To help enterprises better secure their unmanaged IoT devices connected to IT networks, Microsoft is releasing new capabilities in Defender for IoT that allows Defender for Endpoint customers to extend their extended detection and response coverage to those devices.
According to Microsoft, these new security features extend Defender’s coverage to IoT devices such as digital signage, conference room systems and operational technology (OT) devices that have been prone to software vulnerabilities and attacks from cybercriminals. The company first announced the public preview of these capabilities last year during its annual Ignite conference.
“With this new addition, Defender for IoT now delivers comprehensive security for all endpoint types, applications, identities, and operating systems,” Microsoft IoT and security executives say in a new blog. “The new capabilities allow organizations to get the visibility and insights they need to address complex multi-stage attacks that specifically take advantage of IoT and OT devices to achieve their goals.”
This brings the same type of vulnerability management, threat detection, response and other capabilities for enterprise IoT devices previously only available for managed endpoint and OT devices, the executives write in the blog.
In addition, Microsoft is introducing a dedicated native integration for Microsoft 365 Defender customers designed to make enterprise IoT security more accessible, helping customers discover and secure IoT devices within Microsoft 365 Defender environments.
According to the blog, attackers have been observed scanning for unsecure, unmanaged IoT devices with default login credentials, gaining access to a network-connected camera, identifying other devices with exploitable vulnerabilities, harvesting network credentials, and moving laterally to leak documents, exfiltrate data or deploy malware.
The new capabilities in Defender for IoT will allow IT to use the existing Defender for Endpoint clients to gain visibility into devices deployed on the network without additional deployment or configuration via a deployable network sensor that can collect all network data it needs for discovery, behavioral analytics and machine learning, according to Microsoft.
With an understanding of the IoT devices in their environment, admins can use Defender for IoT to stay on top of misconfigured and unpatched devices. Defender for IoT will assess all of an enterprise’s IoT devices and offer recommendations in the Microsoft 365 console on how to fix any issues. Identification and risk assessments will run continuously as new IoT devices are added to the network.
Defender for IoT will apply the company’s machine learning and threat intelligence obtained from trillions of signals collected across the Microsoft ecosystem to help reduce the alert signal to noise ratio by prioritizing incidents that render end-to-end attacks in complete context rather than providing a long list of uncorrelated attacks, the company says.
The company says Defender for IoT remains a major component of its SIEM and XDR solutions.
“Through native integration with Microsoft Defender and Microsoft Sentinel, we can provide customers with the automation and visualization tools they need to address attacks crossing IT and OT network boundaries. These integrations also empower analysts to perform incident response holistically rather than as separate disconnected attacks that require extensive manual investigations to bring together. With these efficiency gains, organizations can stop attacks and bring their environments back to a pre-breach state far more quickly,” Microsoft executives wrote in the blog.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply