James Maude, senior security engineer, Avecto
James Maude, senior security engineer, Avecto

Shortly after the launch of Windows 10 in July of last year, Gartner Research predicted that 50 percent of businesses would begin Windows 10 adoption by January 2017. A February 2016 survey from system management company Adaptiva was even more bullish, with 63 percent of business respondents saying they expected to deploy Windows 10 by the end of 2016.

In the past 12 months, Windows 10 has been steadily gaining market share and Microsoft recently reported that adoption had escalated 300 percent over the past six months. Businesses are often reluctant to migrate to a new operating system, but the security benefits and stability of Windows 10 have reassured many that migration to Windows 10 should be a high priority.

Since its first release Microsoft has focused on security improvements both within Windows 10 itself and also within its own cloud offerings. When it first launched Windows 10 was dubbed the most secure operating system yet and it appears to be living up to the claims. From the outset it offered features such as Hello and Device Guard to make security a better experience for the user and protect the system. The anniversary update in mid 2016 offered further improvements with Windows Defender Advanced Threat Protection (WDATP), which provides organisations with comprehensive threat intelligence and attack detection capabilities.

What's next?

Windows 10 has been built to evolve fast by encouraging and in some cases forcing systems to keep up to date by installing a new patching system. This is combined with an ambitious programme of security improvements that are built around addressing some of the common failings of traditional anti-virus tools.

The upcoming “Creators Update” will expand WDATP by offering a post-breach security analysis service that can utilise sensors in Windows 10 to track attackers across a network and leverage Microsoft's expertise in breach investigations. It is also looking to centralise security event reporting and link Office 365 with the Windows Security Centre to provide better visibility of threats.

On the endpoint Microsoft has begun to extend the hypervisor-based isolation it introduced for credential guard to protect the Edge browser further. This is in line with industry trends towards proactive defence through content isolation. Although this offers potential benefits, Edge is not being widely adopted by enterprises and represents a relatively small attack vector.

This proactive approach to security is a very positive move by Microsoft. Its automatic patching system in particular allows the operating system to quickly adapt to the changing threat landscape and protect endpoints accordingly, something which should be considered by other software providers.

Is this enough to keep businesses safe?

Windows 10 has undoubtedly raised the bar in terms of OS security. However, it is important to remember that security is not a single product or policy. Although Windows 10 makes a compelling offering in terms of better OS security and better detection, there are still critical measures that should be put in place to secure any OS. It is important that organisations work to harden endpoints from attack, and even with the additional security, Windows 10 still represents a significant attack surface.

It is also important to remember that the system is only as secure as the user logged in so even with the latest Windows 10 offering it is important to implement least privilege and remove high-risk admin accounts. Ransomware and other threats prey on the fact that users have access to a lot of data, so ensuring that application whitelisting is in place is essential to prevent threats from launching, and using content isolation in order to protect data is more important than ever.

Many of the benefits of Windows 10 will take many years to be fully realised. However, this is no reason to delay implementation. Microsoft has clearly shown it is committed to improving the OS and offering its own experience and skills to improve detection capabilities in the enterprise. When these security improvements are combined with proactive measures like least privilege and whitelisting, we can build systems that start secure and stay secure.

Contributed by James Maude, senior security engineer, Avecto

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.