Amazon has recently announced the general availability of AWS IoT Device Defender, a service that audits, analyzes, and detects security violations in IoT deployments. The service that was initially announced at re:Invent in 2017 complements AWS IoT Core by securing the things registered with the device registry in the cloud.
AWS IoT Device Defender announcement from re:Invent 2017Source: Amazon
According to Amazon, AWS IoT Device Defender is a fully managed IoT security service that enables customers to secure their IoT configurations on an ongoing basis. With AWS IoT Device Defender, customers get tools to identify and respond to security issues.
IoT devices are prone to security breaches and violations. Low compute power combined with limited memory and remote deployment makes them vulnerable to attacks. Hackers take advantage of these connected devices by exploiting them for launching distributed denial-of-service (DDOS) attacks.
In September 2016, Mirai, the infamous IoT botnet took down major websites via a massive DDOS attack involving thousands of compromised IoT devices. Within the very first day of the assault, Mirai had infected over 65,000 IoT devices. During its peak in November 2016, Mirai had affected over 600,000 IoT devices.
AWS IoT Device Defender attempts to mitigate the risk of attacks such as Mirai. The service does two things – auditing and monitoring of devices.
The auditing service ensures the security posture of the device fleet is known, good, and trusted. Customers can run audits on-demand or schedule them to run periodically. It audits device-related resources (such as X.509 certificates, IoT policies, and Client IDs) against AWS IoT security best practices. AWS IoT Device Defender reports configurations that are out of compliance with security best practices, such as multiple devices using the same identity, or overly permissive policies that can allow one device to read and update data for many other devices.
The second component of the service monitors device activity collected from the cloud. Optionally, an agent may be installed on the device for continuous monitoring. The service detects unusual device behavior that may be indicative of a compromise by continuously monitoring high-value security metrics from the device and cloud. Customers can specify normal device behavior for a group of devices by setting up behaviors (rules) for these metrics. AWS IoT Device Defender monitors and evaluates each data point reported for these metrics against user-defined behaviors (rules) and alerts customers if an anomaly is detected.
AWS IoT Device Defender service can detect security vulnerabilities found within an existing fleet of devices. It can also report unusual behavior or patterns identified in inbound and outbound messages and telemetry.
To take advantage of this service, customers will need to implement device-side code to collect and report metrics to AWS IoT Device Defender. Amazon’s edge computing platform, AWS Greengrass, and embedded OS, FreeRTOS are fully integrated with AWS IoT Device Defender for both device-side and cloud-side metrics.
Amazon charges customers based on the number of devices monitored and the amount of data monitored. The AWS Free Tier allows customers to use all the devices that may send up to 1 million data points in the first month.
The service is available in select regions in North America, Europe and APAC.
With IoT and edge deployments picking up momentum, cloud providers are augmenting their IoT platforms with security and monitoring capabilities. AWS IoT Device Defender enhances the value to AWS IoT Core through additional security features.