Microsoft Update for Windows Security

[Pages:28]presented by

Microsoft Update for Windows

Security

UEFI Spring Plugfest ? March 29-31, 2016 Presented by Jackie Chang, Tony Lin (Microsoft Corporation)

? 2016 Microsoft Corporation. All rights reserved. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Information and views expressed in this document, including URL and other Internet Web site references may change without notice. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after

the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Updated 2011-06-01

UEFI Plugfest - March 2016



1

Agenda

? Security for Everyone ? Windows 10 Security Features ? Additional Firmware

Considerations ? Summary and Call to Action

UEFI Plugfest - March 2016



2

Setting the pace for change

? Driving the security experience for our customers, investing in securing their data

? Partner together to deliver a great security experience with Windows 10

? Executing on Windows as a Service(WaaS) requires agility and flexibility across our ecosystem

UEFI Plugfest - March 2016



3

Security for Everyone

UEFI Plugfest - March 2016



4

The attackers are changing their playbook...

How do breaches occur?

46%

of compromised systems had no malware on them

99%

Of the exploited vulnerabilities were compromised more than a year after the CVE was published.

100%

67%

33%

23%

50%

of victims have upto-date anti-virus

signatures

of victims were notified by an external entity

Source: Mandiant 2014 Threat Report

UEFI Plugfest - March 2016

of victims discovered the breach internally

Of recipients open phishing messages

(11% click on attachments)

Nearly 50% open emails and click on phishing links within

the first hour.



5

Protecting our mutual customers requires ecosystem-wide effort

Window 10 security features rooted in hardware & firmware

BitLocker, Secure Boot, Health Attestation, Device Guard, Passport

Researcher & attacker interest follows

37 unique publicly disclosed firmware security issues in the last 2 years according to Intel Security ATR Exploits can lead to security bypass

Not letting up on software vulnerabilities though

Antivirus, System Utilities, Certificates

Windows as a Service (WaaS)

? More frequent Windows updates ? Reduces Windows ecosystem

fragmentation ? Focus on new AND existing (update)

devices ? Cumulative security updates

UEFI Plugfest - March 2016



7

Updates and requirements for

Windows 10 Security Features

UEFI Plugfest - March 2016



8

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download