Forum Widgets
Latest Discussions
Azure Security Center for IoT Webinar
Interested in learning about Azure Security Center for IoT? Check out our upcoming webinar. Details and registration at https://aka.ms/ASCIoTWebinar. Azure Security Center for IoT is a new solution that allows organizations to easily protect their IoT deployments with threat protection driven by Microsoft’s unique threat intelligence. You can find more information about it at https://docs.microsoft.com/en-us/azure/asc-for-iot/overview. The webinar will take place on Monday, August 5, 2019 at 08:00 PT / 11:00 ET / 15:00 GMT. Afterward, the recording will be posted to https://aka.ms/ASCIoTRecordings. We hope you’ll join us!Microsoft Ignite is around the corner!
I would love to meet IoT customers and discuss the future of IoT Security! My colleagues and I are available to meet you, feel free to reach out. Additionally, we have two sessions where you can come and hear more about IoT Security: Breakout session - BRK3191, where I'll present an in-depth overview of our product and the challenges of IoT Security. I'll have the honor to host Ofir Barzilayand Idan Perkal, who will give a demo of one of the most impactful attacks in the IoT history. Please note, space is limited, you should register in advance through the schedule builder. Theather session - THR3165, where Idan Perkal and Ofir Barzilay will present the end to end security posture of Azure IoT using ASC for IoT. Looking forward to meeting you all at Ignite!Take Azure Defender for IoT for a Spin
Intended audience: Security and OT engineering enthusiasts, looking to secure unmanaged critical networks used by IoT/OT devices such as Building Management Systems, Manufacturing, Critical Infrastructureand more! Introduction You’ve read the product materialsand would like to get started with securing your IoT/OT network – in this blog post, we will focus on setting up a sensor on your critical networks - without impacting IoT/OT stability or performance (If you missed it, you can read more about the capabilities of Azure Defender for IoT here). The goal of this article is to guide you through setting up a sensor to demonstrate the value of the system, as well as a quick start for securing unmanaged IoT/OT devices. Try it now at no charge Try Azure Defender for IoT- This version includes the agentless security provided via the integration of CyberX, a Microsoft company, plus the ability to connect to Azure Sentinel. Preparing your environment Azure Defender for IoT monitors unmanaged devices that are used in Operational Technology (OT) environments such as manufacturing, building management systems (BMS), life sciences, energy and water utilities, oil & gas, and logistics. In the most basic configuration, Setting up your environment can be taken in 4 easy steps: 1. Setup a sensor The software for the sensor may be installed on physical servers or as a virtual machine. The sensor installation files can be downloaded from the Azure Defender for IoT portal, on the “Getting Started” -> “Network Sensor” tab. Log into your Azure Account and download the ISO installer for the sensor. Install the ISO from USB on a VM or physical server (see Hardware Guide and Installation Guide) Make sure to make a note of the administrative login credentials presented during the installation process. If your setup includes multiple sensors, you can also download the optional “On-Premises Management Console” which allows you to manage and monitor large sensor deployments. More on this in the Installation Guide, Chapter 8 2. Monitor a SPAN port The sensor implements non-invasive passive monitoring with Network Traffic Analysis (NTA) and Layer 7 Deep Packet Inspection (DPI) to extract detailed IoT/OT information in real-time, even across diverse automation equipment from all major OT suppliers such as: Rockwell Automation, Schneider Electric, GE, Emerson, Siemens, Honeywell, ABB, Yokogawa, etc. Locate a managed LAN switch connected to IoT/OT devices. These switches can typically be set up with monitoring ports (also called SPAN or mirror ports). Utilizing this technique, the sensor will passively monitor the OT network, without creating any traffic which might impact or risk devices on the network. Connect the monitoring port to the sensor’s monitoring interface (typically the first available ethernet card) For more information and configuration examples, see the Network Deployment Guide, Chapter 5 - “Traffic Monitoring.” 3. Register and Activate the Sensor Once the sensor has been connected to the monitor port – it will immediately begin to analyze the network traffic. The next step is to login to the sensor and activate it with an activation file available for your account, in the Azure Defender for IoT portal. Log into your Azure Account select the “Onboard” sensor button (underlined below): Next, fill in the sensor name and subscription details. The button for "cloud-connected" will optionally send alert information into IoT Hub and Sentinel for further analysis. If you have an air-gapped or completely on-premises implementation with no connection to the cloud, disable the "cloud-connected" button below before you generate your license. Download the activation file. This will be used in the next step to activate the sensor. Login to the sensor’s IP address, with the administrative credentials shown during the installation process. On the next screen – upload the activation file from the previous step. For more information and detailed steps, see the Onboarding Guide. 