Microsoft has introduced security for unmanaged IoT devices in the enterprise network with Defender for IoT.

While IoT devices can easily outnumber managed endpoints such as laptops and mobile phones, they often lack the same safeguards that would ensure their security. To bad actors, these unmanaged devices can be used as a point of entry, for lateral movement or evasion.

At its 2021 Ignite conference, Microsoft previewed enterprise IoT security capabilities in Microsoft Defender for IoT. With these capabilities, Defender for IoT added agentless monitoring to secure enterprise IoT devices connected to IT networks, such as VoIP, printers and smart TVs. A dedicated integration with Microsoft 365 Defender allows Defender for Endpoint users to extend their extended detection and response (XDR) coverage to include IoT devices.

“Today, we’re excited to announce the general availability of these capabilities in Defender for IoT,” said Michal Braverman-Blumenstyk, chief technology officer, and Nir Giller, principal group manager, in a joint blog post this week.

With this addition, Defender for IoT now delivers security for all endpoint types, applications, identities and operating systems. The new capabilities allow organisations to get the visibility and insights they need to address complex multi-stage attacks that specifically take advantage of IoT and OT devices to achieve their goals.

Users will be able to get the same types of vulnerability management, threat detection, response and other capabilities for enterprise IoT devices that were previously only available for managed endpoints and OT devices.

Further, to make Enterprise IoT security accessible to more users, it has introduced a dedicated native integration for Microsoft 365 Defender. The integration can help users discover and secure IoT devices within 365 Defender environments in minutes.

“You can’t secure a device if you don’t know it exists,” said the blog. “Taking a thorough inventory of all IoT devices can be expensive, challenging and time-consuming. Employees may connect IoT devices to the network without first notifying IT or operations.”

By using the existing Microsoft Defender for Endpoint clients, which are often deployed pervasively across an organisation’s infrastructure, Microsoft can provide immediate device discovery with no additional deployment or configuration required.

For a more complete view of IoT and OT devices, and specifically for network segments where Defender for Endpoint sensors are not present, Defender for IoT includes a deployable network sensor that can be used to collect all the network data needed for discovery, behavioural analytics and machine learning.

“Knowing all the devices present in your network is a critical step to securing your IoT, but it’s only the first step,” said the blog. “To understand the potential risk that those devices pose to your network and organisation, you need to be able to stay on top of insecure configurations and vulnerabilities that may be present within your inventory of devices.”

These types of devices are often unpatched, misconfigured and unmonitored, which makes them an immediate target for an attacker. Defender for IoT assesses all enterprise IoT devices, offering recommendations in the Microsoft 365 console as part of the ongoing investigation flow for network-based alerts.

New IoT devices are being introduced into an environment all the time. Because of that, the identification and risk assessment processes run continuously within Defender for IoT to ensure visibility and posture at all times.

Threat detection remains one of the most difficult tasks in the IoT domain. Defender for IoT users can benefit from the machine learning and threat intelligence obtained from trillions of signals collected daily across the global Microsoft ecosystem, such as email, endpoints, cloud, Microsoft Azure Active Directory, and Microsoft 365, augmented by IoT- and OT-specific intelligence.

“By applying machine learning and threat intelligence, we help our customers to reduce the alert signal-to-noise ratio by providing them with prioritised incidents that render end-to-end attacks in complete context rather than giving them an endless list of uncorrelated alerts,” said the blog.

Demand for digital transformation and pressure to remain competitive will continue incentivising organisations to embrace more IoT technologies, whether they are smart TVs in offices or industrial controllers in plants. Chief information security officers will soon be responsible for an attack surface area that is many times larger than their managed device footprint.

“With the latest release in Defender for IoT, we’re extending coverage to enterprise IoT devices to help customers remain secure across the entire spectrum of their IoT technologies,” said the blog. “What’s more, for the first time we’re enabling our Defender for Endpoint customers to gain visibility into their IoT devices within minutes and without buying or deploying any additional technologies or products.”

Microsoft Defender for IoT remains a major component of the broader Microsoft SIEM and XDR. Through native integration with Defender and Sentinel, Microsoft can provide the automation and visualisation tools needed to address attacks crossing IT and OT network boundaries. These integrations also empower analysts to perform incident response holistically rather than as separate disconnected attacks that require manual investigations to bring together.

“With these efficiency gains, organisations can stop attacks and bring their environments back to a pre-breach state far more quickly,” said the blog. “We’re excited to reach this major milestone on our journey to securing customers in IoT and OT.”