Microsoft has announced the arrival of a first preview of the Microsoft Defender Advanced Threat Protection (ATP) antivirus for Linux,
The new Defender Linux complements Microsoft Defender ATP for the desktop: Microsoft had added support for macOS last year and changed its name to remove the mention of Windows.
For the next steps, Microsoft is looking to develop support for mobile OS, by bringing Microsoft Defender to iOS and Android. He will present these versions in preview this week at the RSA conference.
“We aim to protect the modern workplace in all that it is, be it Microsoft or not Microsoft. We protect devices on Mac and today we extend this protection to Linux, iOS and Android, ”Moti Gindi, vice president of Microsoft Defender ATP, told .
Microsoft also announced the general availability of Microsoft Threat Protection, a set of services that includes Microsoft Defender ATP, Office ATP, Azure ATP and its security suite for cloud applications.
“We try to be holistic about devices, identity, data and applications that relate directly or indirectly to Microsoft platforms,” said Gindi.
“Of course, the fact that many organizations use Windows and Office and Active Directory as the backbone of cooperating systems also means that we need to protect those systems.”
MTP relies on Microsoft’s access to large amounts of information from different devices, email accounts, identity management via Azure Active Directory and applications such as Office 365.
The MTP service promises to help SOC teams understand threats in these areas by providing information to security experts in a single dashboard.
“You have to be an expert in the field, but you also have to be an expert on the whole domain – to retrieve data between endpoints, email, cloud, identity and apps and then connecting them to form a basis for detection, and more importantly, remediation and prevention, “said Gindi.
MTP also provides data to Microsoft Azure Sentinel, its cloud-based security information and event handler (SIEM), which was launched publicly in September.
Sentinel collects information from sources such as the operating system, applications, antivirus, database, and server logs to create threat information for security teams. MTP shares alerts and threat information with Sentinel, allowing security teams to view and manage threats on Microsoft and third-party security products.
MTP is available for customers on Microsoft 365 E5, Microsoft 365 E5 Security, Office 365 E5, Enterprise Mobility + Security E5 and Windows E5.
Microsoft is also trying to bring customers using Amazon Web Services back into its fold. Until the end of June 2020, Microsoft offers free data import from AWS CloudTrail into Sentinel.
AWS CloudTrail data includes logs of all event history in AWS services. Data retention fees are charged after 90 days, but the Sentinel service aims to help security teams identify and respond to threats in an AWS environment.