Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Monitoring IoT Device Behavior with AWS IoT Device Defender Detect (IOT360) - AWS re:Invent 2018

261 views

Published on

Get hands on with AWS IoT Device Defender Detect. In this workshop, we enable AWS IoT Device Defender support on an IoT-connected device, and we simulate a series of attacks against our devices. We also simulate compromised devices to learn how to create behavior profiles that detect anomalous behavior, and we discuss techniques for responding to alerts and profile violations.

  • Be the first to comment

  • Be the first to like this

Monitoring IoT Device Behavior with AWS IoT Device Defender Detect (IOT360) - AWS re:Invent 2018

  1. 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Monitoring IoT Device Behavior with AWS IoT Device Defender Detect Dan Miller Sr SW Dev Engineer Device Defender Group AWS Rob Marano Principal Consultant Professional Services AWS I O T 3 6 0
  2. 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda 1. Overview of AWS IoT Device Defender 2. Today’s workshop environment setup 3. Detect, generate event, report 4. “Hands on keyboard” 5. Review & wrap-up
  3. 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda 1. Overview of AWS IoT Device Defender 2. Today’s workshop environment setup 3. Detect, generate event, report 4. “Hands on keyboard” 5. Review & wrap-up • Overview of AWS IoT Device Defender – 300 level • Set up AWS IoT Device Defender on a device • Create behavior profile • View and respond to alerts, triggered by simulated event
  4. 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda 1. Overview of AWS IoT Device Defender 2. Today’s workshop environment setup 3. Detect, generate event, report 4. “Hands on keyboard” 5. Review & wrap-up • Instructions on how to use pre-built environment • How to get and set up local Vagrant • How to use the basic tools
  5. 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda 1. Overview of AWS IoT Device Defender 2. Today’s workshop environment setup 3. Detect, generate event, report 4. “Hands on keyboard” 5. Review & wrap-up • Walk-through • Detection • Event generation • Reporting • Viewing violations on the console • Using Amazon Simple Notification Service (Amazon SNS) to take an action, like send an email
  6. 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda 1. Overview of AWS IoT Device Defender 2. Today’s workshop environment setup 3. Detect, generate event, report 4. “Hands on keyboard” 5. Review & wrap-up • Your turn! • Code up • Detection • Event generation • Alert reporting
  7. 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda 1. Overview of AWS IoT Device Defender 2. Today’s workshop environment setup 3. Detect, generate event, report 4. “Hands on keyboard” 5. Review & wrap-up • Time to ask questions • What is next for your journey with AWS IoT Device Defender
  8. 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Related breakouts Wednesday, November 28 Audit Your Device Fleet with AWS IoT Device Defender (Builders Session) 2:30 PM – 3:30 PM | Mirage, Grand Ballroom B, Table 9 Thursday, November 29 Managing Security of Large IoT Fleets (Chalk Talk) 12:15 PM – 1:15 PM | ARIA East, Level 2, Mariposa 8 Friday, November 30 Detect Abnormal Device Behavior with AWS IoT Device Defender (Builders Session) 11:30 AM – 12:30 PM | Mirage, Grand Ballroom B, Table 10
  9. 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  10. 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How we think of IoT architecture @ AWS Endpoints Fleet onboarding, management, and SW updates Fleet audit and protection IoT data analytics and intelligence Gateway Things Sense & act Cloud Storage & compute Secure local triggers, actions, and data sync Intelligence Insights & logic → Action Secure device connectivity and messaging AWS Greengrass AWS IoT Core AWS IoT Device Management Amazon FreeRTOS AWS IoT Device Defender AWS IoT Analytics
  11. 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Audit device configurations, define and monitor device behavior Identify drifts in security settings and detect device anomalies Generate alerts Patch security vulnerabilities AWS IoT Device Defender Keep your fleet secure AWS IoT Device Defender is a fully managed IoT security service that enables you to secure your fleet of connected devices on an ongoing basis
  12. 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Audit device configurations Monitor device behavior Generate alerts Patch security vulnerabilities AWS IoT Device Defender Keep your fleet secure Identify anomalies
  13. 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  14. 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. GitHub Repository https://github.com/aws-samples/aws-iot-device-defender-workshop.git Workshop Instructions AWS CloudFormation Template Attack Simulation Scripts
  15. 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Workshop CloudFormation Stack Amazon Elastic Compute Cloud (Amazon EC2) Instances • Simulated Device • Attack Target AWS Cloud9 IDE • Run agent and attack scripts AWS IoT Thing • Includes certificates and polices AWS IoT Thing Group • “DeviceDefenderWorkshop” Subnet Device Defender Agent AWS Cloud9 EC2 Instance Target AWS IoT EC2 Instance
  16. 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Cloud9 Development Environment We will use AWS Cloud9 as our development & ”device” environment • Run the Device Defender Agent • Run attack simulation scripts • Interact with Device Defender APIs via CLI (optional)
  17. 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  18. 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Device Defender: Detect Key Components Metrics • Device-side and Cloud Side Behavior Profiles Violations Alerts
  19. 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Behavior Profile Defines Desired Device Behavior • Create a behavior profile in Device Defender that defines normal network traffic from a device Behavior Outside of Profile Generates a Violation • Generate abnormal network traffic on our device, triggering a violation
  20. 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Alerts In AWS IoT Device Defender Console • View past and current violations Amazon SNS Notifications • We will use Amazon SNS to send an email when violation is detected
  21. 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  22. 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Walkthrough Instructions Instructions.pdf in the docs folder of the GitHub repository
  23. 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  24. 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What we covered • Overview of AWS IoT Device Defender • Today’s workshop environment setup • Detect, generate event, report • “Hands on keyboard”
  25. 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. And if you need support … • GitHub repo for this workshop • Amazon Web Services Discussion Forums • https://docs.aws.amazon.com/iot-device-defender
  26. 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Related breakouts Wednesday, November 28 Audit Your Device Fleet with AWS IoT Device Defender (Builders Session) 2:30 PM – 3:30 PM | Mirage, Grand Ballroom B, Table 9 Thursday, November 29 Managing Security of Large IoT Fleets (Chalk Talk) 12:15 PM – 1:15 PM | ARIA East, Level 2, Mariposa 8 Friday, November 30 Detect Abnormal Device Behavior with AWS IoT Device Defender (Builders Session) 11:30 AM – 12:30 PM | Mirage, Grand Ballroom B, Table 10
  27. 27. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Dan Miller damiller@lab126.com Rob Marano maranoro@amazon.com
  28. 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

×