Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Microsoft Releases EDR for Linux in Public Preview

Microsoft this week announced the preview availability of endpoint detection and response (EDR) capabilities for Linux.

The functionality was released to the public as part of the Microsoft Defender for Endpoint for Linux solution, and is meant to help server admins easily identify attacks.

Microsoft this week announced the preview availability of endpoint detection and response (EDR) capabilities for Linux.

The functionality was released to the public as part of the Microsoft Defender for Endpoint for Linux solution, and is meant to help server admins easily identify attacks.

Additionally, the new Linux EDR capabilities provide Defender for Endpoint customers with the ability to utilize rich experiences and remediate threats fast. They also benefit from the preventative antivirus capabilities and the reporting features that are accessible through the Microsoft Defender Security Center.

Microsoft has included support for the latest six most common Linux server distributions within Defender for Endpoint, namely RHEL 7.2+, CentOS Linux 7.2+, Ubuntu 16 LTS or higher LTS, SLES 12+, Debian 9+, and Oracle Linux 7.2.

The new EDR capabilities ensure that, when performing investigations, administrators can tap into information such as machine timeline, file and process creation, login events, and network connections, in addition to advanced hunting capabilities, the company says.

According to Microsoft, the solution also delivers optimized performance even when it comes to large software deployments, and includes in-context AV detections, to provide information on where a threat came from and how a malicious process was created.

The Microsoft Defender for Endpoint public preview capabilities are available for customers with the preview features enabled in Defender Security Center. For those customers already running Microsoft Defender for Endpoint on Linux, the company recommends configuring some of the Linux servers to Preview mode.

The tech giant has already published documentation on how customers new to Microsoft Defender for Endpoint on Linux can get started, as well as details on the steps required to test the new EDR for Linux capabilities.

“We are very excited to share today’s Linux EDR preview news with you and your feedback is highly valuable to us! Join us on the journey to enhance Microsoft Defender for Endpoint on Linux. Try the new Linux EDR capabilities. You can submit feedback […] by clicking on the ‘send a smile/frown’ icon on the top right corner of the security center,” Microsoft notes.

Related: Microsoft Introduces Device Vulnerability Report in Defender for Endpoint

Related: New Microsoft Defender ATP Capability Blocks Malicious Behaviors

Related: Microsoft Threat Protection Now Generally Available

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Software maker Adobe has rolled out its first batch of security patches for 2023 with fixes for at least 29 security vulnerabilities in a...

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

After skipping last month, Adobe returned to its scheduled Patch Tuesday cadence with the release of fixes for at least 38 vulnerabilities in multiple...