In today’s rapidly evolving digital landscape, enterprises are increasingly relying on Linux-based servers to run their critical workloads. Securing your Linux servers is paramount to safeguarding sensitive data, ensuring business continuity, and maintaining trust with your customers.
But what about balancing performance with security? Many organizations are running a diverse server infrastructure and rely on low-resource configurations due to various constraints. Optimizing security for single-core or dual-core systems without compromising performance is a key challenge. As organizations continue to innovate and diversify their server estates, the need for cybersecurity solutions that scale across both high-performance and low-resource configurations is greater than ever.
Today, we’re excited to announce that Microsoft Defender can now be deployed to low-resource Linux environments, including single and dual core configurations to meet the diverse needs of organizations.
Intelligent performance optimization
Microsoft Defender uses a sensor framework powered by eBPF (extended Berkeley Packet Filter) technology, when deployed on Linux servers. Unlike traditional security solutions that rely on kernel modules, eBPF allows Microsoft Defender to monitor system activities in a lightweight and non-intrusive manner, enhancing efficiency without compromising security—even in low-resource environments. Today the eBPF sensor consumes less than 1% CPU on average when installed on Linux machines.
Key to our ability of maintaining system performance is our intelligent performance optimization. It ensures that Defender stays within memory and CPU limits, by adaptively managing resource consumption and ensuring that security measures do not interfere with essential processes. Additionally, we incorporated smart data collection and preprocessing, which helps make sure only relevant data is processed, further reducing system resource consumption.
Lastly, a rich exclusion framework allows administrators to tailor security settings and exclusions, so critical applications and processes can operate unhindered while still achieving a strong security posture.
Our architecture combines eBPF, intelligent data processing, and configurable exclusions, to ensure that Microsoft Defender is an effective solution for performance-sensitive Linux workloads. It provides real-time protection with behavioral monitoring and threat detection, without sacrificing efficiency, even on low-resource configurations.
Enterprise-grade security for all platforms
Insights from Microsoft’s research teams show that a common reason for compromise is that organizations didn’t protect their servers as part of their endpoint security deployment and strategy. But for security to be effective, it must cover the entire endpoint estate across end user devices, mobile and IoT devices, and server workloads - on-premises and in the cloud.
Microsoft Defender provides AI-powered endpoint security for all platforms - including Windows and Linux servers - with industry-leading antivirus, intelligent real time protection and the most comprehensive detection, and response experience within Microsoft’s unified security operations experience.
More information
- Start protecting your servers today with a free trial.
- Learn more about Defender for Servers and get started today.
- Check out our documentation to learn more about deploying Microsoft Defender on Linux devices.
Microsoft