IoT Device Discovery
Table of Contents
Expand all | Collapse all
-
- Firewall and PAN-OS Support of IoT Security
- IoT Security Prerequisites
- Onboard IoT Security
- Onboard IoT Security on VM-Series with Software NGFW Credits
-
- DHCP Data Collection by Traffic Type
- Firewall Deployment Options for IoT Security
- Configure a Pre-PAN-OS 10.0 Firewall with a DHCP Server
- Configure a Pre-PAN-OS 10.0 Firewall for a Local DHCP Server
- Use a Tap Interface for DHCP Visibility
- Use a Virtual Wire Interface for DHCP Visibility
- Use SNMP Network Discovery to Learn about Devices from Switches
- Use Network Discovery Polling to Discover Devices
- Use ERSPAN to Send Mirrored Traffic through GRE Tunnels
- Use DHCP Server Logs to Increase Device Visibility
- Plan for Scaling when Your Firewall Serves DHCP
- Prepare Your Firewall for IoT Security
- Configure Policies for Log Forwarding
- Control Allowed Traffic for Onboarding Devices
- Support Isolated Network Segments
- IoT Security Integration with Prisma Access
- IoT Security Licenses
- Offboard IoT Security Subscriptions
-
- Introduction to IoT Security
- IoT Security Integration with Next-generation Firewalls
- IoT Security Portal
- Vertical-themed Portals
- Device-to-Site Mapping
- Sites and Site Groups
- Networks
- Network Segments Configuration
- Reports
- IoT Security Integration Status with Firewalls
- IoT Security Integration Status with Prisma Access
- Data Quality Diagnostics
- Authorize On-demand PCAP
- IoT Security Integrations with Third-party Products
- IoT Security and FedRAMP
IoT Device Discovery
IoT Security uses machine learning to analyze network
traffic data and identify IoT devices.
Unlike IT assets that are generally multi-purpose
hardware, IoT devices are purpose-built systems. These devices are
designed to perform a few tasks on a very repetitive basis, and
the IoT Security solution provides deep visibility into normal and
suspicious network behaviors.
Each IoT device exhibits unique characteristics on the network.
When an unknown device joins the network, one or more Palo Alto
Networks firewalls log its network traffic and then send the logs
to the logging service. These logs include session logs, containing
metadata about traffic flow, and enhanced application logs, containing
data from packet payloads. IoT Security accesses the data from the
logging service and uses its advanced machine-learning algorithms
and three-tier profiling system to analyze network behaviors and
form a baseline for the device. It then compares that baseline with
the behaviors of other known devices (for more information, see IoT Security Overview). By doing
so, it determines the unique personality of the device and creates
a profile for it consisting of device type, category, vendor, model,
operating system, and many more. IoT Security automatically builds
a behavioral profile for the device, including a baseline of acceptable
behaviors and communication patterns with other devices.
IoT Security continuously learns and maintains a rolling baseline
of device behaviors. The time required for building an initial profile
depends on several factors:
- How active are the devices on the network? IoT Security can profile a device that produces a lot of traffic faster than a device that produces a little because it has more data to analyze.
- How many devices of the same type are there on the network? The more devices of the same type there are the faster the profiling works because it can aggregate knowledge learned from multiple devices simultaneously.
- How complicated is the behavior of an individual device? For example, IoT Security learns the behavior of a network-connected thermostat much faster than that of a surgical robot in a hospital.
The devices that IoT Security discovers on the network and identifies
appear on the Devices page in the IoT Security portal.