Two words: Windows 10 and Security. (Okay, that was three words, four if you count the and.)

If you work in enterprise IT today, your problem isn’t counting words. It’s protecting your company from a gazillion cyberattacks made every day on your Windows endpoints. (Okay, gazillion isn’t a number, but if it were it would be huge….).

Windows 10 is Microsoft’s answer to viruses, malware, ransomware, bootkits, rootkits, data thievery, and all manner of dangers threatening your enterprise’s bottom line.

To help you stay safer, Adaptiva recently hosted a Windows 10 Security Enterprise Round Table Webinar with:

  • Chris Jackson, Chief Awesomeologist and Cybersecurity Enthusiast, Microsoft
  • Matt Marnell, Director of Strategy, Flexera Software
  • Harjit Dhaliwal, Microsoft MVP, IT Pro
  • Ami Casto, Technical Evangelist and Microsoft MVP, Adaptiva

You can view the entire webinar and slides for all the details. This blog gives you a speed read through a few of the event’s many takeaways.

Obtaining Vulnerability Visibility Across the Enterprise

Cyberattacks increased roughly 10% per year from 2014 through 2016. If this trend continues, the overall number of attacks will have doubled by 2021. Perhaps more alarming, there are over 500 vulnerabilities found per device.
Not only do companies have hundreds of vulnerabilities to address on each device, they may not even know what devices they have in the first place.
“I’ve yet to find a customer out there that has 100% coverage of inventory for their systems.” — Matt Marnell, Director, Enterprise Solutions Strategy, Flexera

The ability to know what systems you have—without missing any—is essential for locking down your company’s security vulnerabilities.

Responding to Security Threats with ConfigMgr

ConfigMgr administrators both love and dread Patch Tuesdays, Microsoft’s monthly patch releases. Harjit Dhaliwal has honed his Patch Tuesday strategy for many years in a production environment, and offers these tips.

  • Be aggressive by deploying fast
  • Check forums, listservs, Twitter, etc., for reports of widespread issues
  • Run an automatic deployment rule (ADR) late on Tuesday night to set up deployments for each individual endpoint
  • Start deployments on Wed morning
  • Deploy to servers automatically during service windows
  • Leave workstation deployments at the users’ discretion to avoid infuriating interruptions

Security Configuration Management Best Practices

Ami Casto provided a long list of best practices for security configuration management. This blog only mentions a few.Don’t allow users to be local admin. Any user who has local admin can open the door to your entire company. People always fight for local admin rights, complaining they don’t have time to wait for IT to install and manage everything. Don’t let them have them—this is one battle worth fighting.Keep the bare minimum of what you need on endpoints. If users want to put garbage apps on their home computers, they can have at it. That’s not what work computers are for. This is not being curmudgeonly. It’s a necessary security measure.
Train your employees, and have them sign a security awareness agreement annually. This might seem a little ridiculous. However, the majority of security breaches come from inside a company by unaware employees who have no malicious intent.

A Practical Roadmap to Securing Endpoints

The Windows 10 defense strategy begins with protecting you off-machine. This includes protecting your inbox from malicious emails, and making the Internet safer through virtualized Edge browsing.

On a running device, defense includes things like locking down the machine at a base level, restricting applications, controlling file access and network activity, and improving antivirus.

Off-machine protection can also include using cloud storage and backups that reduce the impact of a destructive attack.

Your company should define specific device scenarios with different security configurations. Not all devices need the same protection. You should think about what is the specific use case of a device in order to determine how much protection and access it needs. Then configure it according to potential risk and value.


Windows 10 Is Only as Secure as You Make It

Windows 10 brings a lot to the table for enterprise IT security. Use it wisely, and your company is in a much better position to weather the relentless storm of cyberattacks.

This blog provided only a few highlights. To get more in-depth security guidance, watch the entire webinar:

View Webinar and Slides