News

Microsoft Defender for Endpoint Gets Linux Server Forensics Capabilities

Microsoft Defender for Endpoint now has an endpoint detection and response (EDR) capability for use with Linux servers that's deemed ready for use in production environments, Microsoft indicated on Monday.

The EDR capability for Linux servers reached the "general availability" commercial-release stage after having been previewed back in November. Microsoft Defender for Endpoint (which was rebranded from "Microsoft Defender for Advanced Threat Protection") is a tool for protecting endpoints (devices), with the ability to conduct post-breach investigations.

The EDR capability for Microsoft Defender for Endpoint for Linux servers shows up in the Microsoft Defender Security Center portal for those organizations with the proper licensing. It works with the following Linux server distros:

  • RHEL 7.2+
  • CentOS Linux 7.2+
  • Ubuntu 16 LTS, or higher LTS
  • SLES 12+
  • Debian 9+
  • Oracle Linux 7.2

Microsoft Defender for Endpoint also supports macOS, Windows and mobile operating systems.

IT pros can leverage the EDR feature of the product for anti-virus detections, optimizing the CPU performance of applications and conducting forensic investigations. The tool has an "advanced hunting" capability that provides forensics on data as far back as 30 days. Users also have access to endpoint information via the EDR feature's "machine timeline, process creation, file creation, network connections, [and] login events" display capabilities.

Current users of the Microsoft Defender for Endpoint preview for Linux servers will "seamlessly receive the new EDR capability as soon as you update the agent to version 101.18.53 or higher," the announcement indicated. To use it, organizations need to have "access to the Microsoft Defender Security Center portal, beginner-level experience in Linux and BASH scripting, and administrative privileges on the device," Microsoft indicated in its documentation.

Microsoft Cloud Solution Provider partners sell the licensing for Microsoft Defender for Endpoint under various E5/A5 plans, according to a document's "licensing requirements" description.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Releases CodeQL for Detecting Solorigate Tampering

    Microsoft announced on Thursday that its CodeQL queries, which were used to detect possible compromise in its source code after the Solorigate attacks, are now publicly available at the GitHub repository.

  • Microsoft Bumping Up SLA Support for Azure Active Directory B2C Service

    Microsoft had lots to say this month about its Azure Active Directory service.

  • Black Sky White Cloud Graphic

    Microsoft Expands Cloud Programs for Specific Industries

    Microsoft on Wednesday described an expansion of its industry-specific cloud efforts by announcing three new program additions, centered on the needs of finance, manufacturing and nonprofit organizations.

  • Reusing Content Within Microsoft Word

    A new Microsoft Word feature lets you insert a block of text (or other content) from a different file without leaving the document you're currently working on.

comments powered by Disqus