Microsoft Defender for IoT (MDIoT) delivers the only ICS and IoT cybersecurity platform built by blue-team experts with a track record defending critical national infrastructure — and the only platform with patented ICS-aware threat analytics and machine learning. MDIoT provides:
- Immediate insights about ICS the asset landscape with an extensive range of details about attributes.
- ICS-aware deep embedded knowledge of OT protocols, devices, applications — and their behaviors.
- Immediate insights into vulnerabilities, as well as known and zero-day threats.
- An automated ICS threat modeling technology to predict the most likely paths of targeted ICS attacks via proprietary analytics.
The MDIoT integration with ServiceNow provides a new level of centralized visibility, monitoring and control for the IoT/OT landscape. These bridged platforms enable automated asset visibility and protection to previously unreachable ICS & IoT assets.
The App provides SOC analysts with multidimensional visibility into the specialized OT protocols and IoT devices deployed in industrial environments, along with ICS-aware behavioral analytics to rapidly detect suspicious or anomalous behavior. This is an important evolution given the ongoing convergence of IT and OT to support new IoT initiatives, such as smart machines and real time intelligence.
The app also enables both IT and OT incident response from within one corporate SOC.
Threat Management
Microsoft Defender for IoT (MDIoT) ICS Management App helps:
- Reduce the time required for industrial and critical infrastructure organizations to detect, investigate, and act on cyber threats.
- Obtain real-time intelligence about OT risks.
- Correlate MDIoT alerts with ServiceNow threat monitoring and incident management workflows.
- Trigger ServiceNow tickets as well as workflows with other services and Apps on the ServiceNow platform.
ICS/SCADA security threats are identified by MDIoT security engines, which provide immediate alert response to threats, network deviations and anomalies across all surfaces.
Asset Visibility and Management
The ServiceNow Configuration Management Database (CMDB) is enriched and supplemented with a rich set of asset attributes sent by the MDIoT platform. This ensures comprehensive and continuous visibility into the asset landscape and lets you monitor and respond from a single-pane-of-glass
In addition, by adding or updating asset attributes on ServiceNow’s CMDB configuration tables, MDIoT detections can trigger ServiceNow workflows and business rules, or can be integrated with other services and Apps on the ServiceNow platform.
This version of the App delivers comprehensive asset visibility and management.
The ServiceNow Configuration Management Database (CMDB) is enriched and supplemented with a rich set of asset attributes sent by the MDIoT platform. By adding and updating asset attributes on ServiceNow’s CMDB configuration tables, MDIoT detections can trigger ServiceNow workflows and business rules, or can be integrated with other services and Apps on the ServiceNow platform.
Require MDIoT Platform in version 3.0 or higher