Microsoft Defender for IoT - General Release Update
Today we are excited to announce that our first General Availability (GA) release, version 22.1, is now available with additional Public Preview features via Azure portal to scale large environments and control the security components from a single pane of glass. This version follows up our December announcement for the Unified Device Inventory via Azure portal. In this release, the Defender for IoT sensor console has been re-designed to create a unified Microsoft Azure experience and enhanced and simplified workflows. Microsoft Defender for IoT's OT Sensor is a key component for deep packet inspection and OT environment analysis. The latest release emphasizes accessibility and reduces time to value by minimizing installation times for faster and more efficient deployment. Lastly, we have leveraged our detection capabilities to get broader security coverage, with an emphasis on customizing the alert engine to detect even the most minor changes in your business-critical environments. With this release we are introducing revamped unified user experience on both the sensor console as well as the Azure portal when performing detailed incident investigation and response. What's New ? OT sensor features for Defender for IoT in the Azure portal (Public Preview) Easily connect sensors to Defender for IoT by using a new, fast connectivity model that presents a secure, plug-and-play experience Customizable reports for enhanced visibility of your environment security posture Automated updating of threat intelligence to keep your sensors up-to-date with the latest threats. Microsoft Defender for Endpoint can easily be integrated with Defender for IoT, allowing you to analyze how IoT devices relate to security exposures for better results. Detecting threats using MITRE ATT&CK for ICS. Use insight into the tactics and techniques associated with your alerts to analyze and interpret them. Using these additional alert enhancements will allow you to better understand attackers' characteristics, the actions they are likely to take within the OT network, and respond accordingly (supported also via Microsoft Sentinel). OT Sensor version 22.1 User experience has been completely revamped across the entire system based on feedback from our enterprise customers collected over the last five years. Among the new features is a detailed device page with advanced information that appears on the New Device Inventory page. We've also implemented global readiness and accessibility features to comply with Microsoft standards. These updates include localization for over 15 languages. The Overview page now includes data that better highlights system deployment details, critical network monitoring health, top alerts, and important trends and statistics. Utilize the new sensor installation wizard, which verifies if traffic is being collected appropriately during installation. Alerts are now available from the new Alerts page of Defender for IoT in the Azure portal. Improve the security and operational efficiency of your IoT/OT network using alerts. View contextual information regarding each alert, for example, similar events occurring around the same time, or a map of all connected devices. Use our tailored threat detection engine with flexible custom alerts and advanced Deep Packet Inspection, (DPI) to detect specific changes in your production lines and schedule custom rules to run and detect threats outside of regular working hours Improved support for high resolution screens and themes, including high contrast and dark modes. About Microsoft Defender for IoT Microsoft Defender for IoT provides agentless, network-layer security, provides security for diverse industrial equipment, and interoperates with Microsoft Sentinel and other SOC tools. Continuous asset discovery, vulnerability management, and threat detection for Internet of Things (IoT) devices, operational technology (OT) and Industrial Control Systems (ICS) can be deployed on-premises or in Azure-connected environments. To learn more, visit Microsoft Defender for IoT Release Notes | Microsoft Docs Download links available at Defender for IoT Management Portal - Microsoft Azure. 'Azure Defender for IoT Raw-Data and ICS MITRE ATT&CK Matrix Mapping via Azure Sentinel
A series of major cyberattacks across industries served as a wake-up call that the traditional “air-gapped” model for OT cybersecurity had become outdated in the era of IT/OT convergence and initiatives such as Smart Manufacturing and Smart Buildings. And the IoT and Industrial Internet of things (IIoT) are only getting bigger. Analysts predict we’ll have billions of IoT devices connected worldwide in a few years, drastically increasing the surface area for attacks. By incorporating agentless technology from Microsoft, Azure Defender for IoT enables IT and OT teams to identify critical vulnerabilities and detect threats using IoT/OT-aware behavioral analytics and machine learning— all without impacting availability or performance, we will detail in this blog post how to ingest Azure Defender for IoT Raw-Data to Azure Sentinel and cover the ICS MITRE ATT&CK matrix via analytics rules!Enabling IoT/OT Threat Monitoring in Your SOC with Microsoft Sentinel
Recent ransomware attacks that shut down a US gas pipeline and global food processor have raised board-level awareness about IoT and Operational Technology (OT) risk, including safety risks and lost revenue from production downtime. To help jump-start IoT/OT detection and response in your SOC, we've created a new Microsoft Sentinel solution that leverages telemetry from Microsoft Defender for IoT — our agentless IoT/OT security monitoring technology — that provides pre-built, IoT/OT-specific analytics rules, workbooks, SOAR playbooks, and mappings to the MITRE ATT&CK for ICS (industrial control systems) framework.
