Microsoft this week debuted Azure Defender for IoT, a rebrand of the Azure Security Center for IoT with new capabilities to help businesses auto-discover Internet of Things and operational technology (OT) assets, identify critical vulnerabilities, and detect anomalous activity with behavioral analytics and machine learning.
Azure Defender for IoT incorporates agentless technology from Microsoft's acquisition of CyberX, an IoT/OT security firm it bought in June as part of a broader strategy to expand the scope of its Azure IoT cloud-based security monitoring to include industrial network devices.
The service is integrated with Azure Sentinel, a cloud-native SIEM tool Microsoft launched last year, and it integrates with third-party tools, including Splunk, IBM QRadar, and ServiceNow. Microsoft notes it's increasing Azure Sentinel's built-in IoT/OT security capabilities with IoT/OT-specific security orchestration, automation, and response (SOAR) playbooks and IoT/OT threat intelligence to help companies monitor for threats.
Azure Defender for IoT addresses several aspects of IoT and OT security, such as asset discovery and network mapping, which will include device details such as IP/MAC address, device type and manufacturer, protocols used, and how devices communicate. It also provides risk and vulnerability management, with data on CVEs and open ports, and ongoing threat monitoring and operational efficiency, with real-time alerts on malfunctioning or misconfigured equipment.
Businesses can try Azure Defender for IoT, which is available for on-premises deployments during its public preview period in October.
Read more details in Microsoft's blog post.