Microsoft has announced the public preview of Microsoft Defender Advanced Threat Protection (ATP) antivirus for Linux, as ZDNet reported it would at some point in 2020.
The new Defender Linux endpoint protection rounds out Microsoft Defender ATP on the desktop after Microsoft added support for macOS last year and changed its name from Windows Defender ATP.
Next, Microsoft is looking to add support for mobile, bringing Microsoft Defender to iOS and Android, which it’s previewing this week at the RSA Conference.
“We’re aiming to protect the modern workplace environment across everything that it is, being Microsoft or non-Microsoft. We’re protecting endpoints across Mac and today we’re extending this endpoint protection to Linux and to iOS and Android,” Moti Gindi, corporate vice president of Microsoft Defender ATP told ZDNet.
Microsoft has also announced general availability of Microsoft Threat Protection, a bundle of services that includes Microsoft Defender ATP, Office ATP, Azure ATP, and its cloud app security suite.
“We’re trying to be holistic across endpoint, identity, data, and applications that relate directly or indirectly to Microsoft platforms,” said Gindi.
“Of course, the fact that many organizations are using Windows and Office and Active Directory as the backbone of the cooperating systems also means we need to protect these systems.”
MTP relies on Microsoft’s access to vast amounts of information from different devices, email accounts, identities through Azure Active Directory, and applications such as Office 365.
The MTP service promises to help security operations-center teams understand threats across these domains by providing security experts’ information in a single dashboard.
“You must be an expert in the domain, but you also need to be an expert across the domain – to stick data across endpoints, email, cloud, identity, and applications, and then connect it into to make one basis for detection, and even more importantly remediation and prevention,” explained Gindi.
MTP also feeds data to Microsoft’s Azure Sentinel, its cloud-based security information and event manager (SIEM) that launched publicly last September.
Sentinel gathers information from sources such as the OS, applications, antivirus, database, and server logs to build threat intelligence for security teams. MTP shares alerts and threat intelligence with Sentinel allowing security teams to view and manage threats across Microsoft and third-party security products.
MTP is available to customers on Microsoft 365 E5, Microsoft 365 E5 Security, Office 365 E5, Enterprise Mobility + Security E5, and Windows E5.
Microsoft is also making a grab for customers using cloud rival Amazon Web Services. Until the end of June 2020 Microsoft is offering a free import of data from AWS CloudTrail data into Sentinel.
AWS CloudTrail data includes logs of all event history in AWS services. There are data-retention charges after 90 days, but the Sentinel service is aimed at helping security teams identify and respond to threats in an AWS environment.