At AWS, security is a top priority. Join us to discuss how to use AWS IoT services, such as AWS IoT Core, AWS IoT Device Management, and AWS IoT Device Defender, to improve the security of IoT applications. We discuss IoT security best practices and cover how to manage security across IoT fleets, including monitoring and auditing of devices. Hear from AWS IoT experts, AWS customer Rachio, and AWS partner Eseye on their experience in securing devices.

1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Kriti Bharti
Senior Product Manager
Security Management for
IoT Devices
SRV202

2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
What is AWS IoT?
Overview of AWS IoT Device Defender
Rachio use case
SolarNow use case

3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Sense & Act
Things
Secure device
connectivity
and messaging
AWS IoT Core
Fleet onboarding,
management, and
SW updates
Fleet
audit and
protection
IoT data analytics
and intelligence
AWS IoT Device
Management
AWS IoT Device
Defender
GatewayEndpoints
AWS Greengrass
AWS IoT 1-Click
AWS IoT
Analytics
Amazon
FreeRTOS
Storage & Compute & Learn
Cloud
Secure local
triggers, actions,
and data sync
Intelligence
Insights & Logic → Action
AWS IoT services

4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How can I manage
security for my
fleet of devices
on AWS IoT?

5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Audit
IoT configurations
Detect device
anomalies
Receive
alerts
Mitigate
security issues
Keep your fleet secure
AWS IoT Device Defender

6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Scheduled
Ad-hoc
Audit IoT configurations
Audit checks are mapped to
recommended security best
practices on:
• Certificates
• IoT policies
• Device connection
• Account setting
Schedule audits or run ad-hoc audits

7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Audit demo

8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Detect device anomalies
Continuously monitors high-
value security metrics from
AWS IoT Core and the device
Define expected behavior
for these metrics
Compares device metrics against
expected device behavior
Use security profiles
to group behaviors

9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Introducing –
Franz Garsombke
CTO and Co-Founder, Rachio
franz@rach.io

10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Who is Rachio?
Colorado-based IoT company
First product was a smart
irrigation controller
100% designed and
manufactured in Colorado
50+ employees
To make sustainable water use effortless
and personally rewarding

11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
The current state of irrigation
Annual waste
1.4 trillion gallons
Equates to 58% of US
residential water waste
Costs homeowners
with irrigation over
$2 billion/year

12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Smart sprinkler controller
Easy to control anywhere, anytime
Get complete access to monitor and adjust
your sprinkler system from
your phone, tablet, or laptop
Automatically adapts for weather
Rachio continuously adapts to local
weather forecasts and changing seasons,
automatically optimizing watering
schedules
Weekly 150,000 weather skips
saving 160M gallons of water
Gen1
Gen2
Gen 3
and
Wireless
Flow

13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Rachio security use cases
Anomaly detection forefront
of our priority list
Easy, yet powerful device
behavior monitoring
The perfect complement to our existing
IoT infrastructure

14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Device Defender
Detect
Created security profile
with four device behaviors
1. Message received
2. Message sent
3. Message size
4. Authorization failure

15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Device Defender and Rachio
Amazon SNS AWS Lambda
function
AWS IoT Core AWS IoT Device
Defender
CustomerZendesk Integration
Gen 2 Rachio
Smart Controller
Gen 3 Rachio
Smart Controller

16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Device Defender
Detect
Providing immediate value
Enhancements
• Message parsing
using regexp
• Predictive behavior
monitoring
Excited for continued AWS IoT service
evolution

17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Introducing –
SolarNow and Eseye
Ian Marsden, CTO Eseye

18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CONNECTIVITY GLOBAL NETWORKS
AWS IoT Competency Partner Eseye enables
SolarNow’s solution
Eseye
Five pillars of IoT
YOUR INTELLIGENCE
AWS IoT Device Defender
YOUR DEVICE
CLOUD
INTEGRATION

19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
SolarNow
Transforming lives and communities

20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Device Defender
Detect
Monitor connectivity metrics to detect violations
Metrics can be collected from the device or generated
by the network
Eseye through the AWS Marketplace enables metric
collection on legacy devices
AWS IoT CoreSolarNow
Devices
Cellular
Network
Eseye
AWS IoT Device
Defender
DATA
METRICS

21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
IAM Amazon
CloudWatch
Amazon
RDS
Amazon
DynamoDB
Amazon
S3
AWS Elastic
Beanstalk
Amazon
Kinesis
Amazon
Cognito
Amazon
SNS
AmazonMachine
Learning
AWS
Lambda
Search AnalyticsAccess & IDUI
LogicQueueNotification
AWS IoT
Core
SolarNow
Devices
SolarNow architecture
Cellular
Network
Eseye
Eseye
Marketplace
Integration

22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
IAM Amazon
CloudWatch
Amazon
RDS
Amazon
DynamoDB
Amazon
S3
AWS Elastic
Beanstalk
Amazon
Kinesis
Amazon
Cognito
Amazon
SNS
AmazonMachine
Learning
AWS
Lambda
Search AnalyticsAccess & IDUI
LogicQueueNotification
SolarNow
Devices
SolarNow architecture
including AWS IoT Device Defender
Amazon
SNS
AWS Lambda
function
Email
notification
Metrics
AWS IoT Device
Defender
Security
Profiles
Cellular
Network
Eseye
AWS IoT
Core
Eseye
Marketplace
Integration

23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Aggregate data compared to device-level data
No. of Bytes
7–25 7–26 7–27 7–28 7–29 7–30 7–31 8–01 8–02 7–25 7–26 7–27 7–28 7–29 7–30 7–31 8–01 8–02
120,000
100,000
80,000
60,000
40,000
20,000
0
No. of Bytes
1,400,000
1,200,000
1,000,000
800,000
600,000
400,000
200,000
0

24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
192.168.111.2
34.208.239.28
34.214.217.104
35.160.146.103
35.167.163.245
52.11.14.157
52.25.183.60
2.25.65.226
52.35.211.165
54.149.203.141
54.186.223.134
54.71.183.55
7–25 7–26 7–27 7–28 7–29 7–30 7–31 8–01 8–02
Destination IP analysis

25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Device Defender security profile setup

26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Set up AWS Lambda to suspend device

27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
View violations

28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018 ESEYE Limited. Company Confidential
Benefits of AWS IoT Device Defender
AWS IoT Device Defender, and Eseye’s global AnyNet Secure SIM,
delivers for SolarNow
• Affordable, scalable, ongoing connected security management services
on AWS IoT Console
• Is quick to configure “out of the box” and does not need costly developers
or bespoke software
Removes risk
• Identifies and reports misconfiguration, hacking, misuse
• Protects SolarNow’s customers from livelihood and potentially
life threatening service interruptions
• Protects SolarNow’s brand and business revenue model
Is the simplest way for SolarNow to achieve a high level of connectivity,
security, and performance anomaly management, globally, on AWS IoT

29. © 2018 ESEYE Limited. Company Confidential

30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Receive alerts
Alerts generated based on identified
anomalies and audit findings
Alerts sent to:
• AWS IoT Console
• Amazon CloudWatch
• Amazon SNS

31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Investigate and mitigate
security issues
Review historical and contextual
information
Get recommendations
Take actions that make sense
for your devices and use cases
• Revoke permissions
• Reboot a device
• Reset factory defaults
• Push security fixes

32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Device
Defender –
Better together with AWS
IoT edge-based software

33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Submit session feedback
1. Tap the Schedule icon.
2. Select the session you
attended.
3. Tap Session Evaluation to
submit your feedback.

34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!