Objective:
The objective of this engagement is to Identify OT assets, classify OT devices based on their risk and business value, protect
your OT devices from potential harm and measure OT security risks in a passive manner by utilizing Microsoft Azure.
Activities to be Completed:
Passive Site Level IOT / OT Security Scan
- Work with customer to identify sample site and network for IOT / OT Security Scan
- Work with site level technical resources to get Defender for IOT installed and passively viewing IOT / OT network traffic
- Conduct a passive site level Defender for IOT scan to identify potential security vulnerabilities in IOT and OT devices.
IOT / OT Security Objectives Workshops
- Protiviti will prepare and distribute a comprehensive pre-workshop questionnaire for the Client which focuses to existing business objectives, technological direction, current deployment, and key requirements for the use of Defender for IOT.
- Develop an IOT / OT workshop agendas with key stakeholders to talk through the unique IOT / OT Security challenges for the client within Microsoft Azure environment.
Site Assessment & Recommendations
- Listing of IOT / OT assets at the sampled location
- Final deliverable will provide a prioritized list of recommendations to address identified gaps
- Technical walkthrough of findings with the onsite team to understand recommended next steps and remediation actions
Output:
- IOT / OT Asset Inventory
- Design Level vulnerabilities for Sampled Site within your Microsoft Azure environment
- CVE Listing of vulnerabilities on identified IOT / OT Assets
- Prioritized list of remediations
- High Level IOT / OT Security Roadmap
- Recommended OT Security Metrics