Microsoft Defender for Endpoint gets a new function: The security software, which is used in many companies, can also isolate Linux computers in the network in the future. The new feature is initially only available to customers as a preview.
If a Linux computer has become the target of an attack, admins and security teams can remove it from the rest of the network in the future. This should prevent an attacker with control over the Linux system from spreading in the company network and sucking off data or spreading the attack laterally. The infected Linux computer can be isolated either manually via the Microsoft 365 Defender portal or via API. The procedure in both cases describes Microsoft’s blog post on the new feature.
Isolated from others, but not from Defender for Endpoint
Isolated computers then no longer have access to the other devices in the network, but the connection to Defender for Endpoint remains. This allows both further monitoring of the device and bringing it back into the network after the malware has been successfully removed. However, Microsoft points out that contact with the Defender for Endpoint cloud service is no longer possible if the isolated device is hidden behind a VPN tunnel. The company therefore recommends using a split tunneling VPN for the exchange of data relevant to protection with Microsoft’s security software.
Defender for Endpoint can isolate all Linux distributions that the software supports: RHEL, CentOS, Ubuntu, Debian, SLES, Oracle Linux, Amazon Linux and Fedora. Microsoft is asking for feedback from the security teams on the new preview feature.
(jvo)
To home page
