Laura A. Robinson July 10, June 30, /15/2018 4:19 PM

Laura A. Robinson July 10, 1968 - June 30, 2017 11/15/2018 4:19 PM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11/15/2018 4:19 PM BRK3060 Defend against malware with robust and practical application whitelisting Aaron “Voldemort” Margosis Chris Jackson Principal Consultant, Chief Awesomeologist, Dark Lord Cybersecurity Enthusiast @aaronmargosis @appcompatguy © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

APPS Trust by Exception Trust by Default All software is bad
11/15/2018 4:19 PM Trust by Default All software is good until proven bad Trust by Exception All software is bad until proven good APPS © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows Operating System
11/15/2018 4:19 PM Windows defender Application Control DeviceGuard Active Enterprise Virtual Edition 2018 with Subscription, Semi-Annual Channel for Broad Deployment .net Kernel Windows Platform Services Apps SystemContainer DEVICE GUARD Trustlet #2 Trustlet #3 Hypervisor Device Hardware Windows Operating System Hyper-V © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Explicit Control Managed Installer AaronLocker Cloud Control
11/15/2018 4:19 PM Managed Installer AaronLocker Cloud Control © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Intro to Whitelisting 11/15/2018 4:19 PM

Malware Trickery Users
11/15/2018 4:19 PM Malware Trickery Users Malware drops malicious software and executes it User is tricked into downloading and running bad stuff (e.g. phishing) User decides to run unauthorized / unlicensed software © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Business Value of Whitelisting
11/15/2018 Business Value of Whitelisting Users only run authorized software Powerful defense against malware and ransomware Spectrum of defenses © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

AaronLocker Cloud Control 11/15/2018 4:19 PM

AppLocker rule collections
11/15/2018 4:19 PM AppLocker rule collections © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Demo Whitelisting Admin-Writeable Areas 11/15/2018 4:19 PM

Managed Installer AaronLocker Cloud Control 11/15/2018 4:19 PM

Demo Whitelisting with Managed Installer 11/15/2018 4:19 PM

Explicit Control Managed Installer AaronLocker Cloud Control
11/15/2018 4:19 PM Managed Installer AaronLocker Cloud Control © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Next generation app control
11/15/2018 Next generation app control Secure your devices with Explicit Control Windows desktop can be locked down to only run trusted apps, just like many mobile OS’s (e.g.: Windows Phone) Untrusted apps and executables, such as malware, are unable to run Signed policy secures configuration from tampering Protects system core (kernel mode) and drivers from zero days and vulnerabilities Requires Windows 8 certified or greater hardware with VT-X and VT-D © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

Next generation app control
11/15/2018 Next generation app control Getting Apps into the Device Guard Circle of Trust Supports all apps including Universal and Desktop (Win32). Trusted apps can be created by IHV, ISV, and organizations using a Microsoft provided signing service. Safe list supports signed or hash values for apps. No additional modification is required. Apps provisioned by ConfigMgr (1606) can automatically be added to the safe list. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

Please evaluate this session
Tech Ready 15 11/15/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Laura A. Robinson July 10, June 30, /15/2018 4:19 PM

Similar presentations

Presentation on theme: "Laura A. Robinson July 10, June 30, /15/2018 4:19 PM"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Laura A. Robinson July 10, June 30, /15/2018 4:19 PM

Similar presentations

Presentation on theme: "Laura A. Robinson July 10, June 30, /15/2018 4:19 PM"— Presentation transcript:

Similar presentations

About project

Feedback