santiago silver - Fotolia
Microsoft provides several native Windows 10 security tools that can help IT lock down its desktops, but IT professionals should compare the native tools to third-party options before they select any tools for their organization.
While one cohesive set of security tools for Windows 10 in a single management suite is an attractive option, organizations should also prioritize the feature sets they need, and they may not always be able to find the right features in one suite. Many third-party security software vendors package numerous security tools into one large offering, but these vendors still offer aspects of their desktop security suites as individual products and services.
IT professionals should get to know the different aspects that make up a Windows 10 security suite and compare native tools to third-party options to inform their decisions on which tools and suites work best for their organization.
Antimalware security tools for Windows 10
Windows 10 desktops automatically come enabled with Microsoft Windows Defender, a native antimalware software program. Windows Defender runs quietly in the background and doesn't cause end users problems with constant pop-ups or scans that take up huge amounts of processing power and slow down the desktop's performance.
The software also performs well by some antimalware metrics, according to security software testing company AV-Comparatives. Windows Defender ranked seventh out of 16 antimalware software programs, some free and some paid, at online protection rate, which means how well the software neutralizes malware that is actively attempting to make changes to the desktop.
Windows Defender, however, isn't the best choice for security-focused organizations because it falls short in a few metrics, according to AV-Comparatives tests. Its ability to detect dormant malware while the desktop is connected to the internet ranked last among the 16 tested programs. It also identified just 29.7% of the offline malware threats that AV-Comparatives sent its way. Eleven of the 15 other programs had offline detection rates of 90% or higher, for perspective.
Organizations that have enough resources to pay for software as important as antimalware should consider more robust third-party antimalware programs. For example, Kaspersky Internet Security, Bitdefender Internet Security, Tencent PC Manager and VIPRE Advanced Security are all paid options that performed very well on AV-comparatives' test in all three metrics.
Windows 10 encryption tools
Organizations should also encrypt their Windows 10 desktops to secure their users' data. Encryption tools code data in a way that makes it unreadable to hackers, users outside the organization or anyone without the proper decryption key.
Microsoft BitLocker is the native full-disk encryption (FDE) tool for Windows 10, and like any other FDE it encrypts data on the device's hard drive so a hacker can't remove it and plug it into a new machine to access the data. FDE is essential for laptops, which are much more susceptible to loss and theft than stationary PCs.
There are plenty of additional third-party options as well, such as Check Point Full Disk Encryption, VeraCrypt's TrueCrypt and Sophos SafeGuard Encryption. These third-party security tools for Windows 10 offer features that BitLocker lacks. Check Point Full Disk Encryption, for example, offers single sign-on for authentication and TrueCrypt provides double container security that hides the existence of a second data container within a larger one.
One disadvantage of FDE is the need for encryption and decryption of all aspects of the OS. While FDE provides a high level of security, it can slow down data access for users and boot times for the desktop.
Organizations can also opt to apply more restricted encryption only to specific files. IT professionals can set the file-based encryption to only apply to certain folders or types of documents. The goal is to allow users to edit and share files that stay encrypted while in transit between multiple users and only decrypt for users with the decryption key. BitLocker offers file-level encryption, and so do many other encryption software programs such as AxCrypt Premium and Cypherix SecureIT.
Windows 10 VPN options
The remote workforce has grown in recent years and many organizations must support remote workers' secure access to internal network resources. Remote access VPNs enable this intranet connection.
As with any of these security tools, Windows 10 includes a basic version in the standard OS. The Windows VPN client isn't necessarily free, depending on how an organization deploys and manages its desktops, and the client works exclusively for the Windows platform.
This means organizations that want to run a VPN for additional Linux and MacOS desktops or a mobile VPN for Android or iOS devices would need to find another VPN for those OSes. Third-party VPNs such as NCP Secure Entry Client and Cisco VPN support all these OSes, which is likely preferable for organizations that don't want the management burden of multiple VPN clients.
Windows VPN and third-party VPNs differ in pricing as well as feature sets, including different levels of encryption for data transfers or types of authentication factors to log in. Unlike some of the other native security tools for Windows 10, the Windows VPN client doesn't have any glaring weaknesses apart from the lack of cross-platform flexibility.