IoT Security Device Details Page
The Device Details page in the IoT Security portal shows detailed information about a specific device.
To see details about a device, click its device name. The IoT Security portal then displays the device details page, with content grouped into the following sections:
- Security (summary)
- Network Traffic
- Network Usage
- MDS2 (for medical IoT devices)
Identity: The Identity section at the top of the page provides identifying data such as the category and profile of a device, its vendor and model, its OS, and various network-specific details.
The IoT Security portal only shows a field if it has a value for it. You might see more or fewer details than shown here, depending on the amount of information IoT Security has.
Security (summary): The information in the next section relates to security and includes the individual risk score for the device and whether baseline modeling is complete or still in progress. The current behaviors diagram shows evaluations for five types of behavior ranging from normal (near the center) to anomalous (near or beyond the edge).
Risks: The Risks section contains the alerts, vulnerabilities, and anomalies that occurred to the device during the time range set at the top of the page. The events are displayed along a timeline and in a list with detailed information about each one.
Alerts: This section contains only the alerts that the device raised during the specified time range. Alerts are a subset of risks, and IoT Security generates them when it detects irregular behavior and activity matching an alert rule. You can see when alerts occurred along a timeline, read details about them, and take action to resolve them.
Security: The Security section contains three subsections that show how a device connects to other devices on the network and which applications it’s using.
- Network Traffic: View a conceptual network topology displaying the nodes with which the device has formed connections. Use filters to display inbound or outbound connections; nodes with various alert levels; connections to nodes within the same VLAN, same intranet, or in the Internet; and so on.If you clickExplore Topology, a new browser window opens with an informative display of internal and external connections from the device in focus. You can interact with the information, viewing details about each node and clicking different ones to put them in focus and see their connections.Any node with “S” on it is a server.
- Applications: This section shows the applications the device uses, and how many other devices and device profiles use the same application. Click a number in the Used by Devices column to open the Devices page with its contents filtered by the corresponding application. Hovering your cursor over the blue text of an entry in the Profiles column displays a list of all profiles that use that application.
- Network Usage: The last section shows a Sankey diagram with lines indicating network connections. The red line indicates it’s involved in an alert of high severity. Click one of the blue bars and then click theCreate Policyoption that appears to create a policy with the following fields in the Policy Editor auto filled: (“Group #1” = source, and “Group #2 = destination).
MDS2(for medical IoT devices)
Medical device vendors often list the security-related features of their products in Manufacturer Disclosure Statement for Medical Device Safety (MDS2) forms, which they share with their customers. Vendors issue these MDS2 documents for each version of a medical device and include valuable information such as whether a device processes PHI (personal health information); if it stores PHI and, if so, if it's encrypted; and if antivirus software is installed on the device.
Over time, healthcare providers can collect thousands of MDS2 documents for thousands of medical devices. When used as intended, MDS2 documents can greatly enhance your security posture and incident response (IR). However, absorbing the details from these documents for the specific version of the software running on their connected devices is a daunting task. As a result, MDS2 files often go unused.
IoT Security simplifies the management and use of the MDS2 files you have. If you upload an MDS2 file for a device to IoT Security, it then includes this data along with other environmental factors when assessing the risk to the device. For example, if the software version of a device specified in an MDS2 file has a known vulnerability, IoT Security more precisely identifies it as a vulnerability instead of just a potential vulnerability. IoT Security supports MDS2 files in 2004, 2008, 2013, and 2019 formats.
To upload an MDS2 file for one of your medical devices, click the MDS2 button on the device details page, click the upload icon in the lower right corner, and then navigate to your MDS2 document (its format must be PDF) and upload it.
A prompt appears to apply the MDS2 file to all devices sharing the same model, vendor, and profile. To apply the MDS2 file to all devices with the same attributes, click
Yes. To apply it to just this particular device, click
An entry for the uploaded MDS2 file appears in the MDS2 section on the Device Details page with some upload details, device manufacturer name, and software revision number (if available). In addition, if you selected
Yeswhen prompted to apply the MDS2 file to other devices with the same model, vendor, and profile and there are such devices, then IoT Security applies the uploaded MDS2 file to them as well.
The upload date shows when this file was uploaded to IoT Security.
The timestamp uses the time zone specified on the Preferences page ( > Preferences).
The source of an uploaded MDS2 file is always
Directly Uploaded, which means that a user manually uploaded the file to IoT Security.
The status of an uploaded file indicates one of the following states:
- Matched– The uploaded file is a PDF containing correctly formatted fields
- Cannot Extract Data– The file is a PDF with incorrectly formatted fields
- Unsupported File Type– The uploaded file is not a PDF
If the file status is either of the last two states, hover your cursor over the table row with the MDS2 file and then click the Delete icon that appears on the far right ( ).
To see more details about the device and MDS2 file, expand the row.
A manufacturer might release an updated MDS2, perhaps to add more models to the Device Model list, change its Manufacturer Contact Information, or for some other reason. If so, delete the first MDS2 file and then upload the new file.
To see a preview of an MDS2 file, hover your cursor over its table row, which causes the preview icon to appear ( ). Either click the icon or hover your cursor over it to see the file in a pop-up preview window.
Use the viewing options to scroll through the file and zoom in and out.
To view the file itself, click the filename. IoT Security downloads the PDF file so you can open and view it locally.
IoT Security uses several fields in MDS2 forms for risk detection:
- Can this device display, transmit, or maintain private data?
- What types of private data elements can be maintained by the device?
- Can security patches or other software be installed remotely?
The wording for these questions varies in different versions of MDS2.
This information can help IoT Security assess risk. For example, if an MDS2 file states that a device doesn't support remote servicing and IoT Security detects an inbound connection from an external source, it will flag this as anomalous behavior and generate a security alert. Similarly, if an MDS2 file states that a device cannot be remotely patched, any attempted inbound file transfer from an external location will also be treated as anomalous and trigger an alert.
Recommended For You
Recommended videos not found.