There has been a long-standing divide between SCADA (OT) and Corporate (IT) cybersecurity disciplines. This divide was often driven by significant differences in technology, tooling, and expertise. Organizations are often required to operate multiple monitoring teams to cover these dynamics which inevitably increases risk for blind spots, inefficiencies, and complexity. Understanding the threat requires convergence of IT/OT monitoring in consolidated approaches. The Microsoft Sentinel: IT/OT Threat Monitoring with Defender for IoT Solution unites IT and OT, providing an unprecedented step toward protecting critical OT assets and securing your organization.
Content Use Cases
This solution provides the foundation for building a SOC for monitoring IoT/ OT and includes (1) workbook for visibility/reporting, (14) analytics rules for monitoring, and (4) playbooks for response. The workbook leverages Microsoft Sentinel telemetry to create visualization to understand, analyze, and respond to IoT/OT threats. Understanding alerts over time provides unprecedented insights into security posture and where teams need to focus to harden against threats. Deep links directly to Microsoft Defender for IoT alerts empower analysts to focus on remediating threats rather than pivoting between tools.
Benefits
Getting Started
This content is designed to provide the foundation for designing, building, and operating an IoT/OT monitoring team. Below are the steps to onboard required dependencies, review content, and provide feedback.
1) Onboard Microsoft Sentinel
2) Onboard Microsoft Defender for IoT
3) Connect Microsoft Defender for IoT to Microsoft Sentinel
4) Deploy the Microsoft Sentinel: IT/OT Threat Monitoring with Defender for IoT Solution
a) Microsoft Sentinel > Content Hub > Select IT/OT Threat Monitoring with Defender Solution > Install
b) In Government Regions, leverage the Deploy to Azure Gov button from the GitHub ReadMe for deployments.
5) Review the IT/OT Threat Monitoring with Defender for IoT Workbook
a) Microsoft Sentinel > Workbooks > Select IT/OT Threat Monitoring with Defender for IoT
6) Review the IT/OT Threat Monitoring with Defender for IoT Analytics Rules
a) Microsoft Sentinel > Analytics > Search “IoT”
7) Review the IT/OT Threat Monitoring with Defender for IoT Playbooks
a) Microsoft Sentinel > Automation > Playbooks > Search “IoT”
8) Review the content and provide feedback through the survey
Frequently Asked Questions
Learn More About Defending IoT/OT with Microsoft Security
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.