With so many smart connected devices appearing in our homes, our cars, our stores, our factories, and our offices, there is an endless supply of connections attackers can attempt to use for their sinister purposes. A great example of this came when last year attackers used millions of IoT (internet of things) devices to try and overload key servers. This attack brought down Twitter, Netflix, CNN and more. As we add more and more internet connected devices, the threat of this type of attack grows, as security becomes lax and the devices are rarely updated.
Amazon just announced a feature for Amazone Web Services that they are hoping can minimize the risk of your businesses devices being used for these types of attacks called AWS IoT Device Defender.
Since the service has not been officially released yet, some of these features might change, however, AWS IoT Device Defender is designed to offer these benefits:
Continuous Auditing
AWS IoT Device Defender monitors the policies related to your devices to ensure that the desired security settings are in place. It looks for drifts away from best practices and supports custom audit rules so that you can check for conditions that are specific to your deployment. For example, you could check to see if a compromised device has subscribed to sensor data from another device. You can run audits on a schedule or on an as-needed basis.
Real-Time Detection and Alerting
AWS IoT Device Defender looks for and quickly alerts you to unusual behavior that could be coming from a compromised device. It does this by monitoring the behavior of similar devices over time, looking for unauthorized access attempts, changes in connection patterns, and changes in traffic patterns (either inbound or outbound).
Fast Investigation and Mitigation
In the event that you get an alert that something unusual is happening, AWS IoT Device Defender gives you the tools, including contextual information, to help you to investigate and mitigate the problem. Device information, device statistics, diagnostic logs, and previous alerts are all at your fingertips. You have the option to reboot the device, revoke its permissions, reset it to factory defaults, or push a security fix.
If Amazon is able to deliver on its claims, this will be a powerful tool in the fight for cyber security.