How Microsoft Device Guard plucked Apple’s security initiative

This week saw Apple unveil its macOS Sierra at WWDC. The new operating system includes updates to Apple’s malware protection feature for Macs, Gatekeeper, making it harder to disable, and arguably bringing it up to speed with Windows 10’s similar but more exacting Device Guard…
Thus was completed what philosophers call a Hegelian dialectic, whereby two opposites, ‘thesis’ and ‘antithesis,’ come together, forming a ‘synthesis.’
This may sound rather highfalutin, but it actually fits the history of Apple and Microsoft’s security capabilities to a T.
Remember what crisp opposites Apple and Microsoft were, once upon a time? Windows could offer huge versatility, and an endless number of potential applications, while Apple’s closer control limited versatility in favor of greater security.
Indeed, Gatekeeper was originally designed to ensure that the Mac could maintain Apple’s squeaky-clean reputation with regards to malware, by letting users restrict applications to those on the Mac App Store and otherwise Apple-approved.
Microsoft, meantime, seemed to have realized that it would do well to divest itself of its reputation for malware susceptibility. With its Windows 10 OS, Microsoft sought to not only tear a page from Apple’s Gatekeeper notebook (by offering a similar, but more trusted-application only door policy), but also sought to offer its enterprise customers simultaneous flexibility, with the ability to sign trusted software themselves, thereby molding their own tailored white list.
As Apple’s aforementioned Gatekeeper tweaks imply, with Device Guard, Microsoft may have inched ahead in terms of security.
Taking advantage of Device Guard, however, is not wholly straightforward for enterprises. It needs to be carefully configured, for one, and you need to make sure your Windows 10 migration is properly executed too, with UEFI and Secure Boot enabled, otherwise Device Guard will not even be an option.
The good news, though, is that this week is Device Guard week, here at 1E. On Wednesday, resident experts Dave Fuller and Troy Martin will be presenting a special, free webinar, ‘Beating Malware with Device Guard and AppLocker’ (you can watch an on demand recording here). On top of that, we’ve published a special white paper, ‘A New Level of Security: Understanding and Implementing Device Guard,’ detailing exactly how you can securely implement Device Guard in your enterprise – and even how you can create your whitelist.
Make sure you catch both – so that your enterprise is in a position to enjoy Microsoft-style versatility, with what we used to think of as Apple-level security.