>
    Strata Copilot
    New Features in April 2025
    Focus
    Download PDF
    Focus
    1. Home
    2. Device Security
    3. New Features in 2025
    4. New Features in April 2025
    Download PDF
    Device Security

    New Features in April 2025

    Table of Contents

    New Features in April 2025

    Review the new features introduced in Device Security in April 2025.
    Where Can I Use This?What Do I Need?
    • (Legacy) IoT Security (Standalone portal)
    One of the following subscriptions:
    • Device Security subscription for an advanced Device Security product (Enterprise, OT, or Medical)
    • Device Security X subscription
    The following new features and enhancements were introduced for Device Security in April 2025.
    New Features
    New Polling Integration Support
    The Device Security polling integration with Cortex XSOAR now supports the following protocols for polling:
    • Axis Communications
    • FTP Banner
    Additionally, you can now provide a DNS server when configuring polling with reverse DNS to get device hostnames.
    Vulnerability signatures
    The Device Security Research team added detections for 427 vulnerabilities this month. Of the 427 vulnerabilities, 273 of them had a critical CVSS score. You can see a complete list of the CVEs for which detections have been added in the Device Security portal by clicking the blue Announcements icon ( ? )Security Announcements.
    Dictionary file update
    There were four dictionary file updates in April 2025. The following summarizes what was added in each update:
    • April 03 update – 6 new profiles, 20 new vendors, and 33 new models
    • April 09 update – 24 new profiles, 3 new vendors, 1 new OS family, 3 new categories, and 19 new models
    • April 16 update – 4 new profiles
    • April 23 update – 42 new profiles, 2 new vendors, and 25 new models

    Risk Scoring & Management enhancements

    April 2025
    • Enhancement: Added many other risk factor options when customizing risk scores.
    • Enhancement: Added the Other Risk Factors tab on the Device Details page. You can view the details of the other risk factors, their risk types, and the default matching rule used to determine which devices the other risk factors affect.
    Device Security provides a risk framework to understand and manage risks within your network of IoT devices. The Device Security risk scoring algorithm accounts for vulnerability threat metrics and for additional risk factors and asset criticality. The asset risk score breakdown displays all relevant risks (alerts, vulnerabilities, and other risk factors), along with their individual socres and the asset's criticality contribution.
    Risk scoring customization lets you to tailor your Device Security risk assessment framework to match your organization's security posture and risk tolerance. By adjusting various risk factors, you can create a more accurate representation of your environment's security risks.
    You can customize how vulnerabilities and security alerts affect risk scores, helping you prioritize vulnerabilties and alert severities based on their relevance to your environment. Beyond vulnerability and alerts, you can customize other risk factors, such as system status, and you can customize asset criticality weights to definie how much a device's importance amplifies its risk score.
    Compensating controls represent an important aspect of risk score customization, providing a way for you to account for mitigation you've implemented that reduces actual real risks. Compensating controls account for things such as endpoint protection, or joining devices to Active Directory. These controls adjust device risk scores by reducing the risk score of vulnerabilities, thereby more accurately reflecting your security posture.
    You can manage risk score customization. From the Risk Score Configuration page, you can adjust all risk factors and create compensating control types. For specific devices, you can view and manage compensating controls directly from the Device Details page. Regular review of these settings ensures your risk assessment remains relevant as your environment evolves.

    Cortex XDR Integration Using the API

    Device Security supports integrating with Cortex XDR directly through the Cortex XDR API, and does not require a Third-Party Integration Add-on License. The API integration learns the same information as the integration through Cortex XSOAR, although with additional attributes for OS, hostname, serial number, and vendor. You can configure the Cortex XDR API integration by going to IntegrationsCortex XDR Integration in the Device Security portal.

    IGEL Universal Management System Integration

    Device Security supports integrating with IGEL Universal Management System (UMS) to learn about devices and endpoints from IGEL UMS. Device Security can retrieve device details from IGEL UMS and use that information to enrich device information in the Device Security assets inventory. Device Security also creates new devices in the asset inventory for devices learned through the IGEL UMS integration.

    Cisco Spaces Integration

    Device Security supports integrating with Cisco Spaces to learn about Wi-Fi and switch-connected devices, including about their physical locations. Device Security retrieves device details and creates new devices for assets learned from Cisco Spaces. Through the integration, you can identify a device’s physical location on a floor plan by navigating to Device DetailsDevice Location and viewing the Device Location Map. When the Cisco Spaces integration is enabled, you can also view all devices by floorplan by navigating to AssetsLocation.

    Alert Suppression Enhancements

    When creating alert suppression rules, you now have the flexibility to specify hostname or traffic patterns as matching criteria. You can also specify if alerts need to match all defined criteria, instead of just any defined criteria, for Device Security to suppress related alerts. You can create new alert suppression rules from the Alerts inventory of the Alert Details page. To view and update existing alert suppression rules, visit AlertsSecurity AlertsSuppression Rules.

    MDS2 File Upload Enhancement

    We improved the error messages for MDS2 file uploads to make it easier to tell why an upload failed.

    © 2025 Palo Alto Networks, Inc. All rights reserved.