Keep Security in Mind for a Successful Windows 10 Upgrade: Five Steps

Last month, Microsoft announced that Windows 10 is now installed on more than 800 million active devices around the globe. Windows 10 deployments continue to gain momentum as enterprises aim to take advantage of Windows 10’s security features, enhanced usability and operating speed, while also preparing for the end of Windows 7 support in January 2020. Security should be  key consideration in any enterprise migration. If you’re one of the many organizations planning a Windows 10 upgrade this year or recently purchased new hardware that has Windows 10 pre-installed and want to make sure you have a secure migration,

 here are five important things to keep in mind for your planning and deployment process:

• Backup EVERYTHING. Unlike other incremental Windows updates, a full Windows 10 install means you’ll have a totally new and improved system. This also means that you must backup all content, applications and files on each machine before starting your roll-out. Otherwise, you’ll risk the chance of data loss from potential crashes and data wipes during the Windows 10 install process. You should also have a backup plan in place in case the upgrade fails. Windows 10 allows users to create a recovery drive or system repair disk that can be used to troubleshoot issues and restore data during the installation. Think you’ve backed everything up? Check again, then proceed with caution.
• Check your disk space. Every Windows 10 update requires adequate hard drive storage space. You can free up space by running the machine’s disk cleanup files, uninstalling unwanted or unused programs, removing duplicate and temporary files and emptying the recycle bin. From there, you can decide whether to simply upgrade (which requires less disk space) or perform a complete install (which requires substantial disk space) based on available storage capacity.
• Don’t lose your product key. A product key is the 25-character code used to activate Windows 10. It looks like this: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX. You’ll need this product key to activate Windows 10 and may need it again for re-installations and upgrades down the road. It’s important to know that Microsoft doesn’t keep a record of purchased product software keys, so once you have your product key, keep track of it!
• Make sure your applications are all compatible. While most off-the-shelf applications will work out-of-the-box on Windows 10, internally developed software and web applications may be incompatible with Windows 10 clients. Before moving to Windows 10, perform precise compatibility to testing to make sure you won’t lose the use of anything important.
• Remove admin rights from all workstations. To effectively reduce the attack surface and mitigate the risk of a serious data breach without impacting user productivity, it’s important to implement tools that enforce privileged access security on the endpoint to block and contain attacks. As a first step, you should remove admin rights and enforce the principle of least privilege on desktops, laptops and servers as part of the Windows 10 migration process. Additionally, application control should be instituted to block malicious apps from running and to contain and analyze unknown apps. Finally, deploy anti-theft protection measures to help detect and block suspected credential theft attempts and contain would-be cyber attackers at the endpoint to reduce potential damage to the business.

ArkCon 2019 Welcomes Top Researchers with a Cybersecurity Challenge

ArkCon 2019 is just around the corner. CyberArk Labs is hosting its event for top cybersecurity researchers in Tel Aviv, Israel on April 29. CyberArk Labs issued challenges to the cybersecurity community that only the best of the best could solve. Now, those who answered one or more cybersecurity challenge – and other top cybersecurity researchers – are meeting to attend sessions and collaborate with their peers. This year’s guest speaker goes by pancake (with a small “p”), creator of the popular, free and open source reverse engineering platform radare2.

I spoke with Doron Naim, CyberArk Lab’s Group Manager and the event’s organizer, about what he has planned for the upcoming conference and why it’s going to be bigger and better than ever.

What do you hope attendees will learn at ArkCon?

Naim: We’re hosting three speakers this year at ArkCon. “pancake” – our keynote speaker from Spain – is going to share the new feature in radare2 (an open source tool he wrote) – a free reverse engineering platform. The second speaker is Eyal Itkin, a security researcher from CheckPoint, who will share his insights into RDP protocol and how he discovered related vulnerabilities. Nimrod Stoler, a security researcher from CyberArk, will talk about research he’s conducted on container security.

In addition to the speakers, one of the most important benefits of attending this event is the level of knowledge sharing and collaboration – so there will be plenty of quality networking opportunities.

What are you most proud of about this year’s ArkCon?

Naim: This year’s ArkCon is going to be much more than a standard cyber event. First, the audience is highly professional, the very best people in the field. Second, ArkCon is going to have lots of exciting ways for attendees to participate and engage.   During the conference, attendees can compete for prizes by solving each cybersecurity challenge. There will be plenty of space for interactive games, food and networking. The goal is to encourage healthy competition and help people to get to know each other. That way, we boost the networking level and make the conference a fun, rewarding place to be.

What are you most excited to do at this year’s ArkCon? What are you most looking forward to?

Naim: Meeting the challenge solvers. Two weeks before the event, we opened up challenges for the interested individuals to take. Each cybsecurity challenge was written by different people with different skills. Every challenge comes from a different aspect of the cyber security field. The ones who solved most of them are experts in their field and will be presented with prizes on the stage at the end of the conference.

What are the biggest opportunities ArkCon presents?

Naim: Free of charge education and networking. ArkCon gathers a distinct audience of highly skilled people who can contribute a lot to the market. ArkCon provides them with the platform to meet face-to-face and share their experience and insights. ArkCon does all this and more.

How will this year’s ArkCon be different from last year’s?

Naim: ArkCon this year is going to be four times bigger than the previous one. Last year’s ArkCon we hosted at the Israeli CyberArk offices. There was a room for very limited number of guests, so we decided to initiate a cybersecurity challenge and only give tickets to the people who solved it. This year is different. Guests can register freely, so solving the challenges is now all about the prestige. The Hall of Fame for our top cybersecurity challenge-solvers can be found here.

A lot of people put a lot of time into solving (or failing to solve) your challenges. What went into creating your challenges?

Naim: We got really good feedback. Hundreds of people are trying to solve the challenges every day. Each cybersecurity challenge is very different from all the others – which makes them harder and more interesting than the traditional Capture the Flags [a type of information security competition.] More than 100 people have already solved one or more of the challenges. We’ve found our winners, but we’re keeping that a secret until the conference. We’ll announce the winners then.