Executive Summary
- Microsoft Defender for IoT is now integrated with ServiceNow for Manufacturing and ServiceNow® Operational Technology (OT) Management.
- Our IoT/OT security engineering team worked closely with ServiceNow to help them define OT-specific schema entities for the Configuration Management Database (CMDB). This enables organizations to enrich their existing CMDB with detailed information about specialized OT assets like programmable logic controllers (PLCs) and human-machine interfaces (HMIs).
- Assets auto-discovered agentlessly by Defender for IoT are shared seamlessly with the CMDB, along with their properties such as Purdue Level, device manufacturer, type, firmware level, IP/MAC, etc.
- Additionally, vulnerabilities identified by Defender for IoT — via passive, non-invasive monitoring — can now be shared with ServiceNow Vulnerability Response to create a single view of OT asset vulnerabilities, enabling organizations to assess, prioritize and act on urgency and business impacts using a calculated risk score.
- This builds upon our previous integration with ServiceNow ITSM and standard IT CMDB, which are being used by Microsoft clients such as one of the top 3 global pharmaceutical companies.
Bringing OT visibility and context into ServiceNow
Today, we are announcing the new integration of ServiceNow and Microsoft Defender for IoT to bring Operational Technology (OT) contextual views and security awareness into the ServiceNow Now Platform® through the ServiceNow Store Innovation Labs.
With this new integration, ServiceNow customers can leverage the agentless capabilities of Defender for IoT to enrich their ServiceNow platform with detailed information about what assets they have, how they’re connected, and what are their highest-risk vulnerabilities.
Although IT security teams have traditionally operated independently of their OT colleagues, we're now seeing that CISOs, and security operation teams are increasingly responsible for new threats from cyber-physical systems (CPS) and parts of the organization they never traditionally worried about.
As enterprises embrace digital transformation to enhance operational efficiency, the air-gap that once existed between IT and OT has disappeared, increasing the attack surface and risk. For example, continuous IT/OT connectivity is now required to share production information in real-time with ERP, CRM, and other IT systems. Integrated solutions such as Microsoft Defender for IoT and ServiceNow, which integrate information from both IT and OT, can help streamline and reduce risk from digital transformation initiatives.
Unified OT asset and vulnerability management
This new integration provides security operations teams with:
- Unified IT/OT asset inventory - Microsoft Defender for IoT is an agentless solution for discovering and classifying OT assets and networks. Combined with ServiceNow CMDB and the new Operational Technology (OT) Manager, security operations teams can now get a complete contextual view of their OT assets including records for MAC address, IP address, serial number, network connections, relationships between control systems, and control modules, type (PLC, HMI, EWS, etc.), Purdue Layer level, etc. Defender for IoT network sensor appliances can also be tracked in OT Manager.
- OT Vulnerability Management - Microsoft Defender for IoT delivers continuous, IoT/OT-aware threat and vulnerability monitoring using passive, network-layer monitoring. Combined with ServiceNow’s new OT CMDB, Vulnerability Response, and Operational Technology (OT) Manager, security operation teams can now proactively identify and prioritize common vulnerabilities and exposures (CVEs) that can be exploited by adversaries to stop production and cause safety incidents.
For more information:
The Service Graph Connector (SGC) and Vulnerability Response (VR) integrations with Microsoft Defender for IoT are available on the ServiceNow store:
- Service Graph Connector Integration with Microsoft Azure Defender for IoT
- Vulnerability Response Integration with Microsoft Azure Defender for IoT
- Understanding Cyber-Physical System and IoT/OT Risk, Featuring Gartner®
- Case study: Global manufacturing company secures production and bridges IT/OT gap
- Case study: How to proactively safeguard OT networks in smart buildings
- Microsoft scores #1 MITRE ATT&CK for ICS threat visibility coverage
- Enabling IoT/OT threat monitoring in your SOC with Microsoft Sentinel
- Microsoft Defender for IoT product summary
Note: Please read ServiceNow’s supporting links and docs for ServiceNow's terms of service. The legacy integration of Defender for IoT with the ServiceNow Now Platform® is not affected by the new integration and Microsoft will continue to support it.
Posted at https://sl.advdat.com/3IPVHSt