Microsoft augments the native protection features in its newer Windows Server releases with cloud-based security products to reduce the likelihood of a successful breach attempt.
Data breaches occur on a daily basis. They can’t be avoided in our interconnected world, but you can take a proactive approach to reduce your risk.
While the internet has been a boon for organizations that rely on remote users and hybrid services, it’s now easier than ever for an intrepid hacker to poke at weak points at the perimeter to try and find a way inside. Windows Server is a key IT infrastructure component for most enterprises that handles numerous tasks — such as authentication — and runs critical workloads, namely Exchange Server, SQL Server and Hyper-V. Due to its ubiquitous nature, Windows Server is a natural target for hackers seeking a foothold inside your company. There are many Microsoft security products and native features in the newer Windows Server designed to keep sensitive information from spreading beyond your organization’s borders.
Microsoft security in Windows Server improved with the Server 2019 release by updating existing protections and adding new functionality geared to prevent the exposure of sensitive information. The company also offers several cloud-based products that integrate with the Windows operating system to warn administrators of trending threats that could affect their systems.
What are some features in Microsoft Defender ATP?
Microsoft Defender Advanced Threat Protection — formerly, Windows Defender ATP — supplements existing security measures while also providing a cloud-based platform with a range of capabilities, including response to active attacks, automated investigation of suspicious incidents and a scoring system that determines the level of vulnerability for each endpoint.
Microsoft Defender ATP, which underwent a name change in 2019 when the product was extended to protect Mac systems, features multiple proactive and reactive methods to protect organizations from many forms of cyberattacks. For example, to keep an endpoint from being susceptible to a common intrusion method via a Microsoft Office application, Microsoft Defender ATP can prevent the application from launching a child process.
Microsoft Defender ATP gathers information from a vast array of resources — such as different events on on-premises Windows systems and the Office 365 cloud collaboration platform — that Microsoft analyzes to detect patterns, such as certain command-line actions, that could indicate malicious behavior. Microsoft Defender ATP integrates with several Azure security products for additional protection. For example, by connecting to Azure Security Center, administrators get a dashboard that highlights suspicious activity in the organization with recommended actions to execute to prevent further damage.
Microsoft security features in this offering were tailored for Windows Server 2019 customers to prevent attacks that start either in the kernel or memory — sometimes called file-less attacks — of the operating system. Microsoft Defender ATP eases the onboarding process for this server OS through System Center Configuration Manager with a script.
What new SDN security features are in Windows Server 2019?
Abstracting the operations work associated with networking offers administrators a way to add some agility in an area not typically known for its nimbleness. Software-defined networking (SDN) gives IT newfound abilities via a centralized management platform for network devices to make it easier to perform certain tasks, such as ensuring specific workloads get enough bandwidth to meet performance expectations. But SDN is not immune to traditional threats if a malicious actor gains network access and proceeds to sniff traffic to scoop up credentials and other valuable information.
Microsoft enhanced the security aspect of its Windows Server 2019 SDN functionality by introducing several features to avoid data leakage, even if the data center defenses failed to stop unauthorized system access.
By implementing the “encrypted networks” feature, organizations add another layer of security around data that moves between VMs inside a particular subnet by encoding the information. Other noteworthy SDN security additions for the Server 2019 OS include more granular control over access control lists to avoid security gaps and firewall auditing on Hyper-V hosts for further investigation of suspicious incidents.
Where can I use BitLocker encryption in my environment?
Microsoft released its BitLocker encryption feature for on-premises Windows systems, starting with the Vista operating system in 2007. Since that time, the company has continued to develop ways to use this technology in more places, both in the data center and beyond.
BitLocker started out as an encryption method to protect all the contents in a hard drive. That way, even if a laptop was stolen, prying eyes would not be able to do anything with the confidential data stored on the device due to the length of time it would take to do a brute-force hack of even a less-secure 128-bit key.
Using BitLocker, while effective to thwart hackers, can frustrate users when they need to authenticate every time they need to use a device or when a BitLocker-encrypted server requires an additional login process after a reboot. Microsoft developed a feature dubbed BitLocker Network Unlock, debuting with Windows 8 and Windows Server 2012, that uses the physical network to deliver the encrypted network key so protected systems can unlock if they are connected to the corporate network.
Microsoft extended BitLocker technology to the cloud to give administrators a way to put additional safeguards around sensitive Azure VMs with the platform’s Azure Disk Encryption feature for full volume protection of disks. For this type of deployment, the Azure Key Vault is used for key management.
What are some recent security features added to Hyper-V?
Data leakage can tarnish a company’s reputation, but it can be an expensive lesson for lax security practices if regulators determine a privacy law, such as the GDPR, was broken.
Organizations that use the Hyper-V platform get the typical benefits acquired by consolidating multiple workloads on a single host in a virtualized arrangement.
But Microsoft continues to help administrators who operate in sensitive environments by adding virtualization-based security features with each successive Windows Server release to reduce the probability of a data breach, even if an intruder makes their way past the firewall and other defensive schemes.
Microsoft added shielded VMs in Windows Server 2016, which encrypts these virtualized workloads to prevent access to their data if, for example, the VM is copied from the sanctioned environment. In Windows Server 2019, Microsoft extended this protection feature to Linux workloads that run on Hyper-V when the VMs are at rest or as they shift to another Hyper-V host.
