Azure Defender for IoT enters public preview

Image: Microsoft

Microsoft’s security solution for smart devices and industrial equipment —known as Azure Defender for IoT— has entered public preview this week.

Azure Defender for IoT (previously Azure Security Center for IoT) was announced earlier this month at the Microsoft Ignite 2020 developer conference.

The product is a security solution for companies that manage IoT (Internet of Things) or OT (Operational Technology, aka industrial equipment) networks.

Smart devices and industrial equipment usually don’t have the resources to run dedicated security software, or their firmware doesn’t allow add-on software to be installed.

Additionally, IoT and OT systems also run on specialized industrial protocols (Modbus, DNP3, BACnet, etc.), for which classic antivirus and security software isn’t designed to inspect.

Azure Defender for IoT is a solution for companies that have large fleets of IoT/OT gear and works by passively inspecting all the network traffic inside a company to discover, inventory, and then monitor IoT and OT devices.

“You can deploy these capabilities fully on-premises without sending any data to Azure,” said Phil Neray, Director of Azure IoT Security Strategy at Microsoft. “Or, you can deploy in Azure-connected environments using our new native connector to integrate IoT/OT alerts into Azure Sentinel, benefiting from the scalability and cost benefits of the industry’s first cloud-native SIEM/SOAR platform.”

For any threats detected on a network, Azure Defender for IoT will send an alert to a local on-premise dashboard or to a cloud-based Azure Sentinel instance.

Detection capabilities include the likes of:

Unauthorized device connected to the networkUnauthorized connection to the internetUnauthorized remote accessNetwork scanning operation detectedUnauthorized PLC programmingChanges to firmware versions”PLC Stop” and other potentially malicious commandsDevice is suspected of being disconnectedEthernet/IP CIP service request failureBACnet operation failedIllegal DNP3 operationMaster-slave authentication errorKnown malware detected (e.g., WannaCry, EternalBlue)Unauthorized SMB login

azure-defender-iot-alerts.pngazure-defender-iot-alerts.png

Azure Defender for IoT sample alert

Image: Microsoft

Microsoft says Azure Defender for IoT comes with out-of-the box integration with third-party IT security tools like Splunk, IBM QRadar, and ServiceNow.

It also can work out-of-the-box with existing OT environments using automation equipment from all major OT suppliers, such as Rockwell Automation, Schneider Electric, GE, Emerson, Siemens, Honeywell, ABB, and Yokogawa.

Neray said Azure Defender for IoT would be free of charge during public preview.

Access the original article
More Stories
Venture funding soars to record $64 billion in Q1, Ernst & Young says