The next big update to Windows 10 Creators Edition is out in the Fall1 and Redmond is hyping up its security chops and admin tools. For a start, we’re told Windows Defender will be extended from client to Microsoft’s server operating systems . In addition, Redmond is adding Windows Defender Exploit Guard and Application Guard to the security suite and updating its Device Guard and Defender Antivirus software. Exploit Guard is basically Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) security software reworked for the new operating system . Last year Microsoft was forecasting the death of EMET, but now it appears it has listened to advice from its users2 and security experts3 that the code should be retained.
“We love EMET so much we built it fully into Windows 10,” Rob Lefferts, director of the Windows and Devices Group, told The Register. “Everything you could do with EMET you can do with Exploit Guard.”
Exploit Guard will come with new rules designed to detect unauthorized system access, and will take advice from Microsoft’s security center in real time . Redmond even says it will protect against zero day exploits. Application Guard is designed to work with the browser to detect whether local users have downloaded or installed code that they shouldn’t . The new code will lock any infection onto a local machine to stop it spreading, and notify the security team that something has gone seriously amiss.
Device Guard is getting an upgrade and uses whitelisting to keep dodgy software off PCs . Lefferts said that Microsoft is working with developers to constantly update the whitelists and ensure that legitimate code will run without a problem. On the pure antivirus side, IT admins running Defender will get a new security analytics screen that will use data from all Microsoft customers to advise on potential or incoming threats . APIs will also be released so third-party app vendors can use the same information to secure their apps.
Autopilot for Admins
Also new in the update is a suite called Windows Autopilot, which is a set of custom tools for IT admins designed to make their lives easier. In addition to the new security features, Microsoft is augmenting the Autopilot computer setup program that works with Azure and Intune to configure enterprise PC farms . A new Autopilot Reset function lets admins wipe a PC for example if someone leaves the company without wiping out all the settings, just the non-essential local content. Redmond will also begin putting out updates for its mobile device management suite to allow better integration with Windows 10 . The tools will now give regular update progress reports to IT controllers and will add support for Active Directory domain-joined devices .
There’s also support for configuring and locking down kiosks running Windows. A new update to the Windows Analytics package include a category known as Device Health . This scans the PCs on a network, noting bad configurations or missing updates and alerting staff.
Cyber attacks are the virtual reality that has just got real . On Friday, hackers suspected of being Russian broke into parliament, in a sustained and determined attack that compromised the network. Using software that reportedly used brute force to overwhelm and guess passwords, only 90 email accounts were breached before the attack was rebuffed, but the UK s defences are looking flimsy against a rising tide of online attacks . Last month, the NHS-crippling WannaCry1 virus crippled dozens of health trusts as computers were frozen . University College London was hit by a major ransomware attack this month that shut down its shared systems.
The devastating nature of such attacks lies in simplicity as much as state-of-the-art technology: it just takes one employee to open or respond to the wrong email . Barclays chief executive Jes Staley was left red-faced last month when he fell for a hoax email purporting to be from Barclays chairman John McFarlane. London, though, is leading a fightback . In February, the Queen opened the National Cyber Security Centre, part of GCHQ in Victoria, which worked around the clock to shut down Friday s attack . The booming fintech sector is a magnet for private-sector cyber security companies such as DynaRisk and CybSafe looking to service them . And so the best and the brightest talent are making their way to the capital . This group of ethical hackers and security experts are the new first line of defence.
The parliament attack was pretty unsophisticated the cyber equivalent of a criminal trying a door to see if it s locked properly, says Oliver Rees, 26, CEO of Southwark company Trustlight, whose job is to make sure cyber back doors stay locked .
He s part of London s fightback against cyber crime in the UK . The new normal is the everyday hackers trying to break into our phones, TVs and anything else that s connected . The good news is that with a few simple steps, we can protect against 99.9 per cent of the attacks. CyLon (Cyber London), Europe s first dedicated cyber security start-up accelerator, is based in Hammersmith and pumps 15,000 each into fledgling cyber security companies with bright ideas but bare pockets . It s a three-month programme where entrepreneurial teams with innovative and disruptive business ideas are provided with access to expert training and guidance from an accomplished network of mentors and investors.
The capital is, therefore, a cyber petri dish, where we scoop out virus cultures and stick them under the microscope, then work on an inoculation . But who are they recruiting?
The AI cyber sentry
Emily Orton, Darktrace
(Daniel Hambury/Stella Pictures)
Every year hackers are getting better, says Emily Orton, 33, co-founder and director of Darktrace, the 400million-valued London-based cyber security firm, shortlisted for this year s Evening Standard Business Awards, which claims to have beaten the WannaCry hack . There s been an industrialisation of the threat landscape she says, as hackers become better funded and better equipped via the Dark Web.
