Protecting federal information systems and critical infrastructure with the Microsoft Sentinel: IT/OT Threat Monitoring Solution
Also contributing to this blog are TJ Banasik, CISSP-ISSEP, ISSAP, ISSMP, Senior Program Manager, and Katie Thomas, Program Manager, of Microsoft Cloud & AI Security.
Security teams traditionally have not had tooling nor the expertise to provide them with visibility to monitor Internet of Things (IoT) / Operational Technology (OT) networks for vulnerabilities. As a result, IoT/OT security risks have traditionally been overlooked. This poses a great risk to organizations, as we see adversaries moving laterally from IT to OT with ease. In this video, we discuss the Microsoft Sentinel: IT/OT Threat Monitoring with Defender for IoT Solution.
This solution provides the foundation for building a Security Operations Center (SOC) for monitoring IoT/OT and includes: one workbook for visibility/reporting, 14 analytics rules for monitoring, and four playbooks for response. The workbook leverages Microsoft Sentinel telemetry to create visualization to understand, analyze, and respond to IoT/OT threats. Understanding alerts over time provides unprecedented insights into security posture and where teams need to focus to harden against threats. Deep links directly to Microsoft Defender for IoT alerts empower analysts to focus on remediating threats rather than pivoting between tools.
In addition to the video, we’re sharing content designed to provide the foundation of monitoring critical infrastructure with Microsoft Sentinel and Microsoft Defender for IoT. This content is designed to provide the foundation for designing, building, and operating an IoT/OT monitoring team. Below are the steps to onboard required dependencies, review content, and provide feedback.
- Onboard Microsoft Sentinel
- Onboard Microsoft Defender for IoT
- Connect Microsoft Defender for IoT to Microsoft Sentinel
- Deploy the Microsoft Sentinel: IT/OT Threat Monitoring with Defender for IoT Solution
- Microsoft Sentinel > Content Hub > Select IT/OT Threat Monitoring with Defender Solution > Install
b. In Government Regions, leverage the Deploy to Azure Gov button from GitHub ReadMe.
- Review the IT/OT Threat Monitoring with Defender for IoT Workbook
- Microsoft Sentinel > Workbooks > Select IT/OT Threat Monitoring with Defender for IoT
- Review the IT/OT Threat Monitoring with Defender for IoT Analytics Rules
- Microsoft Sentinel > Analytics > Search “IoT”
- Review the IT/OT Threat Monitoring with Defender for IoT Playbooks
- Microsoft Sentinel > Automation > Playbooks > Search “IoT”
- Review the content and provide feedback through the survey
Learn more about defending IoT/OT with Microsoft Security
- Enabling IoT/OT Threat Monitoring in Your SOC with Microsoft Sentinel
- Defender for IoT product summary
- Cloud-delivered IoT/OT threat intelligence
- 5 steps to enable your corporate SOC to rapidly detect and respond to IoT/OT threats