Why protecting IoT devices using a Zero Trust approach is a security imperative
Published Jun 27 2021 05:48 AM 7,871 Views

Even in the face of growing security challenges, organizations continue to adopt Internet of Things (IoT) technology. They understand that IoT adoption is critical to their digital transformation journey and to optimizing their operations. This trend is not limited to a single industry and is in fact happening across all industries including manufacturing, automotive, financial, healthcare, retail, energy, and agriculture.


The scenarios for IoT devices are incredibly diverse, ranging from autonomous vehicles and medical devices that capture real-time data, to the simplest sensors like the ones monitoring the occupancy of a parking space in a local shopping center. The diversity of these scenarios leads to diversity in the devices themselves at the hardware, operating system, and application level.


Many devices are quite small, low cost, and don’t have sufficient computing power to integrate firewalls, antivirus, and other traditional endpoint security capabilities. The diverse environments these devices are deployed in, only further complicate the security challenges presentedFor example, IoT devices can be deployed in factories that have physical security measures in place (to prevent tampering) as well as public spaces where physical access to a device is accessible to anyone with malicious intent.


IoT devices are exposed in many unique ways. They are a highly valued targeted of attackers. The IoT device itself, can be the target of the attacker.  However, these devices can be used to gain access to the network they are connected to. Often these networks contain the real targets of the attack. All of these factors make securing IoT devices an absolute imperative.


Many of our customers are already familiar with these challenges. A recent study conducted by Microsoft found that 97% of security decision makers believe IoT-related security is a key concern. Many of these organizations are now turning to a Zero Trust approach to address this concern.


How can I implement IoT Zero Trust in my organization?


These days, very few security professionals are not aware of the Zero Trust approach. Microsoft recently published a Zero Trust for IoT best practices and maturity model for organizations to use to design their own Zero Trust roll-out strategy, based on their unique business needs. For example, the model requires you to verify every device that connects to your network prior to trusting them. Only after trust has been established would you then verify the security status of each identity, endpoint, network, and any other resources based on all of the available signals and data.


How can Azure Defender for IoT help you achieve Zero Trust?


Azure Defender for IoT provides both agentless (network layer) monitoring and agent-based (device layer) options to help achieve Zero Trust. For this blog, we'll focus on the agent-based option, which enables IoT device manufacturers and solution builders to embed stronger security into their devices. The micro agent enables security controls to be implemented across multiple Zero Trust pillars including identities, network, and data.


The Defender for IoT micro agent is available for standard IoT operating systems including Linux and Azure RTOS. It has a small footprint, no OS kernel dependencies, and is distributed with source code so it can be customized to meet your needs. 


The micro agent gives Defender for IoT a richer set of signals to monitor, compared to what is available from network signals alone. It can monitor identities, processes, and data on the device itself, enabling immediate detection of anomalous or unauthorized behaviors. The agent performs a minimal amount of local processing and forwards data it receives from the device to the Azure Defender for IoT cloud services. This data is then analyzed in the cloud and used to assess the device's real-time security posture. Defenders can then take specific actions such as blocking to prevent attackers from moving laterally across the network.


For example, Defender for IoT monitors for risky OS configurations by assessing them against vulnerability assessment standards such as the Center for Internet Security (CIS) benchmark. It also applies behavioral analytics to both device-level activity and network telemetry in order to detect anomalies and unauthorized activities. This applies to scenarios such as:

  • Is the device communicating outside of normal operating hours?
  • Is the device performing unauthorized outbound connections?

Azure Defender for IoT also integrates with Azure Sentinel and 3rd SOC solutions such as Splunk, IBM QRadar, and ServiceNow

to enable streamlined security operations, comprehensive investigations across IT/IoT/OT networks, and automated remediation.


We hope you find this information helpful, and we would love to hear from you.  Please join our community : 

Azure Defender for IoT - Microsoft Tech Community or send us an email at defender_micro_agent@microsoft.com.


For more information about Azure Defender for IoT, check out the following resources:

Azure Defender for IoT

What is our agent-based architecture - Azure Defender for IoT | Microsoft Docs


For more information or to request access to micro-agent source code so you can incorporate it in your device's firmware, contact your Microsoft account manager, or send us an email at defender_micro_agent@microsoft.com.


If you have any suggestions, questions, or comments, please visit us on our discussion forum on Microsoft Tech Community













Version history
Last update:
‎Nov 15 2021 10:28 AM
Updated by: