Microsoft Releases EDR for Linux in Public Preview

Microsoft this week announced the preview availability of endpoint detection and response (EDR) capabilities for Linux.

The functionality was released to the public as part of the Microsoft Defender for Endpoint for Linux solution, and is meant to help server admins easily identify attacks.

Additionally, the new Linux EDR capabilities provide Defender for Endpoint customers with the ability to utilize rich experiences and remediate threats fast. They also benefit from the preventative antivirus capabilities and the reporting features that are accessible through the Microsoft Defender Security Center.

Microsoft has included support for the latest six most common Linux server distributions within Defender for Endpoint, namely RHEL 7.2+, CentOS Linux 7.2+, Ubuntu 16 LTS or higher LTS, SLES 12+, Debian 9+, and Oracle Linux 7.2.

The new EDR capabilities ensure that, when performing investigations, administrators can tap into information such as machine timeline, file and process creation, login events, and network connections, in addition to advanced hunting capabilities, the company says.

According to Microsoft, the solution also delivers optimized performance even when it comes to large software deployments, and includes in-context AV detections, to provide information on where a threat came from and how a malicious process was created.

The Microsoft Defender for Endpoint public preview capabilities are available for customers with the preview features enabled in Defender Security Center. For those customers already running Microsoft Defender for Endpoint on Linux, the company recommends configuring some of the Linux servers to Preview mode.

The tech giant has already published documentation on how customers new to Microsoft Defender for Endpoint on Linux can get started, as well as details on the steps required to test the new EDR for Linux capabilities.

“We are very excited to share today’s Linux EDR preview news with you and your feedback is highly valuable to us! Join us on the journey to enhance Microsoft Defender for Endpoint on Linux. Try the new Linux EDR capabilities. You can submit feedback […] by clicking on the ‘send a smile/frown’ icon on the top right corner of the security center,” Microsoft notes.

Related: Microsoft Introduces Device Vulnerability Report in Defender for Endpoint

Related: New Microsoft Defender ATP Capability Blocks Malicious Behaviors

Related: Microsoft Threat Protection Now Generally Available

view counter

Ionut Arghire is an international correspondent for SecurityWeek.

Previous Columns by Ionut Arghire:

Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *