SOLUTION

IoT/OT Security Azure Defender for IoT

What is Azure Defender for IoT?

Azure Defender for IoT is provided as a security solution specialized for OT (Operational Technology) environments and ICS.
This cybersecurity solution for ICS was researched and developed by a former Israel Defense Force security expert. Furthermore, an SDK has been introduced for Azure Defender for IoT. This provides support for Japan’s unique private protocol, something which had been difficult until now. It is also possible to add fast protocol support, Japanese translations of alerts, and arbitrary messaging.

Features

  • Specialized design for OT (Operational Technology)
    Azure Defender for IoT utilizes a unique M2M (Machine to Machine) technology behavior analysis algorithm and ICS-specific threat intelligence. Special industrial protocols are supported, so the solution constantly monitors the customer’s OT environment and quickly detects the occurrence of incidents.
  • No impact on existing networks
    Since packet acquisition consists of only one-way communication from the mirror port, there is no need to worry about problems such as existing industrial equipment being shut down.
  • Implementation of function for predicting attack vector
    By evaluating vulnerabilities in all the customer’ assets, the solution is able to predict attack vectors when used in combination. This makes it possible to determine which devices should be prioritized for security measures.

The service will solve problems such as the following:

  • Want to continuously monitor the OT environment, evaluate risks, and formulate effective measures
  • Want to take prompt and proactive response to serious vulnerabilities
  • Want to evaluate/diagnose devices in the OT environment and vulnerability information

Main Functions

Vulnerability assessment
Azure Defender for IoT can comprehensively assign scores based on the number of detected vulnerabilities, the number of devices, etc., and output an assessment report for clearly grasping the required security measures.

Constant monitoring/real-time alerts
Azure Defender for IoT uses machine learning to create a network baseline, and to automatically evaluate vulnerabilities and risks that do not impact the existing environment. Furthermore, the solution is equipped with five types of control engines for immediate detection of abnormal behavior.

  • Detection of protocol violations
  • Detection of policy violations
  • Detection of malware
  • Detection of abnormalities
  • Detection of operation changes

Display event log
Display alert-related events in an easy-to-view timeline format.

Alert report
Alert-related reports can be downloaded in a PDF format.

Automatic creation of network topology
Simply connect to the network and it will automatically create a map of the assets connected to the same network.

Display asset properties
Together with the map, automatically creates the properties of assets connected to a network.

Report function
A large number of reports (approx. 20 types) can be used.

Data mining function
Users themselves can also create (mining) forms that are not provided in the report.

Predict attack vector
Based on vulnerability information for each asset, Azure Defender for IoT predicts the attack vector that may be a cyberattack.

Security measures simulation
Creates a simulation assuming that security measures were taken based on the predicted attack vector.

Centralized management console
Even in large-scale environments, integrated management is possible using the centralized management console.

SIEM linkage
By linking with the API, it is possible to merge it with the main SIEM.

Vulnerability assessment
Azure Defender for IoT can comprehensively assign scores based on the number of detected vulnerabilities, the number of devices, etc.,and output an assessment report for clearly grasping the required security measures.

Constant monitoring/real-time alerts
Azure Defender for IoT uses machine learning to create a network baseline, and to automatically evaluate vulnerabilities and risks that do not impact the existing environment. Furthermore, the solution is equipped with five types of control engines for immediate detection of abnormal behavior.

  • Detection of protocol violation
  • Detection of policy violations
  • Detection of malware
  • Detection of abnormalities
  • Detection of operation changes

Display event log
Display alert-related events in an easy-to-view timeline.

Alert report
Alert-related reports can be downloaded in a PDF format.

Automatic creation of network topology
Simply connect to the network and it will automatically create a map of assets connected to the same network.

Display asset properties
Together with the map, automatically creates the properties of assets connected to a network.

Report function
A large number of reports (approx. 20 types) can be used.

Data mining function
Users themselves can also create (mining) forms that are not provided in the report.

Predict attack vector
Based on vulnerability information for each asset, Azure Defender for IoT predicts the attack vector that may be a cyberattack.

Security measures simulation
Creates a simulation assuming that security measures were taken based on the predicted attack vector.

Centralized management console
Even in large-scale environments, integrated management is possible using the centralized management console.

SIEM linkage
By linking with API, it is possible to merge with the main SIEM.

Price

Please contact us for details.

Specifications

Hardware appliance
[1U Model: HPE ProLiant DL20]

CPU Intel Xeon E-2224, 3.4GHz,4C,71W
Memory 1x8GB Dual Rank x8 DDR4-2666
Storage 2 x 1TB SATA 6G Midline 7.2K SFF (2.5in) – RAID 1 with Smart
Array P208i-a
Network controller On-board: 2 x 1Gb
On-board: iLO Port Card 1Gb
External: 1 x HPE Ethernet 1Gb 4-port 366FLR Adapter
Power source Dual Hot Plug Power Supplies 350W
Max Protected Devices 1,000 (*differs depending on environment)

[Highly-Durable Model: Neousys Nuvo-7006LP/3Y]

CPU Core i5-6500TE 2.30GHz 6MB 4C/4T
Memory DDR4-2666 non-ECC SO-DIMM 8GB
Storage 2.5インチ SATA SSD MLC 128GB
Temperature expansion products
Network controller Intel i219 + i210 1GbE RJ45 6 ports
Power source 120W AC/DC adaptor
Max Protected Devices 200 (*differs depending on environment)