This month, Microsoft announced that new operational technology and Internet of Things capabilities are now available in public preview for on-premises deployment. Microsoft’s Azure Defender for IoT incorporates agentless, IoT/OT-aware behavioral analytics to address cybersecurity risks.
“As industrial and critical infrastructure organizations implement digital transformation, the number of networked IoT and Operational Technology (OT) devices has greatly proliferated. Many of these devices lack visibility by IT teams and are often unpatched and misconfigured, making them soft targets for adversaries looking to pivot deeper into corporate networks,” writes Phil Neray, Director of Azure IoT Security Strategy. “Business risks include financial losses due to production downtime, corporate liability from safety and environmental incidents, and theft of sensitive intellectual property such as proprietary formulas and manufacturing processes.”
Azure Defender for IoT addresses these risks by discovering unmanaged IoT/OT assets, identifying IoT/OT vulnerabilities, and continuously monitoring for threats. Users have the option of securely connecting to Azure Sentinel to eliminate IT/OT silos and provide a unified view of threats across both IT and OT environments. And the solution also integrates with third-party tools like Splunk, IBM QRadar, and ServiceNow.
“[M]ost of today’s IoT/OT devices are “unmanaged” because they do not get provisioned, are not monitored, and lack built-in security such as agents or automated updates,” Neray writes. “As a result, most IT security organizations have limited or no visibility into their OT networks. What’s more, these devices are often unpatched and misconfigured, making them soft targets for adversaries looking to pivot deeper into corporate networks.”
Azure Defender for IoT can provide OT threat alerts in real time. These include alerts related to a unauthorized device connected to the network, an unauthorized connection to the internet, unauthorized remote access, unauthorized PLC programming, and more.
“Integration with existing SOC workflows is key to removing IT/OT silos while delivering unified monitoring and governance across both IT and OT. To help automate this complex security challenge, we’ve also beefed up Azure Sentinel with IoT/OT-specific SOAR playbooks,” Neray writes. “Combined with previous support in Azure Security Center for IoT for protecting managed IoT/OT devices connected via Azure IoT Hub, these new capabilities enable organizations to accelerate their digital transformation initiatives with a combined solution for both unmanaged and managed devices.”