January 13th, 2022

Protecting federal information systems and critical infrastructure with the Microsoft Sentinel: IT/OT Threat Monitoring Solution

Lili Davoudian
Senior Product Manager

Also contributing to this blog are TJ Banasik, CISSP-ISSEP, ISSAP, ISSMP, Senior Program Manager, and Katie Thomas, Program Manager, of Microsoft Cloud & AI Security.

Security teams traditionally have not had tooling nor the expertise to provide them with visibility to monitor Internet of Things (IoT) / Operational Technology (OT) networks for vulnerabilities. As a result, IoT/OT security risks have traditionally been overlooked. This poses a great risk to organizations, as we see adversaries moving laterally from IT to OT with ease. In this video, we discuss the Microsoft Sentinel: IT/OT Threat Monitoring with Defender for IoT Solution.

This solution provides the foundation for building a Security Operations Center (SOC) for monitoring IoT/OT and includes: one workbook for visibility/reporting, 14 analytics rules for monitoring, and four playbooks for response. The workbook leverages Microsoft Sentinel telemetry to create visualization to understand, analyze, and respond to IoT/OT threats. Understanding alerts over time provides unprecedented insights into security posture and where teams need to focus to harden against threats. Deep links directly to Microsoft Defender for IoT alerts empower analysts to focus on remediating threats rather than pivoting between tools.  

Getting started

In addition to the video, we’re sharing content designed to provide the foundation of monitoring critical infrastructure with Microsoft Sentinel and Microsoft Defender for IoT. This content is designed to provide the foundation for designing, building, and operating an IoT/OT monitoring team. Below are the steps to onboard required dependencies, review content, and provide feedback.

  1. Onboard Microsoft Sentinel
  2. Onboard Microsoft Defender for IoT
  3. Connect Microsoft Defender for IoT to Microsoft Sentinel
  4. Deploy the Microsoft Sentinel: IT/OT Threat Monitoring with Defender for IoT Solution
    1. Microsoft Sentinel > Content Hub > Select IT/OT Threat Monitoring with Defender Solution > Install

Image Video 8211 Defender IoT Solution Image 1

     b. In Government Regions, leverage the Deploy to Azure Gov button from GitHub ReadMe.

Image Video 8211 Defender IoT Solution Image 2

  1. Review the IT/OT Threat Monitoring with Defender for IoT Workbook
    1. Microsoft Sentinel > Workbooks > Select IT/OT Threat Monitoring with Defender for IoT
  2. Review the IT/OT Threat Monitoring with Defender for IoT Analytics Rules
    1. Microsoft Sentinel > Analytics > Search “IoT”
  3. Review the IT/OT Threat Monitoring with Defender for IoT Playbooks
    1. Microsoft Sentinel > Automation > Playbooks > Search “IoT”
  4. Review the content and provide feedback through the survey

Learn more about defending IoT/OT with Microsoft Security

 

 

Author

Lili Davoudian
Senior Product Manager

0 comments

Discussion are closed.