October 16, 2018

Last Updated on January 15, 2024

It looks like Windows 10 has finally overtaken Windows 7 as the most widely-deployed Windows platform. From a cybersecurity standpoint, this is good news.

Windows 10 is a more secure environment with more up-to-date security functionality built-in. Moreover, Windows 7 is well past the end of its Mainstream Support period (no feature upgrades since January 2015), and nearing the end of Extended Support period (no more security patches after January 14, 2020). End-of-life (EOL) software is an open door for hackers, who can target any unpatched vulnerabilities, often via pre-made exploit kits.

In short, Windows 7 has no future. The sooner you move to Windows 10, the sooner you can benefit from an upgraded security posture. Further, you can enjoy a more consistent security posture across your user base, versus a mix of users on different Windows platforms. The upgrade is especially important for mobile and remote users, because of the extra risk these endpoints present in regards to theft and loss of sensitive data as well as compromised remote access credentials.

Windows 10 Security Feature Review

There are four major security features in Windows 10 and Windows 10 Enterprise that many organizations will benefit from:

  1. Windows Hello and Hello for Business supports two-factor authentication (2FA) options ranging from a PIN to a fingerprint to facial or iris recognition, while enabling single sign-on. This simplifies the process of implementing 2FA for remote users logging in via a VAN, for instance. This technology will proliferate in the near future, especially for authenticating with web applications via browsers. 
  2. Windows Information Protection offers both corporate and personal data segregation and containment options to help ensure that only trusted services can access business data, even in mobile contexts. It also helps prevent copy/paste data leakage scenarios, making it particularly beneficial in regulated environments.  
  3. Device Guard and Credential Guard are Windows 10 Enterprise virtualization-based security features. Device Guard blocks devices from running non-trusted applications, to potentially thwart advanced threats like zero-day attacks and self-encrypted polymorphic viruses. Credential Guard isolates domain credentials within a VM, separate from the operating system kernel, making them inaccessible even if hackers gain access to the server. 
  4. Windows Defender Advanced Threat Protection is a cloud-based security service offering “post-breach” data protection that can “detect, investigate and respond to advanced attacks.” This add-on service, geared toward enterprise customers, will be continuously updated with the latest protection and analytics.

Operating system upgrades can be painful… But they are also inevitable. By moving to Windows 10 now you can enjoy its information security advantages for a full seven years (until 2025), which is five years beyond EOL for Windows 7. Five years is a very long time in the realm of cybersecurity.

More information on Windows 10 security improvements:

For expert guidance on a Windows 10 upgrade strategy, including which Windows 10 security features are right for your organization, contact Pivot Point Security.

Is a penetration test really the service you need?

Without good Asset, Patch & Vulnerability management in place, a network penetration test could be a big waste of time and money.
Download the free inforgaphic now!