Microsoft has stated that it is beefing up the security protections it provides for open-source operating systems.
Endpoint Detection and Response (EDR) capabilities were added to Defender for Endpoint on Linux servers a few months ago, and Azure Defender users now have additional abilities. As Linux distributions are the most popular virtual machine operating systems in Microsoft’s Azure cloud, Microsoft’s decision to build security tools for Linux makes sense.
Linux EDR detection and live reaction are currently in public preview, which is a significant development. By providing security teams with forensic data, the ability to execute scripts, share suspicious entities, and look for probable threats, live response enables in-depth investigations and speedy threat containment.
Microsoft has also included Amazon Linux 2 and Fedora 33+ to its list of supported operating systems. RHEL6.7+ and CentOS 6.7+ are currently available as public previews. RHEL 7.2+; CentOS Linux 7.2+; Ubuntu 16.04 or higher LTS; SLES 12+; Debian 9 or newer; or Oracle Linux 7.2 or higher were formerly supported by EDR.
Microsoft says these newly added Linux versions now have access to the whole range of previously available antivirus (AV) and EDR capabilities. [Threat and Vulnerability Management] coverage will be extended to Amazon Linux and Fedora in the coming months.
Microsoft Defender for Endpoint version 101.45.13 is required. It also mentions that previously published antivirus and emergency response features apply to RHEL6.7+ and CentOS 6.7+. Click here for a list of kernel versions that are supported.
TVM is also coming to Debian Linux from Microsoft. In the following weeks, a public preview of TVM for Debian 9+ will be available.
It’s also making Defender antivirus broadly available on Linux, adding the ability to use Microsoft’s cloud security to monitor processes, file system operations, and how programs interact with the OS.
It also claims to use machine-learning techniques to combat ransomware attacks. Admins can now use the Microsoft Defender for Endpoint on Linux command-line interface to investigate security incidents locally.