Services or capabilities described in this page might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China Regions. Only “Region Availability” and “Feature Availability and Implementation Differences” sections for specific services (in each case exclusive of content referenced via hyperlink) in Getting Started with Amazon Web Services in China Regions form part of the Documentation under the agreement between you and Sinnet or NWCD governing your use of services of Amazon Web Services China (Beijing) Region or Amazon Web Services China (Ningxia) Region (the “Agreement”). Any other content contained in the Getting Started pages does not form any part of the Agreement.

Amazon IoT Device Defender Documentation

Amazon IoT Device Defender is a fully managed service that helps you audit and monitor devices connected to Amazon IoT. The service is designed to assess the cloud configuration of your IoT device fleet, provide ongoing monitoring of device activities via rule-based and ML-based Detect capabilities, trigger an alarm when an audit violation or behavior anomaly is identified, and enable you to address issues quickly with built-in mitigation actions.

Key Features

Audit

Amazon IoT Device Defender is designed to audit your device-related resources (such as X.509 certificates, IoT policies, and Client IDs) against Amazon IoT security best practices (for example, the principle of least privilege or unique identity per device). Amazon IoT Device Defender is designed to report configurations that are out of compliance with Amazon IoT security best practices, such as multiple devices using the same identity, or overly permissive policies that can allow one device to read and update data for many other devices.

Rules Detect

Amazon IoT Device Defender is designed to detect unusual device behaviors that may be indicative of a compromise by monitoring certain high-value security metrics from the device and Amazon IoT Core (e.g., the number of listening TCP ports on your devices or authorization failure counts). You can specify normal device behavior for a group of devices by setting up behaviors (rules) for these metrics. Amazon IoT Device Defender is designed to monitor and evaluate each datapoint reported for these metrics against user-defined behavior (rules) and to alert you if an anomaly is detected.

ML Detect

Amazon IoT Device Defender is designed to monitor and identify anomalous datapoints for certain cloud-side metrics (e.g., authorization failure counts, message sent counts) and certain device-side metrics (e.g., packets out, listening TCP port counts) with machine learning (ML) models and to trigger an alarm if an anomaly is detected. Amazon IoT Device Defender helps alleviate the need for you to define accurate behaviors of your devices because it is designed to set such behaviors with ML models using your device data from a designated trailing period of time. The service is also designed to retrain the models each day (as long as it has sufficient amount of data to retrain on) to refresh the expected device behaviors based on the latest designated trailing period of time. ML Detect makes getting started with monitoring easy.

Mitigation actions

Amazon IoT Device Defender is designed to enable you to use built-in mitigation actions to perform steps on Audit and Detect alarms such as adding things to a thing group, replacing default policy version and updating device certificate.

Alerting

Amazon IoT Device Defender is designed to publish alarms to the Amazon IoT console, Amazon IoT Device Defender API, Amazon CloudWatch, and Amazon SNS if you configured SNS topics to receive Device Defender alarms.

Metrics Integration

With Amazon IoT Device Defender ListMetricValues API, you can visualize device-side, cloud-side and custom metrics from connected devices through an open API and integrate these metrics into any of your custom dashboards to get an overview of your deployments.

Additional Information

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.amazonaws.cn/en_us/. This additional information does not form part of the Documentation for purposes of the Sinnet Customer Agreement for Amazon Web Services (Beijing Region), Western Cloud Data Customer Agreement for Amazon Web Services (Ningxia Region) or other agreement between you and Sinnet or NWCD governing your use of services of Amazon Web Services China Regions.