Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Microsoft Releases EDR for Linux in Public Preview

Microsoft this week announced the preview availability of endpoint detection and response (EDR) capabilities for Linux.

The functionality was released to the public as part of the Microsoft Defender for Endpoint for Linux solution, and is meant to help server admins easily identify attacks.

Microsoft this week announced the preview availability of endpoint detection and response (EDR) capabilities for Linux.

The functionality was released to the public as part of the Microsoft Defender for Endpoint for Linux solution, and is meant to help server admins easily identify attacks.

Additionally, the new Linux EDR capabilities provide Defender for Endpoint customers with the ability to utilize rich experiences and remediate threats fast. They also benefit from the preventative antivirus capabilities and the reporting features that are accessible through the Microsoft Defender Security Center.

Microsoft has included support for the latest six most common Linux server distributions within Defender for Endpoint, namely RHEL 7.2+, CentOS Linux 7.2+, Ubuntu 16 LTS or higher LTS, SLES 12+, Debian 9+, and Oracle Linux 7.2.

The new EDR capabilities ensure that, when performing investigations, administrators can tap into information such as machine timeline, file and process creation, login events, and network connections, in addition to advanced hunting capabilities, the company says.

According to Microsoft, the solution also delivers optimized performance even when it comes to large software deployments, and includes in-context AV detections, to provide information on where a threat came from and how a malicious process was created.

The Microsoft Defender for Endpoint public preview capabilities are available for customers with the preview features enabled in Defender Security Center. For those customers already running Microsoft Defender for Endpoint on Linux, the company recommends configuring some of the Linux servers to Preview mode.

The tech giant has already published documentation on how customers new to Microsoft Defender for Endpoint on Linux can get started, as well as details on the steps required to test the new EDR for Linux capabilities.

Advertisement. Scroll to continue reading.

“We are very excited to share today’s Linux EDR preview news with you and your feedback is highly valuable to us! Join us on the journey to enhance Microsoft Defender for Endpoint on Linux. Try the new Linux EDR capabilities. You can submit feedback […] by clicking on the ‘send a smile/frown’ icon on the top right corner of the security center,” Microsoft notes.

Related: Microsoft Introduces Device Vulnerability Report in Defender for Endpoint

Related: New Microsoft Defender ATP Capability Blocks Malicious Behaviors

Related: Microsoft Threat Protection Now Generally Available

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.

Endpoint Security

Several major companies have published advisories in response to the Downfall vulnerability affecting Intel CPUs.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Endpoint Security

The Zero Day Dilemma

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...