At GDK Network Systems we are always seeking out the best in innovation so we can bring it to our clients.

The new Windows 11 security features are the perfect solution for hybrid work as they provide additional protection for all the team.  We are very excited about this and want to share with you information about these new features.

David Weston Vice President, Enterprise and OS Security Microsoft introduces the new features to us in this article:

Attackers are constantly evolving, becoming increasingly sophisticated and destructive—the median time for an attacker to access your private data if you fall victim to a phishing email is 1 hour, 12 minutes.

Microsoft tracks more than 35 ransomware families and more than 250 unique nation-state attackers, cybercriminals, and other actors. We have unparalleled threat intelligence—processing more than 43 trillion signals per day, including 2.5 billion daily endpoint queries and 921 password attacks blocked every second. We work alongside more than 15,000 partners in our security ecosystem and we have more than 8,500 engineers, researchers, data scientists, cybersecurity experts, threat hunters, geopolitical analysts, investigators, and frontline responders across 77 countries. We combine human and machine intelligence with built-in AI to continuously learn from the attack landscape, and we have a dedicated team, the Microsoft Offensive Research and Security Engineering (MORSE), that works to stop threats before they reach your device. All of this goes into the design process to deliver a more secure Windows with every release.

Protection that evolves with the threat landscape

Today, we’re proud to announce that the security features you heard about in April 2022 are now available on Windows 11.

Application Control

We’ve added features that give people the flexibility to choose their own applications, while still maintaining tight security. Smart App Control is a new feature for individuals or small businesses designed to help prevent scripting attacks and protect users from running untrusted or unsigned applications often associated with malware or attack tools. This feature creates an AI model using intelligence, based on the 43 trillion security signals gathered daily, to predict if an app is safe. App control is known to be one of the most effective approaches to protecting against malware but can be complex to deploy. Windows 11 uses the power of AI to generate a continually updated app control policy that allows common and known safe apps to run while blocking unknown apps often associated with new malware. Our customers have asked us to make this simpler and we have responded.

The Smart App Control approach achieves the goal of making advanced app control protection widely available. Smart App Control is built on the same same OS core capabilities used in Windows Defender Application Control. Smart App Control is provided on all Windows client editions with clean installations of Windows 11 2022 Update. Alternatively, for enterprises, your IT team can use Microsoft Intune with Windows Defender Application Control to remotely apply policies to control what apps run on workplace devices.

Vulnerable driver protection

Malware increasingly targets drivers to exploit vulnerabilities, disable security agents, and compromise systems. Window 11 uses virtualization-based security (VBS) for enhanced kernel protection against potential threats.

Hypervisor-protected code integrity (HVCI), also called memory integrity, will be enabled by default on all new Windows 11 devices. HVCI uses VBS to run kernel mode code integrity (KMCI) inside the secure VBS environment instead of the main Windows kernel. This helps prevent attacks that attempt to modify kernel mode code such as drivers. The KMCI role is to check that all kernel code is properly signed and hasn’t been tampered with before it is allowed to run.

HVCI ensures that only validated code can be executed in kernel mode. The hypervisor leverages processor virtualization extensions to enforce memory protections that prevent kernel-mode software from executing code that has not been first validated by the code integrity subsystem. HVCI protects against common attacks like WannaCry that rely on the ability to inject malicious code into the kernel. HVCI can help prevent the injection of malicious kernel-mode code even when drivers and other kernel-mode software have bugs.

The Microsoft vulnerable driver block list is another important safeguard against advanced persistent threats and ransomware attacks that exploit known vulnerable drivers. Beginning with the 2022 Update, the block policy is now on by default for all new Windows computers, and users can opt in to enforce the policy from the Windows Security app.

The Windows kernel is the most privileged software and is therefore a compelling target for malware authors. Since Windows has strict requirements for code running in the kernel, cybercriminals commonly exploit vulnerabilities in kernel drivers to get access. Taking advantage of Windows Defender Application Control, the kernel blocklisting feature prevents vulnerable versions of drivers from running. Microsoft works with ecosystem partners to constantly identify and respond to potentially vulnerable kernel drivers. Users who want the highest level of protection can still specify an allow list to implement driver control.

Enhanced identity protection and simplified password management

With Windows 11, you can protect your valuable data and enable secure hybrid work with the latest advanced security that small or medium-sized businesses say results in 2.8 times fewer instances of identity theft.

Here are a few enhancements that can help you stay secure now and in the future:

Windows Defender Credential Guard is enabled by default with Windows 11 Enterprise. Credential Guard uses hardware-backed, virtualization security to help protect against credential theft techniques such as pass-the-hash or pass-the-ticket. In addition, this feature helps prevent malware from accessing system secrets even if the process is running with admin privileges.

Credential isolation with Local Security Authority (LSA) protection enabled by default provides extra protection to new, enterprise-joined Windows 11 devices. LSA is one of the critical processes that verify a user’s identity. With LSA protection, Windows will load only trusted, signed code, making it significantly more difficult for attackers to steal credentials.

Enhanced phishing protection in Microsoft Defender Smartscreen can detect and warn you when you’re entering your password into a known compromised app or website. It also promotes good credential hygiene by warning users when they try to re-use passwords or store them in an unsafe location such as a text file. This goes beyond browser-based protection to build advanced phishing protection into the operating system itself, empowering users to take proactive action before passwords can be used against them or their organization. IT admins can customize alerts using a mobile device management (MDM) solution like Microsoft Intune.

