IoT Security
New Features in March 2025
Table of Contents
Expand All
|
Collapse All
IoT Security Docs
-
-
- Firewall Deployment Options for IoT Security
- Use a Tap Interface for DHCP Visibility
- Use a Virtual Wire Interface for DHCP Visibility
- Use SNMP Network Discovery to Learn about Devices from Switches
- Use Network Discovery Polling to Discover Devices
- Use ERSPAN to Send Mirrored Traffic through GRE Tunnels
- Use DHCP Server Logs to Increase Device Visibility
- Control Allowed Traffic for Onboarding Devices
- Support Isolated Network Segments
-
New Features in March 2025
Review the new features introduced in IoT Security in March 2025.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
The following new features and enhancements were introduced for IoT Security in
March 2025.
|
New Features
| |
|---|---|
|
Vulnerability signatures
|
The IoT Security Research team added detections for 394
vulnerabilities this month. Of the 394 vulnerabilities, 44 of them
had a critical CVSS score. You can see a complete list of the CVEs
for which detections have been added in the IoT Security
portal by clicking the blue
Announcements icon ( ? )Security Announcements.
|
|
Dictionary file update
|
There were four dictionary file updates in March 2025. The
following summarizes what was added in each update:
|
Juniper Networks Mist AI Integration
IoT Security supports integrating with Juniper Networks Mist AI to learn
about devices and wireless clients from Mist AI. IoT Security can retrieve
device details from Mist AI and use that information to enrich device information
in the IoT Security assets inventory. IoT Security also creates new
devices in the asset inventory for devices learned through the Mist AI integration.
Telemetry Status for Firewalls
You can view the telemetry status of your firewalls under
AdministrationFirewallsFirewalls. To view telemetry status on the Firewalls table, select
Telemetry Enabled in the column selector. When you click on
an individual firewall, the firewall details popup also displays the telemetry
status. Firewall telemetry helps IoT Security learn additional subnet details,
such as VLAN and security zone based on NGFW interface. When
enabling telemetry on your firewall, select
Device Health and Performance and
Product Usage to help IoT Security learn subnet
details.
PAN-OS Integration
IoT Security supports integrating with PAN-OS
Next-Generation Firewalls to learn device details about the firewalls. This
integration provides an alternative way to learn firwall data if a firewall doesn't
have telemetry enabled. Through the
integration, IoT Security learns firewall information such as hostname,
MGMT interface IP address, and other network interfaces. If you want to learn
subnets, you need to enable telemetry on the respective firewalls.
Redesigned Data Quality Page
We improved the AdministrationData Quality page to present more robust information on data quality issues, as
well as guided workflows on how to improve the data. You can view three breakdowns:
Basic Health Check, Low Inventory, and Missing Devices. Each breakdown provides a
more granular view into gaps in your network visibility, as well as recommendations
for improving visibility and coverage across your network.
Custom Alerts Enhancement
IoT Security supports using the Site attribute when defining the target
devices in the Rule Engine Editor. You can access the Rule Engine Editor by going
to AlertsCustom Alert Rules and creating a new custom alert rule or editing an existing
alert rule.
Vulnerability Details Enhancement
When search for vulnerabilities using the query builder, you can now search by
keyword, such as Apach log4j, or by advanced persistent threat (APT) associated
with the vulnerability. The vulnerability keyword attribute maps to the NVD Title
attribute on the Vulnerability Details page.
In the APT column in the vulnerabilties table, IoT Security now displays the
number of APTs associated with each vulnerability. Click on the APT number to view
more information about the APTs.
Multi-interface Enhancement
You can now search for interfaces based on their MAC addresses, even when there are
multiple MAC addresses for a single interface, or for multi-interface devices. When
viewing interface information on a primary device's Device Details page, you can
see the MAC addresses of the individual interfaces and the source from which those
interfaces were learned.
Subnet Monitoring Enhancement
IoT Security updated the subnet monitoring workflow for a more intuitive
experience. When you start or stop monitoring a block, all of its children networks
(blocks and subnets) inherit the same monitoring status. You can vew the monitoring
status of your network in the Networks table under
NetworksNetworks and SitesNetworks.
When you stop monitoring a subnet, IoT Security removes all of the devices
and IP endpoints associated with that subnet. IoT Security also resolves the
alerts, and removes the vulnerability instances, associated with the subnet's
devices. If you start monitoring the subnet again, IoT Security adds the
related assets back to the inventory, reopens alerts, and adds back the
vulnerability instances.