Device Profile Overview

IoT Security summarizes the network behaviors and security risks of IoT devices in the same device profile.
To access the Overview page of a device profile, select
Profiles >
profile_name
> Overview
.
The Overview page displays data about the devices in this profile. The data is drawn only from IoT devices with high confidence scores; that is, devices that IoT Security has identified with a high degree of confidence. If the number of high-confidence devices is less than 50%, consider using the recommendations provided on the Data Quality Diagnostics page (
Monitoring
Data Quality
) to increase the number of high-confidence devices in the profile.
Time filter
– The time filter controls the data displayed on the Overview page by the number of high-confidence devices in the profile that were active on the network during the past 1 Day (past 24 hours up until now), past 1 Week, or past 1 Month. Clicking the
Reset filter
icon ( ) sets it to
1 Day
.
The time filter only affects the display of high-confidence devices in the local network, not that of all devices.
Summary bar
– The profile summary across the top of the Overview page concisely presents important information about the devices in the profile: the overall number of devices, the number of high-confidence devices, the risk score for this device profile (for risk assessment details, see IoT Risk Assessment), the number of alerts and vulnerabilities of the high-confidence devices, and the number of policy sets configured for this profile.
You can configure multiple policy sets for the same profile but only one of them can be activated at a time.
Below the summary are several sections about key aspects of the device profile and related risk factors. IoT Security produces this information by using machine learning to observe and analyze the network activity of all the high-confidence devices in the profile. It then compares the information about your devices with those in the same device profile in other IoT Security tenant networks to give you a sense of how your device behaviors and risk levels match up with others.
Profile Behavior
– This shows the different types of outbound and inbound behavior of the high-confidence devices. Switch between the two behaviors by clicking
Outbound
and
Inbound
.
IoT Security compares the applications that the high-confidence devices in this profile use during the time range set at the top of the page with the applications that devices in the same profile use in other IoT Security tenants. The time filters are 1 Day, 1 Week, or 1 Month. It then shows how many applications were observed in other tenants’ environments only (common, not locally observed), in both your and other tenants’ environments (common, locally observed), and in your environment only (unique applications).
Alerts
– The number in parentheses at the top of the card is the number of alert instances raised by high-confidence devices in the profile. One type of security alert can occur multiple times, on different devices or the same device at different times, and each occurrence is considered a new instance of the alert. The table shows the severity level and name of each alert followed by the number of devices on which the alert occurred.
Vulnerabilities
– This shows the number of vulnerability instances affecting high-confidence devices in the profile. A vulnerability can occur on multiple devices and each time it does it’s considered a separate vulnerability instance. The table lists the severity level and name of each vulnerability and how many instances there are of it.
Most Common Alerts in
<your_industry> – This lists up to five of the most common security alerts raised by devices in this device profile across multiple IoT Security tenants and their severity levels. The number of alerts raised by your devices is also shown in the column labeled Your Alerts.
Top Vulnerabilities in
<your_industry> – This lists up to five of the top vulnerabilities affecting devices in this device profile across multiple IoT Security tenants and their severity levels. The number of vulnerability instances in your network environment is also shown in the column labeled Your Vulnerability Instances.
Risk Score
– This shows the risk score for the device profile in relation to the overall range and to the average of all IoT Security tenants with the same profile. This helps you see the level of risk for your devices relative to the average level of other IoT Security tenants.
In the following screen capture, the range extends from 10 to 89, which are the lowest and highest risk scores for this device profile among all IoT Security tenants, and the average risk score is 13. With a local risk score of 74, you might consider addressing some threats to reduce risk and lower the score away from the high end of the range.

Recommended For You