: What Enterprise IoT Security Does
Focus
Focus

What Enterprise IoT Security Does

Table of Contents

What Enterprise IoT Security Does

Learn about the features that Enterprise IoT Security provides.
IoT devices are purpose-built devices that perform a limited set of actions, connect to a network, and transmit and receive data. Examples of IoT devices would be barcode scanners, smart light bulbs, and security cameras. These are different from traditional IT devices like personal computers that perform a wide variety of tasks. IoT devices are also different from IT devices in that many do not support software upgrades and security patches. As a result, when a vulnerability is found in their software or firmware, it’s difficult to protect them from being exploited and compromised. Another difference is that IoT devices are proliferating and often find their way onto a network without notice. In addition, their purpose-built nature makes their unique network behaviors obscure and mysterious to administrators more accustomed to managing laptops and desktops.
Palo Alto Networks IoT Security uses artificial intelligence and machine learning to demystify IoT devices, identifying them and their normal network behaviors. Palo Alto Networks offers two products: Enterprise IoT Security and Enterprise IoT Security Plus. While Enterprise IoT Security Plus offers more in regards to security—for example, automatically generated Security alerts, vulnerability detections, risk assessments, and Security policy rule recommendations—both Enterprise IoT Security and Enterprise IoT Security Plus use the same machine-learning algorithms and engines to analyze network traffic, baseline their behavior, and identify devices.
Enterprise IoT Security is a cloud-based app that works with Palo Alto Networks next-generation firewalls, logging service, and update server. These elements of the Enterprise IoT Security solution collaborate to carry out the following tasks:
  • Next-generation firewalls with Enterprise IoT Security subscriptions collect information about network traffic and forward their logs to the logging service, which streams network traffic metadata to IoT Security for analysis. For recommended firewall deployment options for collecting network traffic metadata, see the IoT Security.
    An Enterprise IoT Security license does not require Strata Logging Service to function. If you do not have a Strata Logging Service instance for any other Palo Alto Networks product, firewalls onboarded with Enterprise IoT Security forward traffic logs to the logging service, which streams them to Enterprise IoT Security for processing and analysis; there’s no log retention in Strata Logging Service. If you happen to have a Strata Logging Service instance to which a firewall is already forwarding logs and you then onboard Enterprise IoT Security on the firewall, the logging service will stream log metadata to both IoT Security and Strata Logging Service. You have the option in the Strata Logging Service app to switch off logging for the firewall if you want by toggling Store Log Data Off on the Inventory page.
  • The update server provides firewalls and—if used to manage your firewalls—Panorama with a regularly updated device dictionary file of device attributes (profile, vendor, category, and so on) that Security policy rules can use for device identification, or Device-ID.
  • IoT Security maps IP addresses to devices and notifies firewalls of their corresponding device attributes so they can enforce Device-ID-based Security policy rules that reference attributes in IP address-to-device mappings.
All next-generation firewalls running PAN-OS 10.1 or later support Enterprise IoT Security except the VM series and CN series.
After you onboard IoT Security, activate IoT Security licenses on your firewalls, and deploy them so they can feed data to the logging service, you’re ready to access the IoT Security portal and begin using it. Using your account credentials for the Palo Alto Networks Customer Service Portal, log in at the URL you defined during the onboarding process, as explained in chapter two.
The IoT Security portal fully supports Google Chrome and partially supports Microsoft Edge, which means the portal is expected to be usable but might not look exactly as designed. It does not officially support Microsoft Internet Explorer, Apple Safari, or any other type of browser.
Navigation menu – The items in the left navigation menu are roughly organized into three groups, starting with the pages where you can see the devices, networks, and sites in your organization that IoT Security is monitoring at the top. The next section is for where activities are recorded in the audit log and information is captured in various types of reports. Finally, the last section is where you can do system tuning, check data quality, and manage firewalls, system, and administrative settings.
Use the left navigation menu to navigate to different pages in the Enterprise IoT Security portal. When there are data filters at the top of a page, use them to control the data that appears on the page by site, device type, and time period.
Administrative tools – Under the navigation menu is a set of administrative tools:
  • Help – Open the Customer Support Portal.
  • User name (first and last name from the user’s contact information) – When you click the name, these options appear:
    • Preferences – Modify your contact information, time zone, idle session timeout, alert sound (that is, control if an audible alert sounds whenever IoT Security detects new Security alerts), and SMS and email notification settings.
    • Resource Center – See status notifications about firewall logs and learn about IoT Security through recommended resources and useful links.
    • Dark Theme/Light Theme – Switch between dark and light UI display themes.
    • Log out – Log out of your administrative session.
  • App Switcher – Take a shortcut to other Palo Alto Networks applications through the hub.
Search – At the top of the page and to the right of the page title bar is a search field where you find data by entering keywords to search for devices.
Data Filters – Below the page title bar and search field on many pages is a set of filters that control the data that the Enterprise IoT Security portal displays on each page. The filter system consists of global filters and local, page-specific filters. Global filter settings persist while you navigate among different pages with various filters appearing as appropriate per page. For example, there are additional filters on the Devices page and no filters at all on the User Accounts page. Global filters have default values but can also be customized. Modified and added filters appear in the UI as blue instead of black, so you can easily tell them apart from the default ones. If a page has a default local filter, it appears among the other global filters at the top of the page. In addition, there are also page filters that are only applicable to the data on a particular page. When you scroll down a page, both the global and page filters continue to remain in view in the upper right of the title bar.
Query Builder – Next to the data filters is the query builder. Use it to find information about devices by constructing queries out of various components. For example, you might query for all IoT devices from a particular vendor, or you can query for all IoT devices in a particular profile.
Announcements – Toggle open and closed a vertical panel on the right side of the UI with information about recent feature releases and important announcements.