How AWS IoT Device Defender Secures Connected Devices Posted on : Aug 13 - 2018

Amazon has recently announced the general availability of AWS IoT Device Defender, a service that audits, analyzes, and detects security violations in IoT deployments. The service that was initially announced at re:Invent in 2017 complements AWS IoT Core by securing the things registered with the device registry in the cloud.

According to Amazon, AWS IoT Device Defender is a fully managed IoT security service that enables customers to secure their IoT configurations on an ongoing basis. With AWS IoT Device Defender, customers get tools to identify and respond to security issues.

IoT devices are prone to security breaches and violations. Low compute power combined with limited memory and remote deployment makes them vulnerable to attacks. Hackers take advantage of these connected devices by exploiting them for launching distributed denial-of-service (DDOS) attacks.

In September 2016, Mirai, the infamous IoT botnet took down major websites via a massive DDOS attack involving thousands of compromised IoT devices. Within the very first day of the assault, Mirai had infected over 65,000 IoT devices. During its peak in November 2016, Mirai had affected over 600,000 IoT devices.

AWS IoT Device Defender attempts to mitigate the risk of attacks such as Mirai. The service does two things – auditing and monitoring of devices.

The auditing service ensures the security posture of the device fleet is known, good, and trusted. Customers can run audits on-demand or schedule them to run periodically. It audits device-related resources (such as X.509 certificates, IoT policies, and Client IDs) against AWS IoT security best practices. AWS IoT Device Defender reports configurations that are out of compliance with security best practices, such as multiple devices using the same identity, or overly permissive policies that can allow one device to read and update data for many other devices.

The second component of the service monitors device activity collected from the cloud. Optionally, an agent may be installed on the device for continuous monitoring. The service detects unusual device behavior that may be indicative of a compromise by continuously monitoring high-value security metrics from the device and cloud. View More