Microsoft today announced the public preview των δυνατοτήτων ανίχνευσης και απόκρισης τελικού σημείου (EDR) σε διακομιστές Linux που χρησιμοποιούν Microsoft Defender Advanced Threat Protection (ATP) – now also known as Microsoft Defender for Endpoint.
The addition of EDR capabilities allows security analysts to detect attacks on Linux servers almost in real time through alerts that are automatically collected as incidents based on the attacker's performance and techniques.
"It simply came to our notice then preventive capabilities against viruses and summary reports available through the Microsoft Defender Security Center, ”said Tomer Hevlin, Senior Product Manager at Microsoft.
Microsoft Defender EDR features for Endpoint Linux provide administrators with:
• Rich exploration experience: including machine scheduling, process creation, file creation, network connections, login events and, of course, the popular advanced "hunt".
• Optimized performance: Improved CPU usage in editing processes and large software applications.
• AV detections in the environment: just like with Windows, find out where a threat came from and how the malicious process or activity was created.
Support for Linux devices
Microsoft Defender for Endpoint was made available to corporate customers with Linux devices earlier this year, in June.
Endpoint on Linux comes in the form of a command line product that will send all detected threats to the Microsoft Defender Security Center
Currently, EDR features are available on Linux server distributions supported by Microsoft Defender for Endpoint: RHEL 7.2+, CentOS Linux 7.2+, Ubuntu 16 LTS or later LTS, SLES 12+, Debian 9+ and Oracle Linux 7.2.
More information on how to quickly simulate attacks using EDR for Linux can be found here.