AWS IoT Device Defender is a fully managed service that helps you secure your fleet of IoT devices. AWS IoT Device Defender continuously audits the security policies associated with your devices to make sure that they aren’t deviating from security best practices. A security policy is a set of technical controls that devices follow to help keep information secure when communicating with other devices and the cloud. AWS IoT Device Defender makes it easy to maintain and enforce security policies, such as ensuring device identity, authenticating and authorizing devices, and encrypting device data. AWS IoT Device Defender continuously audits the security policies on your devices against a set of predefined security best practices. AWS IoT Device Defender sends an alert if there are any gaps in your policies that might create a security risk, such as identity certificates being shared across multiple devices or a device with a revoked identity certificate trying to connect to AWS IoT Core.
AWS IoT Device Defender also lets you monitor devices for behavior that deviates from what you have defined as appropriate behavior for each device. Then, if something doesn’t look right, AWS IoT Device Defender sends out an alert so you can take action to remediate the issue. For example, traffic spikes in outbound traffic might indicate that a device is participating in a DDoS attack.
AWS IoT Device Defender can send alerts to the AWS IoT Console, Amazon CloudWatch, and Amazon SNS. If you determine that you need to take an action based on an alert, you can use the AWS IoT Device Management service to take mitigating actions such as pushing security fixes.