New Features - Device Security - December 2025

( December 2025 enhancement ) Prisma Access attached Device Security is now authorized for FedRAMP High.

( June 2024 enhancement ) Device Security now uses the PAN-OS Edge Services to support policy recommendations and Device-ID based automated Zero Trust Enforcement for all next-generation firewalls and Prisma Access . The Device Security solution deployed in a FedRAMP moderate environment works with next-generation firewalls in either FIPS mode or in a commercial environment.

Device Security is authorized for use in a FedRAMP environment. To learn more about FedRAMP authorization at Palo Alto Networks, see Palo Alto Networks and FedRAMP Authorization.

( February 2026 ) When configuring a Cisco Meraki integration instance with Device Security, you can specify Service Set Identifiers (SSID) to include or exclude from the scope of the data ingestion. If an SSID appears in both the include and exclude lists, causing a conflict, then the exclusion takes priority. Configure SSID filtering to prioritize which SSIDs you want to actively monitor through the Cisco Meraki integration.

( December 2025 enhancement ) Device Security can now learn network details when integrating with Cisco Meraki. The network details include information about subnets, VLANs, static IP addresses, and DHCP leases. Device Security and Cortex XSOAR use a new playbook, Import Cisco Meraki Networks to Device Security, to get the network information. The Cisco Meraki integration instance in Cortex XSOAR also includes a new field, Networks, to specify which networks to learn network information for. To pull the network information from your Cisco Meraki solution to Device Security, update your Cisco Meraki integration instance and configure a new Cortex XSOAR job with the new playbook.

Device Security integrates with Cisco Meraki Cloud through Cortex XSOAR to enrich your asset inventory with detailed data about devices accessing your network through Cisco switches and wireless access points. This integration enables you to import device attributes, such as MAC and IP addresses, VLANs, and OS details, directly into Device Security . For wired clients, you gain visibility into the connecting switch, while wireless client data includes the associated access point. Use this feature to correlate network-layer data with traffic logs from next-generation firewalls. This integratio helps you maintain visibility of both online and recently offline devices, so you can base your security policy decisions on the most current context available.

( March 2026 ) Polling the Infoblox integration for device details across your entire network can be slow when you only need data from specific subnets. When configuring the Infoblox integration instance on Cortex XSOAR, you can now limit the polling to a specific subnet scope.

You can specify up to 10 subnet scopes, and then Cortex XSOAR will only poll Infoblox for device details from those subnet scopes. This improves the speed of each integration job while getting information specific to the subnets you're interested in. This is particularly useful in large environments where polling the full network is neither practical nor efficient.

( December 2025 ) Device Security can now learn about static IP addresses and DHCP leases when integrating with Infoblox IPAM.

Integrate Device Security with Infoblox IPAM to retrieve IP blocks and subnets (called containers and networks by Infoblox ) plus related data about sites, VLANs, and descriptions. For more information, see Integrate Device Security with Infoblox IPAM.

Device Security supports integrating with NetBox functionalities for IP Address Management (IPAM) and Data Center Infrastructure Management (DCIM). By integrating with NetBox, Device Security can learn about endpoints and IP address use, including static IP addresses and DHCP leases. Device Security uses that information to enrich the Device Security asset inventory, including creating new assets for devices learned through the NetBox integration.

Device Security 's new landing dashboard in Strata Cloud Manager presents a centralized, real-time view of your device landscape and critical risk factor insights, enabling proactive risk management and rapid incident response. The landing dashboard unifies discovery, security posture, risk analysis, and remediation workflows, so you can get a high-level overview of all devices in your network, see where risks from vulnerabilities and threats appear, and quickly take action on insights and recommended policies.

You can now query time-based attributes from third-party integrations. Time-based attribute querying makes it easier to identify and manage devices based on their temporal activity in your network. You can query using predefined time values (e.g. 1 month) or custom values, which can be explicit date ranges (e.g. January 5, 2026) or relative time operators (e.g. last 10 days). Querying on time-based attributes uses the existing process for Query Creation and Management.

( January 2026 ) Device Security now includes information from the European Union’s Medical Device Regulation (EU MDR) for medical device recalls. In the Recalls table, view the Source column to see if the recall comes from EU MDR.

( December 2025 ) When the Medical Device Security vertical is enabled, you can filter the Recalls table by the Source attribute.

( October 2025 ) Device Security now includes information from Germany's Federal Institute for Drugs and Medical Devices (Bundesinstitut für Arzneimittel und Medizinprodukte, BfArM) for medical device recalls. In the Recalls table, view the Source column to see if the recall comes from BfArM.

Manually tracking medical device recalls across multiple regulatory bodies is often a complex, error-prone process that can compromise patient safety and regulatory compliance. Device Security includes a Medical Device Recalls page that helps you identify and respond to recalls for medical devices in your network.

The Medical Device Recalls page provides a centralized view of all recalls for medical devices in your network, including the recall identifier, the recall status, the recall source, and the recalled devices and profiles in your network. You can view the recall source file by clicking on the Recall ID.

This centralized view of recalls helps you maintain regulatory compliance, reduce the operational overhead of manual tracking, and proactively mitigate risks associated with compromised medical equipment.