Contenu connexe Similaire à Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018 (20) Plus de Amazon Web Services (20) Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 20182. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Keep Your IoT Devices Secure
Rama Katragadda
Solution Owner
Thermo Fisher Scientific
I O T 2 0 5
Atul Bargaje
Principal Consultant
AWS ProServe
Kriti Bharti
Sr. Product Manager
AWS IoT
3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
IoT security
AWS IoT Device Defender overview
Service demo
Thermo Fisher use case
Q&A
4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Related sessions
Tuesday, November 27
SEC367-R: Securing and managing IoT devices at scale
5:30 PM – 6:30 PM | Venetian, Level 3, Murano 3202
Wednesday, November 28
Monitoring IoT Device Behavior with AWS IoT Device Defender Detect
11:30 AM – 1:45 PM | Bellagio, Level 1, Grand Ballroom 6
Wednesday, November 28
IOT321-R: Managing security of large IoT fleets
12:15 PM – 1:15 PM | Bellagio, Level 1, Gauguin 2
5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Related sessions
Thursday, November 29
IOT321-R1: Managing security of large IoT fleets
12:15 PM – 1:15 PM | Aria East, Level 2, Mariposa 8
Thursday, November 29
SEC367-R1: Securing and managing IoT devices at scale
3:15 PM – 4:15 PM | Aria East, Level 2, Mariposa 8
6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
IoT abuse in the news
2014 - Spam
emails
2015 – Hacked
cars
2016 – Mirai
botnet
2017 – Hacked
cardiac devices
2018 – DoS and
Cryptomining
8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
IoT abuse scenarios
Information
theft
Surveillance Malicious
access point
RansomwareLateral threat
escalation
Cryptocurrency
mining
Sabotage
attacks
Denial of
Service
Cloud infra
abuse
9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Challenges with IoT security
10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Wild things
Shodan, Zmap, Censys
11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Connect your devices securely
Mutual
authentication
Fine-grained
authorization
Encryption
13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Device Defender
Audit
Detect
Investigate MitigateAlert
15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Architectural overview
16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Audit
Expiring or
revoked
certificates
Overly
permissive
policies
Device
connection
checks
Logging
17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Secure configuration prevents threat escalation
18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Detect
Rule-based
anomaly
detection
Thresholds
Security
profile
Blacklists
and
Whitelists
19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security profile
10
01
Security
profile
20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Anomaly Detection - Denial of Service
Packets out Number of Ports
and/or
Suspicious port
communication
Communication
with suspicious IP
addresses
Bytes out
10
01
21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Anomaly Detection – Cloud infrastructure abuse
Message rate Communication
from suspicious
Source IPs
Message size
22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Detect indicators of compromise
Information
theft
Surveillance Fake domain
attack
RansomwareLateral threat
escalation
Cryptocurrency
mining
Sabotage
attacks
Denial of
Service
PacketsOut
BytesOut
DestIP
Port
Cloud infra
abuse
DestIP
Port
DestIP
Port
Dest IP PortPacketsIn
BytesOut
DestIP
Msg rate
Msg size
Source IP
PacketsOut
BytesOut
DestIP Auth
Fail
PacketsOut
BytesOut
DestIP
PacketsIn
BytesIn
DestIP
23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Device Defender in action for both Audit and Detect use cases
24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
UnusualActivity
27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Leveraging AWS IoT Device Defender for
IoT security
29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Leveraging AWS IoT Device Defender for
IoT security
We are the world leader in serving science
30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Connected lab
31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Smart instruments
32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Mobile workflow for asset and scientific data
33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Connectivity portfolio | Connectivity standards and SDK
34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Edge Aggregator
DLH Gateway
Alexa Voice
Service
ML @ Edge
DLH Devices
DLH Devices
DLH Devices
Customer Lab
ThermoFisher Cloud
Architecture Overview
35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How is AWS IoT Device Defender helping us
Audit certificates
If certificates are shared => Disable certificate
If certificates are nearing expiration => Rotate Certificates
Anomaly Detection
Message count from device
Open ports count
36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Audit
Check for shared certificates
Generate Amazon Simple Notification Service (Amazon SNS)
notification on shared certificate alerts
Disable the shared certificate
37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Detect
If number of open ports > 10
OR
If number of messages exceed thresholds
Revoke the certificates
38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Certificate rotation
Check for certificate expiration
Trigger the certificate rotation workflow
Provide new certificate to the device
Disable old certificate
Device connects with the new certificates.
39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
About TensorIoT
All-in on Amazon Web Services (AWS)
100% AWS certified
AWS advanced consulting partner
Proven success in North America, EMEA, and APAC
Focused on IoT, AI/ML & big data
40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Demo - AWS IoT Device Defender in action
Leveraging AWS IoT Device Defender for enhancing security
45. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
46. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT Device Defender
Audit IoT
resource
configuration
Continuously
monitor device
behavior
Alerts on AWS
IoT Console,
Amazon SNS,
Amazon
CloudWatch
Investigate
and mitigate
security issues
Identify
anomalies
47. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Why should I care?
IoT data is sensitive
Security is not a commodity
Protect your business
And also, regulation is coming
48. Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
aws-iot-device-defender@amazon.com
Rama Katragadda
Solution Owner
Thermo Fisher Scientific
Atul Bargaje
Principal Consultant
AWS ProServe
Kriti Bharti
Sr. Product Manager
AWS IoT
49. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.