IoT and OT devices are increasingly becoming a major attack vector for organizations of all sizes. While the impact of these attacks can paralyze entire industries and countries, defending against these attacks has traditionally involved disparate tools that often suffered from poor integration and disconnect from the overall security program. And while IT and OT environments have historically been disconnected, securing them effectively requires a unified approach.
Today, we are excited to announce the public preview of our Defender for IoT solution for Microsoft Sentinel. With this solution, Microsoft Sentinel delivers the first in the industry native SOC experience for IT and OT environments. Available within a click of a button, the native OT security capabilities of Defender for IoT allow organizations to discover security issues in OT before they attract any threat actors and detect threat activity that uses operational technologies to enter an environment, move laterally, or cause physical damage and disruption to the operations. The integration equips security teams with expanded visibility and control across all their OT assets, starting from asset discovery, to vulnerability management, to incident response.
Within the same workflows, analysts can now track and update their entire inventory of OT devices, monitor these devices for potential security issues and vulnerabilities, and respond to incidents – not just within the context of OT, but with the benefit of visibility across the entire security program. All OT-related alerts, compromised assets, network connections and events and PCAP access are now part of the analyst workflows, providing customers with a complete control across all devices and assets.
Read the announcement blog in Microsoft Defender for IoT tech community, to learn about the main capabilities of Defender for IoT solution for Microsoft Sentinel:
Integrate IoT/OT Security context and processes with Sentinel in 2 clicks.
Streamline the IoT/OT SOC investigation experience with dedicated built-in features.
Automate response for IoT/OT threats with out-of-the-books SOAR Playbooks.
Enable the OT SOC by providing SOC analysts OT domain monitoring capabilities.
Solution package: Defender for IoT solution package in Microsoft Sentinel
Ignite on-demand session: Defending against OT/ICS threats with an OT-Enabled SOC
OT Incidents investigation tutorial Investigate Microsoft Defender for IoT incidents with Microsoft Sentinel
IOT entity page: IoT Entity Page blog
Solution webinar: IT/OT Threat Monitoring solution with Defender for IoT and Sentinel Webinar
Release notes: Microsoft Defender for IoT Release Notes | Microsoft Docs