James Thew - Fotolia

Understanding third-party Windows 10 security tools

Third-party security tools provide value and new utilities for Windows 10 desktop administrators. IT should consider non-Microsoft options for patching, firewalls and more.

Tools and utilities such as Windows Defender and Windows Information Protection can meet the needs of many deployments, but some organizations may require third-party Windows 10 security tools with more customization or additional features.

IT professionals must understand the role non-Microsoft Windows 10 security tools can fill and what use cases they serve compared with the built-in options.

Patching third-party software with non-Microsoft tools

One of the greatest security challenges IT professionals face is keeping their security patches current. Desktops and applications alike require fast-paced patching from IT, and keeping up with all of the latest patches is almost impossible.

Microsoft offers Windows Server Update Services to help IT stay up to date, but this native patch management utility can still leave gaps in third-party applications. Without a comprehensive third-party patching tool, third-party apps could go months or even years without critical patches or updates because they slipped through the cracks of Windows' native updating process.

IT can find a software option that shores up these weaknesses without breaking the bank. Ninite from Secure By Design, for example, offers a straightforward approach to patch management with its free tool, though it lacks some of the more complex capabilities, such as choosing specific desktops to patch. The paid version adds this feature and others for deployments that require more comprehensive patch management.

Organizations that must meet strict security regulations may consider GFI Software's LanGuard for patch management because it features vulnerability scanning that meets the standards for patching software in highly regulated deployments, such as those in banks and government agencies. IT can use LanGuard to automate the deployment of critical patches and even reach mobile devices. This tool comes with a yearly subscription fee per device.

Windows Firewall is so common that hackers design malware to exploit it specifically.

For more complex deployments with numerous third-party applications and user types, IT may consider ManageEngine Patch Manager Plus. By mining data from Active Directory, Patch Manager Plus identifies problematic devices and maintains a library of all the devices and their current patch statuses. Organizations with more than 50 endpoints should opt for the Enterprise edition, but smaller organizations can get away with using the Free or Professional editions.

Encryption tools

One of the most crucial Windows 10 security tools is encryption, which codes data transactions so nobody can read them without a unique decryption key.

Windows 10 provides BitLocker, which offers a strong baseline of encryption for cross-network data transactions. Microsoft has improved BitLocker since its initial release in Windows Vista and offers full-disk encryption for Windows 10. However, organizations with stringent security needs might require a stronger encryption tool.

For example, some third-party encryption tools offer more comprehensive mobile encryption for smartphone web browsing with tools like DuckDuckGo and even encrypted phone calls with Signal from Open Whisper Systems.

IT can also enhance desktop encryption with third-party Windows 10 security tools such as VeraCrypt, which offers harder-to-crack encryption than BitLocker and comes at no additional charge because it is open source.

Non-native firewalls

Firewalls -- software that enforces a set of commands regarding all input and output from a network -- are a crucial example of Windows 10 security tools that are often better off from a third party.

Windows Firewall, the firewall native to Windows 10, offers simple management for IT through Group Policy for no additional licensing fee and with no installation process. The popularity of Windows Firewall, however, is what has pushed some organizations to non-Microsoft options. Windows Firewall is so common that hackers design malware to exploit it specifically. Hackers are less likely to design malware to target third-party firewalls because fewer organizations use them.

IT may choose a firewall such as ZoneAlarm Pro Firewall, which includes additional features such as spam filtering or zero-hour attack protection. Further, some firewall vendors, such as AVG, sell their firewall as part of a suite that includes online payment protection and antivirus software.

Dig Deeper on Windows OS and management

Virtual Desktop