Rudin Management Company wanted to prevent system outages and safety incidents in its New York City skyscrapers. It chose Microsoft Defender for IoT, an agentless Internet of Things (IoT) and operational technology (OT) security solution, to monitor unmanaged devices for ransomware and targeted attacks. It also chose Microsoft Sentinel, a cloud-native security information and event management/security orchestration, automation, and response (SIEM/SOAR) solution, to deliver an enterprise-wide view of multistage attacks across its IT and OT networks.
“Our clients expect our buildings to be safe…. When 60 unauthorized devices suddenly came online and connected to the internet, Microsoft Defender for IoT immediately alerted us to the policy violation, and Microsoft Sentinel sent in the cavalry to shut them down with an automated playbook.”
John Gilbert, Chief Operating Officer, Chief Technology Officer, and Executive Vice President, Rudin Management Company
John Gilbert, Chief Operating Officer, Chief Technology Officer, and Executive Vice President at Rudin Management Company, thinks of safety first when managing the company’s smart buildings. “Not all building systems are created equal. With some, like elevators or steam pipes, the worst possible scenario means that someone can be seriously hurt. Then there are IoT cyberthreats, which can start in the OT network and expand to take over everything, such as CCTV cameras, lighting systems, and personnel databases.”
Merging the worlds of IT and OT for more holistic security
Gilbert has spent almost 30 years overseeing Rudin Management’s long history of building-system advancements. The privately held company, which owns and operates 10 million square feet of office space and 5 million square feet of residential space in New York City, has been around since the late 1800s.
In 2019, Rudin Management set out to improve visibility, security, and control for its IoT/OT networks. It chose CyberX, which Gilbert identified as one of the few solutions that could meet all of the company’s asset visibility and risk reduction needs and was easy to deploy, to help secure its building management systems (BMS). The agentless network detection and response (NDR) solution works across proprietary IoT/OT automation equipment, which is critical because Rudin Management’s environment includes systems from diverse equipment suppliers, including Schindler, Johnson Controls, Honeywell, Trane, Carrier, and others.
The CyberX platform became Microsoft Defender for IoT when Microsoft acquired the company in 2020. Defender for IoT incorporates IoT/OT-aware behavioral analytics and threat intelligence to automatically discover unmanaged IoT/OT devices and continuously monitor them for unauthorized or anomalous behavior. It is available for either on-premise or cloud-connected environments. For Rudin Management’s smart buildings, these devices help monitor and control essential systems like fire safety, elevators, building access controls, CCTV cameras, heating, ventilation, air conditioning, lighting, occupancy sensors, and energy and water consumption.
The company deployed the solution in a few days and immediately gained visibility into its IoT/OT network topology, including device communication paths and subnet traffic. In addition to its cybersecurity risk reduction benefits, the company also uses the solution to quickly identify the root causes of operational issues, such as misconfigured or malfunctioning devices. As a Microsoft product, Defender for IoT interoperates and shares data out of the box with Microsoft Sentinel, a cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution.
Rudin Management uses the cloud-based version of Defender for IoT to assess its OT network for vulnerabilities such as missing security patches and misconfigured network segmentation rules, and to prioritize how to mitigate risks in high-value “crown jewel” devices whose compromise would have a major safety or operational impact. Defender for IoT alerts are automatically forwarded to Microsoft Sentinel, which provides a bird’s-eye view of alerts across both IT and OT networks, to speed attack detection and response for multistage attacks that often cross IT/OT boundaries.
The highly interoperable solution demonstrated its value in early 2021 when Defender for IoT identified 60 new unauthorized IoT/OT devices that suddenly appeared on one of the several dozen OT networks and all while trying to connect to the internet, which isn’t allowed by policy. A Microsoft Sentinel playbook immediately isolated the devices by changing policies on the company’s next-generation firewalls (NGFWs) to make sure that the unauthorized devices didn’t send or receive data from the internet.
The team used the detailed asset identification capabilities provided by Defender for IoT to learn these were elevator devices that an outside contractor had connected to the OT network and then connected to the internet without authorization so they could be remotely monitored by the contractor.
“Our clients expect our buildings to be safe,” says Gilbert. “Defender for IoT is incredible at identifying and continuously monitoring OT assets. We use it to see everything that’s on our network so we can create a baseline of normal activity and immediately identify deviations. When 60 unauthorized devices suddenly came online and connected to the internet, Defender for IoT immediately alerted us to the policy violation, and Microsoft Sentinel sent in the cavalry to shut them down via an automated playbook. We’re very happy with that.”
Fueling new efficiencies with AI
Microsoft products work together to improve enterprise security and device management. Gilbert says, “We get continuous, automated asset inventorying with Defender for IoT, which helps us identify each fan, pump, and motor controller on the OT network, providing details like manufacturer, device type, model, serial number, and firmware level,” he says. “It coordinates beautifully with Microsoft Sentinel, which uses machine learning algorithms to comb through millions of events across all our IT and OT systems—including Active Directory, IT hosts, applications, and non-Microsoft systems like our next-generation firewalls (NGFWs), in addition to contextual alerts forwarded by Defender for IoT—to alert us to just the security situations that we need to look at.”
Just as important is the simplicity and scalability that the cloud-based approach of Microsoft Sentinel and Defender for IoT provides. In fact, Microsoft Sentinel has been shown to deliver an ROI of 201 percent with a payback period of less than six months and a 48 percent reduction in costs compared to legacy SIEM solutions because of savings on expenses like licensing, storage, and infrastructure costs.
Joining with Microsoft to help build the future
Rudin Management is planning new ways to take advantage of Microsoft IoT and security technologies to optimize operations. It developed Nantum, a smart building operating system that analyzes data from disparate systems like building management systems, utility and power quality meters, and elevators and access controls. Combined with data from sources such as weather, occupancy, and IoT sensors, Nantum can prescribe operational adjustments that improve building performance and enhance the tenant experience while also decreasing energy use and carbon emissions.
Now, the company is exploring Azure Digital Twins for creating a digital representation of the spaces and devices within buildings, as well as the relationships between them. Property managers would be able to use this technology to drill down on each floor and see building occupancy and tenant comfort numbers floor by floor in real time. “Soon we’ll see how real-time data that Nantum collects and parses is expressed within Azure Digital Twins, such as occupancy, temperature, and CO2 heat maps, across timelines, and how that data varies based on occupancy levels, time of year, and other factors,” says Gilbert. “We’ll be able to reveal how living, breathing data can improve our clients’ environments—while we continue securing our entire digital building ecosystem with Microsoft Security solutions. I’m really excited about that.”
Find out more about Rudin Management Company on Facebook and LinkedIn.
“We get continuous, automated asset inventorying with Defender for IoT…. It coordinates beautifully with Microsoft Sentinel, which uses machine learning algorithms to comb through millions of events across all of our IT and OT systems, including non-Microsoft systems like our next-generation firewalls.”
John Gilbert, Chief Operating Officer, Chief Technology Officer, and Executive Vice President, Rudin Management Company
Follow Microsoft