Airmen of the 21st Communication Squadron work on several computers at once during the Windows 10 rollout project at Peterson Air Force Base, Colo., March 22, 2017. The Windows 10 rollout was part of a Defense Department-wide mandate to update all computers across all services.

Apr 19 2019

Why Windows 10’s Security Features Are a Draw for Feds

Microsoft’s Windows 10 security features offer new ways for agencies to enhance their IT security posture.

As federal agencies race to adopt Microsoft’s Windows 10 platform ahead of the Jan. 14, 2020, deadline for the end of Windows 7 support, they are being driven by a range of factors.

One is simply that deadline itself, and the associated costs that come with missing it. Extended support will be available, but comes at a per-device cost that will increase until that support expires at the end of January 2023.

There are other factors as well, including gaining more streamlined IT operations. “The main driver for upgrades to Windows 10 is to get out of the business of always having to handle patches and upgrades,” says Shawn McCarthy, director of research at IDC Government Insights. “Getting this directly from Microsoft via Windows 10 is key. Moving to Windows 10 also promotes compatibility with what other federal agencies, and external partners, service providers and citizens are doing.”

However, McCarthy notes, increased security is important to federal agencies as well, with simplified patch management falling under that rubric.

“This wasn’t about a tech refresh,” Brian Burns, the U.S. Coast Guard’s deputy CIO and deputy assistant commandant for Command, Control, Communications, Computers and Information Technology. The DOD, which in early 2016 mandated all components migrate to Windows 10, oversees the Coast Guard’s IT, Burns told FedTech regarding the Coast Guard’s Windows 10 migration. “This was, and still is, about cybersecurity.”

There are numerous cybersecurity features built directly into the operating system that federal agencies are taking advantage of, including more secure web browsing, Windows Defender Advanced Threat Protection and Windows Defender Security Center.

MORE FROM FEDTECH: Find out everything you need to know about Windows 7 End of Life. 

Windows 10’s Approach to Computing

At the Small Business Administration, the agency’s deployment of Windows 7 was “very inconsistent,” according to SBA CISO Beau Houser. “Different IT groups were doing different things with different tools,” he says. “Windows 10 was our chance to leapfrog from that inconsistent model to a model that was very consistent and much more secure.” 

The SBA has finished the deployment of Windows 10 at its headquarters in Washington, D.C., according to CTO Sanjay Gupta, and is in the early stages of rolling it out to about 100 field offices around the country, with the goal of completing it sometime before October, he says. Assuming steady state conditions and not counting the SBA’s disaster support team, which flexes in size in response to natural disasters, the agency will have about 5,000 new Windows 10 users

While noting that he is not endorsing Windows 10 specifically, Houser says the SBA has seen “a lot of benefits from the security features that are now built into Windows 10.” Microsoft’s decision to build security features into the kernel of the operating system is “extremely advantageous from an architecture standpoint.”

The SBA is also seeing greater integration between the endpoint protection capabilities of Windows 10 and Office 365 protections, as well as cloud-native capabilities, Houser says. “If you receive an email in Office 365, the alerting is configured and integrated such that the endpoint that receives that email and the user that receives that email are all identified in one central location, so that your incident response is very streamlined from that standpoint,” he says.

Normal computing activity, such as web browsing, can often lead to malware infections, Houser says. Windows 10 offers more secure web browsing, especially via its Edge browser, and Houser says the SBA has seen a decrease in the number of those routine cybersecurity incidents since migrating to Windows 10.


Windows 10’s Approach to Advanced Threat Protection

“On top of a secure operating system, customers also need the added defense of endpoint protection and detection, which is why we built Microsoft Defender Advanced Threat Protection into Windows 10,” says Rob Lefferts, corporate vice president of security at Microsoft.

Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation and response, he notes. The platform helps agencies “reduce their overall risk by eliminating threats before they get to users and helping already strained IT departments prioritize and remediate threats.” Defender ATP is also powered by the cloud, so it is constantly updated and exchanging signals with the Microsoft Intelligent Security Graph, and it “shares detection and exploration insights across devices, identities and information to speed up response and recovery,” Lefferts says.

The Defender Advanced Threat Protection platform is designed to reduce the attack surface, defend against emerging threats, provide endpoint protection and response, automate investigation and remediation, and improve agencies’ security posture with Microsoft Secure Score. The platform also uses advanced threat hunting with Microsoft Threat Experts, “an automated threat hunting service that provides proactive hunting prioritization and additional context and insights for security operations teams to identify and respond to threats quickly and accurately,” Lefferts says. 

Windows 10 timeline

House notes that not only is Defender ATP providing traditional anti-virus and anti-malware, but it also leverages Microsoft’s robust intelligence, so that if Microsoft detects malware or a credential-harvesting campaign on the internet, it can expose that information in the SBA’s Windows Defender Security Center dashboard.

“They also evaluate your hosts to tell you exactly which hosts have not been protected for that specific targeted campaign, so we can get that information to our patch team and really prioritize that based on that active threat,” he says. “You’re seeing it all come together and infusing that intel into the process, which is critical nowadays.”

MORE FROM FEDTECH: Find out how the government plans to reskill workers for cybersecurity roles. 

What Is Windows Defender Security Center?

The Windows Defender Security Center application is a client interface on Windows 10 version 1703 and later, Lefferts notes.

“The Windows Defender Security Center app shows a device’s security and health at a glance, so users can take action as needed,” he says. “The app’s key features include a view of virus and threat protection, account protection, firewall and network protection, app and browser control, device security, device performance and health, and options for how families use their devices.” (For more on Windows Defender Security Center, check out this StateTech article.)

In Windows 10 version 1803, the Windows Defender Security Center app has two new areas, according to Lefferts. Those are account protection, which has information and access to sign-in and account protection settings, and device security, which provides access to built-in device security settings. 

MORE FROM FEDTECH: Discover how to find cybersecurity workers in unexpected places. 

What Is Windows 10 S Mode?

There are additional security features in Windows 10, including the S mode configuration. S mode adds additional security and performance to the device, Lefferts says.

“From a security perspective, many of the attack surface areas that are infrequently used by typical users but often used by attackers have been disabled,” he says. “In addition, only applications that come from the Microsoft Store and have been vetted for safety can be run on the device. This prevents malware encountered on the web, attached to emails or coming from other vectors from being able to infect the device.”

In terms of performance, Lefferts says S mode offers “improved boot times and faster performance online while using Microsoft Edge.” 

Identity and Access Management in Windows 10

On top of all of that, there are some new Windows 10 security features out of the box. One is Windows Hello, which uses biometric-based technology to authenticate users with facial recognition; Windows Hello can even be set to log users out if the camera doesn’t see them for a set period of time. 

Another is Dynamic Lock. “Many users walk away from their devices without locking them, leaving them accessible to unauthorized users,” Lefferts says. “The Dynamic Lock in Windows 10 is an added security feature that will automatically lock your computer via Bluetooth when your phone goes out of range.”

U.S. Air Force photo by Steve Kotecki

aaa 1