Critical infrastructure and industrial orgs can test Azure Defender for IoT for free

Azure Defender for IoT – Microsoft’s new security solution for discovering unmanaged IoT/OT assets and IoT/OT vulnerabilities – is now in public preview and can be put to the test free of charge.

The solution can alert administrators about unauthorized devices connected to the network and unauthorized connections to the internet, changes to firmware versions, potentially malicious commands, illegal DNP3 operations, known malware, unauthorized SMB logins, and more.

About Azure Defender for IoT

“As industrial and critical infrastructure organizations implement digital transformation, the number of networked IoT and Operational Technology (OT) devices has greatly proliferated. Many of these devices lack visibility by IT teams and are often unpatched and misconfigured, making them soft targets for adversaries looking to pivot deeper into corporate networks,” Phil Neray, Director of Azure IoT Security Strategy at Microsoft, explained.

Azure Defender for IoT enables agentless IoT/OT asset discovery, vulnerability management, and continuous threat monitoring.

The solution can be deployed on-premises and can be integrated with (i.e., send data/alerts to) Azure Sentinel, Microsoft’s cloud-native security information event management (SIEM) and security orchestration automated response (SOAR) solution. It can also be deployed without sending any data to Azure.

After being connected to the existing network, the solution uses IoT/OT-aware behavioral analytics and machine learning to eliminate the need to configure any rules, signatures, or other static IOCs, says Neray.

“To capture the traffic, it uses an on-premises network sensor deployed as a virtual or physical appliance connected to a SPAN port or tap. The sensor implements non-invasive passive monitoring with Network Traffic Analysis (NTA) and Layer 7 Deep Packet Inspection (DPI) to extract detailed IoT/OT information in real-time.”

Out-of-the box integration with third-party IT security tools (e.g., Splunk, IBM QRadar, and ServiceNow) is available, and the solution woks seamlessly with diverse automation equipment by Rockwell Automation, Schneider Electric, GE, Emerson, Siemens, Honeywell, ABB, Yokogawa, and so on.