Amazon Web Services has launched AWS IoT Device Defender, a managed service that continuously audits the configurations on connected devices against a set of predefined security best practices.
If there are any gaps in a user’s IoT configuration that makes it susceptible to a security risk, the service sends an alert to the user; it also monitors for traffic anomalies, for example to warn if your device has been pulled into a DDoS attack.
How Does AWS IoT Device Defender Work?
AWS IoT Device Defender works by auditing your IoT device setup either on demand or on a schedule by performing a few checks.
See also: Learning from Dyn and Mirai: defeating IoT botnets
Within the service, the features can be accessed through the AWS IoT Console, the command-line interface or through a full site of API’s.
The checks involve searching for “imperfect configurations” ; during the audit it looks for expiring and revoked certificates that would have been shared by multiple devices.
Other AWS services such as AWS Greengrass and Amazon FreeRTOS are automatically integrated with IoT Device Defender, thus providing security metrics from the devices used for evaluation. IoT Device Defender also looks for AWS Issues with overly permissive access in which logging is enabled.
It is able to detect issues within an audit by delivering notifications through the AWS IoT Console, Cloudwatch metrics or via SNS (Simple Notification Service).
See Also: Amazon Holds a Winning Hand with AWS as it Reports Profits of £1.9 billion
Jeff Barr, Chief Evangelist at Amazon Web Services commented in a blog post: “Device Defender looks at network connections, outbound packet and byte counts, destination IP addresses, inbound and outbound message rates, authentication failures, and more.”
Barr added: “You can set up security profiles, define acceptable behaviour, and configure whitelists and blacklists of IP addresses and ports. An agent on each device is responsible for collecting device metrics and sending them to Device Defender. Devices can send metrics at 5 minute to 48 hour intervals.”
AWS IoT Device Defender is available in 10 selected regions, including Ireland, London and Frankfurt among the cities and countries having access the service.