Microsoft has released Microsoft Defender for IoT, its security software for smart TVs, printers and all connected things other than PCs and smartphones.
Defender for IoT is an agentless monitoring system for securing Internet of Things (IoT) devices connected to enterprise IT networks, like Voice over Internet Protocol (VoIP), printers, and smart TVs, as well as operational technology (OT) behind critical infrastructure.
After this extended and circuitous preview period, Microsoft announced the general availability of the product, including its integration with Microsoft 365 Defender, which gives customers capabilities in the category of extended detection and response (XDR). It also dovetails with Microsoft Sentinel, its managed, cloud-based SIEM or "Security Information and Event Management" system.
Microsoft in 2020 made Microsoft Defender its XDR product, while Azure Sentinel became its SIEM line.
"With this new addition, Defender for IoT now delivers comprehensive security for all endpoint types, applications, identities, and operating systems," Michal Braverman-Blumenstyk, Microsoft corporate vice president and chief technology officer of cloud and AI security, said in a blog post.
"The new capabilities allow organizations to get the visibility and insights they need to address complex multi-stage attacks that specifically take advantage of IoT and OT devices to achieve their goals. Customers will now be able to get the same types of vulnerability management, threat detection, response, and other capabilities for enterprise IoT devices that were previously only available for managed endpoints and OT devices."
Defender for IoT remains a major component of Microsoft's SIEM and XDR solutions that rely on Defender and Sentinel integrations to deliver automation and visualization tools to mitigate attacks that cross IT and operational technology (OT) boundaries. It aims to extend visibility on the network beyond managed devices.
"Chief Information Security Officers will soon be responsible for an attack surface area that is many times larger than their managed device footprint," says Braverman-Blumenstyk.
The service scans the network for insecure configurations and vulnerabilities in devices, looking for unpatched flaws and providing security recommendations in the Microsoft 365 console.
While Defender for IoT does expand the reach of Microsoft's enterprise security solutions, recent vulnerabilities in the software have exposed organizations to remote attacks.
Defender for IoT consists of Microsoft Azure Defender for IoT Management and Microsoft Azure Defender for IoT Sensor. As detailed by researchers at Sentinel Labs in March, there were flaws in the password reset mechanism for Defender for IoT that could be abused by remote attackers to gain unauthorized access. Other vulnerabilities provided an attacker with access without a password.