Last month we share here on the blog the news that Microsoft had released about prompt availability Microsoft Defender ATP for Linux. Now, a few weeks after that announcement, first preview availability announced which is directed to servers.
For those who are still unfamiliar with Microsoft Defender, you should know that this is a unified platform for preventive protection, theft detection, automated review and response. Microsoft Defender ATP protects endpoints from cybercriminals, detects advanced attacks and data breaches, automates security incidents, and improves security.
Defender ATP has built-in functionality which uses an approach risk-based to discover, prioritize and correct vulnerabilities endpoint and incorrect settings. It serves as an infrastructure to reduce the organization's exposure, strengthen the endpoint surface, and increase the organization's resilience.
Allows organizations to detect vulnerabilities and incomplete configurations in real time, sensor-based, without requiring an agent or periodic scanning. It prioritizes vulnerabilities based on the threat landscape, threats detected within your organization, sensitive information on vulnerable devices, and your work environment.
According to Microsoft, Defending ATP helps reduce the attack surface by reducing the places where it is vulnerable to cyber threats and attacks. Microsoft provides administrators with a set of resources to configure protection for their organization's devices and applications.
Application control can help limit these types of security threats by restricting the applications that users can run and the code that runs in the core of the system. Application control policies can also block unsigned MSI and scripts and limit Windows PowerShell to run in restricted language mode.
While controlled access to folders to protect important data from malicious applications and other threats such as ransomware. This feature protects your data by searching a list of known and approved applications.
These features allow advanced attacks to be detected in near real time. Security analysts can effectively prioritize alerts, gain visibility into all breaches, and take action to address threats.
When a threat is detected, alerts are created in the system for an analyst to examine. Alerts associated with the same attack techniques or assigned to the same attacker are aggregated into an entity called an incident. Adding alerts in this way enables analysts to collectively search for and respond to threats.
Requirements to be able to install Microsoft Defender ATP on Linux
Regarding the installation of this first preview of Microsoft Defender ATP for Linux, it is mentioned that currently supports server-oriented distributions, of which are:
- Red Hat Enterprise Linux 7.2 or later
- CentOS 7.2 or later
- Ubuntu 16.04 LTS or later LTS
- Debian 9 or later
- SUSE Linux Enterprise Server 12 or later
- Oracle Linux 7.2 or later
It is also important to note that lThe minimum kernel version you can work with is 2.6.38.
In addition, you must have the fanotify option of the kernel enabled, 650M disk space and after enabling the service, the network or firewall may need to be configured to allow outbound connections between this service and its endpoints.
The currently provides real-time protection for the following types of file systems:
Although it is mentioned that other types of file systems will be added later. Finally, if you are interested in knowing more about Microsoft Defender ATP for Linux, you can check its details in the following link.
Here you can also find the documentation needed to configure Microsoft Defender ATP for Linux. The link is this.
Or also to update Microsoft Defender ATP if you already have it. The link is this.