Microsoft Defender for Endpoint Gets Linux Server Forensics Capabilities

Microsoft Defender for Endpoint now has an endpoint detection and response (EDR) capability for use with Linux servers that's deemed ready for use in production environments, Microsoft indicated on Monday.

The EDR capability for Linux servers reached the "general availability" commercial-release stage after having been previewed back in November. Microsoft Defender for Endpoint (which was rebranded from "Microsoft Defender for Advanced Threat Protection") is a tool for protecting endpoints (devices), with the ability to conduct post-breach investigations.

The EDR capability for Microsoft Defender for Endpoint for Linux servers shows up in the Microsoft Defender Security Center portal for those organizations with the proper licensing. It works with the following Linux server distros:

  • RHEL 7.2+
  • CentOS Linux 7.2+
  • Ubuntu 16 LTS, or higher LTS
  • SLES 12+
  • Debian 9+
  • Oracle Linux 7.2

Microsoft Defender for Endpoint also supports macOS, Windows and mobile operating systems.

IT pros can leverage the EDR feature of the product for anti-virus detections, optimizing the CPU performance of applications and conducting forensic investigations. The tool has an "advanced hunting" capability that provides forensics on data as far back as 30 days. Users also have access to endpoint information via the EDR feature's "machine timeline, process creation, file creation, network connections, [and] login events" display capabilities.

Current users of the Microsoft Defender for Endpoint preview for Linux servers will "seamlessly receive the new EDR capability as soon as you update the agent to version 101.18.53 or higher," the announcement indicated. To use it, organizations need to have "access to the Microsoft Defender Security Center portal, beginner-level experience in Linux and BASH scripting, and administrative privileges on the device," Microsoft indicated in its documentation.

Microsoft Cloud Solution Provider partners sell the licensing for Microsoft Defender for Endpoint under various E5/A5 plans, according to a document's "licensing requirements" description.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube