Because many Internet of Things (IoT) devices are resource constrained, IoT devices become common targets for unauthorized users and events.
In this course, you learn how to use AWS IoT Device Defender to monitor your fleet’s behavior and know when its devices are noncompliant. You create a notification topic so that you are alerted when a noncompliant behavior occurs and deploy agents to help return your devices to a compliant state. Finally, you explore troubleshooting strategies so that you can ensure that AWS IoT Device Defender operates as designed.
Course objectives
This course is designed to teach you how to:
- Describe the main purpose and functionality of AWS IoT Device Defender
- Use AWS IoT Device Defender to perform audit account settings and policies
- Apply troubleshooting strategies to help fix issues within AWS IoT Device Defender audit
- Use AWS IoT Device Defender to resolve issues raised through audit check results
- Use AWS IoT Device Defender to monitor device activities
- Use Amazon Simple Notification Service (Amazon SNS) to send notifications about audit violations and abnormal device behavior
Intended audience
This course is intended for:
- Security architect
- Fleet manager
- Security engineer
- Device engineer
Prerequisites
We recommend that attendees of this course have:
- IoT Foundation: Telemetry
- IoT Foundation: Introduction to IoT Security
- Introduction to AWS IoT Device Defender
Course outline
Module 1: Introduction
- AWS IoT security
- The shared responsibility model
- AWS IoT Device Defender overview
- Best practices for AWS IoT Device Defender
Module 2: Auditing Settings and Policies
- Introduction
- AWS IoT Device Defender audit overview
- Preparing for audit
- Demo: Prepare for audit
- Scheduling audit checks
- Audit checks
- Audit commands
- Demo: Enable audit checks
- Demo: Schedule audit checks
- Informing users
- Introduction to informing users
- Collecting information through Amazon CloudWatch
- Sending updates through Amazon Simple Notification Service
- Demo: Enable an Amazon SNS topic and subscribe
- Viewing results
- Audit check results
- Demo: View audit check results
- Troubleshooting audit checks
- Best practices for audits
Module 3: Managed Response
- Introduction
- Mitigation actions overview
- Preparing for mitigation actions
- Managed response
- Mitigation actions
- Mitigation action commands
- Demo: Configure and apply a managed response
- Best practices for managed response
Module 4: Detect Anomalies
- Introduction
- Detect anomalies overview
- Preparing to detect anomalies
- Demo: Prepare IAM for detecting anomalies
- Metrics, monitoring, and detect
- Security profiles
- Detect commands
- The device agent
- Demo: Collect and review detect metrics
- Best practices for detecting anomalies