Microsoft has announced a public preview of endpoint detection and response (EDR) capabilities in Defender for Endpoint on Linux servers, according to a prepared statement.
The EDR capabilities enable Defender for Endpoint users to detect cyber threats and remediate attacks on Linux servers, Microsoft said. They work in combination with Defender for Endpoint's antivirus capabilities and reporting via the Microsoft Defender Security Center.
How Can Security Teams Leverage Defender for Endpoint's Linux EDR Capabilities?
Security teams can utilize Defender for Endpoint's Linux EDR capabilities during cyber investigations, Microsoft said. They can use these capabilities to simulate a detection on a Linux server and find out where threats came from and how a malicious process or activity was created.
In addition, security teams can leverage Defender for Endpoint's Linux EDR capabilities to discover ways to improve CPU utilization in compilation procedures and large software deployments, Microsoft indicated. They also can access a machine timeline, login events and other security insights.
The Defender for Endpoint Linux EDR capabilities announcement comes after Microsoft in September 2020 rebranded its cybersecurity portfolio. As part of the effort, Microsoft rebranded Defender Advanced Threat Protection as Defender for Endpoint.
Defender for Endpoint is an endpoint security solution designed to help organizations discover and remediate vulnerabilities in real time and delivers preventative protection, post-breach detection, automated investigation and response and security insights from Microsoft Threat Experts. Palo Alto Networks, Red Canary and other cybersecurity companies have integrated Defender for Endpoint capabilities into their security offerings.