Device Security
New Features in April 2025
Table of Contents
Expand All
|
Collapse All
Device Security Docs
New Features in April 2025
Review the new features introduced in Device Security in April 2025.
Where Can I Use This? | What Do I Need? |
---|---|
|
One of the following subscriptions:
|
The following new features and enhancements were introduced for Device Security in
April 2025.
New Features
| |
---|---|
New Polling Integration Support
|
The Device Security polling integration with
Cortex XSOAR now supports the following protocols for
polling:
Additionally, you can now provide a DNS server when configuring
polling with reverse DNS to get device hostnames.
|
Vulnerability signatures
|
The Device Security Research team added detections for 427
vulnerabilities this month. Of the 427 vulnerabilities, 273 of them
had a critical CVSS score. You can see a complete list of the CVEs
for which detections have been added in the Device Security
portal by clicking the blue
Announcements icon ( ? )Security Announcements.
|
Dictionary file update
|
There were four dictionary file updates in April 2025. The
following summarizes what was added in each update:
|
Risk Scoring & Management enhancements
April 2025
|
Device Security provides a risk framework
to understand and manage risks within your network of IoT devices. The
Device Security risk scoring algorithm accounts for vulnerability threat metrics
and for additional risk factors and asset criticality. The asset risk score
breakdown displays all relevant risks (alerts, vulnerabilities, and
other risk factors), along with their individual socres and the asset's
criticality contribution.
Risk scoring customization lets you to tailor your Device Security
risk assessment framework to match your organization's security posture and risk
tolerance. By adjusting various risk factors, you can create a more accurate
representation of your environment's security risks.
You can customize how vulnerabilities and security alerts affect risk scores,
helping you prioritize vulnerabilties and alert severities based on their relevance
to your environment. Beyond vulnerability and alerts, you can customize other
risk factors, such as system status, and you can customize asset criticality weights
to definie how much a device's importance amplifies its risk score.
Compensating controls represent an important aspect of risk score customization,
providing a way for you to account for mitigation you've implemented that reduces
actual real risks. Compensating controls account for things such as
endpoint protection, or joining devices to Active Directory. These controls
adjust device risk scores by reducing the risk score of vulnerabilities, thereby
more accurately reflecting your security posture.
You can manage risk score customization.
From the Risk Score Configuration page, you can adjust all risk factors and create
compensating control types. For specific devices, you can view and manage
compensating controls directly from the Device Details page. Regular review of
these settings ensures your risk assessment remains relevant as your
environment evolves.
Cortex XDR Integration Using the API
Device Security supports integrating with Cortex XDR
directly through the Cortex XDR API, and does not require a
Third-Party Integration Add-on License.
The API integration learns the same information as the integration through
Cortex XSOAR, although with additional attributes for OS, hostname,
serial number, and vendor. You can configure the Cortex XDR API integration by
going to IntegrationsCortex XDR Integration in the Device Security portal.
IGEL Universal Management System Integration
Device Security supports integrating with
IGEL Universal Management System (UMS) to learn about devices and endpoints
from IGEL UMS. Device Security can retrieve
device details from IGEL UMS and use that information to enrich
device information in the Device Security assets inventory. Device Security
also creates new devices in the asset inventory for devices learned through the
IGEL UMS integration.
Cisco Spaces Integration
Device Security supports integrating with Cisco Spaces to learn about Wi-Fi and
switch-connected devices, including about their physical locations.
Device Security retrieves device details and creates new devices for assets
learned from Cisco Spaces. Through the integration, you can identify a device’s
physical location on a floor plan by navigating to Device DetailsDevice Location
and viewing the Device Location Map. When the Cisco Spaces integration is enabled,
you can also view all devices by floorplan by navigating to AssetsLocation.
Alert Suppression Enhancements
When creating alert suppression rules, you now have the flexibility to specify
hostname or traffic patterns as matching criteria. You can also specify if alerts
need to match all defined criteria, instead of just any defined criteria, for
Device Security to suppress related alerts. You can create new
alert suppression rules from the Alerts inventory of the Alert Details page. To view
and update existing alert suppression rules, visit AlertsSecurity AlertsSuppression Rules.
MDS2 File Upload Enhancement
We improved the error messages for MDS2 file uploads to make it easier to tell why
an upload failed.