Azure Defender for IoT can help companies keep track of IoT/OT networks without having to install anything on their smart devices and industrial equipment.
Microsoft’s security solution for smart devices and industrial equipment —known as Azure Defender for IoT— has entered public preview this week.
Azure Defender for IoT (previously Azure Security Center for IoT) was announced earlier this month at the Microsoft Ignite 2020 developer conference.
The product is a security solution for companies that manage IoT (Internet of Things) or OT (Operational Technology, aka industrial equipment) networks.
Smart devices and industrial equipment usually don’t have the resources to run dedicated security software, or their firmware doesn’t allow add-on software to be installed.
Additionally, IoT and OT systems also run on specialized industrial protocols (Modbus, DNP3, BACnet, etc.), for which classic antivirus and security software isn’t designed to inspect.
Azure Defender for IoT is a solution for companies that have large fleets of IoT/OT gear and works by passively inspecting all the network traffic inside a company to discover, inventory, and then monitor IoT and OT devices.
“You can deploy these capabilities fully on-premises without sending any data to Azure,” said Phil Neray, Director of Azure IoT Security Strategy at Microsoft. “Or, you can deploy in Azure-connected environments using our new native connector to integrate IoT/OT alerts into Azure Sentinel, benefiting from the scalability and cost benefits of the industry’s first cloud-native SIEM/SOAR platform.”
For any threats detected on a network, Azure Defender for IoT will send an alert to a local on-premise dashboard or to a cloud-based Azure Sentinel instance.
Detection capabilities include the likes of:
- Unauthorized device connected to the network
- Unauthorized connection to the internet
- Unauthorized remote access
- Network scanning operation detected
- Unauthorized PLC programming
- Changes to firmware versions
- “PLC Stop” and other potentially malicious commands
- Device is suspected of being disconnected
- Ethernet/IP CIP service request failure
- BACnet operation failed
- Illegal DNP3 operation
- Master-slave authentication error
- Known malware detected (e.g., WannaCry, EternalBlue)
- Unauthorized SMB login
Microsoft says Azure Defender for IoT comes with out-of-the box integration with third-party IT security tools like Splunk, IBM QRadar, and ServiceNow.
It also can work out-of-the-box with existing OT environments using automation equipment from all major OT suppliers, such as Rockwell Automation, Schneider Electric, GE, Emerson, Siemens, Honeywell, ABB, and Yokogawa.
Neray said Azure Defender for IoT would be free of charge during public preview.