Windows 11 Available: What Security Pros Should Know

  /     /     /  
Publicated : 23/11/2024   Category : security


Windows 11 Available: What Security Pros Should Know


Microsoft discusses the security requirements and changes coming to the newest version of its Windows operating system.



Microsoft today announced the official release of Windows 11 for compatible machines around the world, starting Oct. 5. But those who want to upgrade will need to ensure their computers meet a long list of security and system requirements.
The
system requirements
for Windows 11 include a 1GHz or faster dual-core compatible 64-bit process or system-on-a-chip (SoC), 4GB of RAM, at least 64GB of storage, UEFI Secure Boot enabled, and Trusted Platform Module (TPM) version 2.0, among other requirements. Those unsure whether their device is compatible can verify using Microsofts PC Health Check app.
This is important to note because the long list of requirements, while a plus for security, might mean a lot of people dont have the required hardware for the new OS and will need to wait until their next PC to upgrade. Microsoft in 2019 debuted
Secured-Core PCs
, which were built to have a defense-in-depth approach to system security but which still
arent widely adopted
. Microsoft said the vendor and its partners now have more than 100 devices in market from more than 11 OEMs, and the devices are 60% more resilient to malware than traditional PCs.
Microsoft says the new hardware security requirements for Windows 11 are meant to create a foundation thats more resilient against cyberattacks. This version of Windows requires hardware that enables additional protection such as Windows Hello, Device Encryption, virtualization-based security (VBS), hypervisor-protected code integrity, and Secure Boot. VBS and Secure Boot are built in and enabled by default on new CPUs, security officials note in a
blog post
on the rollout.
Enabling security by default was a priority for Windows 11, says David Weston, Microsofts director of OS and enterprise security. Many of the Windows 11 baseline security features are available in Windows 10; the focus has been making them ready to be available by default.
Theres obviously been a lot of discussion about Windows 11 having a higher security bar from a hardware perspective, and were putting that to good use by introducing more defaults than Windows 10 or its predecessors had, Weston says.
The focus on security by default partly stems from Microsofts annual Security Signals report,
which found
more than 80% of vice presidents and above report theyve experienced a hardware attack in the last two years, but 29% of budgets are allocated to protect firmware. This year, the report found 80% believe software alone doesnt offer sufficient protection.
Detection is working [and] were seeing more, we just dont have enough folks, and we just dont have enough time, to go through all those detections, says Weston of the challenges that businesses face. So we want things like hardware to stop more things before they become detections and sort of reduce that funnel. With more security enabled by default, he believes there will be less to configure and less complexity in deployment for IT and security teams.
Improving virtualization-based security performance, and making it more reliable, lets Windows 11 use technologies such as Microsoft Defender Application Guard to containerize apps that are frequently targeted, such as browsers and Office clients, he continues. With Application Guard, websites and Office files run in an isolated Hyper-V container so anything that happened in the container is isolated from the desktop OS. This virtualization-based technology is also used in other Windows security features, including Credential Guard and Hypervisor Code Integrity.
For IT and security teams gearing up for an enterprise rollout, Weston advises using the same advice that applies to other major upgrades.
All of those basic fundamentals still hold true: Have a solid backup plan, have a tiered rollout where you can make sure things are going well and roll it back if there are some unforeseen issues, he says, noting that every environment is slightly different; their risk tolerance is slightly different.
He also encourages ensuring security tools are ready to work on the new OS. While Microsoft works with major vendors to ensure compatibility, individual businesses should double-check their endpoint detection agents, vulnerability scanners, and other tools work as expected.
For organizations that arent ready to make the switch, there is time. Windows 10, which has the same baseline security features as Windows 11, will be supported through Oct. 14, 2025.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Windows 11 Available: What Security Pros Should Know