Microsoft has announced the general availability of its Defender for IoT cloud-managed platform, which lets businesses interconnect their OT environment without compromising security.

Powered by Microsoft’s scalable, cost-effective cloud technology, Defender for IoT helps users manage assets, track emerging threats and control risks across enterprise and mission-critical networks, both in connected and air-gapped environments.

Traditionally, operational technology (OT) and IT have occupied separate sides of enterprise security. But with digital transformation and the advent of Industry 4.0, the old, siloed approach is showing its age. The rise of manufacturing execution systems has enabled more smart factories to deliver improved manageability and data collection.

While increased OT connectivity in energy production, utilities, transportation and other critical industries helps drive greater efficiency, it also creates vulnerabilities. Roughly 41.6 billion devices are projected to be internet-facing by 2025, creating an enormous attack surface. And, unlike IT environments, a breach in OT can have potentially life-threatening consequences, as evidenced by the 2021 cyber attack against a Florida city’s water supply.

The proliferation of connected devices – everything from manufacturing systems, HVAC and building management systems to heavy machinery for mining, drilling and transportation – means that OT security requires speed, accuracy and context on a massive scale.

Microsoft has identified unpatched, high-severity vulnerabilities in 75 per cent of the most common industrial controllers used in its customers’ OT networks. Even using ordinary IoT devices such as printers and routers, attackers can breach and move laterally through an IT system, installing malware and stealing sensitive intellectual property. Cloud-powered IoT and OT security offers several advantages over traditional methods.

Asset profiling involves analysing network signals to discover and categorise network assets, the information collected about those assets, and the types of assets they represent. Profiling in the cloud is driven by a collection of classifiers, allowing for high-fidelity categorisation into categories such as servers, workstations, mobile devices and IoT devices. Monitoring and analysing potential security risks can be done once the assets have been classified properly.

This is critical for protecting an organisation’s networks, as vulnerabilities or misconfigurations in any asset can create a potential entry point for attackers. By identifying and mitigating these risks, organisations can ensure that their infrastructure is secure and protects sensitive information.

Users can reduce response times from days to minutes by detecting and responding to threats as they occur. Through collaboration between defenders from different industries, best practices and information can be shared to protect against emerging threats. By leveraging collective knowledge, defenders can stay ahead of malicious actors and respond to incidents as they occur. As a result, a cloud-powered OT offering can help prevent breaches and reduce their effects.

For instance, by detecting malicious activity on a network or a suspicious login attempt, security analysts can respond immediately to prevent a breach or limit its extent.

Microsoft AI and machine-learning alerts provide real-time detection of threats, as well as automated responses to known or unknown attacks. These alerts are designed to help security teams quickly identify and investigate suspicious activity, then take the necessary steps to protect the organisation. For instance, a security system that monitors network activity in real time can detect suspicious activity within minutes of it occurring, alerting security administrators to take action before the attack has a chance to succeed.

Organisations can easily create and manage tailored compliance reports that are up-to-date, secure and compliant with industry standards. With customisable reporting tools available in Microsoft Azure, users can obtain data from multiple sources and build robust, customised reports. Along with providing automated reporting and scheduling capabilities, Azure Workbooks provide a collaborative experience across silos.

Cloud-to-cloud integrations help organisations streamline workflows and easily access data from multiple sources. By connecting multiple cloud services, organisations can gain better visibility into their operations, automate processes and reduce manual labour. Additionally, cloud-to-cloud integrations help organisations scale quickly and eliminate the need to purchase additional hardware and software. As a result, they can reduce costs and increase efficiency.

With any type of OT security, mean time to recovery (MTTR) provides a critical metric. A target MTTR for IT is typically between 30 minutes and two hours. However, because IoT and OT security often involves cyber physical systems used in utilities, healthcare or energy production, every minute counts.

Cloud-based OT security can make a difference by enabling real-time response rates across multiple locations.

Empowering OT and IT security teams to work together helps create a unified front against evolving threats, increasing resources while gaining a comprehensive view of vulnerabilities. This way, a converged security operations centre (SOC) taps into the strengths of both teams, creating a streamlined, cost-effective approach to enterprise security.

By establishing common goals and key performance indicators, IT and OT security teams can work together on tabletop exercises to build cohesion.

The key benefits of a converged SOC include:

• Improved collaboration: Increase a team’s effectiveness in identifying and responding to threats by using both IT skills and OT knowledge, creating a better understanding of potential impacts on both IT and OT systems.
• Greater visibility: Gain a complete picture of vulnerabilities across both the business and industrial sides of an organisation. Then take proactive measures to prevent a breach.
• Streamlined response: Eliminate the need to transfer incidents between IT and OT teams, reducing response times. Mitigate security incidents with swift, coordinated actions to reduce potential damage.
• Strengthened compliance: Share knowledge and expertise easily to ensure all areas of the business comply with industry regulations and standards.

Given the 75 per cent vulnerability rate in industrial controllers, nearly every organisation using OT will need to re-evaluate the security posture of both its legacy equipment (brownfield; lacking security) and its newer devices (greenfield; with some built-in security). Older network monitoring systems are not familiar with IoT and OT protocols, making them unreliable. A purpose-built option is needed for today’s converged SOC.

With Microsoft Defender for IoT, users can achieve faster time-to-value, improve agility and scalability, increase visibility, and strengthen the resiliency of the network and infrastructure without making significant changes. The Defender for IoT cloud is designed to augment on-premises processing power while providing a source of centralised management for global security teams, raising the bar for OT defence.

With the Defender for IoT, device inventory allows a SOC to manage OT devices confidently from a single pane of glass through the Microsoft Azure portal. By supporting unlimited data sources such as manufacturer, type, serial number and firmware, device inventory helps security teams gain a complete picture of IoT and OT assets and proactively addresses any vulnerabilities using Microsoft’s scalable, cloud-managed platform.

To enable protection across an enterprise, Defender for IoT integrates with Microsoft Sentinel. Together, Defender for IoT and Sentinel provide security information and event management for OT and IT environments. Defender for IoT also shares threat data with Microsoft 365 Defender, Microsoft Defender for Cloud, and non-Microsoft products such as Splunk, IBM QRadar and ServiceNow.

This integrated ecosystem allows a converged SOC to tune alerts automatically across IoT and IT, creating baselines and custom alerts that help reduce alert fatigue.