Microsoft announced Monday general availability of Azure Security Center for IoT that allows protection of end-to-end IoT deployment by identifying and responding to emerging threats, and finding issues in configurations before attackers can use them to compromise the deployment. As organizations use Azure Security Center for IoT to manage their security roadblocks, they remove the barriers keeping them from business transformation.
Azure Security Center creates a list of potential threats, ranked by importance, so security pros and IoT admins can remediate problems across devices, IoT services, connected Azure services, and the admins who use them.
Azure Security Center also creates ranked lists of possible misconfigurations and insecure settings, allowing IoT admins and security pros to fix the most important issues in their IoT security posture first. To create these security posture suggestions, Azure Security Center draws from Microsoft’s unique threat intelligence, as well as the industry standards.
Customers can also port their data into SIEMs such as Azure Sentinel, allowing security pros to combine IoT security data with data from across the organization for artificial intelligence or advanced analysis.
Organizations can monitor their entire IoT solution, while staying ahead of evolving threats, and fix configuration issues before they become threats. When combined with Microsoft’s secure-by-design devices and services, Azure Security Center for IoT provides an important way to reduce the risk of IoT while achieving business goals.
As organizations pursue digital transformation by connecting vital equipment or creating new connected products, IoT deployments will get bigger and more common. In fact, IDC forecasts that IoT will continue to grow at double digit rates until IoT spending surpasses US$1 trillion in 2022. As these IoT deployments come online, newly connected devices will expand the attack surface available to attackers, creating opportunities to target the valuable data generated by IoT.
Organizations understand the risks and are rightly worried about IoT. Bain’s research shows that security concerns are the top reason organizations have slowed or paused IoT rollouts. As Because IoT requires integrating many different technologies (heterogenous devices must be linked to IoT cloud services that connect to analytics services and business applications), organizations face the challenge of securing both the pieces of their IoT solution and the connections between those pieces.
Attackers target weak spots; even one weak device configuration, cloud service, or admin account can provide a way into the solution. Organizations must monitor for threats and misconfigurations across all parts of the IoT solution: devices, cloud services, the supporting infrastructure, and the admin accounts who access them.
Securing IoT is challenging for many reasons: IoT deployments are complicated, creating opportunity for integration errors that attackers can exploit; IoT devices are heterogenous and often lack proper security measures; organizations may not have the skillsets or SecOps headcount to take on a new IoT security workload; and IoT deployments are difficult to monitor using traditional IT security tools.
When organizations choose Microsoft for their IoT deployments, however, they get secure-by-design devices and services such as Azure Sphere and IoT Hub, end-to-end integration and monitoring from device to cloud, and the expertise from Microsoft and partners to build a secure solution that meets their exact use case.
Azure Security Center for IoT builds on Microsoft’s secure-by-design IoT services with threat protection and security posture management designed for securing entire IoT deployments, including Microsoft and 3rd party devices.
Azure Security Center is an IoT security service from a cloud provider that enables organizations to prevent, detect, and help remediate potential attacks on all the different components that make up an IoT deployment: from small sensors, to edge computing devices and gateways, to Azure IoT Hub, and on to the compute, storage, databases, and AI/ML workloads that organizations connect to their IoT deployments. This end-to-end protection is vital to secure IoT deployments. Although devices may be a common target for attackers, the services that store data and the admins who manage the IoT solution are also valuable targets.
As IoT threats evolve due to creative attackers analyzing the new devices, use cases, and applications the industry creates, Microsoft’s unique threat intelligence, sourced from the more than 6 trillion signals that Microsoft collects every day, keeps the organization ahead of attackers.
“We applaud Microsoft’s addition of IoT device protection to their Azure Security Center. All are aware of the increasing use of and risk exposure presented by the incredible potential threat landscape presented by IoT devices and applications,” said Charlie Miller, senior advisor with Shared Assessments. “For the past three years, Shared Assessments and the Ponemon Institute have conducted IoT studies which highlight the fact that most companies don’t know the depth and breadth of the risk exposures they face when leveraging IoT devices and emerging technologies. The good news is that awareness of risks posed by IoT is increasing, however the solutions to address these risks are not keeping pace. Fundamental risk management practices are ESSENTIAL in the IoT space, and solutions from technology leaders are a MUST!
“As one of our recommendations in this year’s study states: Risk management professionals must understand and demand solutions that continuously improve the technologies and techniques being used identify and mitigate IoT risk,” Miller added. “We are confident that all risk management professionals and technology companies will continue to develop techniques, practices and solutions to address and mitigate IoT related risks.”
