The threat landscape is changing rapidly. But this time it’s not just the attackers driving change, it’s your users.

2009

Defined environment

2014

Disappearing perimeter

Mobility represents the end perimeter based security.

Your perimeter is fading, maybe it’s already gone.

BYOD is a top priority and one of the biggest challenges But it’s not the only one when it comes to security.

The improvements that we’ve made in the Windows platforms have driven our adversaries to new tactics.

Attackers have set their sights on identity theft and they’re breaking into systems as you!

Banking Small Online Business Small Online Business Small Online Business Small Online Business Attackers steal

~75% of users use the same password on every site

more interesting accounts

There is a prolific and easily accessible black market that facilitates the buying and selling of identities, credit cards, etc. Personal information about you can almost certainly be found there!

“The Target hackers broke into the network using a stolen user name and password that had been created for the company servicing their air conditioning systems". Brian Krebs (Security Blogger ) The Target credit card breach resulted in millions of credit cards appearing in the marketplace and represents the perfect example of the power identity theft.

A Lockheed Martin official said "the firm is

“spending more time helping deal with attacks on the supply chain”

the company.

to attack.”

of partners, subcontractors and suppliers than dealing with attacks directly against

“For now, our defenses are strong enough to counter the threat, and many attackers know that, so they go after suppliers. But of course they are always trying to develop new ways

- Washington Post “Confidential report lists U.S. weapons system designs compromised by cyberspies”, May 27, 2013

And so we have a perfect storm.

BYOD is increasing the volume of devices that are connecting to corporate resources and they’re far less managed and often times less secure than we’re used to.

and so we designed Windows 8.1 specifically to address these big challenges.

And we offer capability that you can’t find in any other platform.

Windows Strategy for Business

Devices and Experiences Users Love Enterprise Grade Solutions Businesses Require Platform Alignment (Phone, Tablet, Desktop)

Trustworthy Hardware to Protect Identities and Data Better Single Factor Authentication Easy to Deploy Two factor Authentication

Mimikatz enables the export of certificates from a device Certificates can be passed to malicious users who wish to impersonate you Mimikatz is a hacker tool designed for Windows PC’s. A hypothetical attack phones Windows Phone is designed inherently to be immune to such an attack, but… In today’s word we need to assume an operating system’s defenses will be breached Solution - bind sensitive information to the device and prevent access even if exported

Trusted Platform Module (TPM)

A processor for performing cryptographic operations Internationally recognized standard for crypto processing A Windows Phone certification requirement Provides means to determine hardware and OS integrity Can generate and store keys used for encrypting data Includes tamper-proofing and anti-hammer capability Use TPM for more than just device encryption

Trustworthy Hardware to Protect Identities and Data Better Single Factor Authentication Easy to Deploy Two factor Authentication

Move forward with strategy to replace for passwords Reduced friction and improve experience Windows Biometric Framework added to Windows 7 3 rd parties provide enrollment and drivers Not available in most PC’s, OEM’s use to differentiate Few users have ever experienced it Make Biometrics the best experience for auth Create condition where users prefer and use it Drive adoption in Consumer and Enterprise

Trustworthy Hardware to Protect Identities and Data Better Single Factor Authentication Easy to Deploy Two factor Authentication

Pervasive and More Secure Device Encryption Selective Wipe of Corp Data Application Control

Pervasive and More Secure Device Encryption Selective Wipe of Corp Data Application Control

Users

can enroll BYOD devices with an MDM to access corporate data and apps regardless of device or location MDM provides

IT

with the ability to control user access to the data and apps. MDM’s that make use of technologies like Windows 8.1’s

Remote Business Data Removal

and others can wipe data and apps or make them permanently inaccessible Personal Apps and Data Company Apps and Data Policies Management with Intune or 3rd Party MDM

Users

can enroll BYOD devices with an MDM to access corporate data and apps regardless of device or location MDM provides

IT

with the ability to control user access to the data and apps. MDM’s that make use of technologies like Windows 8.1’s

Remote Business Data Removal

and others can wipe data and apps or make them permanently inaccessible Personal Apps and Data Company Apps and Data Policies Management with Intune or 3rd Party MDM

Pervasive and More Secure Device Encryption Selective Wipe of Corp Data Application Control

Users with even the best intentions will use applications that put your organization’s data at risk Well intentioned apps may be used to leak corporate data and malicious apps will harm or steal it

AppLocker

can put IT back in control of which application can and can not be used using policy based white and black lists

Unified Extensible Firmware Interface Trusted Boot App Sandbox (AppContainer) Windows SmartScreen Windows Defender Provable PC Health

