IoT Security Solution Structure
Table of Contents
Expand all | Collapse all
- Firewall and PAN-OS Support of IoT Security
- IoT Security Prerequisites
- Onboard IoT Security
- Onboard IoT Security on VM-Series with Software NGFW Credits
- DHCP Data Collection by Traffic Type
- Firewall Deployment Options for IoT Security
- Configure a Pre-PAN-OS 10.0 Firewall with a DHCP Server
- Configure a Pre-PAN-OS 10.0 Firewall for a Local DHCP Server
- Use a Tap Interface for DHCP Visibility
- Use a Virtual Wire Interface for DHCP Visibility
- Use SNMP Network Discovery to Learn about Devices from Switches
- Use ERSPAN to Send Mirrored Traffic through GRE Tunnels
- Use DHCP Server Logs to Increase Device Visibility
- Plan for Scaling when Your Firewall Serves DHCP
- Prepare Your Firewall for IoT Security
- Configure Policies for Log Forwarding
- Control Allowed Traffic for Onboarding Devices
- Support Isolated Network Segments
- IoT Security Integration with Prisma Access
- IoT Security Licenses
- Offboard IoT Security Subscriptions
- Introduction to IoT Security
- IoT Security Integration with Next-generation Firewalls
- IoT Security Portal
- Vertical-themed Portals
- Device-to-Site Mapping
- Sites and Site Groups
- IoT Security Integration Status with Firewalls
- IoT Security Integration Status with Prisma Access
- Data Quality Diagnostics
- Authorize On-demand PCAP
- IoT Security Integrations with Third-party Products
- IoT Security and FedRAMP
- IoT Device Discovery
- IoT Security Devices Page
- IoT Security Device Details Page
- Create Multi-interface Devices
- IP Endpoints
- Discover Mobile Device Attributes
- Custom Attributes
- Tag Management
IoT Security Solution Structure
IoT SecuritySolution Structure
IoT Securitysolution involves multiple components working together to discover, classify, and secure IoT devices on your network.
Using AI and machine learning,
IoT Securityautomatically discovers and identifies all network-connected devices and constructs a data-rich, dynamically updating inventory. In addition to identifying IoT devices and IT devices (laptops and servers for example),
IoT Securityprovides deep visibility into network behaviors, establishing what’s normal and discerning what’s suspicious. When it detects a device vulnerability or anomalous behavior posing a threat,
IoT Securitynotifies administrators, who can then take action to investigate and remediate the issue.
To accomplish all this, the cloud-based
IoT Securityapp works with Palo Alto Networks next-generation firewalls, logging service, and update server, and optionally with Panorama and integrated third-party products. These elements of the
IoT Securitysolution collaborate to carry out the following tasks:
- Firewalls withIoT Securitysubscriptions collect information about network traffic and forward their logs to the logging service, which streams metadata toIoT Securityfor analysis.
- The update server provides firewalls and Panorama with a regularly updated device dictionary file of device attributes (profile, vendor, category, and so on) that Security policy rules use for device identification, orDevice-ID.
- IoT Securityrecommends Security policy rules based on Device-ID to firewalls. When Panorama provides centralized firewall management,IoT Securityworks through it to recommend Security policy rules to managed firewalls. When Panorama is not in use,IoT Securityinteracts directly with firewalls.
- IoT Securitymaps IP addresses to devices and notifies firewalls of their corresponding device attributes so they can enforce Device-ID-based Security policy rules that reference attributes in IP address-to-device mappings.
With a third-party integrations add-on license for your
IoT Securityaccount, you are able to expand
IoT Securitycapabilities to include product-specific features and those of the integrated products to include IoT.
Learn about the major components that constitute the
1 - Device
IoT Securityto identify IoT devices and establish a baseline of their acceptable network behaviors, it needs to analyze their network activity. That’s where next-generation firewalls come in. They log network traffic to which they apply Security policy rules and then forward logs to the logging service where
IoT Securityaccesses them. Depending on whether your
IoT Securitysubscription includes data storage, the logging service either streams metadata to your
IoT Securityaccount and
Cortex Data Lakeinstance or just to your
2 - Data Analysis
IoT Securityuses AI and machine-learning algorithms to analyze numerous aspects of the network behavior of a device and classify it within three levels or tiers. At the broadest tier,
IoT Securityidentifies behavioral similarities that enable its algorithms to assign a device to a device category, such as security camera, even if it doesn’t yet know the exact vendor and model. At the next tier,
IoT Securitygathers more granular behavioral attributes shared by certain vendors and models of security cameras to assign it a device profile. At the third tier, the algorithms create a model of unique behaviors for this individual security camera, such as its usage pattern.
In addition to device identification,
IoT Securityapplies proprietary and supplemental machine-learning technologies to threat detection. It automatically detects device vulnerabilities and notifies
IoT Securityadministrators. It also detects anomalous network behavior indicative of attack or reconnaissance and generates security alerts.
3 - IoT Device
IoT Securitycoordinates with next-generation firewalls to recommend Security policy rules for IoT device traffic. After identifying devices and establishing a baseline of acceptable network behavior,
IoT Securityautomatically generates recommended Security policy rules for device profiles based on the network behavior it observes. Panorama or firewall administrators then import the recommendations to Panorama or directly to firewalls where they decide which ones to add to their policy set.
Firewalls and Panorama must have a list of device profiles or other device attributes for Device-ID-based Security policy rules. This list is provided as a device dictionary file from the update server, which firewalls and Panorama check regularly for updates to download.
So that firewalls apply imported Device-ID-based rules appropriately,
IoT Securitycontinually sends the firewall IP address-to-device mappings, which include the profile and other attributes of all devices monitored and protected by
4 - Third-party
In addition to protecting IoT devices by coordinating with next-generation firewalls,
IoT Securityalso integrates with third-party products to do the following:
- Increase device inventory and enrich device context—sometimes forIoT Securityand sometimes for the integrated third-party product
- Broaden the coverage of specific features in integrated products to include IoT
- Expand the capabilities ofIoT Security; for example, through integrations that allow you to do vulnerability scanning, quarantine devices with critical vulnerabilities or security alerts, and apply access control lists (ACLs) to IoT devices
IoT Securityintegrates with other products through a third-party integrations add-on, which is based on a
5 - Using Prisma
Access instead of Next-generation Firewalls
IoT Securitywith Prisma Access, the process for collecting device data is similar to the previous description of data collection except that you substitute Prisma Access for firewalls. In addition,
IoT Securitycan coordinate with Prisma SD-WAN ION devices to collect data at branch sites. When Prisma Access and SD-WAN forward data logs to the logging service,
Cortex Data Lakemust be used.
IoT Securitysends Security policy rule recommendations through Panorama to Prisma Access. It sends IP address-to-device mappings to Prisma Access directly. Likewise, the update server sends device dictionary updates directly to Prisma Access as well as to Panorama.