Go Passwordless with Windows Hello for Business. With built-in protection already enabled, Windows 11 helps block software and firmware attack from the moment you turn on your device. And for secure, convenient single sign-on (SSO), you can take advantage of the protection and convenience of passwordless authentication using Windows Hello for Business and a unique identifier such as your face, fingerprint, or PIN. These unique identifiers are bound to your device and can only be used by you from that device for secure, convenient SSO across your computer and cloud services.

We’ve also made Windows Hello for Business much easier to deploy. For example, we’ve removed requirements for public key infrastructure (PKI). Look into this deployment model for an easy, secure way to set up a modern, passwordless sign-in experience.

And if you’re going passwordless, you’ll be able to take advantage of presence sensing for hands-free secure sign-in. Presence detection sensors work with Windows Hello to sign you in when you approach, and lock when you leave. The feature is optional and can be easily enabled on devices equipped with presence sensors.

Locking down IT policy and compliance

Config lock, available only on Secured-core PCs that are designed for added security, helps prevent the configuration drift that occurs when users with local admin rights change settings and put devices out-of-sync with IT security policies. With config lock, Windows 11 monitors the registry keys that configure each feature even when the device isn’t connected to the internet. When a drift is detected, the device immediately reverts to the IT-desired Secured-core computer state.

Config lock builds on the security fundamentals of Windows 11 and is, in part, secured by specific hardware features. The feature monitors a pre-configured set of configuration service providers (CSPs) and policies. If you assign any of these policies to devices in your tenant, enabling config lock will maintain your defined settings.

For more information on these additional security features, or for any query relating to your IT requirements please get in contact with the expert team at GDK Network Systems.

As many of our clients and indeed staff are forced to work from home in these unprecedented times, we are now getting first-hand experience of the benefits and challenges of this new workplace including

• Finding the right place in the house to conduct your work

• Sticking to a schedule

• Keeping in contact with your fellow team members and colleagues

• Staying Focused

• Using the technology that is available to you and improving your digital skills

Today’s Tip

By Working remotely, I may also remind you that you are effectively extending your IT network and allowing devices with potential vulnerabilities to access private data. It is imperative that you apply the same layered approach to security on the home device as you would to an office-based device.

These include:

1.    Home device is monitored to apply Critical Windows updates and detect security vulnerabilities

2.    Managed anti Virus is installed with realtime scanning and updating

3.    Web Protection is installed to ensure devices are protected from known “malware” Sites

4.    As always delete Spam email or indeed mail from an address that does not sit well with you

5.    If you have not looked beyond user/password credentials to critical applications you may need to consider multi factor authentication

If you are concerned about IT security while working from home please get in touch with our expert staff.

The current situation has brought much uncertainty for businesses.  Instead of sitting and waiting to see what will happen, it is time to act and put a plan in place.  GDK Network Systems have assessed the situation and have put in place a robust plan that ensures we can continue to support our clients. 

Specific to COVID-19,  we are providing an outline of key preparedness activities to ensure continued service delivery during this event. The three areas of focus for which we are ensuring business continuity during any situation that challenges normal operations are as follows:

• Impact to systems – does the event have a potential impact on our systems used to deliver and support Your IT Systems? No impact.

• Impact to location – are the locations from which we deliver our support service  affected and what is our response? NO, GDK are flexible to provide service from beyond GDK main Offices as delivered previously in extreme weather conditions.

• Impact to people – are we prepared should there be impact to the individuals responsible for delivering service to our customers? Our staff will be working from various locations thus minimising the risk for individuals delivering customer services.

Is Your Business Prepared for Covid-19?

Now we are asking our customers are you prepared for this unprecedented event?

• Can your staff telework and access your IT systems and files securely remotely?

• Are your staff properly equipped to deliver an on going service?

• Some clients are asking staff to take their laptops home with them every night

• Have you reviewed your phone systems to ensure continuity of service from any location.

What are the business implications, and can you service your customers if you are not working with current up to date data?

If you are concerned as to how you will continue with your business should the situation worsen it’s time to speak with us.  We can help you prepare and plan, call us today. 

You need to be there for your clients every working day, you can’t afford any downtime that impacts on your business. 

We rely on technology to operate and the data we collect is vital to the running of our business.  Imagine the horror of something going wrong and that valuable data lost forever.  If the unthinkable happens, your business needs to be back up and running with all information as soon as possible.  A managed backup solution will enable you to recover anything at anytime, anywhere.

Back Up & Restore

A backup is when a copy of all your files is made.  This data is then stored securely so it can be reinstalled should an incident occur.  How often your back up is done, where it is stored and how quickly you can get that information back are all questions you will need answered by your IT partner.

As part of disaster recovery and business continuity planning, a robust solution for backing up information is vital.    Your data needs to be backed up and stored securely, available to be restored should you need to.  You require a solution that is secure and reliable.  It should work seamlessly, there should be no concern about reliability, it should work – always. 

Secure Storage

It is never a one size fits all when it comes to backup solutions, a hybrid solution may be required to suit your particular requirements.  Replacing you existing systems should aim to have as little impact to internal resources as possible. 

Your data should be securely stored in your geographical region with nobody else having access outside your team.  The data will be backed up to the cloud which means there will be no need for expensive hardware.  

Protect your Data

Protecting your business data with the most agile synchronised backup/recovery systems should be on your agenda.  At GDK Network Systems we ensure your critical data is quickly backed up using state-of-the-art compression technology.  We hope you never have a problem when you require a backup, however, if the unthinkable happens you need to have peace of mind.  To discuss backups and your technology requirements you can always speak with the expert team at GDK Network Systems.