Microsoft announces major new Windows 11 security features for 2022

We are excited to bring Transform 2022 back to life on 19th July and virtually 20th July – 3rd August. Join AI and data leaders for sensible conversations and exciting networking opportunities. Learn more about Transform 2022

Microsoft on Tuesday unveiled new and updated Windows 11 security features set for later 2022, including improved protection against phishing and malware aimed at dramatically reducing the workload for security teams, Microsoft security executive VentureBeat said.

Cybersecurity teams are constantly facing a “huge funnel” of problems that need to be fixed – but with the security capabilities coming to Windows 11, “that funnel will be much smaller,” said David West, director of OS and Enterprise. Was. Security at Microsoft, in an interview. “It simply came to our notice then. We want to reduce the number of things security teams have to look for and make their lives easier. And it allows them to go deeper into important matters. “

When Microsoft launched Windows 11 last October, the company said that the main driver for the new operating system was to enable more security features than Windows 10 to be turned on by default.

For the annual feature update coming in late 2022, Microsoft aims to go further with a range of new Windows 11 security capabilities – many of which will continue by default – that try to reduce the funnel of problems for security teams. For a trick, “West said.

Windows 11 transition

While the new features won’t come for months, Microsoft is now releasing details to help generate more interest in businesses moving to Windows 11. Statistics from AdDuplex show that Windows 10 PCs are still 4-more than devices running on Windows 11. -1 margin, and the margin is probably higher between businesses – which often takes longer than customers to get to the new operating system version.

The new features that Microsoft has announced include capabilities that have the potential to create “huge dentes” in phishing and targeted malware attacks, ultimately reducing the spread of ransomware, Westen said.

Microsoft Defender SmartScreen Solutions will offer improved phishing detection starting with the next annual release of Windows 11, warning users when they enter Microsoft credentials into a malicious application or website.

Weston said that in the past when phishing prevention was offered to browsers, Microsoft is now moving it to the operating system level for the first time. “That means every application now has the ability to make phishing prevention available,” he said.

When that user becomes the victim of a successful phishing attack, according to Weston, the feature will enable Microsoft to alert the user’s security operations team.

Malware prevention

In terms of preventing malware, Microsoft plans to introduce Smart App Control – a new Windows 11 feature that will prevent malicious applications from running cryptographically signed apps.

This benefits from the concept that Microsoft introduced in its Windows 10S Edition, which locked devices just to be able to run apps from the Microsoft Store. “It was great for security. We don’t have any malware,” Westen said.

However, many users wanted the option to run apps that were not in the Microsoft Store. With smart app control, “this solves that problem. It lets you tell anyone who can sign up for the app, they can run it now, “West said. Known for writing – so we’re not going to let it go. “

The result, according to Weston, is that “99% of the apps you ever want to use will work fine. And most likely the one that will be blocked is malware.”

“It’s reversing the ‘wake-a-mole’ model into ‘prove to me you’re good,'” he said. “It’s really zero confidence for apps.”

Starting with the annual Windows 11 feature update of 2022, Smart App Control will be automatically included with the newly shipped devices. Other devices will need to go through a clean installation of Windows 11 to reset and use the feature, according to Microsoft. “We need to start with a clean slate, so that we can fully assess whether there are any inconsistencies with the system,” Westen said.

Ultimately, when it comes to these new features to reduce phishing and malware, “our strategy is to cut to the heart of what technologies are being used today to abuse our users – and stop that,” he said.

Virtualization based security

Other security enhancements that Microsoft is announcing include the widespread availability of Virtualization-Based Security (VBS), which continues by default with the advent of the 2022 annual Windows 11 feature update.

With the initial version of Windows 11, only the latest CPUs were able to support VBS by default – but with the next version, virtualization-based security will now be turned on by default for every single compatible processor, West said.

Virtualization-based security enables many key security features, which will be turned on by default in Windows 11 with the next release of the OS. Those features include hypervisor-protected code integrity (HVCI), which prevents dynamic code from being injected into the Windows kernel, as has happened in previous attacks, including WannaCry.

VBS, which is turned on by default, will also enable two new security features to run automatically in the next Windows 11 update. Credential Guard is a feature that takes advantage of VBS to protect against identity theft tricks such as pass-the-hash, as well as to prevent system secrets from being accessed by malware. Another new on-the-default feature will add more security to the Local Security Authority (LSA) process, ensuring that the process only loads signed code.

“The traditional way to target that process was by malicious drivers, but we’re blocking many of them,” Weston said with this next feature.

New encryption feature

An additional upcoming Windows 11 security feature, Personal Data Encryption, will serve as a second layer of encryption outside of BitLocker. This second layer will be file-specific, and will be linked to the user’s Windows Hello credentials. Thus, if an attacker “somehow [able] To get through BitLocker, these files will still be encrypted, “West said.

Microsoft is also using the ad to draw attention to a security feature not previously discussed by the company, but in fact it has been available in Windows 11 since the beginning. That feature, Profile Lock, automatically restores systems to the organization’s desired security settings if they are changed by the user or administrator.

According to Weston – and in particular, helps remove some of the burden on security and IT teams.

Security chip

In the same vein, Microsoft is also talking about the commercial launch of its Pluton security processor, which is set to take place next month, which will bring benefits, including automated firmware updates, West said. Pluton will be available for PCs with AMD or Qualcomm processors in some devices from vendors including Lenovo (no Intel at the moment), he said.

For devices with Pluton security chips, firmware updates will be delivered via Windows Update and will not require manual effort, Westen said.

Overall, with the Windows 11 security features announced by Microsoft today, “We’re going to make everyone’s life easier by working as a global security team,” he said.

“We’re not going to force them to configure – we’re going to do it ourselves,” Westen said. “We are going to turn things on by default. We’re going to make that funnel smaller. And so, security teams will have less to do with it, and it will have better security quality overall.

Venturebeat’s mission Transformative Enterprise is about to become a digital town square for technology decision makers to gain knowledge about technology and transactions. Learn more about membership.

Similar Posts

Leave a Reply

Your email address will not be published.