Learn about the features that Enterprise IoT Security provides.
IoT devices are purpose-built devices that perform a
limited set of actions, connect to a network, and transmit and receive
data. Examples of IoT devices would be barcode scanners, smart light
bulbs, and security cameras. These are different from traditional
IT devices like personal computers that perform a wide variety of
tasks. IoT devices are also different from IT devices in that many
do not support software upgrades and security patches. As a result,
when a vulnerability is found in their software or firmware, it’s
difficult to protect them from being exploited and compromised.
Another difference is that IoT devices are proliferating and often find
their way onto a network without notice. In addition, their purpose-built
nature makes their unique network behaviors obscure and mysterious
to administrators more accustomed to managing laptops and desktops.
Palo Alto Networks IoT Security uses artificial intelligence
and machine learning to demystify IoT devices, identifying them
and their normal network behaviors. Palo Alto Networks offers two
products: Enterprise IoT Security and Enterprise IoT Security Plus.
While Enterprise IoT Security Plus offers more in regards to security—for example,
automatically generated Security alerts, vulnerability detections,
risk assessments, and Security policy rule recommendations—both
Enterprise IoT Security and Enterprise IoT Security Plus use the
same machine-learning algorithms and engines to analyze network
traffic, baseline their behavior, and identify devices.
Enterprise IoT Security is a cloud-based app that works with
Palo Alto Networks next-generation firewalls, logging service, and
update server. These elements of the Enterprise IoT Security solution
collaborate to carry out the following tasks:
Next-generation firewalls with Enterprise IoT Security
subscriptions collect information about network traffic and forward
their logs to the logging service, which streams network traffic
metadata to IoT Security for analysis. For recommended firewall
deployment options for collecting network traffic metadata, see
the IoT Security Deployment Design
An Enterprise IoT Security license does not
require Cortex Data Lake to function. If you do not have a Cortex
Data Lake instance for any other Palo Alto Networks product, firewalls
onboarded with Enterprise IoT Security forward traffic logs to the
logging service, which streams them to Enterprise IoT Security for
processing and analysis; there’s no log retention in Cortex Data
Lake. If you happen to have a Cortex Data Lake instance to which
a firewall is already forwarding logs and you then onboard Enterprise
IoT Security on the firewall, the logging service will stream log
metadata to both IoT Security and Cortex Data Lake. You have the
option in the Cortex Data Lake app to switch off logging for the
firewall if you want by toggling Store Log Data
the Inventory page.
The update server provides firewalls and—if used to manage
your firewalls—Panorama with a regularly updated device dictionary
file of device attributes (profile, vendor, category, and so on)
that Security policy rules can use for device identification, or
IoT Security maps IP addresses to devices and notifies firewalls
of their corresponding device attributes so they can enforce Device-ID-based Security
policy rules that reference attributes in IP address-to-device mappings.
All next-generation firewalls running PAN-OS 10.1 or later support
Enterprise IoT Security except the VM series and CN series.
After you onboard IoT Security, activate IoT Security licenses
on your firewalls, and deploy them so they can feed data to the
logging service, you’re ready to access the IoT Security portal
and begin using it. Using your account credentials for the Palo Alto
Networks Customer Service Portal, log in at the URL you defined
during the onboarding process, as explained in chapter two.
The IoT Security portal fully supports Google Chrome and partially
supports Microsoft Edge, which means the portal is expected to be
usable but might not look exactly as designed. It does not officially
support Microsoft Internet Explorer, Apple Safari, or any other
type of browser.
– The items in the left navigation menu are roughly organized into three
groups, starting with the pages where you can see the devices, networks, and sites in
your organization that IoT Security is monitoring at the top. The next section is for
where activities are recorded in the audit log and information is captured in various
types of reports. Finally, the last section is where you can do system tuning, check
data quality, and manage firewalls, system, and administrative settings.
Use the left navigation menu to navigate to different pages in
the Enterprise IoT Security portal. When there are data filters
at the top of a page, use them to control the data that appears
on the page by site, device type, and time period.
– Under the navigation menu is a
set of administrative tools:
Help – Open the Customer Support Portal.
User name (first and last name from the user’s contact information) – When you
click the name, these options appear:
Preferences – Modify your contact information, time zone, idle session
timeout, alert sound (that is, control if an audible alert sounds
whenever IoT Security detects new Security alerts), and SMS and email
Resource Center – See status notifications about firewall logs and learn
about IoT Security through recommended resources and useful links.
Dark Theme/Light Theme – Switch between dark and light UI display
Log out – Log out of your administrative session.
App Switcher – Take a shortcut to other Palo Alto Networks
applications through the hub.
– At the top of the page and to the right of the
page title bar is a search field where you find data by entering
keywords to search for devices.
– Below the page title bar and search field
on many pages is a set of filters that control the data that the
Enterprise IoT Security portal displays on each page. The filter
system consists of global filters and local, page-specific filters.
Global filter settings persist while you navigate among different pages
with various filters appearing as appropriate per page. For example,
there are additional filters on the Devices page and no filters
at all on the User Accounts page. Global filters have default values
but can also be customized. Modified and added filters appear in
the UI as blue instead of black, so you can easily tell them apart from
the default ones. If a page has a default local filter, it appears
among the other global filters at the top of the page. In addition,
there are also page filters that are only applicable to the data
on a particular page. When you scroll down a page, both the global
and page filters continue to remain in view in the upper right of
the title bar.
– Next to the data filters is the query
builder. Use it to find information about devices by constructing
queries out of various components. For example, you might query
for all IoT devices from a particular vendor, or you can query for
all IoT devices in a particular profile.
– Toggle open and closed a vertical panel
on the right side of the UI with information about recent feature
releases and important announcements.