Initially introduced in March 2019, Microsoft has announced the general availability of Azure Security Center for IoT, which enables end-to-end threat protection and security management of IoT environments. The solution helps in identifying threats, insecure settings, and misconfigurations, allowing to mitigate before attackers can take advantage of them.
Over recent years, Microsoft has launched multiple products targeting the Internet of Things market. These products include services like IoT Hub, implementing secured bi-directional communication with IoT devices and device management, as well as data processing and storage solutions such as Stream Analytics and Azure Data Lake. Moreover, Microsoft also entered the IoT device landscape recently, with the introduction of Azure Sphere. The market for these IoT solutions is ever growing, as indicated by estimations of research firm International Data Corporation, or IDC for short. Specifically, their assessments show that the spend on IoT hardware and software, currently around 726 billion dollars, will grow to 1.1 trillion dollars in 2023. Using Azure Security Center for IoT (ASC), Microsoft aims to monitor and manage security on all aspects of these solutions, as described by James E Gaskin, author, speaker, and consultant.
Since IoT installations stretch from the smallest sensor though the network to the cloud, piecemeal security products leave too many gaps. Azure Security Center for IoT from Microsoft offers security coverage from end-to-end, from sensor to cloud, for both Microsoft and third-party devices.
To accomplish implementing these security measures, ASC analyzes over 6 trillion data signals daily, both from Microsoft and its partners and customers. Subsequently, Azure Security Center for IoT uses this data to evaluate all incoming information, distilling specific threats and tasks per environment. When received, ASC then incorporates this material in the dashboards, where administrators and security experts can analyze and execute them. Additionally, suggestions for remediation, including links to the underlying theory and steps to solve the issues, accompany most of the identified threats. Recommendations from Azure Security Center for IoT include device-specific suggestions, such as setting firewall permissions or limiting unutilized messages, as well as those for surrounding services like IoT Hub, for example, setting an IP filter.
Working with ASC allows for two different feature workflows. First, the Built-In mode, which is as easy as walking through a wizard, after which collection of basic security information will start. In case the collected data should include more detailed information, the enhanced mode implements this. In this scenario, it is necessary to install agents on the devices, which then send data around IP connections, process creation, user logins and more, while also aggregating the data to minimize network traffic usage. Furthermore, with both modes, all data also end up in a Log Analytics workspace, which allows advanced querying using the Kusto Query Language.
Important to note is that discovery of new devices and services is automatic, directly applying policies and threat detection. Consequently, ASC enables a better understanding of the status of resources, raises security awareness, and supports faster reconciliation through guidelines and practices, aiming to mitigate issues before anyone can exploit these. Finally, to provide even better coverage of security over a complete cloud environment, it is also possible to incorporate Azure Security Center for IoT in Azure Sentinel or other SIEMs