Product offers “agentless security” for unmanaged IoT/OT devices

Microsoft debuted a security solution last week for companies that manage “unmanaged” networks. These include networks with IoT (Internet of Things) or OT (Operational Technology, aka industrial equipment) devices.

Phil Neray, Director of Azure IoT Security Strategy at Microsoft, described the market need. “Most of today’s IoT/OT devices are “unmanaged” because they do not get provisioned, are not monitored,” he wrote. They thus lack built-in security such as agents or automated updates.

As a result, says Neray, most IT security organizations have limited or no visibility into their OT networks. The devices are often unpatched and misconfigured, making them soft targets for adversaries looking to pivot deeper into corporate networks.

A security solution aimed at unmanaged network devices

Azure Defender for IoT enables IT and OT teams to auto-discover their unmanaged IoT/OT assets and identify critical vulnerabilities. They can also detect anomalous or unauthorized behavior. This is all done without impacting IoT/OT stability or performance.

The solution delivers insights within minutes of being connected to the network. It leverages patented IoT/OT-aware behavioral analytics and machine learning to eliminate the need to configure any rules, signatures, or other static IOCs.

The sensor implements non-invasive passive monitoring with Network Traffic Analysis (NTA) and Layer 7 Deep Packet Inspection (DPI) to extract detailed IoT/OT information in real-time.

You can deploy these capabilities fully on-premises without sending any data to Azure,” said Neray. “Or, you can deploy in Azure-connected environments using our new native connector to integrate IoT/OT alerts into Azure Sentinel.”

“This allows customers to benefit from the scalability and cost benefits of the industry’s first cloud-native SIEM/SOAR platform.”

An expanding IoT security ecosystem

Customers can also benefit from out-of-the box integration with third-party IT security tools like Splunk, IBM QRadar, and ServiceNow.

In addition, says Neray, the solution is designed to fit right into existing OT environments, according to Neray. It will even work across diverse automation equipment from all major OT suppliers. These include Rockwell Automation, Schneider Electric, GE, Emerson, Siemens, Honeywell, ABB, Yokogawa, etc..

Azure Defender for IoT would be free of charge during public preview.