Microsoft is ready to bring its fileless malware detection chops to Linux. The company plans to use its expertise in malware to fight against these types of threat on this platform.
This preview for Linux comes nearly 18 months after a similar release for Windows.
And is designed to detect this breed of malware that inserts itself into memory before attempting to hide its tracks. It usually hits via a software vulnerability, then removes any trace of itself on the disk, ultimately making detection on the disk tricky.
Since this malware hides in RAM, a reboot is often all you need to rid yourself of it.
But the thing with Linux servers is that they tend to not be rebooted as often as other platforms. This allows fileless threats to linger in memory for a longer duration, where it performs its nefarious activities without much fear of detection.
Up until now, that is.
For this new Microsoft technology scans the memory of all processes that have the footprint of a fileless toolkit. It then promptly fires off a warning in the Azure Security Center with details, so that an admin can decide what action to take against that threat.
Redmond says that the scan is not at all invasive, and the vast majority of them take less then 5 seconds to run. More importantly, memory analysis is performed on the host itself.
If you are ready to take these capabilities for a test drive, then you can sign up for the preview. You will need the Log Analytics Agent for Linux installed on your machine, along with a supported distribution of course.
But seeing as a large fraction of users run Linux on Azure, this powerful new capability really comes at a right time.