Microsoft Defender for Endpoint embraces non-Windows endpoints
The latest beta of Microsoft's Defender for Endpoint now extends its security and protection capabilities to endpoints on Linux, macOS, iOS, and Android. No additional charge is required.
Over the years, Microsoft has continued to improve its endpoint protection solution (devices at the end of the network). After a slight grooming in 2019, Defender ATP was added last year with an advanced threat detection (EDR) component first called Defender XDR before being finally renamed Defender for Endpoint. Available for a few months in beta (public preview), this version is now taking a leap forward with support for non-Windows devices.
This support should help companies to detect more easily, and above all respond more quickly to security incidents involving a wide variety of terminals connected to the IS. This problem is all the more important given that hackers are attacking this equipment more and more often and no longer only on fixed and mobile PCs running Windows. By targeting these terminals, malicious actors hope to gain easier access to resources and / or privileges (network, applications, databases, etc.) via lateral movements in particular. According to the latest figures from Microsoft's RSSI, Bret Arsenault, users are 71% more likely to be infected through a terminal not administered by the company.
Policies to be defined for employee personal terminals
Companies that have already implemented the last beta of Defender for Endpoint can now have visibility on unmanaged terminals connected to the IS running on Linux, macOS, iOS and Android. But also network equipment such as routers, firewalls, WLAN controllers, etc. The detection process takes a few minutes, according to Microsoft. Following this support, it is possible to create workflows to integrate and secure these terminals and equipment to the company's IS. IT teams will be able to more easily configure them to receive the latest security updates. Note, important clarification, that Defender for Endpoint does not enroll by default the personal terminals of employees so as not to appear on the inventory list of terminals to be controlled. It is therefore up to the company to set up specific access and connection rules, for example by prohibiting any foreign and unrecognized terminal not to connect to the company's IS like a zero trust approach.
To access this function, no hardware or software deployment is required, knowing that it does not change anything in the security processes already in force. Notifications and recommendations for action are simply sent to administrators and IT / security managers who can decide whether or not to follow them. However, Defender for Endpoint requires an Azure Defender license to function. Note that the solution integrates natively with Microsoft's Security Center and provides access to additional information such as the alert process tree or even incident graphs. Detailed chronologies of incidents as well as details of behavior are also accessible for a period which may extend to 6 months.
Comprehensive security and protection functions
The other features of Defender for Endpoint are quite extensive, with advanced detection sensors for security breaches and unknown threats backed by cloud analytics capabilities. But also the generation of alerts taking into account the databases of third-party security information and white hackers. "Defender for Endpoint includes risk-based vulnerability assessment and management, attack surface reduction, latest-generation behavior-based, cloud-powered endpoint protection, incident detection and response , investigation and remediation automation, managed threat research services, rich APIs, and unified security management, ”says Microsoft.