Introduction
Microsoft Defender for IoT provides security for business-critical infrastructures that run operational technology (OT) networks.
Defender for IoT brings OT and IT realities together with shared governance, security tools, and technology. Both operational and security teams can use Defender for IoT to get a single view of all OT and IT assets and network zones.
Operational and security teams can use a single interface to monitor and protect the devices and systems in each zone, and the connections between them.
Example scenario
In this unit, you'll learn about the OT challenges that a building-management company might deal with, and how it would start evaluating a security service that fits its needs.
For example, suppose you're the Chief Operations Officer (COO) for a smart building-management company. Your team is responsible for the daily, efficient functioning and safety of building services. Campuses in one city include 50 buildings that total 5 million square feet of residential space and 5 million square feet of office space.
As COO, you're responsible for:
- Reducing costs for maintaining skyscraper elevators.
- Increasing productivity for both employees and machines.
- Increasing safety against unauthorized guests.
- Enhancing services in conference rooms.
To reach these goals, you installed new building-management systems, CCTV cameras, conferencing equipment, intelligent HVAC systems, efficient elevator systems, and occupancy sensors.
You know that the technologies newly integrated into the OT architecture have increased the security attack surface in the OT network. For example, networked elevator controls improve elevator usage, power consumption, and user experience, but the controls also introduce services that are accessible remotely and might be easy to penetrate.
You start a search for a security service that fits the needs of the security and operations teams.
Both security and operations officers must be able to view:
- All equipment running in the operational network, which includes vendor-specific equipment running on proprietary protocols.
- Communications paths between the various subsystems, and between any unauthorized connections to the internet or corporate subnetworks.
The teams also want to be alerted about any unauthorized actions or unplanned activities that might occur. For example, teams need to know if elevator controllers were reconfigured at an unplanned time. They also need to know if controllers monitoring fire detectors were accessed remotely when remote access is unauthorized.
Both security and operations teams need to respond to immediate threats and carry out ongoing operational and network security tasks. For example, both teams need to secure network-switch configurations. They also need to install firmware updates on programmable logic controllers and security patches on building-management-system workstations.
- The IT security operations center (SOC) team works with standard security solutions, but it currently has no visibility into OT network assets or connections. The team can't be alerted when equipment is compromised, updated at unplanned times, or accessed without the right credentials.
- The OT team manages its asset inventory by using digital spreadsheets. The team manages system architecture by using CAD systems. Data about dated firmware, OS versions, patch levels, and installed software and firmware is managed in communications between vendors and the OT staff.
While your team's current solutions are mostly local and on-premises, you want to move resources to the cloud to increase efficiency and scalability with reduced manual effort.
This module will help teams like yours to evaluate whether Defender for IoT is the right solution for their OT/IoT security monitoring.
What will we be doing?
We'll review how Defender for IoT detects devices across your network and provides visibility and analysis for your OT and security teams:
- Deploy: What deployment options does Defender for IoT support?
- Detect: What alerts are triggered by Defender for IoT detection engines?
- Monitor: How can you make sure that you're monitoring for the latest security threats?
- Integrate: How can you provide your SOC teams with tools for a seamless and end-to-end security monitoring solution?
What is the main goal?
By the end of this module, you'll be able to evaluate whether Defender for IoT can help provide asset discovery and security monitoring across your business-critical network environments.