: Data Quality Diagnostics
Focus
Focus

Data Quality Diagnostics

Table of Contents

Data Quality Diagnostics

Check the quality of data
IoT Security
is receiving about devices on the network.
The quality of the network data that firewalls process and forward to the logging service directly impacts the quality of analysis that
IoT Security
is able to make. The
Administration
Data Quality
page is where you can see the quality of data that
IoT Security
has to work with. Two key factors are IP endpoints and low-confidence devices.
IP endpoints are devices without a unique identifier, making them untrackable over time. When
IoT Security
cannot locate a unique device identifier for a device, it categorizes it as an IP endpoint. This typically happens when
IoT Security
knows the IP address but not MAC address of a device through DHCP or ARP, and when
IoT Security
knows the IP address of a device but its device profile isn't stable enough to classify it as a static IP device. In the first case, the MAC address is the unique identifier for a DHCP client. In the second case, the IP address is the unique identifier for a static IP device if its profile is stable enough to show that the IP address isn't shifting among different DHCP clients.
Low-confidence devices are devices that
IoT Security
can identify with a confidence level under 70%. One of the fundamental services that
IoT Security
provides is identifying network-connected devices and assigning device profiles to them. It considers a host of factors throughout this process and creates a confidence score for each identification. The score is a number between 0-100, with 100 being the most confident. The confidence level is important because
IoT Security
only sends a firewall an IP address-to-device mapping if the confidence score for a device identity is high (90-100%), and if it has sent or received traffic within the past hour.
A confidence score indicates the level of confidence
IoT Security
has in its identification of a device.
IoT Security
has three confidence levels based on calculated confidence scores: high (90-100%), medium (70-89%), and low (0-69%).
When firewalls forward fewer data logs to the logging service for
IoT Security
to analyze, it tends to identify devices less confidently. On the other hand, when firewalls forward more logs to the logging service, the more confidently
IoT Security
can identify devices and the more thoroughly it can baseline their behaviors. This results in higher device identity confidence scores.
This page shows the number of IP endpoints and low-confidence devices on the network and the percent of devices that fall into these two categories in relation to the overall number of devices on the network. You can infer the quality of device data that
IoT Security
is receiving from these numbers, which are taken from all devices over the last 30 days.
Each deployment has its unique characteristics and your reason for using
IoT Security
will determine the acceptable percent of IP endpoints and low-confidence devices on the network. For example, if your goal is to discover, identify, and protect only IoT devices, you might only use
IoT Security
with one or two firewalls near them. In this case, an acceptable percentage of IP endpoints and low-confidence devices would be fairly close to the percentage of non-IoT devices on the network. In short, consider what your goal is and use the data here to see how close you are to it. If there are more IP endpoints and low-confidence devices than you would like on your network, consider the recommendations offered on the page and follow those you think will reduce these numbers.
It’s good practice to check Data Quality Diagnostics weekly for the first few months after deployment to make sure
IoT Security
is getting the data it needs to identify devices and, if not, make adjustments as needed. After you’re satisfied, return periodically for spot checks and as follow-up whenever there are changes to the network.

Recommended For You