Presentation is loading. Please wait.

Presentation is loading. Please wait.

Device Guard and AppLocker Better Together Troy L. Martin 1E.com/blogs/author/troymartin/ Technical Architect 1E.

Published byArleen Pope Modified over 8 years ago

Similar presentations

Presentation on theme: "Device Guard and AppLocker Better Together Troy L. Martin 1E.com/blogs/author/troymartin/ Technical Architect 1E."— Presentation transcript:

1 Device Guard and AppLocker Better Together Troy L. Martin 1E.com/blogs/author/troymartin/ troy.martin@1E.com troy.martin@1E.com Technical Architect 1E Bill Moore billamoore.com bill_a_moore@dell.com IT Product Owner Client & Mobility Dell Technologies

2 @BMooreatDell Described as "Best Dad ever"- 2014 19 years Dell client management Jeep junkie (no Uber in Austin!!) @1E_TroyMartin In ‘92, 2 nd highest score at DeVry 20 (7.5 @ 1E) Go NY Yankees!! Bill Moore Troy L. Martin

3 So, an Engineer walks in to a bar…..

4 Security is no joke…even at the bar Device Guard App Locker

5 What is the problem? Users can install and run unauthorized/untrusted apps Most security products are reactionary by nature Attacks are narrowly focused with specific goals New malware is easily obtained for a few BitCoin Advanced social engineering methods Relaxed attitudes toward local administrators

6 What is the goal? Enforce application standards Eliminate threats associated with untrusted apps Improve management and control of application sprawl

7 Understanding Individual Capabilities App Locker Device Guard Exclude file from allow / deny rule Target users and groups Allow rules beyond executable only Wizard driven Rules survive app updates without mods Windows 7/8/10 Enterprise & W10 Education Dependent on service Only trusted applications are allowed Ability to sign an unsigned app Windows 10 Enterprise & Education No services Separate from kernel Protected by Hyper-V

8 Understanding Similarities Only known-good “trusted” applications are allowed to run. All others blocked. Rules driven Digital signatures Publisher Application attribute Audit mode capability to convert events to rules PowerShell cmdlets =

9 Code Integrity (https://channel9.msdn.com/Events/Ignite/2015/BRK2336) Secure Boot  Includes Secure Firmware Updates and Platform Secure Boot Kernel Mode Code Integrity (KMCI) User Mode Code Integrity (UMCI) AppLocker ROM/FusesBootloaders Native UEFI Windows OS Loader Windows OS Loader Windows Kernel and Drivers 3 rd Party Drivers User mode code (apps, etc.) KMCIUEFI Secure Boot UMCI Platform Secure Boot AppLocker

10 Demo Make application trusted by Device Guard

11 Demo Block older version app using AppLocker

12 Demo Malware attack on Group Policy Client and AppLocker

13 Application Control & Whitelisting

14 The end goals are basically the same Implementation and level of security are much different AppLocker can be compromised Device Guard is very difficult to compromise i.e. Virtualization Based Security, KMCI Security has a cost. Not willing to pay the cost can lead to compromise Differences: Application Control and Whitelisting

15 Presentation Just a placeholder slide. Please use the example slides in the “Template Example Slides” Section. Questions? info@mnscug.orginfo@mnscug.org

16 And Then …

17 Section HeaderSection Header This is the next section

18 Title Line1 Line2 Line3 Line4 Line5 Line6 Bullet Level 1 Bullet Level 2 Bullet Level 3

19 Title Code

20 Text Only with Border Level 1 Level 2 Level 3

21 Text Only without Border Level 1 Level 2 Level 3

22 Title Text 1 Level 1 Level 2 Level 3 Text 2 Level 1 Level 2 Level 3

23 Section 1 Text Level 1 Level 2 Level 3 Section 2 Text Level 1 Level 2 Level 3 Title

24 Demo Demo Title

25

26

27

28

29

30

31

32

33

34

Download ppt "Device Guard and AppLocker Better Together Troy L. Martin 1E.com/blogs/author/troymartin/ Technical Architect 1E."

Similar presentations

Tony Mangefeste Senior Program Manager Microsoft Corporation SYS-462T.

Tony Mangefeste Senior Program Manager Microsoft Corporation SYS-462T.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.

ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,

Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,
Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors.

Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
Lesson 18: Configuring Application Restriction Policies

Lesson 18: Configuring Application Restriction Policies
Customer confidential 1 Privilege Management Sean Moore Solutions Specialist.

Customer confidential 1 Privilege Management Sean Moore Solutions Specialist.
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Virtual techdays Desktop Security with Windows 7 AppLocker & BitLocker to Go Aviraj Ajgekar│ Technology Evangelist │Microsoft Corporation Blog: http://blogs.technet.com/aviraj.

Virtual techdays Desktop Security with Windows 7 AppLocker & BitLocker to Go Aviraj Ajgekar│ Technology Evangelist │Microsoft Corporation Blog:
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
Hands-On Microsoft Windows Server 20081 Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Week #7 Objectives: Secure Windows 7 Desktop

Week #7 Objectives: Secure Windows 7 Desktop
MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.

MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.

Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+

CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
Windows XP Professional Features ©Richard L. Goldman February 5, 2003.

Windows XP Professional Features ©Richard L. Goldman February 5, 2003.
PowerShell Shenanigans Lateral Movement with PowerShell

PowerShell Shenanigans Lateral Movement with PowerShell

Similar presentations

Ads by Google