8. Deploy security auditing and monitoring mechanisms across your IoT environment and relevant IT systems.

As we’ve discussed, it’s important to ensure the proper configuration of IoT devices when they are put into production and that they are updated. But, it’s also important to monitor their behavior and security posture on an ongoing basis.

• Deploy auditing and monitoring mechanisms to continuously collect and report activity metrics and logs.

• Monitor on-device and related off-device activities such as network traffic and entry points, process implementation, and system interactions for any unexpected behavior.

• Continuously check that your security controls and systems are intact by explicitly testing them.

• Implement a monitoring solution to create a traffic baseline, and monitor anomalies and adherence to the baseline.

• Collect security logs and analyze them in real time using automated tooling.

• Monitor availability of your IoT devices in real time, where technically feasible.

Supporting AWS resources

AWS provides the following capabilities and services to help you monitor your security at varying levels:

• AWS IoT Device Defender – Monitors and audits your fleet of IoT devices.

• Monitor AWS IoT with CloudWatch Logs – Centralizes the logs from all of your systems, applications, and AWS services that you use, in a single, highly scalable service.

• Log AWS IoT API Calls with AWS CloudTrail – Provides a record of actions taken by a user, a role, or an AWS service in AWS IoT.

• Monitoring with AWS IoT Greengrass Logs

• AWS Config – Assess, audit, and evaluate the configurations of your AWS resources.

• Amazon GuardDuty – Continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads.

• AWS Security Hub – Automates AWS security checks and centralizes security alerts.

• Security Pillar of AWS Well-Architected and IoT Lens