Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

3/28/2019
01:15 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Microsoft Tackles IoT Security with New Azure Updates

The Azure Security Center for IoT provides teams with an overview of IoT devices and helps monitor their security properties.

Microsoft today announced Azure Security Center for IoT, a new set of programs and capabilities to help security teams monitor the security properties of industrial-connected devices.

Its debut, along with several other security updates focused on the Internet of Things (IoT) ahead of the 2019 Hannover Messe industrial manufacturing show, arrives at a time when manufacturing firms are digitizing their operations and want to better integrate security to protect processes and data.

The Azure Security Center for IoT provides users with a view of IoT security posture and helps implement best practices and mitigate threats across IoT hubs, compute, and data. Managers can pinpoint missing security configurations in IoT devices, the edge, and the cloud; check for open ports on IoT devices; confirm their SQL databases are encrypted; and remediate threats.

Azure Security Center for IoT links to Microsoft's Azure IoT Hub, a cloud-based IoT platform that helps connect and manage devices to develop IoT applications. This will make IoT security data directly available inside the hub, Microsoft reports in a blog post on today's updates.

Microsoft is also upping the capabilities of Azure Sentinel, the cloud-native security information and event management (SIEM) system it unveiled at the RSA Conference last month. Security operations teams often depend on SIEM tools to detect and mitigate advanced threats. Now Azure Sentinel users can combine IoT security data with security data from across their organizations and detect and respond to threats throughout the business, from IoT devices to Azure to Office 365 and on-prem systems.

The idea behind this announcement is to help manufacturers shrink the attack surface for Azure IoT tools running throughout their operations, and to address problems before they worsen.

Another noteworthy update in IoT news: Microsoft is expanding its Azure IP Advantage benefits to IoT devices connected to Azure and devices running on Azure Sphere and IoT. The program, first announced in February 2017, protects Azure cloud customers from intellectual property lawsuits. At the time, it made 10,000 Microsoft patents available to Azure customers.

Now Azure IP Advantage will also provide "uncapped indemnification coverage" for customers of Microsoft Azure Sphere and Windows IoT. Access to those 10,000 patents can help Azure users power their IoT devices without having to defend themselves against IP lawsuits.

Further, Microsoft is offering 500 patents to startups in the LOT Network, an organization that provides businesses with access to patents from member organizations. Companies in the LOT Network include big tech names such as Amazon, Facebook, Google, Microsoft, and Netflix.

As part of their free membership, approved startups can obtain and own Microsoft patents. However, as Microsoft corporate VP and deputy general counsel Erich Andersen told TechCrunch, in order to qualify, companies will have to spend a minimum of $1,000 on Azure per month.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
samueljacobs
50%
50%
samueljacobs,
User Rank: Apprentice
5/9/2019 | 6:09:19 AM
Regarding Azure Updates
By Microsoft Live Support Chat

 

This is an interesting advancement from Microsoft. It will be very much useful for the users and makes Microsoft a more responsible firm for all their users.

 

Thanks,
UdyRegan
50%
50%
UdyRegan,
User Rank: Apprentice
4/9/2019 | 8:30:34 PM
Help for the little guy
Considering the hype that is surrounding the implementation of IoT into the business system and network, we need to ensure that there is a base level of protection in any of the solutions that's being marketed to the small business. Most of the small companies won't be able to afford more add-ons I think.
manishg95001
100%
0%
manishg95001,
User Rank: Author
3/28/2019 | 2:08:24 PM
Cloud & IoT
Security for the nexus of cloud and IoT is certainly an interesting area to keep an eye on.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...