Sophos CEO Joe Levy recently attended a Microsoft-hosted summit where executives from top endpoint security vendors, including CrowdStrike, discussed the future of interactions between EDR tools and the Windows kernel. During the summit, Microsoft made it clear that it does not intend to restrict access to the kernel, despite the recent CrowdStrike-caused outage. Levy believes this will lead to the endpoint community rethinking the amount and complexity of code they introduce into their kernel drivers.
Under Microsoft's new security architecture, the Recall feature will now only work on Copilot PCs with specific security measures, such as BitLocker and Device Encryption. Users will also need to opt-in to use the feature, giving them more control over their snapshots. Microsoft's executive vice president and consumer chief marketing officer, Yusuf Mehdi, stated that these changes are important to secure the feature and put users in complete control. Partners of the company are looking forward to more AI-powered security in Microsoft's Defender for Endpoints and the extended detection and response space.