{"id":38384,"date":"2020-11-25T19:00:14","date_gmt":"2020-11-25T19:00:14","guid":{"rendered":"https:\/\/www.microsoft.com\/security\/blog\/?p=92247"},"modified":"2020-11-25T19:00:14","modified_gmt":"2020-11-25T19:00:14","slug":"go-inside-the-new-azure-defender-for-iot-including-cyberx","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/go-inside-the-new-azure-defender-for-iot-including-cyberx\/","title":{"rendered":"Go inside the new Azure Defender for IoT including CyberX"},"content":{"rendered":"

In 2020, the move toward digital transformation and Industry 4.0<\/a> took on new urgency with manufacturing and other critical infrastructure sectors under pressure to increase operational efficiency and reduce costs. But the cybersecurity model for operational technology (OT) was already shown to be lacking before the pandemic. A series of major cyberattacks across industries served as a wake-up call that the traditional \u201cair-gapped\u201d model for OT cybersecurity had become outdated in the era of IT\/OT convergence and initiatives such as Smart Manufacturing and Smart Buildings. And the IoT and Industrial Internet of things (IIoT) are only getting bigger. Analysts predict we\u2019ll have billions of IoT devices connected worldwide in a few years, drastically increasing the surface area for attacks.<\/p>\n

Company boards and management teams are understandably concerned about increased safety and corporate liability risks as well as the financial impact of crippling downtime posed by IoT\/OT breaches. They\u2019re also concerned about losing sensitive IP such as proprietary formulas and product designs, since manufacturers are eight times more likely to be attacked for cyberespionage than other sectors, according to the 2020 Verizon DBIR.1<\/sup><\/p>\n

In my recent Microsoft Ignite presentation, Azure Defender for IoT including CyberX<\/a>, I was joined by Nir Krumer, Principal PM Manager at Microsoft, to examine how the new Azure Defender for IoT<\/a> incorporates CyberX\u2019s agentless technology and IoT\/OT-aware behavioral analytics, minimizing those risks by providing IT teams with continuous IoT\/OT visibility into their industrial and critical infrastructure networks. You\u2019re invited to view the full presentation<\/a> and review some highlights below.<\/p>\n

IT versus OT<\/h2>\n

Unlike information technology (IT) security, OT security is focused on securing physical processes and assets rather than digital assets like containers and SQL databases. Physical assets include devices like turbines, mixing tanks, HVAC systems in smart buildings and data centers, factory-floor machines, and more. In OT, the top focus is always on safety and availability. Availability means that your production facilities must be resilient and keep operating, because that\u2019s where the revenue comes from. However, the biggest difference from IT security is that most chief information security officers (CISOs) and SOC teams today have little or no visibility into their OT risk, because they don\u2019t have the multiple layers of controls and telemetry as we have in IT environments. And OT risk translates directly into business risk.<\/p>\n

As recent history shows, attacks on OT are already underway. The TRITON attack<\/a> on the safety controllers in a Middle East petrochemical facility was intended to cause major structural damage to the facility and possible loss of life. The attackers got their initial foothold in the IT network but subsequently used living-off-the-land (LOTL) tactics to gain remote access to the OT network, where they deployed their purpose-built malware. As this attack demonstrated, increased connectivity between IT and OT networks gives adversaries new ways of compromising unmanaged OT devices, which historically haven\u2019t supported agents and are typically invisible to IT teams.<\/p>\n

\"Purdue<\/p>\n

Figure 1: Purdue Model traversal in TRITON attack.<\/em><\/p>\n

How Azure Defender for IoT works for you<\/h2>\n

By incorporating agentless technology from Microsoft\u2019s recent acquisition of CyberX<\/a>, Azure Defender for IoT enables IT and OT teams to identify critical vulnerabilities and detect threats using IoT\/OT-aware behavioral analytics and machine learning\u2014all without impacting availability or performance.<\/p>\n

In our Ignite presentation, we broke down five key capabilities provided by the product\u2019s agentless security for unmanaged IoT\/OT devices:<\/p>\n