Sensor Disconnection Notifications with Microsoft Defender for IoT and Microsoft Sentinel 🚀
What Does This Playbook Do? This new automated playbook sends real-time email notifications whenever a sensor disconnects from the cloud. This ensures you’re immediately alerted if there’s an issue, allowing you to take quick action to investigate and resolve the problem. Why It’s Important: Real-Time Alerts: Get instant notifications when a sensor goes offline. Proactive Monitoring: Identify the issue early, reducing downtime and improving response times. Seamless Integration: Works effortlessly with Microsoft Defender for IoT and Microsoft Sentinel for a unified security approach. How to Set It Up: Setting up this playbook is quick and easy. For step-by-step instructions, check out the detailed setup guide here. This playbook was created in collaboration with Marian Hristov, a leading partner working with Defender for IoT.Introducing Single Sign-On (SSO) for Sensor Console: Enhanced Security and Streamlined Access
We are excited to announce that Single Sign-On (SSO) is now available for the sensor console! This new feature streamlines the login process by using Entra ID, enhancing security and convenience for all users.Analyze IoT/OT device firmware with Microsoft Defender for IoT
Navigating the increasingly complex IoT landscape requires the right set of tools to paint a clearer picture into your IoT environment. The firmware analysis capability in Defender for IoT is enabling security teams to get deeper visibility into these IoT devices by providing better insights into the foundational software they are built on.
Section 52 Releases an Open Source Forensics Tool for Siemens PLCs
The ICS domain has few open-source tools that allow non-experts to investigate their PLCs. Open-source tools are becoming an important diagnostic instrument, and may prevent attackers from succeeding by providing security intelligence to response teams. Microsoft’s Defender for IoT’s security research team, Section 52 is committed to ensuring that our customers are empowered to secure their networks, down to the PLC level, and to developing open-source tools alongside our research efforts. Last month at Security Week’s Industrial Control Systems (ICS) Cyber Security Conference held in Atlanta, Georgia, senior researcher Maayan Shaul presented a lecture, “Deep Dive into PLC Ladder Logic Forensics” on how to use our newly released open-source tool to perform proactive incident response in a real-life environment.Highlighting IoT/OT Security in the 2022 Microsoft Digital Defense Report
Following the release of the 2022 Microsoft Digital Defense Report, Microsoft Defender for IoT is proud to share our contributions and insights with our Tech Community readers. The convergence of IoT and OT devices presents new challenges for organizations as the economy of malicious actors and cyber threats has shifted to target critical assets. Microsoft’s new report contains insights about the constantly evolving threat-landscape, cyber-security trends and mitigation guidelines to manage risks and improve security posture.Public Preview Announcement: OT-Enabled SOC with Microsoft Sentinel and Defender for IoT
We are excited to announce the public preview of our Defender for IoT solution for Microsoft Sentinel. With this solution, Microsoft Sentinel delivers the first in the industry native SOC experience for IT and OT environments
Investigating an Alert Using Defender for IoT and Wireshark
Having worked with control systems for more than 35 years in commissioning, troubleshooting, designing, and later securing them, I understand the difficulty involved in addressing a Defender for IoT alert. There is often a relatively steep learning curve for the plant people asked to assess these alerts. Hopefully, this tutorial will start the reader on this journey.