We re seeing a move towards more automated threats, cleverer cyber weapons, and attacks towards trust in data, where people are in a network for longer, undermining its integrity . The response ? Their machine learning AI which stops emerging threats as they happen . Orton uses the analogy of the human body, with the skin being rudimentary firewall systems that keep out elementary threats .
We re the immune system that works to continually identify anything that gets through, adapting to any internal threat that shouldn t be there, she says . It s an AI that builds an understanding of what s normal for the organisation, so it can spot when a device or person in organisation acts strangely and flag that in real time.
The web s guardian angels
Aleks Koha, Titan Grid
Hackers never sleep, so neither do we, says Estonian Koha, 23, CEO of Titan Grid, one of CyLon s latest incubators . They find the most annoying time to hit you, like a Friday, or a weekend, when the lights are on but nobody s around to defend themselves . Koha works round the clock with his five-man team in Hammersmith, to the extent that his girlfriend is always glaring because my laptop s on in bed late at night .
Titan Grid specialises in cyber counterintelligence it sweeps up and erase clients home addresses, emails, and phone numbers from the internet using automated tools . These are the most basic lockpicks a hacker looks for, with over 60 online identities stolen per second.
It s dangerous, because the information we collect is useful to hackers too, says Koha . We have targets on our backs . Koha practices MMA and jujitsu in his spare time, which helps him develop resistance to high pressure situations . We can t stop 100 per cent of attacks happening in the first place, but we can give you a better lock than your neighbour, he says.
The identity cloaker
Irra Ariella Khi, VChain
I m much more comfortable working with my brain rather than my face, nowadays, says Khi, 33, a former model, an Oxford history and politics grad, and two-time e-commerce founder, who is fluent in nine languages . Her London start-up, Vchain, wants to make your identity unhackable , pitching to replace passports with blockchain technology, a digital ID key that no one can clone, which has so far been chiefly associated with Bitcoin transfers . Data is stored very poorly right now, says Khi .
You trade data for services you need, but have no quality control over how it s captured. International Airlines Group, British Airways s parent company, has already invested megabucks in Vchain which she runs with co-founder Alexander Gorelik after she won the pitch as the only woman on stage . I find that competence wins out, whatever your gender, she says . If in a room full of boys, the girl puts her hand up, chances are you ll be addressed not first or second, perhaps, but you ll be heard . A single mother, she lives in Fulham with her five-year-old daughter.
The e-psychology gurus
Oliver Rees and Alexander Walker, Trustlight
We re new here, says Oliver Rees, 26, CEO of Trustlight, another Cylon incubator that uses both technology and psychology to stop email fraud . He s not just talking about the company . We ve had 200,000 years of human evolution to learn to sense when there s a physical threat behind a bush, he says, but only 20 years to learn to sense threats online.
It s the people who most often accidentally give up the secrets, rather than the machines, agrees CTO Alexander Walker, 29 . Ninety per cent of attacks start with someone receiving an email that isn t genuine, he says . Trustlight, with the permission of companies, crafted fake emails in their testing stage to see who would take what bait.
Invite anyone to be the keynote speaker at an event and they ll click on the link every time, says Walker . Not all hackers are the enemy, though . A Jordanian contacted them to highlight a security flaw, asking for a bug bounty ; Rees replied that they couldn t pay the money, but sent him a T-shirt instead . He sent us a selfie, wearing it, and the happy ending is that now we work together.
The cybersecurity credit raters
Andrew Martin, Dynarisk
Born in Toronto, Canada, Martin, now 35, was a typical hacker in his teens, a near high school dropout, terrible at every subject apart from IT . Having enjoyed the adrenaline rush of breaking into systems , he realised the risks if he actually stole anything , so he stopped, and started working for a bank to stop people like me breaking in . (With his skills, getting a job when he moved to the UK in 2012 was easy.) His best trick was reverse engineering viruses , allowing him to find out where they were talking back to . According to Martin, he uncovered state-sponsored hacking, criminal groups in Eastern Europe, Asian and Central America , handing intelligence to the police . He s now left the fun stuff behind: his own company, Dynarisk, assesses an individual s risk to see how likely they are to be hacked, giving them a credit score and a tailored action plan of the things they need to do to protect themselves.
