Microsoft this week has responded to its customers' appeals for more options for Linux OS support by expanding the capabilities of Defender for Endpoint on Linux, a cloud-based product that includes vulnerability management and assessment, and endpoint detection and response (EDR) on Linux servers.
Security researchers say this move by Microsoft makes sense because Linux OSs dominate on Microsoft’s Azure cloud and will let their customers focus on securing Linux-based cloud apps.
As part of the move to improve its Linux offerings, Microsoft made Linux EDR “live response” available earlier this week. Microsoft developed live response to enhance investigations by allowing security operations teams to do the following: collect forensic data, run scripts, send suspicious entities for analysis, remediate threats, and proactively hunt for emerging threats. Microsoft also broadened its Linux OS support to include Amazon Linux 2 and Fedora 33+. Additionally, the public previews of RHEL6.7+ and CentOS 6.7+ are now available.
Bill Lawrence, chief information security officer at SecurityGate, said Microsoft continues to impress by its willingness to secure the supply chain beyond its own products and OSs. Lawrence said Microsoft Defender for Endpoint on Linux protection can help the war against ransomware, malicious crypto mining, and data exfiltration by detecting these behaviors and alerting Linux users.
“Spreading more security out into the internet and connected devices helps reduce targeting towards Microsoft, as well,” Lawrence said. “Throw in their announcements on software bills of materials for all of their product lines and Microsoft has shown they are really upping their commitment to a more secure cyber world.”
Slowly but surely, the industry has gotten used to the idea of Windows and Linux co-existing as equal operating systems within the Microsoft ecosystem, said Dor Dali, director of information security at Vulcan Cyber. Dali said Microsoft understands that there’s no cloud without Linux — and they are taking significant steps to secure Linux within Azure Cloud on par with Windows.
“Linux servers account for about 90 percent of cloud infrastructure, which makes the Linux footprint a key target for attackers, and we’ve seen this in the rise of Linux ransomware variants, Dali said. “Microsoft is wise to wrap Azure Linux with the tools necessary to deliver a secure cloud environment.”
Dali added that all of the major cloud service providers have stepped up their security game with the understanding that security remains one of the last remaining barriers to cloud adoption for many organizations. Following AWS’ lead, Google and Microsoft added their own embedded, native security tools to their service offerings. Dali said Google On-Demand Scanning and Azure Security Center both offer built-in vulnerability scanning capabilities. And finally, Oracle has been the latest provider to join the party, with an embedded scanner for their own infrastructure instances.
John Bambenek, principal threat hunter at Netenrich, said Microsoft has been breaking down the wall between their platform and the Linux world for quite some time.
“Cloud infrastructure also has a large Linux footprint so Microsoft getting into this space shows that they realize one platform will not rule them all,” Bambenek said. “The reality is the enterprise threat landscape will often deal with attackers jumping between platforms, so this allows them to have a comprehensive security offering that will ultimately help them win market share from other cloud providers.”