Azure Defender for IoT delivers agentless security for continuously monitoring Operational Technology (OT) devices in industrial and critical infrastructure networks. Incorporating IoT/OT-aware behavioral analytics from Microsoft's recent acquisition of CyberX, Azure Defender for IoT is available for on-premises deployments during Public Preview, with Azure-based deployment options to follow. Azure Defender for IoT is also deeply integrated with Azure Sentinel — the industry's first cloud-native SIEM/SOAR platform — and integrates with third-party tools like Splunk, IBM QRadar, and ServiceNow.
As enterprises implement digital transformation and Industry 4.0 for greater efficiency and productivity — requiring continuous network connectivity and real-time intelligence from plant operations — the security traditionally afforded by air-gapped Operational Technology (OT) networks is eliminated. Adding to the risk are greatly increased numbers of unmanaged IoT/OT devices. Boards and management teams are understandably concerned about the increased financial and liability risk.
These IoT/OT devices monitor and control Cyber-Physical Systems (CPS) such as industrial robots, building automation, mixing tanks, gas pipelines, and turbines[1]. Adversaries targeting this expanded attack surface can have a major corporate impact including costly production downtime, safety and environmental incidents, and theft of intellectual property such as proprietary formulas and manufacturing processes.
While Microsoft offers a number of end-to-end IoT security solutions for new or “greenfield” IoT deployments — including Azure IoT Hub, Azure Sphere and lightweight agents for embedded operating systems — most of today’s IoT/OT devices are “unmanaged” because they do not get provisioned, are not monitored, and lack built-in security such as agents or automated updates.
As a result, most IT security organizations have limited or no visibility into their OT networks. What’s more, these devices are often unpatched and misconfigured, making them soft targets for adversaries looking to pivot deeper into corporate networks.
Network security monitoring tools developed for IT networks are unable to address these environments because they’re blind to specialized industrial protocols (Modbus, DNP3, BACnet, etc.). They also lack an understanding of the specialized device types, applications, and machine-to-machine (M2M) behaviors in IoT/OT environments.
Azure Defender for IoT minimizes the risks created by digital transformation by providing IT teams with new visibility into industrial and critical infrastructure networks upon which our global community depends — in manufacturing, pharmaceuticals, chemicals, smart buildings, data centers, warehousing & logistics, life sciences, energy and water utilities, oil & gas, mining, retail, and transportation.
To learn more, check out the details below and view our on-demand technical presentation and demo at Ignite 2020.
Azure Defender for IoT is a rebranding of Azure Security Center for IoT. This rebranding is part of today's announcement of Azure Defender, an evolution of the threat protection technologies in Azure Security Center for protecting Azure and hybrid environments.
With the new capabilities provided by Azure Defender for IoT, Microsoft is making a major investment to help organizations understand their IoT/OT risk posture, mitigate risk, and continuously monitor for threats.
Incorporating agentless technology from Microsoft’s recent acquisition of CyberX, Azure Defender for IoT enables IT and OT teams to auto-discover their IoT/OT assets, identify critical vulnerabilities, and detect anomalous behavior with IoT/OT-aware behavioral analytics and machine learning — all without impacting IoT/OT stability or performance.
Available for on-premises deployments during Public Preview in October (with Azure-based deployment options to follow), Azure Defender for IoT is designed to fit right into existing environments, including diverse automation equipment from all major OT suppliers (Rockwell Automation, Schneider Electric, GE, Emerson, Siemens, Honeywell, ABB, Yokogawa, etc.).
To enable rapid detection and response for attacks that often cross IT/OT boundaries, it’s deeply integrated with Azure Sentinel — the industry’s first cloud-native SIEM/SOAR platform — and also integrates out-of-the box with third-party tools like Splunk, IBM QRadar, and ServiceNow.
Integration with existing SOC workflows is key to removing IT/OT silos while delivering unified monitoring and governance across both IT and OT. To help automate this complex security challenge, we’re also beefing up Azure Sentinel’s built-in IoT/OT security capabilities with IoT/OT-specific SOAR playbooks and IoT/OT threat intelligence.
Combined with previous support in Azure Security Center for IoT for protecting managed IoT devices connected via Azure IoT Hub, these new capabilities enable organizations to accelerate their digital transformation initiatives with a single solution for both managed (or “greenfield") devices and unmanaged devices.
Azure Defender for IoT addresses multiple dimensions of IoT/OT security including:
Azure Defender for IoT provides holistic IoT/OT security including asset discovery, vulnerability management, and continuous threat monitoring, combined with deep Azure Sentinel integration.
Azure Defender for IoT uses passive monitoring and Network Traffic Analysis (NTA) — combined with patented, IoT/OT-aware behavioral analytics — to extract detailed IoT/OT information in real-time. To capture the traffic, it uses an on-premises sensor which is deployed as a virtual or physical appliance connected to a network SPAN port or tap. The benefits of this approach are:
Rapid non-invasive deployment leveraging patented IoT/OT-aware behavioral analytics
Azure Sentinel offers all the benefits we’ve come to expect from native cloud-based services, including reduced complexity, built-in scalability, lower TCO, and continuous threat intelligence and software updates.
Azure Sentinel is now being enhanced with built-in IoT/OT security capabilities that set it even further apart from traditional SIEMs, including:
Azure Defender for IoT provides deep visibility into Operational Technology (OT) assets, vulnerabilities, and threats, generating real-time alerts that can be forwarded to Azure Sentinel and third-party solutions such as Splunk, IBM QRadar, and ServiceNow
You can try the on-premises version of Azure Defender for IoT for free during the Public Preview period starting in October. Visit aka.ms/AzureDefenderForIoT to learn more, or contact your account manager for a demo.
Check out the Ignite 2020 technical session and demo: “Azure Defender for IoT including CyberX.”
[1] OT is an umbrella term that covers industrial internet of things (IIoT); industrial control systems (ICS); supervisory control and data acquisition (SCADA); and process control networks (PCN).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.