It also scans devices for vulnerabilities, check to see if emails were breached (his own has been five times), send safe, probing phishing emails and scan home browsers to see if can be accessed via the internet . He and his wife, Yasmin live in south London . They met in cyber security, so you see, you can find love in this line of work too .
The university of hacks
Oz Alashe, CybSafe
Oz Alashe, 40, is the daddy of all cyber security experts . As a father of two, a boy, five, and a girl, 19 weeks old, he worries about the online safety of his kids as much as the work of his GCHQ-accredited Canary Wharf firm CybSafe . He s also served in the UK s special forces, so he knows how to keep us safe . He s therefore all about education: CybSafe is a cloud-based educational tool allowing companies and their staff to learn how to look after their own.
Originally, we worked with cyber security experts, including ethical hackers, to learn the tools of cyber hackers: we then built a platform and modules that address what we learnt . They then assess to see if staff behaviour is changed by simulating attacks, via phishing emails, corrupted SMS text messages or USB stick drops (they work with both government and commercial entities) . You d be amazed at how many people pick up a USB stick with the word bonuses written on it and plug it straight in, says Alashe.
Pedro Ribeiro, Immersive Labs
If you re going to protect against hackers, you need to know how to hack, says Pedro Ribeiro, 33, CTO of Immersive Labs, another CyLon incubator, which teaches companies staff how to be hackers themselves . It s like playing a game of chess, and if you don t have all the pieces, you don t stand a chance .
Ribeiro s been a legal ethical hacker for eight years, exposing companies flaws on their payroll, earning between 500 and 2,500 a day .
The problem is, there s a severe skills shortage, which means we re expensive, he says . To bring the costs down and with increasing demand for hack-literate employees Immersive Labs shows them how to do it, teaching them to pull source code, manipulate sites to their advantage, spot problems with programmes and exploit them . Ribeiro is a devoted martial arts disciple . These days you have two types of hacker: the old-school doesn t see the daylight type, and the opposite . It s good for the body and the mind, and it fits with the hacking mind-set: you re fighting something big, always going against the current.
All security personnel who hold a CP licence only. It’s that time of year again when we start looking for suitable security/surveillance staff to cover a music festival in the Banbury area, nr Oxford on the dates of Thur 10th to 12th August 2017. Again the contract has been won for the provision for a plain clothed surveillance team to patrol, in a low profile role, to provide up to date information, observation and surveillance for any undesirable persons at the festival.
The job outline is for three nights Thurs to Sat night (ending Sun 06.00) Same advert as last year only with the addition of IF YOU CANT DO IT DONT APPLY. Kirsten got let down badly last year by several persons and it nearly cost her the contract. All sounds fun, the facts. Looking for The job is for three night s Thur 10th to Sat 12th hours 20.00-06.00am each shift. Pay is 450 for the three shifts, on 30 day invoice. Its plain clothes work, it may be wet or it may be dry tho, so wet weather kit may be in order!!! (It s a family orientated low level festival which attracts generally mature and family persons) with a crowd of 20,000 people. There are uniformed guards there for the crowd control and public order which are nothing to do with the surveillance teams, the role of the surveillance team is to observe and report any illegal or immoral activities to the Control or the Police on the festival (avoid any hands on if possible, it s a family thing after all however if necessary reasonable minimal force can be used of which is justifiable). Breakdown is One PM, one Team Leader and four two man/woman teams. PM and TL already allocated so don t apply for the role.
So anyone who either lives local to Banbury or wants to camp out for the full duty is more than welcome. A wrist band is issued so you can see the bands too if it’s quite. Job goes out for all members of security staff who hold a CP SIA license. Men and women can apply, need both for this job. NO EGOS on this job either, it s a good gig and its been going on for over 10 years without hitch. To apply PLEASE DON T SEND YOUR CV. Only send a profile with your skills for this role (not really interested if your ex DET, 14int-live in a loft for two weeks in NI in 1984 or you can camouflage yourself to match the wife s curtains) just looking for guys/gals who can get involved and get on with it at this type of event and work without fuss. Ex Mill preferred however not essential as there are some great non ex mil guys out there, all on merit. Professional whiners and job snobs need not apply as it has a good rating of a nice number for the guys who have done it over the last few years.
Feel free to spread the word on other sites. Send profile to Kirsten Kirsten.firstname.lastname@example.org On three notes, 1 this is the only job she covers so no need to ask to be kept on file.
2 If you are on the job please don t card the client as it has been done before and the client lets her know. Kirsten is offering work in these quiet times, please don t bite the hand.
3 if you re on the job stick to it, she was let down on the 11th hour last year, very disappointed.
Brief on role upon selection Thanks