Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

New Blog Post | How to Gain More from your Connection to an OT Network

Microsoft

JasonCohen1892_0-1628017748306.jpeg

How to Gain More from your Connection to an OT Network - Microsoft Tech Community

One of the most productive and non-intrusive tools in the Cyber Security Engineer’s bag is passive Network Traffic Analysis (NTA).  Providing network maps, inventory, and firmware information among other benefits provides insights that are not generally known any other way.  Manual inventory collection methods are error-prone and expose this information to interception over corporate email networks, shared file folders, etc.  But how do we implement this kind of system without causing any bumps in the road for real-time processes?  What are the risks?  Which methods are best?  The best sensor does no good unconnected and is of little value connected in the wrong part of the network. 

 

To discuss this, we will use a diagram that was developed for our last blog post Designing a Robust Defense for Operational Technology Using Azure Defender for IoT (microsoft.com).  This diagram (above) shows an example OT network monitored by Azure Defender for IoT. Defender for IoT is an agentless passive Network Traffic Analysis tool with strong roots in Operational Technology, now expanding to IoT. Defender for IoT discovers OT/IoT devices, identifies vulnerabilities, and provides continuous OT/IoT-aware monitoring of network traffic.  The recommended locations for Azure Defender for IoT  (AD4IoT) are shown in red color.  Why have these locations been chosen?  To explain this, we will break this network into pieces and address these issues for each type of traffic.

0 Replies