Device Profile Overview
IoT Security summarizes the network behaviors and security
risks of IoT devices in the same device profile.
To access the Overview page of a device profile, select
Profiles
>
profile_name
> Overview
.
The Overview page displays data about the devices in this profile.
The data is drawn only from IoT devices with high confidence scores
of 90-100%; that is, devices that IoT Security has identified with
a high degree of confidence. If the number of high-confidence devices
is less than 50%, consider using the recommendations provided on
the Data Quality Diagnostics page () to increase the
number of high-confidence devices in the profile.
Time filter
– The time filter controls the data displayed
on the Overview page by the number of high-confidence devices in
the profile that were active on the network during the past 1 Day
(past 24 hours up until now), past 1 Week, or past 1 Month. Clicking
the Reset filter
icon (
) sets it to 1 Day
.
The time filter only affects the display of high-confidence
devices in the local network, not that of all devices.
Summary bar
– The profile summary across the top of the
Overview page concisely presents important information about the
devices in the profile: the overall number of devices, the number
of high-confidence devices, the risk score for this device profile
(for risk assessment details, see IoT Risk Assessment), the number
of alerts and vulnerabilities of the high-confidence devices, and
the number of policy sets configured for this profile.You can configure multiple policy sets for the same profile
but only one of them can be activated at a time.
Below the summary are several sections about key aspects of the
device profile and related risk factors. IoT Security produces this
information by using machine learning to observe and analyze the
network activity of all the high-confidence devices in the profile.
It then compares the information about your devices with those in
the same device profile in other IoT Security tenant networks to
give you a sense of how your device behaviors and risk levels match
up with others.
Profile Behavior
– This shows the different types of outbound
and inbound behavior of the high-confidence devices. Switch between
the two behaviors by clicking Outbound
and Inbound
.IoT Security compares the applications that the high-confidence
devices in this profile use during the time range set at the top
of the page with the applications that devices in the same profile
use in other IoT Security tenants. The time filters are 1 Day, 1
Week, or 1 Month. It then shows how many applications were observed
in other tenants’ environments only (common, not locally observed),
in both your and other tenants’ environments (common, locally observed),
and in your environment only (unique applications).
Alerts
– The number in parentheses at the top of the card
is the number of alert instances raised by high-confidence devices
in the profile. One type of security alert can occur multiple times,
on different devices or the same device at different times, and
each occurrence is considered a new instance of the alert. The table
shows the severity level and name of each alert followed by the
number of devices on which the alert occurred.
Vulnerabilities
– This shows the number of vulnerability
instances affecting high-confidence devices in the profile. A vulnerability
can occur on multiple devices and each time it does it’s considered
a separate vulnerability instance. The table lists the severity
level and name of each vulnerability and how many instances there
are of it.
Most Common Alerts in
<your_industry> – This lists
up to five of the most common security alerts raised by devices
in this device profile across multiple IoT Security tenants and
their severity levels. The number of alerts raised by your devices
is also shown in the column labeled Your Alerts.
Top Vulnerabilities in
<your_industry> – This lists
up to five of the top vulnerabilities affecting devices in this
device profile across multiple IoT Security tenants and their severity
levels. The number of vulnerability instances in your network environment
is also shown in the column labeled Your Vulnerability Instances.
Risk Score
– This shows the risk score for the device
profile in relation to the overall range and to the average of all
IoT Security tenants with the same profile. This helps you see the
level of risk for your devices relative to the average level of
other IoT Security tenants.In the following screen capture, the range extends from 10 to
89, which are the lowest and highest risk scores for this device
profile among all IoT Security tenants, and the average risk score
is 13. With a local risk score of 74, you might consider addressing
some threats to reduce risk and lower the score away from the high
end of the range.