4. Start Exploring Now you’ve successfully installed your first sensor and you can start using the system – view the asset inventory, zoom in on the network map or generate a risk report. Conclusion Thank you for reading this blog post. There will be more blog posts to follow, which will enable you to get the best of out your system, which will include: what to do when malware is detected, connecting to Azure Sentinel, or simulating attack vectors, so please check back with us soon. Learn more with these educational resources: Watch our Ignite session showinghow Azure Defender for IoT and Azure Sentinel are combinedto investigate multistage attacks that cross IT/OT boundaries, using the TRITON attack on a petrochemical facility as an example. Watch ourTech Community webinar describing MITRE ATT&CK for ICS, an OT-focused version of the well-known MITRE ATT&CK framework originally developed for IT networks. Watch our SANS webinar featuring the head of Microsoft’s datacenter security program, aboutsecuring building automation systems using continuous OT security monitoring. Stay tuned for an upcoming webinar during which we’ll do a technical walkthrough of how to deploy and use Azure Defender for IoT. Troubleshooting No traffic is monitored on the sensor. Check that the monitoring port is connected to the correct ethernet port. Make sure the port is indeed a SPAN port by monitoring bandwidth on the port. For more troubleshooting, see the Network Setup Guide, Appendix 1 I cannot find a device in the Asset Inventory Make sure the device is connected to the network. Search for its MAC address in the Asset Inventory – if it is active, it will appear on the list.Video | Better together: Microsoft Sentinel: IT/OT Threat Monitoring with Defender for IoT Solution
Better together: Microsoft Sentinel: IT/OT Threat Monitoring with Defender for IoT Solution Presenters:Dolev Zemer & Tiander Turpijn This webinar reviews how Microsoft Sentinel and Microsoft Defender for IoT are driving together a convergence of OT and Corporate cybersecurity disciplines in defense of critical infrastructure. This unified solution provides the foundation for building a SOC geared towards IoT/ OT monitoring. and is globally applicable for organizations defending both IT/OT-based networks. All past webinars are available at: https://www.youtube.com/MicrosoftSecurityCommunity Original Post:Video | Better together: Microsoft Sentinel: IT/OT Threat Monitoring with Defender for IoT Solution - Microsoft Tech CommunityAzure Security Center for IoT Webinar: End-to-End Security
Discover how you can implement end-to-end security for your IoT solution: from your devices, to the edge, and to IoT Hub. Monitor the health of your IoT devices in near real-time. Find and eliminate threats and manage your security posture using ASC for IoT. The webinar will take place on November 19, 2019. Details and registration at https://aka.ms/SecurityWebinars.
Latest Threat Intelligence (February 2024)
Microsoft Defender for IoT has released the February2024 Threat Intelligence package.The package is available for download from theMicrosoft Defender for IoT portal(click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams.Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Threat Intelligence Research - CPS. The CVE scores are aligned with the National Vulnerability Database (NVD). Starting with the August 2023 threat intelligence updates, CVSSv3 scores are shown if they are relevant; otherwise the CVSSv2 scores are shown. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. What's new? Log4j - optimized alerts when interoperating with endpoint AV. Update your system with the latest TI package The package is available for download from theMicrosoft Defender for IoT portal(click Updates, then Download file), for more information, please reviewUpdate threat intelligence data | Microsoft Docs. MD5 Hash: 9e66792f9c3132094054bd61fa1a0e42 For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release,click herefor more information.Latest Threat Intelligence (October 2023)
Microsoft Defender for IoT has released the October 2023 Threat Intelligence package.The package is available for download from theMicrosoft Defender for IoT portal(click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams.Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Threat Intelligence Research - CPS. The CVE scores are aligned with the National Vulnerability Database (NVD). Starting with the August 2023 threat intelligence updates, CVSSv3 scores are shown if they are relevant; otherwise the CVSSv2 scores are shown. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from theMicrosoft Defender for IoT portal(click Updates, then Download file), for more information, please reviewUpdate threat intelligence data | Microsoft Docs. MD5 Hash: 75cb715ae9174fc57abac68ebebc5d48 For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release,click herefor more information.
