DEV Community

Michael Wahl for AWS Community Builders

Posted on

AWS IoT - Securing Your Connected Devices, Connections, and Data


Audit | Detect | Alert | Mitigate


  • Device Defender AWS IoT Device Defender is a fully managed service that helps you secure your fleet of IoT devices.


  • Certificates - attached to AWS IoT thing/device. Device certificates that are used by devices and clients to connect to AWS IoT.


  • Results

Image description

  • Schedules You schedule the frequency of the audit and what checks are to be performed during each scan. For this lab and test IoT device, I have selected the recurrence of Monthly and covering medium, high, and critical checks I wish to have run.

Image description

  • Action Tasks
    Based on audits performed, there may be various audit action tasks.

  • Finding Suppressions
    Allow you to turn off findings related to a resource for a defined period of time until the resource is fixed, or indefinitely due to some exception.


  • Alarms
    When a device behavior anomaly is detected.

  • Security Profiles:
    Security Profiles define how your devices should behave and specify an alert mechanism for anomalies. Security Profiles are attached to one or more things.

For this example, I am going to create a new ML anomaly detection profile.

Image description

Image description

  • Mitigation Actions

Automation, automation, automation!!

Below is an example where we can create a rule or action to be taken to help mitigate the issue(s) found during an audit or some other ongoing detection/monitoring. 
Enter fullscreen mode Exit fullscreen mode

Image description


(AWS IoT | Device Defender | Detect | Security Profiles [ThingName] )

  • Alarms (Active / History)

  • Defender Metrics

Image description

  • Behavior and ML Training

Image description

Top comments (0)