Azure Defender for IoT is an agentless security solution for Operational Technology (OT) networks incorporating specialized IoT/OT-aware behavioral analytics from Microsoft’s recent acquisition of CyberX. The new solution enables industrial and critical infrastructure organizations to secure their existing or brownfield devices without any performance impact or changes to existing environments. It’s also deeply integrated with Azure Sentinel and supports 3rd-party tools such as Splunk, IBM QRadar, and ServiceNow. Combined with previous support in Azure Security Center for IoT for protecting managed (or greenfield) IoT/OT devices connected via Azure IoT Hub, these new capabilities enable organizations to accelerate their digital transformation initiatives with a combined solution for both unmanaged (or brownfield) devices and managed (or greenfield) devices. In this segment, we describe the architecture of the solution and show how it can be used to protect against real-world attacks, using the TRITON attack on a petrochemical facility as an example.
Learn more about Azure Defender for IoT at https://aka.ms/iotshow/AzureDefenderForIoT