IoT Security Solution Structure
Table of Contents
Expand all | Collapse all
-
- Firewall and PAN-OS Support of IoT Security
- IoT Security Prerequisites
- Onboard IoT Security
- Onboard IoT Security on VM-Series with Software NGFW Credits
-
- DHCP Data Collection by Traffic Type
- Firewall Deployment Options for IoT Security
- Configure a Pre-PAN-OS 10.0 Firewall with a DHCP Server
- Configure a Pre-PAN-OS 10.0 Firewall for a Local DHCP Server
- Use a Tap Interface for DHCP Visibility
- Use a Virtual Wire Interface for DHCP Visibility
- Use SNMP Network Discovery to Learn about Devices from Switches
- Use ERSPAN to Send Mirrored Traffic through GRE Tunnels
- Use DHCP Server Logs to Increase Device Visibility
- Plan for Scaling when Your Firewall Serves DHCP
- Prepare Your Firewall for IoT Security
- Configure Policies for Log Forwarding
- Control Allowed Traffic for Onboarding Devices
- Support Isolated Network Segments
- IoT Security Integration with Prisma Access
- IoT Security Licenses
- Offboard IoT Security Subscriptions
-
- Introduction to IoT Security
- IoT Security Integration with Next-generation Firewalls
- IoT Security Portal
- Vertical-themed Portals
- Device-to-Site Mapping
- Sites and Site Groups
- Networks
- Reports
- IoT Security Integration Status with Firewalls
- IoT Security Integration Status with Prisma Access
- Data Quality Diagnostics
- Authorize On-demand PCAP
- IoT Security Integrations with Third-party Products
- IoT Security and FedRAMP
IoT Security Solution Structure
IoT Security
Solution StructureThe
IoT Security
solution involves multiple components
working together to discover, classify, and secure IoT devices on
your network.Using AI and machine learning,
IoT Security
automatically discovers and identifies all
network-connected devices and constructs a data-rich, dynamically updating inventory. In
addition to identifying IoT devices and IT devices (laptops and servers for example),
IoT Security
provides deep visibility into network behaviors, establishing
what’s normal and discerning what’s suspicious. When it detects a device vulnerability
or anomalous behavior posing a threat, IoT Security
notifies administrators, who
can then take action to investigate and remediate the issue.To accomplish all this, the cloud-based
IoT Security
app works
with Palo Alto Networks next-generation firewalls, logging service,
and update server, and optionally with Panorama and integrated third-party
products. These elements of the IoT Security
solution collaborate
to carry out the following tasks:- Firewalls withIoT Securitysubscriptions collect information about network traffic and forward their logs to the logging service, which streams metadata toIoT Securityfor analysis.
- The update server provides firewalls and Panorama with a regularly updated device dictionary file of device attributes (profile, vendor, category, and so on) that Security policy rules use for device identification, orDevice-ID.
- IoT Securityrecommends Security policy rules based on Device-ID to firewalls. When Panorama provides centralized firewall management,IoT Securityworks through it to recommend Security policy rules to managed firewalls. When Panorama is not in use,IoT Securityinteracts directly with firewalls.
- IoT Securitymaps IP addresses to devices and notifies firewalls of their corresponding device attributes so they can enforce Device-ID-based Security policy rules that reference attributes in IP address-to-device mappings.
With a third-party integrations add-on license for your
IoT Security
account, you are able to expand IoT Security
capabilities to include
product-specific features and those of the integrated products to
include IoT.Learn about the major components that constitute the
IoT Security
solution:1 - Device
Data Collection
For
IoT Security
to identify IoT devices and establish a baseline of their acceptable network
behaviors, it needs to analyze their network activity. That’s where next-generation
firewalls come in. They log network traffic to which they apply Security policy
rules and then forward logs to the logging service where IoT Security
accesses them.
Depending on whether your IoT Security
subscription includes data storage, the
logging service either streams metadata to your IoT Security
account and Cortex
Data Lake
instance or just to your IoT Security
account.Detailed Instructions
2 - Data Analysis
IoT Security
uses AI and machine-learning algorithms
to analyze numerous aspects of the network behavior of a device
and classify it within three levels or tiers. At the broadest tier,
IoT Security
identifies behavioral similarities that enable its
algorithms to assign a device to a device category, such as security camera,
even if it doesn’t yet know the exact vendor and model. At the next
tier, IoT Security
gathers more granular behavioral attributes shared
by certain vendors and models of security cameras to assign it a
device profile. At the third tier, the algorithms create a model
of unique behaviors for this individual security camera, such as
its usage pattern.In addition to device identification,
IoT Security
applies proprietary and supplemental
machine-learning technologies to threat detection. It automatically detects device
vulnerabilities and notifies IoT Security
administrators. It also detects
anomalous network behavior indicative of attack or reconnaissance and generates
security alerts.Detailed Instructions
3 - IoT Device
Protection
IoT Security
coordinates with next-generation firewalls
to recommend Security policy rules for IoT device traffic. After
identifying devices and establishing a baseline of acceptable network
behavior, IoT Security
automatically generates recommended Security
policy rules for device profiles based on the network behavior it
observes. Panorama or firewall administrators then import the recommendations
to Panorama or directly to firewalls where they decide which ones to
add to their policy set.Firewalls and Panorama must have a list of device profiles or
other device attributes for Device-ID-based Security policy rules.
This list is provided as a device dictionary file from the update
server, which firewalls and Panorama check regularly for updates
to download.
So that firewalls apply imported Device-ID-based rules appropriately,
IoT Security
continually sends the firewall IP address-to-device
mappings, which include the profile and other attributes of all
devices monitored and protected by IoT Security
.IoT Security
also integrates with
Prisma Access to identify and secure devices.Detailed Instructions
4 - Third-party
Integrations
In addition to protecting IoT devices by coordinating
with next-generation firewalls,
IoT Security
also integrates with
third-party products to do the following:- Increase device inventory and enrich device context—sometimes forIoT Securityand sometimes for the integrated third-party product
- Broaden the coverage of specific features in integrated products to include IoT
- Expand the capabilities ofIoT Security; for example, through integrations that allow you to do vulnerability scanning, quarantine devices with critical vulnerabilities or security alerts, and apply access control lists (ACLs) to IoT devices
IoT Security
integrates with other products through a third-party
integrations add-on, which is based on a Cortex XSOAR
module.Detailed Instructions
5 - Using Prisma
Access instead of Next-generation Firewalls
When using
IoT Security
with Prisma Access, the process for collecting
device data is similar to the previous description of data
collection except that you substitute Prisma Access for firewalls. In
addition, IoT Security
can coordinate with Prisma SD-WAN ION devices to collect data
at branch sites. When Prisma Access and SD-WAN forward data logs to the logging
service, Cortex
Data Lake
must be used.IoT Security
sends Security policy rule recommendations through
Panorama to Prisma Access. It sends IP address-to-device mappings
to Prisma Access directly. Likewise, the update server sends device
dictionary updates directly to Prisma Access as well as to Panorama.Detailed Instructions