Microsoft announced that it is adding a selection of useful security features to its Defender for Endpoint on Linux offer.
In addition to anti-virus (AV) and endpoint detection and response (EDR) capabilities, which are generally available from January 2021, Defender for Endpoint on Linux management of threats and vulnerabilities acquired (TVM) capacities, earlier this year in June 2021.
“With the recent Microsoft Defender for Endpoint on Linux integration into Azure Security Center, the benefits of our Linux EDR and TVM now extend to Azure Defender customers ”, Microsoft noted.
Azure Defender provides threat protection for workloads running in Microsoft cloud computing Platform, Azure, and in other clouds.
For starters, Linux EDR detection has been enhanced with live response capabilities and is now available to public preview customers.
According to Microsoft, the live response capability allows administrators to investigate issues and take corrective action, in real time. The feature also helps improve incident investigations by helping to collect forensic data, share suspicious entities for further analysis, and proactively search for potential threats.
In addition, based on customer feedback, Microsoft has expanded its list of Linux server distributions with the addition of Amazon Linux 2 and Fedora 33+, and several downstream variants of Red Hat Enterprise Linux (RHEL).
It also makes Defender Antivirus Behavior Monitoring generally available on Linux and plans to use these behavior-based signals as additional execution signals for their cloud-based machine learning (ML) models.
“With behavior monitoring, the protection of Microsoft Defender for Endpoint on Linux is extended to generically intercept new classes of threats such as ransom[ware], collection of sensitive data, crypto mining, and others. Behavior monitoring alerts appear in the Microsoft 365 Defender alongside all other alerts and can be investigated effectively, ”Microsoft notes, seeking feedback from users.
Strengthen the protection of your computers with the help of best endpoint protection tools