Azure Defender for IoT, Microsoft’s cybersecurity solution for IoT and OT devices, has entered public preview to help protect industrial and critical infrastructure that depend on those devices.
The new solution incorporates agentless, IOT/OT-aware behavioral analytics from Microsoft’s recent acquisition of CyberX. It addresses these risks by discovering unmanaged assets, identifying vulnerabilities and continuously monitoring for threats, according to a Microsoft blog.
The solution, first announced at Microsoft’s Ignite 2020, allows organizations to deploy those capabilities fully on-premises without sending data to Azure. Customers can also deploy in Azure-connected environments using the company’s new native connector to integrate IoT/OT alerts into Azure Sentinel.
According to the company’s blog, the solution allows IT teams to auto-discover unmanaged IoT assets, identify critical vulnerabilities and detect anomalous or unauthorized behavior without impacting performance.
Azure Defender for IoT delivers insights within minutes of being connected to the network, leveraging patented IoT/OT-aware behavioral analytics and machine learning to eliminate the need to configure any rules, signatures, or other static IOCs.
To capture the traffic, it uses an on-premises network sensor deployed as a virtual or physical appliance connected to a SPAN port or tap. The sensor implements non-invasive passive monitoring with Network Traffic Analysis (NTA) and Layer 7 Deep Packet Inspection (DPI) to extract detailed IoT/OT information in real-time.
You also benefit from out-of-the box integration with third-party IT security tools like Splunk, IBM QRadar, and ServiceNow. Plus, it’s designed to fit right into existing OT environments, even across diverse automation equipment from all major OT suppliers (Rockwell Automation, Schneider Electric, GE, Emerson, Siemens, Honeywell, ABB, Yokogawa, etc.).
Integration with existing SOC workflows is key to removing IT/OT silos while delivering unified monitoring and governance across both IT and OT. To help automate this complex security challenge, we’ve also beefed up Azure Sentinel with IoT/OT-specific SOAR playbooks and
Combined with previous support in Azure Security Center for IoT for protecting managed IoT/OT devices connected via Azure IoT Hub, these new capabilities enable organizations to accelerate their digital transformation initiatives with a combined solution for both unmanaged and managed devices.
Azure Defender for IoT will alert users in the event of unauthorized devices connected to the network, unauthorized internet connections, unauthorized remote access, unauthorized PLC programming, changes to firmware, malware detection and other events.
Organizations can try it free at no charge during the public preview.