Skip to main content

Protect both managed and unmanaged IoT/OT devices with Azure Defender for IoT

Published date: September 22, 2020

Azure Defender for IoT, a rebranding of Azure Security Center for IoT, is launching new features from the CyberX acquisition to provide agentless security for unmanaged IoT/Operational Technology (OT) devices alongside existing security for managed devices. Now, you can protect your entire IoT stack, from the devices to the cloud.

Azure Defender for IoT collects information using non-invasive Network Traffic Analysis (NTA) via an on-premises sensor connected to the SPAN port of a network switch, with zero performance impact on the OT network. The solution is straightforward to deploy due to its agentless architecture, use of machine learning, and specialized behavioral analytics that eliminate the need to configure any rules or signatures.

These new capabilities will enable Azure Defender for IoT to provide:

  • Automatic asset discovery of unmanaged IoT/OT devices - Automatically discover all IoT/OT assets, even across diverse industrial automation vendors. Azure Defender for IoT gives you visibility into asset details such as manufacturer, type, and IP/MAC addresses, and allows you to visualize how those devices communicate with each other.
  • IoT/OT risk and vulnerability management - Identify the greatest risks facing your most important crown jewel assets. Proactively address vulnerabilities such as unpatched devices, open ports, and unauthorized applications. Immediately detect changes such as unauthorized devices, configuration changes, or updates to programmable logic controller (PLC) logic and firmware.
  • Continuous IoT/OT threatmonitoring - Rapidly triage alerts, investigate root causes, and proactively hunt for new threats. Detect anomalous activity with IoT/OT-aware behavioral analytics and detect threats such as zero-day malware or living-off-the-land tactics. Quickly investigate and pivot deeper with full-fidelity packet captures (PCAPs).
  • Integration into Azure Sentinel and other third-party solutions - Empower your existing security operations workflows with integration into Azure Sentinel and third-party solutions. With deep Azure Sentinel integration, detect and respond to multistage attacks across IT/OT boundaries and hunt for threats spanning servers, users, data, and more. Azure Sentinel is also being enhanced with OT-specific Security Orchestration and Automation (SOAR) playbooks and OT-specific threat intelligence. Plus, enable your SOC team with built-in integrations with a broad range of third-party tools such as Splunk, IBM QRadar, and ServiceNow.

Review the documentation.

Read the blog.

Visit the Azure Defender for IoT product page.

  • Security