Continuous threat monitoring
Microsoft’s Section 52, the MDIoT security research group, is a team of passionate OT threat researchers, nation-state defenders, and data scientists. The team does OT/IoT threat hunting, malware reverse engineering, protocol search, and OT cyber-incident response. The information provided by threat intelligence (TI) feeds helps in identifying threats in the IoT/OT industry and thus aiding in stopping adversaries from exploiting vulnerabilities. The TI is pushed to the MDIoT cloud-connected sensors at regular intervals; offline sensors need to be updated at a regular frequency.
Recognizing targeted attacks and malware by leveraging threat-hunting tools and behavioral-aware analytics by scanning through historical network traffic and Packet Captures (PCAPs) is done continuously. This is a key feature of MDIoT as it will flag an alert if an attacker is trying to make unauthorized changes in endpoints, assets, or sensors. So, we (the SOC team) are...
