In the simplest terms, Credential Guard is a new Windows 10 optional feature that controls access credentials stored in memory.
Windows Credential Guard requires Virtual Secure Mode (VSM) which turns on core HyperV components to allow Windows to isolate each application’s memory. The graphic to the right mentions Device Guard but operates the same for Credential Guard.
VSM (and therefore Credential Guard) needs a CPU that supports virtualization which are nearly all corporate grade CPU’s produced since 2010.
From the meetings I have attended and the articles I have read I think the best way to describe Virtual Secure Mode is to think of it as a much more powerful HAL (Hardware Abstraction Layer).
If you are interested in Credential Guard be sure to read our very short description of its sister technology Device Guard. Credential Guard and Device Guard are independent features but both use VSM so you are should at least consider both features before implementation.