Jump to content
  • Microsoft just expanded its malware protection for Linux servers

    aum

    • 799 views
    • 3 minutes
     Share


    • 799 views
    • 3 minutes

    Microsoft brings more security tools to Linux operating systems for the cloud.

     

    Microsoft has announced it's adding even more security features to the protection it offers to open-source operating systems.

     

    Defender for Endpoint on Linux server gained endpoint detection and response (EDR) abilities a few months ago and now has extra capabilities for Azure Defender customers. It makes sense for Microsoft to develop security products for Linux, given that Linux distributions dominate virtual machine OSes on its Azure cloud.  

     

    One key change is that Linux EDR detection and live response is now in public preview. Live response allows for in-depth investigations and quick threat containment by giving security teams forensic data, the ability to run scripts, share suspicious entities, and hunt for possible threats. 

     

    Microsoft has also extended support for Amazon Linux 2 and Fedora 33+. And it now has a public preview of RHEL6.7+, CentOS 6.7+. Previously, EDR was available for: RHEL 7.2+; CentOS Linux 7.2+; Ubuntu 16.04 or higher LTS; SLES 12+; Debian 9 or newer; or Oracle Linux 7.2 or higher.

     

    "The complete set of the previously released antivirus (AV) and EDR capabilities now applies to these newly added Linux distributions. [Threat and vulnerability management] coverage will be expanded with Amazon Linux and Fedora in coming months," Microsoft says. 

     

    Users need to be on Microsoft Defender for Endpoint version 101.45.13. It also notes that previously released AV and EDR capabilities also apply to RHEL6.7+, CentOS 6.7+. Supported kernel versions are listed here. 

     

    Microsoft is also bringing TVM to Linux Debian. A public preview of TVM for Debian 9+ public preview will be available in coming weeks. 

     

    It's also making Defender antivirus generally available on Linux, bringing the ability to monitor processes, file system activities, and how processes interact with the OS using Microsoft's cloud security. 

     

    "With behavior monitoring, Microsoft Defender for Endpoint on Linux protection is expanded to generically intercept whole new classes of threats such as ransom, sensitive data collection, crypto mining, and others. Behavior monitoring alerts appear in the Microsoft 365 Defender alongside all other alerts and can be effectively investigated," Microsoft notes. 

     

    It promises to address ransomware threats too with machine-learning techniques. 

     

    "Behavior monitoring provides effective measures against ransomware attacks which can be achieved using a variety of legitimate tools (for example, gpg, openssl) while carrying similar patterns from OS behavior perspective. Many of such patterns can be picked up by the behavior monitoring engine in a generic way."

     

    Admins can also explore security events locally using the Microsoft Defender for Endpoint on Linux command line interface. 

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...