Mebromi, similar it MyBIOS, is a trojan and bootkit Infects Award BIOS and controls the boot up process Used in combination with another malware package Mebromi is to provide persistence to malware that uses the MBR to boot If an antimalware solution is able to clean the system of malware infected BIOS redeploys it By living in the firmware Mebromi can remain hidden from most antimalware solutions Additional malware that Mebromi deploys helps with persistence and tampers with AV

Unified Extensible Firmware Interface (UEFI)

A modern replacement for traditional BIOS A Windows client and phone certification requirement architecture-independent solution initializes device and enables operation (e.g.; mouse, apps) Secure Boot - Ensures only signed and trusted OS’s start Eliminates bootkit threat by securing device start-up

Unified Extensible Firmware Interface Trusted Boot App Sandbox (AppContainer) Windows SmartScreen Windows Defender Provable PC Health

Alureon (also known as TDSS) is a boot and root kit Second most active botnet in 2010, and infected million's of computers Became known when update MS10-015 caused Alureon infected systems to crash Steals data by intercepting and redirecting system's network traffic Searches for usernames, passwords, credit card data, click fraud Updates MBR to point boot process to kit, installs kit as system driver (atapi.sys) Disables mandatory kernel-mode driver signing

Ensures secure start-up and integrity validation of all core operating system Protects antimalware solutions that take advantage of Early launch Anti-Malware (ELAM) Eliminates the potential for rootkits and system components tampering Creates comprehensive set of measurements based on Trusted Boot execution Measurements can be review via Remote Health Analysis or Remote Attestation services

Unified Extensible Firmware Interface Trusted Boot App Sandbox (AppContainer) Windows SmartScreen Windows Defender Provable PC Health

Unified Extensible Firmware Interface Trusted Boot App Sandbox (AppContainer) Windows SmartScreen Windows Defender Provable PC Health

CryptoLocker (also known as TDSS) is a ransomware virus and bootkit Often proliferates through email, dupping users into downloading, toolbar vulns Ransom originally required BitCoins, but now accepting many forms of payment CryptoLocker encrypts user data: including pictures, documents, movies, music, etc It doesn’t really try and evade detection. Once data is encrypted it’s work is done

The largest investments that we’ve ever made are producing great results!

Chart from the Microsoft Security Intelligence Report v15

So what people are saying?

“In a world where cyberwarfare and espionage is becoming ever more prevalent, Windows 8 is exactly what companies and governments need to shore up their security…” Ziff Davis - Sebastian Anthony, Senior Editor “the security advances from XP to Windows 7 are leaps and bounds … the advancements from 7 to 8 is just as great.” IOActive - Chris Valasec, Director of Security Intelligence “ Along with the developments taking place in MBAM, BitLocker has stepped up to meet security, usability and management requirements for organizations.“ Gartner - Mario De Boer Ph.D, Research Director “Use Windows 8 as an opportunity to rethink endpoint protection” Forrester - Chris Sherman, Security and Risk Analyst “Our telemetry data is showing that Windows 8 customers are experiencing 3X less malware infections than Windows 7 and 6.5X fewer infections than Windows XP. Windows RT and Windows Phone 8 are experiencing virtually no infections” Microsoft - Tim Rains, Director Trustworthy Computing

Trustworthy Hardware Malware Resistance Information Protection Identity & Access Control • • Security and integrity rooted in standards based hardware Secure device firmware and operating system start-up with UEFI TPM provides a Hardware based crypto processer for verifying device integrity • • Market leading malware resistance Platform integrity with Trusted Boot, sandboxed apps, built in app-rep and anti-malware Online safety and phishing protection using Internet Explorer and URL Reputation • • Information protection while data is at rest, use, and in motion Persistent encryption enables sharable data on the device, removable media, over the wire. IT maintains total control of the apps that can be used and can securely wipe data on demand • • Platform differentiation can be found in one of the most important areas of security Move away from passwords using Fingerprint based Biometrics Build in two factor authentication options (Virtual Smartcards)

The State of Windows 8.1 Security: Malware Resistance - May 12 th 4:45PM; Room: 371A Malware Hunting with Mark Russinovich - May 15 th 10:15AM; Room: Grand Ballrm C Bulletproofing Your Network Security - May 12 th 1:15 PM; Grand Ballrm A Social Engineering: Targeted Attacks, and IT Security - May 13 5:00 PM - 6:15 PM Room: Grand Ballrm A Implementing Endpoint Protection in SCCM - May 13 th 10:15; AM Room: Hall E ILL Room 3 Implementing Endpoint Protection in SCCM - May 15th 8:30; AM Room: Hall E ILL Room 3

windows.com/enterprise windowsphone.com/business microsoft.com/springboard microsoft.com/mdop microsoft.com/windows/wtg developer.windowsphone.com

http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn