Believe it or not, Microsoft is readying its Microsoft Defender Advanced Threat Protection for Linux servers. Yes, you read that right: Linux servers.
First thing is first, the new beta Microsoft Defender Advanced Threat Protection (ATP) is not an antiviral program for Linux desktops. No, it’s an enterprise platform designed to help you prevent, detect, investigate, and respond to Linux server and network threats.
Microsoft is showing up the first version of Defender ATP at the RSA Conference 2020 in San Francisco. It’s still not available for testing yet, but Microsoft promises you’ll be able to test it in the next few days.
This program will be available on Red Hat Enterprise Linux (RHEL) 7+, CentOS Linux 7+, Ubuntu 16.04 LTS or higher LTS, SUSE Linux Enterprise Server (SLES) 12+, Debian 9+, and Oracle Enterprise Linux 7.
On the servers, you can use its shell program to launch configure and manage the Defender agent. Once it’s running you can start scans and manage threats from it locally. You can also deploy and configure it using Puppet, Ansible, or manually using Bash commands.
To run it, you’ll need a Microsoft Defender ATP subscription. Your server must also have network access to the Microsoft Defender ATP portal. You must also enable the fanotify kernel option. This option is used for monitoring file-system events.
Once in place, the program will relay the following information to the Microsoft Defender Security Center console:
Antivirus alert information
- Scan type
- Device information (see below for details)
- File information (name, path, size, and hash)
- Threat information (name, type, and state)
- Machine identifier
- Tenant identifier
- App version
- OS type
- OS version
- Computer model
- Processor architecture
- Whether the device is a virtual machine
The point of this new program, according to Moti Gindi, corporate vice president of Microsoft Threat Protection, is “to protect the modern workplace environment across everything that it is, being Microsoft or non-Microsoft. We’re protecting endpoints across Maa, and today, we’re extending this endpoint protection to Linux and to iOS and Android.”
In short, Microsoft wants to be your universal security blanket regardless of platform. Yes, even Linux. However, while Defender is primarily an endpoint security system, Microsoft did not say anything about running the program on Linux desktops. That said, it should be trivial to run it on desktops.