Data volume monitoring ensures that your devices are functioning as designed and have not been attacked and repurposed for unintended uses. You can monitor the aggregated data volume across all devices in an IoT network to help identify potential rogue or inactive devices. Data transmission activity for such devices impact the total volume of data being sent and received.
The Data volume widget helps you monitor data usage aggregated across all devices in an IoT deployment. It shows both daily transmission activity, as well as a baseline derived from historical data. This makes it easy to understand the following:
- How much data is transacted on average.
- How this quantity has changed over time.
- Unusual spikes in data usage.
Similar to other widgets that serve as potential indicators of compromise, you can click on a specific date to analyze all traffic for that date.
You can see additional details displayed in the widget, including the volumes of data transmitted on that date by URL. The list is sorted by the amount of data that is transferred to or from each URL.
A larger-than-expected data transmission (especially to or from an unrecognized destination or source) may indicate SIM swap issues. In this case, the SIM has been extricated out of the IoT device and transferred to a personal computing device, such as a tablet.
You can click on a specific URL to view a filtered list of all devices that communicated with that URL on that day. You can also click on an ICCID or IMSI, to see what other websites were accessed via these SIMs. This visual check can help confirm that device(s) have been compromised.
To take closed-loop remediation action, you can click Block SIM to block the device in-line. A pop-up window appears. Read how blocking SIM works, and then click YES, BLOCK.
Aeris provides features to help you take remediatory action. For example, you can block all traffic from the culprit devices to mitigate the impact of the compromise.
See Edit a Single Device for details.