Device Security enables you to secure your connected device environments with both inbound and outbound policy recommendations. While PAN-OS and Panorama initially supported only outbound policy recommendations, the addition of inbound policy recommendations lets you create a more comprehensive security posture for your IT and IoT devices. Creating policy rule recommendations based on both outbound and inbound profile behaviors helps prevent vulnerability exploitation, lateral movement, and other security risks that outbound policies alone cannot address.

You can now view both inbound and outbound behaviors for device profiles in the UI and create security policies accordingly. For outbound behaviors, the source is the IT/IoT device profile, while the destination can be any. For inbound behaviors, you can now set the source as any, and the destination is the IT/IoT device profile. This symmetrical approach lets you control both what your IT/IoT devices can access, as well as what other enterprise sources can access your IT/IoT devices, implementing a true Zero Trust security model.

The policy recommendation workflow supports both per-device and per-profile levels, giving you flexibility in how you implement security policies. When creating policies, you can specify source and destination attributes including device profiles, IP addresses, and FQDNs. The naming convention for policies intelligently selects the appropriate profile name (whether in source or destination) to ensure clarity in your policy set. For policy rule recommendations based on inbound profile behaviors, the name has "-inbound" appended.

By leveraging both inbound and outbound policy recommendations, you can significantly reduce your attack surface by allowing only trusted behaviors for your IT/IoT devices. This is particularly valuable for securing critical infrastructure and sensitive device deployments where you need to control both inbound and outbound traffic.

When onboarding IoT Security, you can now select a predefined Log Forwarding profile and apply it to multiple Security policy rules. This simplifies the previous onboarding process where you had to create a Log Forwarding profile and apply it individually to each Security policy rule.