Device Security
New Features in March 2025
Table of Contents
Expand All
|
Collapse All
Device Security Docs
New Features in March 2025
Review the new features introduced in Device Security in March 2025.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
One of the following subscriptions:
|
The following new features and enhancements were introduced for Device Security in
March 2025.
|
New Features
| |
|---|---|
|
Vulnerability signatures
|
The Device Security Research team added detections for 394
vulnerabilities this month. Of the 394 vulnerabilities, 44 of them
had a critical CVSS score. You can see a complete list of the CVEs
for which detections have been added in the Device Security
portal by clicking the blue
Announcements icon ( ? )Security Announcements.
|
|
Dictionary file update
|
There were four dictionary file updates in March 2025. The
following summarizes what was added in each update:
|
Juniper Networks Mist AI Integration
Device Security supports integrating with Juniper Networks Mist AI to learn
about devices and wireless clients from Mist AI. Device Security can retrieve
device details from Mist AI and use that information to enrich device information
in the Device Security assets inventory. Device Security also creates new
devices in the asset inventory for devices learned through the Mist AI integration.
Telemetry Status for Firewalls
You can view the telemetry status of your firewalls under
AdministrationFirewallsFirewalls. To view telemetry status on the Firewalls table, select
Telemetry Enabled in the column selector. When you click on
an individual firewall, the firewall details popup also displays the telemetry
status. Firewall telemetry helps Device Security learn additional subnet details,
such as VLAN and security zone based on NGFW interface. When
enabling telemetry on your firewall, select
Device Health and Performance and
Product Usage to help Device Security learn subnet
details.
PAN-OS Integration
Without AIOps telemetry enabled in PAN-OS, firewall devices in
Device Security often display only basic information and
lack critical contextual details needed for comprehensive
network security management. Integrate Device Security with
PAN-OS® to enhance visibility into your
Palo Alto Networks firewall infrastructure when AIOps is not enabled on your
firewalls. The integration retrieves and displays essential firewall metadata.
You can configure the integration to connect directly to individual firewalls or
through Panorama® management server for centralized management of multiple firewalls.
The integration uses Cortex XSOAR® to establish API connections
with your PAN-OS devices and automatically retrieve device
information at scheduled intervals. When you deploy this integration,
Device Security categorizes your firewall devices as network security equipment.
This enhanced visibility helps you better understand your network topology,
assess security risks more accurately, and make informed decisions about your
firewall infrastructure.
The integration serves as an alternative data collection method for environments
that don't use AIOps telemetry for device profiling capabilities. You can schedule
recurring jobs, ensuring your firewall information remains current and accurate
within Device Security. This solution is particularly valuable when you need
complete asset inventory and contextual information for effective threat detection
and response in your Device Security environment.
Redesigned Data Quality Page
We improved the AdministrationData Quality page to present more robust information on data quality issues, as
well as guided workflows on how to improve the data. You can view three breakdowns:
Basic Health Check, Low Inventory, and Missing Devices. Each breakdown provides a
more granular view into gaps in your network visibility, as well as recommendations
for improving visibility and coverage across your network.
Custom Alerts Enhancement
Device Security supports using the Site attribute when defining the target
devices in the Rule Engine Editor. You can access the Rule Engine Editor by going
to AlertsCustom Alert Rules and creating a new custom alert rule or editing an existing
alert rule.
Vulnerability Details Enhancement
When search for vulnerabilities using the query builder, you can now search by
keyword, such as Apach log4j, or by advanced persistent threat (APT) associated
with the vulnerability. The vulnerability keyword attribute maps to the NVD Title
attribute on the Vulnerability Details page.
In the APT column in the vulnerabilties table, Device Security now displays the
number of APTs associated with each vulnerability. Click on the APT number to view
more information about the APTs.
Multi-interface Enhancement
You can now search for interfaces based on their MAC addresses, even when there are
multiple MAC addresses for a single interface, or for multi-interface devices. When
viewing interface information on a primary device's Device Details page, you can
see the MAC addresses of the individual interfaces and the source from which those
interfaces were learned.
Subnet Monitoring Enhancement
Device Security updated the subnet monitoring workflow for a more intuitive
experience. When you start or stop monitoring a block, all of its children networks
(blocks and subnets) inherit the same monitoring status. You can vew the monitoring
status of your network in the Networks table under
NetworksNetworks and SitesNetworks.
When you stop monitoring a subnet, Device Security removes all of the devices
and IP endpoints associated with that subnet. Device Security also resolves the
alerts, and removes the vulnerability instances, associated with the subnet's
devices. If you start monitoring the subnet again, Device Security adds the
related assets back to the inventory, reopens alerts, and adds back the
vulnerability instances.