Microsoft has put into public preview embedded security capabilities designed for device builders and operators using the Defender for IoT sensor, version 22.1

These capabilities should empower builders to create secure-by-design, managed IoT devices, according to Microsoft’s Bar Reuven in a blog post.

Microsoft Defender for IoT’s agent-based offering for device builders is a managed option for device manufacturers and operators. It includes capabilities to incorporate security from the earliest stages of development enabling builders to reduce their devices’ exposure to IoT risks before they ship devices to customers.

Defender for IoT automatically recommends hardening strategies and helps protect the supply chain technologies that they add to their devices. Once the devices are deployed, operators using Defender for IoT can benefit from run-time protection that can detect and respond to threats as well as prevent attempted exploits and attacks.

Integrating security into the device enables device manufacturers and managed service providers to provide security across any network, including mobile virtual network operators (MVNOs) and devices directly connected to 5G networks and to differentiate their offering by detecting more threats, such as device hijacking, ransomware and crypto jacking.

The lightweight security agents empower device manufacturers to build security directly into their IoT and OT initiatives and devices to maintain security post-sales and keep their brand and customers safe.

With Microsoft Defender for IoT, operators can now seamlessly gain visibility into the security posture of their deployed devices, proactively monitor the devices, receive automatic security posture and hardening recommendations based on Center for Internet Security (CIS) benchmarks along with device-specific recommendations. This lets users gain visibility into operating system security, including OS configurations, firewall settings and permissions.

The public preview includes an updated agent, version 4.1.2, which delivers more features.

The Defender for IoT micro-agent supports simplified automatic identity provisioning and authentication for the edge. This enables device builders to manage IoT edge seamlessly as part of their Azure IoT.

They can detect more threats and previously undetected attacks such as new malware, ransomware, device hijacking (botnets and crypto miners), and brute force attacks.

The offering supports monitoring process events on Linux operating systems, network collection events on Azure RTOS and Linux devices, as well as a login collector. The login collector can be configured using Syslog to collect SSH login events or pluggable authentication modules (PAMs) to collect SSH, telnet and local login events.

The network collector now includes a DNS hit count field that can be visible through log analytics, which can help indicate if a DNS request was part of an automatic query.

Benchmarks from the CIS provide organisations with configuration best-practices for securing operating systems. The micro agent supports CIS benchmark checks and has extended to new functionality for this support. Defender for IoT allows users to view recommendations based on CIS distribution independent Linux Benchmarks version 2.0.0 and includes the ability to disable specific CIS benchmarks checks or groups through twin configurations.

The micro agent has expanded the supported devices list to Debian 11, as well as expanding supported architectures in Ubuntu 18.04 and 20.04. It also continues to support Debian 9 and 10 devices.

The agent-based offering is aligned with the standard Linux installation directory structure.