• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
Microsoft Defender for Linux is coming. This is what you need to know

Microsoft Defender for Linux is coming. This is what you need to know

November 25, 2020
Innovative solutions for IT workers at home

BitDam Offers Complete Security for Office 365 Email, OneDrive and Teams With The Introduction of BitDam ATP+

March 2, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft to add new shared channels, encryption for calls, webinar features to Teams

March 2, 2021
Microsoft Declares ‘General Availability’ of Threat Experts Security Service

Mindware Partners with Cibecs to Help Regional Organizations Manage and Protect Distributed Endpoint Devices and Data

March 1, 2021
Microsoft To Build New Azure Cloud Data Centers In Greece

Enterprise Key Management Solution Market 2021 Industry Growth Analysis, Future Predictions, SWOT Analysis, By Top Players- EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

March 1, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Intel Calls Silicon ‘Greatest Weapon Against Security Threats’

March 1, 2021
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Cloud Security in Banking Market Next Big Thing | Major Giants- Sophos, Boxcryptor, Microsoft Azure

March 1, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Cloud Announces Three New Vertical Cloud Solutions

February 26, 2021
Innovative solutions for IT workers at home

Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

February 26, 2021
Innovative solutions for IT workers at home

What is database encryption?

February 26, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Releases Azure Firewall Premium in Public Preview

February 26, 2021
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

February 25, 2021
8×8 makes raft of updates to platform

Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

February 25, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Wednesday, March 3, 2021
  • Login
Azure Security News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    Innovative solutions for IT workers at home

    BitDam Offers Complete Security for Office 365 Email, OneDrive and Teams With The Introduction of BitDam ATP+

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Cloud Security in Banking Market Next Big Thing | Major Giants- Sophos, Boxcryptor, Microsoft Azure

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Microsoft Cloud Announces Three New Vertical Cloud Solutions

    Innovative solutions for IT workers at home

    Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

    Innovative solutions for IT workers at home

    What is database encryption?

    A moment of reckoning: the need for a strong and global cybersecurity response

    Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

    Innovative solutions for IT workers at home

    ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

    A moment of reckoning: the need for a strong and global cybersecurity response

    ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

    Innovative solutions for IT workers at home

    SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft to add new shared channels, encryption for calls, webinar features to Teams

    Microsoft Declares ‘General Availability’ of Threat Experts Security Service

    Mindware Partners with Cibecs to Help Regional Organizations Manage and Protect Distributed Endpoint Devices and Data

    Microsoft To Build New Azure Cloud Data Centers In Greece

    Enterprise Key Management Solution Market 2021 Industry Growth Analysis, Future Predictions, SWOT Analysis, By Top Players- EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    A moment of reckoning: the need for a strong and global cybersecurity response

    Intel Calls Silicon ‘Greatest Weapon Against Security Threats’

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Releases Azure Firewall Premium in Public Preview

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

    8×8 makes raft of updates to platform

    Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

    Microsoft To Open Azure Cloud Data Center Region In Spain

    EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home News

Microsoft Defender for Linux is coming. This is what you need to know

by AZURE SECURITY NEWS EDITOR
November 25, 2020
in News
0
Microsoft Defender for Linux is coming. This is what you need to know
493
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

Microsoft’s security tools extend beyond the company’s own platforms. While the ambition for Defender for Linux is broad, the first preview is aimed just at servers and does less than on Windows.

When Defender came to macOS as well as Windows, Microsoft announced that the name of the software was changing, from Windows Defender to Microsoft Defender. Hidden in the presentation was a hint about the future: a Linux laptop with a penguin sticker on. Now Microsoft Defender ATP for Linux in is in public preview for Red Hat Enterprise Linux 7+, CentOS Linux 7+, Ubuntu 16 LTS or higher, SLES 12+, Debian 9+, and Oracle Enterprise Linux 7. But what does it actually protect those OSes from?  

Microsoft already has Linux malware detection in the Defender agents on Windows and Mac, because files get moved from one device to another and you want to catch malware wherever it is — ideally before it gets onto a vulnerable system. If you’re using WSL, Defender already protects you against threats like infected npm packages that try to install cryptominers.

Mac came first because that’s the order that Microsoft’s enterprise customers asked for, says Rob Lefferts, corporate vice president for Microsoft 365 security. “We’re working to address all of the endpoints that are problematic for our customers, starting with Mac and moving to Linux — particularly Linux on the server, which is the focus right now — and then thinking about iOS and Android and how we protect those mobile endpoints.”

The long-term result, says Lefferts, is comprehensive endpoint security: “That includes next-gen protection, things like antivirus as well as behavioural [protection] in addition to EDR [endpoint detection and remediation]. Everything that we do for Defender, we want to make sure that that works across all the platforms in the places that they are most especially vulnerable.”

For smartphones, Microsoft seems likely to concentrate on phishing, and not just in email but potentially in messaging apps too. “We have a bunch of very broad assets around detecting malicious campaigns and sites, and we’re bringing that to bear to help on mobile,” Lefferts says.

The problem is that when you get better at protecting one area like email, attackers move to other areas (which is why Office 365 ATP now covers SharePoint). 

“There are a lot of other channels on a mobile device that are being used for communication and collaboration, because it’s a natural place for it. This fits into how we think about security more comprehensively, which starts with all endpoints that you care about,” says Lefferts. “But then let’s move past endpoints — let’s talk about your whole estate, all of your users and all of your data and all of your communication tools inside of one threat protection environment.”

Thinking in graphs

When Defender ATP is generally available for Linux at the end of 2020, that comprehensive endpoint protection will include “a wide range of exactly the same kind of detection tools that you see on Windows,” Lefferts says. “The initial release does not include all of the remediation action capabilities that we have in Windows, but it is something we aspire to add to it over time.”

Antivirus is a tricky term these days, Lefferts notes — he talks instead about “the on-box, protective measures that take action immediately” — because there are so many more threats than viruses, especially scripting and fileless attacks. “We envision that as being part of the offering, but it’s starting much more focused on executable objects.”

The preview can spot and block malware and ‘potentially unwanted applications’ (PUAs). There isn’t much adware for Linux, but coin miners could be something you install or something you get tricked into installing, and even legitimate remote admin tools are a problem if it’s an attacker putting them on the system. Just as importantly, it sends that information to the Defender Security Center.

Defender is really two things. There’s the agent that runs on the endpoint: scanning files, tracking what happens in the OS, detecting malware on the device and blocking or removing it (as well as giving you the option to control what apps can run, but also sending signals to the Defender Advanced Threat Protection cloud service where information from multiple systems is correlated.

Attackers don’t think about separate devices and systems, or even a list of targets: they think about how systems are connected to each other and how they can move from one infected device to others in the same environment to take control, extract the most data and stop the security team from kicking them out. A laptop with a virus on, a dozen failed password attempts on one server and unusual file access on another aren’t three separate problems: they’re an attacker moving across the network and getting access to more systems.

Defenders need that same kind of graph view of the system, and the more systems that Defender ATP can get signals from, the clearer view you’ll have to attacks. This is the idea behind the Microsoft security graph, which can add events like users clicking a phishing message in Outlook on one of their devices, or a link in a Word document that downloads a macro that in turn downloads a cryptominer. Now Linux systems can feed into that graph, Lefferts explains.

“One of the main reasons for doing this is to connect this protection into your enterprise system. Defender is about end-to-end protection for endpoint devices in your environment — it’s plugged into Defender ATP as an EDR system, the signals are showing up in one consistent dashboard and it’s detecting events and attacks, and providing security teams and SOC analysts with the tools they need to understand that bigger picture,” he says.

“At the end of the day, attackers are after customers’ data in one form or another — whether to delete, encrypt, doxx, steal, whatever. But one of the key objectives along that path is getting persistence on the server backbone environment in the company. It’s a central point from which they can just latch on to everything else and get carried along because end users always keep coming back to these. Sometimes that’s Active Directory, sometimes that’s just an application server, and from there I can now attack, willy-nilly across end users in the environment.”

For now, Defender for Linux is entirely driven by the command line.
Image: Microsoft

Command-line control

That’s why Defender on Linux is initially focused on servers and DNS, says Lefferts: “Linux machines, entire machines, are being used as platforms for applications”. That includes VMs running in the cloud, and because it’s aimed at servers, Defender doesn’t have a user interface on Linux — it’s all run from the command line, it works with the usual Linux-management tools like Ansible, Chef and Puppet, and configuration options are in a JSON file. You also need to make sure you have preview features turned on in the Microsoft Defender Security Center to see details from the protected Linux systems.

Keeping security tools up to date is important, but as with WSL distros, Microsoft is avoiding auto-updates in favour of letting Linux users manage their own update schedules for the Defender agent. Companies will likely already have processes in place for that, using scripts, tools like Landscape or the standard unattended upgrades option. Signatures and threat definitions will be pushed to the Defender agent automatically though (on Windows, that happens several times a day).

There’s nothing to stop you running Defender on a developer laptop running Linux if you want to protect it. “We are not yet targeting Linux as a desktop or user endpoint — again, primarily because of the GUI issue, although it does work. So, if you’re talking about folks like coders, they might be able to survive in that environment but it’s not something that we would turn loose on regular users,” Lefferts warns.

If you’re using Linux as a development platform and building your own custom apps based on open-source projects, those can come with vulnerabilities, and enterprises want monitoring that helps catch those. Development tools might help with this before they’re deployed, but Microsoft Defender already detects open-source tool kits when they’re a threat, and the same will be true on servers. “It’s not just that those bits are present on the disk, it’s that they’re actually getting used and loaded into memory,” says Lefferts.

The real point of Defender for Linux is that all the systems in your organiszation are sending signals about possible security problems to the same threat monitoring tool.
Image: Microsoft

There are some Linux systems Defender isn’t a good fit for at this stage. “When it comes to the broader ways in which Linux gets used — embedded in IoT devices or phones, or all the places it might end up — we are definitely not targeting those scenarios at this point,” Lefferts says. Azure Security Center for IoT is a better option for managing IoT security, for example.
 
The ability to look across all the end-user endpoints and server infrastructure in your environment will be a step forward for many enterprises. But bringing Defender to Linux is part of the bigger security strategy of moving from detecting attacks to preventing them by hardening the environment — and prioritising problems.

“If defenders are going to be more successful, they really do need to be able to see the landscape in the same way that the attackers do, which is everything chained together in one story,” Lefferts points out. “That includes not only pulling in the servers, but pulling in email and the reuse of identity, and how this connects to the cloud applications, cutting across all those domains into one consistent incident, which is the object that we use to tell that story for defenders.”

“We can use this not just to tell the SecOps team when an attack happens, but also to tell security admins and the broader IT team about where the vulnerabilities of concern lie, with the ability to reorder that dynamically based on the threats in the landscape. This will help the organization understand what are the biggest security posture problems that they need to go fix.”

If you’re not ready for that kind of big picture, Defender for Linux is still useful, Lefferts insists. “If, heaven forbid, you aren’t using anything to protect your Linux estate today, you can start immediately with Defender when it’s GA. Or if you’re using a separate tool, you don’t have to do that anymore: you will actually get better protection by deploying something that’s integrated with Defender ATP.”

Reference: https://www.techrepublic.com/article/microsoft-defender-for-linux-is-coming-this-is-what-you-need-to-know/

Share197Tweet123Share49
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

Innovative solutions for IT workers at home

BitDam Offers Complete Security for Office 365 Email, OneDrive and Teams With The Introduction of BitDam ATP+

by AZURE SECURITY NEWS EDITOR
March 2, 2021
0

BitDam, a leading provider of cybersecurity solutions that protect business communications from unknown threats, today announced the availability of BitDam ATP+, its...

Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Cloud Security in Banking Market Next Big Thing | Major Giants- Sophos, Boxcryptor, Microsoft Azure

by AZURE SECURITY NEWS EDITOR
March 1, 2021
0

The Global Cloud Security in Banking Market Report provides a holistic evaluation of the market for the forecast period (2020–2026)....

How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Cloud Announces Three New Vertical Cloud Solutions

by AZURE SECURITY NEWS EDITOR
February 26, 2021
0

Microsoft is boosting its industry-cloud solutions with the announcement of three new programs. To help get these new Azure offerings...

Innovative solutions for IT workers at home

Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

by AZURE SECURITY NEWS EDITOR
February 26, 2021
0

 Privacera, the cloud data governance and security leader founded by the creators of Apache Ranger™, today announced a technology partnership...

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021
Microsoft Launches Host of Security Products in Time for RSA

Microsoft to add two new Microsoft 365 security, compliance bundles to its line-up

November 26, 2020

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
Innovative solutions for IT workers at home

BitDam Offers Complete Security for Office 365 Email, OneDrive and Teams With The Introduction of BitDam ATP+

March 2, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft to add new shared channels, encryption for calls, webinar features to Teams

March 2, 2021
Microsoft Declares ‘General Availability’ of Threat Experts Security Service

Mindware Partners with Cibecs to Help Regional Organizations Manage and Protect Distributed Endpoint Devices and Data

March 1, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In