- Jul 27, 2015
Organizations using Microsoft's Defender for Endpoint will now be able to isolate Linux devices from their networks to contain intrusions and whatnot.
The device isolation capability is in public preview and mirrors what the product already does for Windows systems. "Some attack scenarios may require you to isolate a device from the network," Microsoft wrote in a blog post. "This action can help prevent the attacker from controlling the compromised device and performing further activities such as data exfiltration and lateral movement. Just like in Windows devices, this device isolation feature." Intruders won't be able to connect to the device or run operations like assuming unauthorized control of the system or stealing sensitive data, Microsoft claims.
According to the vendor, when the device is isolated, it is limited in the processes and web destinations that are allowed. That means if they're behind a full VPN tunnel, they won't be able to reach Microsoft's Defender for Endpoint cloud services. Microsoft recommends that enterprises use a split-tunneling VPN for cloud-based traffic for both Defender for Endpoint and Defender Antivirus. Once the situation that caused the isolation is cleared up, organizations will be able to reconnect the device to the network.