Application Security Architecture Authentication
CertificationsCorporate ComplianceCryptology
Disaster RecoveryEnterprise SecurityExploits
FirewallsIncident HandlingIntrusion Detection
OS SecurityPolicies and ProceduresSecurity Basics
Security ManagementSecurity ToolsServers
StandardsVoIPVulnerability Management
Web SecurityWiFi SecurityWorms and Viruses

How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It

by Nikhil Mittal

In Windows 10, Microsoft introduced the AntiMalware Scan Interface (AMSI) which is designed to target script-based attacks and malware. Script-based attacks have been lethal for enterprise security and with advent of PowerShell, such attacks have become increasingly common. AMSI targets malicious scripts written in PowerShell, VBScript, JScript etc. and drastically improves detection and blocking rate of malicious scripts. When a piece of code is submitted for execution to the scripting host, AMSI steps in and the code is scanned for malicious content. What makes AMSI effective is, no matter how obfuscated the code is, it needs to be presented to the script host in clear text and unobfuscated. Moreover, since the code is submitted to AMSI just before execution, it doesn’t matter if the code came from disk, memory or was entered interactively. AMSI is an open interface and MS says any application will be able to call its APIs. Currently, Windows Defender uses it on Windows 10. Has Microsoft finally killed script-based attacks? What are the ways out? The talk will be full of live demonstrations.
» Read more

Why Windows 10 is the most secure Windows ever

windows-10

Microsoft added two game-changing security features for enterprise users in Windows 10, but until recently, the company has been relatively quiet about them.

So far the buzz has mainly been about Windows Hello, which supports face and fingerprint recognition. But Device Guard and Credential Guard are the two standout security features of Windows 10—they protect the core kernel from malware and prevent attackers from remotely taking control of the machine. Device Guard and Credential Guard are intended for business systems and are available only in Windows 10 Enterprise and Windows 10 Education.
» Read more