HackDig : Dig high-quality web security articles for hackers

Microsoft previews Linux endpoint detection and response capabilities

2020-11-17 16:19

Microsoft previews Linux endpoint detection and response capabilities

Microsoft has announced today the public preview of endpoint detection and response (EDR) capabilities on Linux servers running Microsoft Defender Advanced Threat Protection (ATP) — now known as Microsoft Defender for Endpoint.

The addition of EDR capabilities provides security analysts with the ability to spot attacks involving Linux servers in their environments almost in real-time via alerts automatically aggregated as incidents based on attacker attribution and techniques.

"This builds on the existing preventative antivirus capabilities and centralized reporting available via the Microsoft Defender Security Center," Microsoft Senior Product Manager Tomer Hevlin said.

Microsoft Defender for Endpoint's Linux EDR capabilities provide admins with:
• Rich investigation experience: including machine timeline, process creation, file creation, network connections, login events and, of course, the popular advanced hunting.
• Optimized performance: enhanced CPU utilization in compilation procedures and large software deployments.
• In-context AV detections: just like with Windows, get insight into where a threat came from and how the malicious process or activity was created.

Support for Linux devices

Microsoft Defender for Endpoint was made generally available for enterprise customers with Linux devices earlier this year, in June.

On Linux endpoints, it comes in the form of a command-line product that will send all detected threats to the Microsoft Defender Security Center.

Admins with licenses for servers can deploy and configure it on Linux devices with the help of Ansible or Puppet, as well as with any existing Linux configuration management tool.

At the moment, EDR capabilities are available on Linux Server distributions supported by Microsoft Defender for Endpoint, including RHEL 7.2+, CentOS Linux 7.2+, Ubuntu 16 LTS or higher LTS, SLES 12+, Debian 9+, and Oracle Linux 7.2.

Microsoft Defender for Endpoint EDR for Linux
Microsoft Defender for Endpoint EDR for Linux (Microsoft)

Trying Linux EDR in public preview

To get started with Microsoft Defender for Endpoint's public preview EDR capabilities, customers have to enable preview features in Microsoft Defender Security Center.

Those who are already running Microsoft Defender for Endpoint on Linux can go straight to configuring their Linux servers to Preview mode by running the following command on each machine:

$ sudo mdatp edr early-preview enable

Before getting started with Linux EDR preview, you will first have to make sure that the Linux servers you want to enable the new capabilities on are running Microsoft Defender for Endpoint version 101.12.99 or higher.

More info on how to quickly simulate attacks using EDR for Linux and about providing feedback can be found here.


Source: pser-dna-noitceted-tniopdne-xunil-sweiverp-tfosorcim/tfosorcim/swen/moc.retupmocgnipeelb.www

Read:142 | Comments:0 | Tags:Microsoft Linux

“Microsoft previews Linux endpoint detection and response capabilities”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools