows Server 2022 in Azure, the Azure Marketplace will have Windows Server 2022 virtual machine images available that have the Azure Security baselines configured by default, making it easier for customers to use Windows Server 2022 securely in Azure. More information on image configuration will be available through the Azure Security blog.
Secured-core servers across Windows Server 2022 and Azure Stack HCI will help customers stay ahead of attackers and protect their infrastructure across hardware, firmware, drivers and the operating system. Supported hardware will be available in future product generations from Intel, AMD and our vibrant OEM ecosystem.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.