What Enterprise IoT Security Does
Table of Contents
What Enterprise IoT Security Does
IoT Security
DoesLearn about the features that Enterprise
IoT Security
provides.IoT devices are purpose-built devices that perform a
limited set of actions, connect to a network, and transmit and receive
data. Examples of IoT devices would be barcode scanners, smart light
bulbs, and security cameras. These are different from traditional
IT devices like personal computers that perform a wide variety of
tasks. IoT devices are also different from IT devices in that many
do not support software upgrades and security patches. As a result,
when a vulnerability is found in their software or firmware, it’s
difficult to protect them from being exploited and compromised.
Another difference is that IoT devices are proliferating and often find
their way onto a network without notice. In addition, their purpose-built
nature makes their unique network behaviors obscure and mysterious
to administrators more accustomed to managing laptops and desktops.
Palo Alto Networks
IoT Security
uses artificial intelligence
and machine learning to demystify IoT devices, identifying them
and their normal network behaviors. Palo Alto Networks offers two
products: Enterprise IoT Security
and Enterprise IoT Security
Plus.
While Enterprise IoT Security
Plus offers more in regards to security—for example,
automatically generated Security alerts, vulnerability detections,
risk assessments, and Security policy rule recommendations—both
Enterprise IoT Security
and Enterprise IoT Security
Plus use the
same machine-learning algorithms and engines to analyze network
traffic, baseline their behavior, and identify devices.Enterprise
IoT Security
is a cloud-based app that works with
Palo Alto Networks next-generation firewalls, logging service, and
update server. These elements of the Enterprise IoT Security
solution
collaborate to carry out the following tasks:- Next-generation firewalls with EnterpriseIoT Securitysubscriptions collect information about network traffic and forward their logs to the logging service, which streams network traffic metadata toIoT Securityfor analysis. For recommended firewall deployment options for collecting network traffic metadata, see theIoT Security.An EnterpriseIoT Securitylicense does not requireCortex Data Laketo function. If you do not have aCortex Data Lakeinstance for any other Palo Alto Networks product, firewalls onboarded with EnterpriseIoT Securityforward traffic logs to the logging service, which streams them to EnterpriseIoT Securityfor processing and analysis; there’s no log retention inCortex Data Lake. If you happen to have aCortex Data Lakeinstance to which a firewall is already forwarding logs and you then onboard EnterpriseIoT Securityon the firewall, the logging service will stream log metadata to bothIoT SecurityandCortex Data Lake. You have the option in theCortex Data Lakeapp to switch off logging for the firewall if you want by toggling Store Log DataOffon the Inventory page.
- The update server provides firewalls and—if used to manage your firewalls—Panorama with a regularly updated device dictionary file of device attributes (profile, vendor, category, and so on) that Security policy rules can use for device identification, orDevice-ID.
- IoT Securitymaps IP addresses to devices and notifies firewalls of their corresponding device attributes so they can enforce Device-ID-based Security policy rules that reference attributes in IP address-to-device mappings.
All next-generation firewalls running PAN-OS 10.1 or later support
Enterprise
IoT Security
except the VM series and CN series.After you onboard
IoT Security
, activate IoT Security
licenses
on your firewalls, and deploy them so they can feed data to the
logging service, you’re ready to access the IoT Security
portal
and begin using it. Using your account credentials for the Palo Alto
Networks Customer Service Portal, log in at the URL you defined
during the onboarding process, as explained in chapter two.The
IoT Security
portal fully supports Google Chrome and partially
supports Microsoft Edge, which means the portal is expected to be
usable but might not look exactly as designed. It does not officially
support Microsoft Internet Explorer, Apple Safari, or any other
type of browser.
Navigation menu
– The items in the left navigation menu are roughly organized into three
groups, starting with the pages where you can see the devices, networks, and sites in
your organization that IoT Security
is monitoring at the top. The next section is for
where activities are recorded in the audit log and information is captured in various
types of reports. Finally, the last section is where you can do system tuning, check
data quality, and manage firewalls, system, and administrative settings.Use the left navigation menu to navigate to different pages in
the Enterprise
IoT Security
portal. When there are data filters
at the top of a page, use them to control the data that appears
on the page by site, device type, and time period.Administrative tools
– Under the navigation menu is a
set of administrative tools:- Help – Open the Customer Support Portal.
- User name (first and last name from the user’s contact information) – When you click the name, these options appear:
- Preferences – Modify your contact information, time zone, idle session timeout, alert sound (that is, control if an audible alert sounds wheneverIoT Securitydetects new Security alerts), and SMS and email notification settings.
- Resource Center – See status notifications about firewall logs and learn aboutIoT Securitythrough recommended resources and useful links.
- Dark Theme/Light Theme – Switch between dark and light UI display themes.
- Log out – Log out of your administrative session.
- App Switcher – Take a shortcut to other Palo Alto Networks applications through the hub.
Search
– At the top of the page and to the right of the
page title bar is a search field where you find data by entering
keywords to search for devices.Data Filters
– Below the page title bar and search field
on many pages is a set of filters that control the data that the
Enterprise IoT Security
portal displays on each page. The filter
system consists of global filters and local, page-specific filters.
Global filter settings persist while you navigate among different pages
with various filters appearing as appropriate per page. For example,
there are additional filters on the Devices page and no filters
at all on the User Accounts page. Global filters have default values
but can also be customized. Modified and added filters appear in
the UI as blue instead of black, so you can easily tell them apart from
the default ones. If a page has a default local filter, it appears
among the other global filters at the top of the page. In addition,
there are also page filters that are only applicable to the data
on a particular page. When you scroll down a page, both the global
and page filters continue to remain in view in the upper right of
the title bar.Query Builder
– Next to the data filters is the query
builder. Use it to find information about devices by constructing
queries out of various components. For example, you might query
for all IoT devices from a particular vendor, or you can query for
all IoT devices in a particular profile.Announcements
– Toggle open and closed a vertical panel
on the right side of the UI with information about recent feature
releases and important announcements.