What is AWS IoT Device Defender
AWS IoT Device Defender is a fully managed service that helps you secure your fleet of IoT devices. AWS IoT Device Defender continuously audits your IoT configurations to make sure that they aren’t deviating from security best practices. A configuration is a set of technical controls you set to help keep information secure when devices are communicating with each other and the cloud. AWS IoT Device Defender makes it easy to maintain and enforce IoT configurations, such as ensuring device identity, authenticating and authorizing devices, and encrypting device data. AWS IoT Device Defender continuously audits the IoT configurations on your devices against a set of predefined security best practices. AWS IoT Device Defender sends an alert if there are any gaps in your IoT configuration that might create a security risk, such as identity certificates being shared across multiple devices or a device with a revoked identity certificate trying to connect to AWS IoT Core.
AWS IoT Device Defender also lets you continuously monitor security metrics from devices and AWS IoT Core for deviations from what you have defined as appropriate behavior for each device. If something doesn’t look right, AWS IoT Device Defender sends out an alert so you can take action to remediate the issue. For example, traffic spikes in outbound traffic might indicate that a device is participating in a DDoS attack. AWS IoT Greengrass and Amazon FreeRTOS automatically integrate with AWS IoT Device Defender to provide security metrics from the devices for evaluation.
AWS IoT Device Defender can send alerts to the AWS IoT Console, Amazon CloudWatch, and Amazon SNS. If you determine that you need to take an action based on an alert, you can use AWS IoT Device Management to take mitigating actions such as pushing security fixes.
Why is IoT security important
Connected devices are constantly communicating with each other and the cloud using different kinds of wireless communication protocols. While communication creates responsive IoT applications, it can also expose IoT security vulnerabilities and open up channels for malicious actors or accidental data leaks. To protect users, devices, and companies, IoT devices must be secured and protected. The foundation of IoT security exists within the control, management, and set up of connections between devices. Proper protection helps keep data private, restricts access to devices and cloud resources, offers secure ways to connect to the cloud, and audits device usage. An IoT security strategy reduces vulnerabilities using policies like device identity management, encryption, and access control.
What are the challenges with IoT security
A security vulnerability is a weakness which can be exploited to compromise the integrity or availability of your IoT application. IoT devices by nature, are vulnerable. IoT fleets consist of devices that have diverse capabilities, are long-lived, and are geographically distributed. These characteristics, coupled with the growing number of devices, raise questions about how to address security risks posed by IoT devices. To further amplify security risks, many devices have a low-level of compute, memory, and storage capabilities, which limits opportunities for implementing security on devices. Even if you have implemented best practices for security, new attack vectors are constantly emerging. To detect and mitigate vulnerabilities, organizations should consistently audit device settings and health.
AWS IoT Device Defender helps you manage IoT security
Audit device configurations for security vulnerabilities
Continuously monitor device behavior to identify anomalies
Receive alerts and take action
How does AWS IoT Device Defender work
AWS IoT Core provides the security building blocks for you to securely connect devices to the cloud and to other devices. The building blocks allow enforcing security controls such as authentication, authorization, audit logging and end-to-end encryption. However, human or systemic errors and authorized actors with bad intentions can introduce configurations with negative security impacts.
AWS IoT Device Defender helps you to continuously audit security configurations for compliance with security best practices and your own organizational security policies. For example, cryptographic algorithms once known to provide secure digital signatures for device certificates can be weakened by advances in the computing and cryptanalysis methods. Continual auditing allows you to push new firmware updates and redefine certificates to ensure your devices stay ahead of malicious actors.

When to use AWS IoT Device Defender for IoT security
IoT security solutions are critical across commercial, industrial, and consumer applications such as connected home and industrial applications.
Continuous compliance and adoption of security best practices
Attack surface evaluation
Threat impact analysis
Customers

“AWS IoT Device Defender provides device behavior monitoring that is a must-have for any IoT company that is building a secure infrastructure.”
- Franz Garsombke, CTO, Rachio

"SolarNow’s business reputation and revenue model is built on zero-tolerance of any controllable service disruption. AWS IoT Device Defender and Eseye global AnyNet Secure connectivity is the easiest, quickest, and most cost-effective way for us to achieve and scale a high level of device security and anomaly detection. This protects our customers from service interruptions and SolarNow’s reputation for excellent customer service.”
- Peter Huisman, CTO, SolarNow