Microsoft Defender now offers improved protection for Linux endpoints, with the ability to isolate vulnerable devices just as effectively as it does on Windows.
(https://www.bleepstatic.com/content/hl-images/2020/11/17/Defender-ATP-Linux.jpg)
This new feature works in the same way on Linux as it does on Windows, disabling the device's communication with the network while still allowing Defender for Endpoint to monitor it. In certain attack scenarios, isolating the endpoints can help prevent the attacker from using them, and it is recommended to use a split-tunneling VPN to protect Microsoft Defender for Endpoint and Microsoft Defender Antivirus cloud-based protection data.
This feature is supported on a wide range of Linux distributions, including Red Hat Enterprise Linux, CentOS, Ubuntu, Debian, SUSE Linux Enterprise Server, Oracle Linux, Amazon Linux, and Fedora. When a device is isolated, only certain processes and websites are allowed to run, so it's important to keep that in mind when using a VPN tunnel connected to the device.
To manually isolate a Linux endpoint, navigate to the device page on the Microsoft 365 Defender portal and click "Isolate Device". After the action has been completed, you can reconnect the device from the same menu.
Overall, these improvements to Microsoft Defender provide greater flexibility and protection for both Windows and Linux endpoints.
Microsoft has launched a security update for Windows 11 version 22H2, which is available for download through the Microsoft Security Compliance Toolkit. The release focuses on enhancing the security measures provided for corporate clients.
The security update has made changes to improve the security of drivers, credentials, printers, DNS, and account lock protection, further protecting hardware devices.
One of the key features of Windows 11's new security level is hardware stack protection in kernel mode, which provides additional hardware protection to the kernel code from malware. This feature is supported by systems with chipsets that support hardware shadow stacks, such as Intel Control-flow Enforcement Technology or AMD Shadow Stacks.
Moreover, the updated security level now protects the kernel from common exploits such as return-oriented programming and transition-oriented programming, blocking any natural process changes and automatically initiating exceptions.
The update also incorporates protection against phishing attacks for users by offering Windows Defender SmartScreen Enhanced Phishing Protection. The solution is specifically designed for those who authenticate via username and password.
Windows 11 22H2 reduces the attack surface by blocking vulnerable signed drivers to prevent applications from writing these drivers to disk. The update also mitigates brute-force attacks by blocking the administrator account.
Administrators can use Microsoft's recommended Basic Group Policy Object settings to reduce the attack surface and enhance the security status of enterprise endpoints running Windows. These settings are based on feedback from Microsoft security engineers, partners, and customers.
For easy download, the basic security level of Windows 11 22H2 is now available in the Microsoft Security Compliance Toolkit, which provides backups and GPO reports and scripts for setting parameters to local GPOs, among other functionalities.
Microsoft Defender for Endpoint is a comprehensive security solution that provides endpoint protection for Linux systems. One of the key features of Microsoft Defender for Endpoint is endpoint isolation, which helps improve the security posture of Linux systems.
Endpoint isolation (also known as network isolation) is a security measure that restricts the network communication of an endpoint, such as a Linux machine, to limit its exposure to potential threats. By isolating the endpoint from the rest of the network, organizations can contain and mitigate the impact of security incidents or breaches.
With Microsoft Defender for Endpoint, Linux systems can benefit from endpoint isolation through the implementation of network restrictions and segmentation. This helps prevent lateral movement of threats within the network and reduces the attack surface for potential exploits.
By enhancing Linux protection with endpoint isolation, Microsoft Defender for Endpoint can help organizations strengthen their overall security defenses and better safeguard their critical assets and data. This feature is part of Microsoft's commitment to providing robust security solutions for diverse IT environments, including those running on Linux.
Microsoft Defender for Endpoint's enhanced Linux protection with endpoint isolation utilizes the power of network filtering to control and restrict communication between the protected Linux endpoint and the rest of the network. This approach allows organizations to create granular policies to control inbound and outbound traffic from the Linux endpoints, effectively limiting potential attack vectors.
Endpoint isolation in Microsoft Defender for Endpoint provides organizations with the ability to define and enforce network segmentation rules, restricting lateral movement and effectively containing the impact of security incidents on Linux systems. This capability is particularly crucial in modern IT environments where cross-platform protection is essential for comprehensive security.
Furthermore, by integrating with Microsoft's vast threat intelligence network, Defender for Endpoint can provide real-time insights into emerging threats and enable proactive threat hunting and response for Linux environments. This ensures that organizations can stay ahead of evolving threats and maintain a strong security posture across their entire infrastructure, including Linux endpoints.
Additionally, Microsoft Defender for Endpoint provides visibility into network traffic and communication patterns on Linux systems, allowing security teams to gain insights into potential security risks and anomalous behavior. These insights empower organizations to make informed decisions about network access and implement proactive measures to prevent security incidents.
Furthermore, the integration of Microsoft Defender for Endpoint with the Microsoft 365 security stack provides seamless cross-platform visibility and threat detection, enabling organizations to leverage a unified security approach across their diverse IT environments. This holistic security strategy encompasses Windows, macOS, and Linux endpoints, ensuring consistent protection and response capabilities.
By leveraging endpoint isolation and the broader capabilities of Microsoft Defender for Endpoint, organizations can strengthen their defense-in-depth security posture for Linux systems, effectively mitigating threats and reducing the attack surface. This comprehensive approach helps safeguard critical assets and data while enabling secure and productive use of Linux-based resources within the organization.