Microsoft Defender for IoT Assessment: 2-Month Proof of Concept

By participating in this 2-month POC, organizations can gain a working comfort level with Microsoft Defender for IoT while proactively safeguarding critical infrastructure and aligning with cybersecurity best practices for OT. This POC is broken into four (4) distinct phases as noted below:

1. Phase 1: Defender for IoT Sensor Planning: We begin with a collaborative gap analysis of network segmentation, firewall configurations, and sensor deployment strategies - ensuring an optimal Defender for IoT implementation aligned with industry security frameworks. The goal is to identify up to one hundred (100) IoT devices in one physical site that will be licensed for a production Defender for IoT deployment, leveraging best practice recommendations gathered during the gap analysis.
2. Phase 2: IoT Sensor Deployment: Once the target devices and networking details are agreed upon, we deploy a hardware sensor and OT Site Licensing for up to 100 IoT devices - delivering actionable insights and best-practice recommendations to enhance visibility and mitigate cyber risks across air-gapped and interconnected OT environments. The licensing is deployed directly into the customer tenant and the hardware sensor deployed during the POC permanently remains with the customer once the assessment is complete.
3. Phase 3: Defender for IoT Post-Deployment: We validate our device discovery and enable the appropriate detection engines and risk/security reporting - ensuring the operational "ready state" and effectiveness of the Defender for IoT deployment. Custom dashboards, alert rules, and test plans are created to enhance visibility, assess vulnerabilities, and simulate attack paths for mitigation planning.
4. Phase 4: OT SOC Operations: We establish secure administration of Defender for IoT Azure resources via Azure Lighthouse and integrate Defender for IoT with a Microsoft Sentinel SIEM instance. The phase includes escalation, and investigation protocols between the AIT SOC team and the customer, enabling 24x7 OT SOC services. This portion of the engagement initiates once Phase 3 is completed and runs through the time remaining in the POC. It includes calls with a Security Engineer and an account executive to assess risk and identify optimization opportunities.