- Microsoft Defender Advanced Threat Protection Announces For Linux In Public Preview
- Also, Microsoft is launching ATP for iOS and Android platforms soon.
- Microsoft Extending Threat Protection For Linux.
Whats is Microsoft Threat Protection (MTP)?
Microsoft Threat Protection (MTP) is an integrated experience with AI and automation built in that’s also built on our best-in-class Microsoft 365 threat protection services and pools their collective knowledge and capabilities to accrue to something even better.
It leverages and integrates these services’ industry-leading prevention, detection, investigation, and response techniques to help secure attack vectors across users, endpoints, cloud apps, and data. Empower defenders to move from reacting to employing their unique expertise to keep bad actors out.
MTP extends coordinated protection across platforms with Microsoft Defender Advanced Threat Protection (ATP) for Linux and across domains with Azure Sentinel
“Microsoft announces another step to offer security from Microsoft with the public preview of Microsoft Defender ATP for Linux. Extending endpoint threat protection to Linux has been a long-time ask from our customers and we’re excited to be able to deliver on that.
We know our customers’ environments are complex and heterogenous. Providing comprehensive protection across multiple platforms through a single solution and streamlined view is more important than ever. Next week at the RSA Conference, we’ll provide a preview of our investments in mobile threat defense with the work we’re doing to bring our solutions to Android and iOS.”
What Microsoft Defender Advanced Threat Protection (ATP) Do?
- Automatically block attacks and eliminate their persistence to keep them from starting again.
MTP looks across domains to understand the entire chain of events, identify affected assets, and protect your most sensitive resources. When, for example, a compromised user or an at-risk device tries to access confidential information, MTP applies conditional access and blocks the attack, delivering on the Zero Trust model.
- Prioritize incidents for investigation and response.
MTP lets you focus on what matters the most by correlating alerts and low-level signals into incidents to determine the full scope of the threat across Microsoft 365 services. Incidents provide a complete picture of the threat in real time and in a single, cohesive console.
- Auto-heal assets.
MTP identifies affected assets like users, endpoints, mailboxes, and applications, and returns them to a safe state. Automated healing includes actions like identifying and terminating malicious processes on endpoints and removing mail forwarding rules attackers put in place and marking users as compromised in the directory.
- Focus unique expertise on cross-domain hunting.
MTP empowers the security team to be proactive, giving them back the time they need to learn from our insights, harden defenses, and keep out more threats. It also lets them use their unique organizational knowledge like proprietary indicators of compromise, org-specific behavioral patterns, and free-form research to actively hunt for threats across domains with custom queries over raw data.