Microsoft has announced it’s adding security features to the protection it offers to open-source operating systems.
Defender for Endpoint on Linux server gained EDR abilities a few months ago and now has extra capabilities for Azure Defender customers. Microsoft native for all Microsoft produces , it’s obvious for theem to develop security products for Linux, given that Linux distributions dominate virtual machine OSes on its Azure cloud.
One key change is that Linux EDR detection and live response is now in public preview. Live response allows for in-depth investigations and quick threat containment by giving security teams forensic data, the ability to run scripts, share suspicious entities, and hunt for possible threats.
Microsoft has also extended support for Amazon Linux 2 and Fedora 33+. And it now has a public preview of RHEL6.7+, CentOS 6.7+. Previously, EDR was available for: RHEL 7.2+; CentOS Linux 7.2+; Ubuntu 16.04 or higher LTS; SLES 12+; Debian 9 or newer; or Oracle Linux 7.2 or higher.
Microsoft Defender for Endpoint version should be 101.45.13. It also notes that previously released AV and EDR capabilities also apply to RHEL6.7+, CentOS 6.7+.
The complete set of the previously released antivirus (AV) and EDR capabilities now applies to these newly added Linux distributions. Coverage will be expanded with Amazon Linux and Fedora in coming months.Microsoft
Microsoft is also bringing TVM to Linux Debian. A public preview of TVM for Debian 9+ public preview will be available in coming weeks. Meanwhile it’s making Defender antivirus generally available on Linux, bringing the ability to monitor processes, file system activities, and how processes interact with the OS using Microsoft’s cloud security.
Microsoft Defender for Endpoint on Linux protection is expanded to generically intercept whole new classes of threats such as ransom, sensitive data collection, crypto mining, and others. Behavior monitoring alerts appear in the Microsoft 365 Defender alongside all other alerts and can be effectively investigated,Microsoft on UEBA
Behavior monitoring provides effective measures against ransomware attacks which can be achieved using a variety of legitimate tools while carrying similar patterns from OS behavior perspective. Many of such patterns can be picked up by the behavior monitoring engine in a generic way.