New Features - Device Security - January 2024

Integrate IoT Security with ServiceNow to enrich the ServiceNow Asset Management application device database and send alerts and vulnerabilities to ServiceNow . After integrating Device Security with ServiceNow through Cortex XSOAR, you can configure the device update job and the alerts and vulnerabilities job to run periodically, or only after a manual push.

When integrating Device Security with ServiceNow Asset Management, ensure that Device Security is monitoring the devices and activities on the same network as ServiceNow . Device Security then sends details about device attributes that it learns from network traffic to ServiceNow . If Device Security detects vulnerabilities or security alerts on any of the monitored devices, it can send those incidents to ServiceNow to convert into a work order.

To map device attributes from Device Security to ServiceNow, you can use the ServiceNow IoT Device table, or you can map attributes using ServiceNow classes. Using ServiceNow classes with OT devices lets ServiceNow maintain operational context within its Configuration Management Database (CMDB).

Integrate Device Security with third-party vulnerability scanners to detect, learn more about, and manage vulnerabilities that exist in your network and stay compliant with a strong security posture. Third-party vulnerability scanners actively scan the network and can uncover vulnerabilities that Device Security can ' t detect from network traffic monitoring alone. Device Security ingests vulnerability scan reports from third-party integrations to incorporate new CVEs or additional CVE details used in monitoring. You can also proactively initiate scans on a third-party scanner, from Device Security, if Device Security detects anomalous behavior that requires further investigation. Device Security can integrate with Qualys, Rapid7, and Tenable vulnerability scanners.

After initiating a vulnerability scan and ingesting the vulnerability scan report from a third-party integration, you can view the updated information for your network in Device Security . The Device Details page includes any new or updated risks for each device, based on the scan results. The Alerts list includes any active or new alerts raised by the results of a scan. You can also filter and sort devices in your inventory based on different alerts and vulnerabilities to see possible impacts to your network.

To integrate Device Security with a third-party vulnerability scanner requires either a full-featured Cortex XSOAR server, or the purchase and activation of an Device Security third-party integration add-on license, which comes with a free cohosted Cortex XSOAR instance. If the third-party integration uses an on-premises management system, you need to install a Cortex XSOAR engine if you ' re using a cloud-based Cortex XSOAR .

( March 2026 ) Device Security Network Visualizations now support creating and managing process zones directly from the network map. With process zones, you can logically and visually group OT/IoT devices based on device behaviors within a network.

You can select individual devices and neighbor nodes from the topology, assign them to an existing process zone or create a new one, preview the grouping before committing, and edit zone membership after creation. By defining process zones visually in context, you can manage devices based on the risk and criticality of the operational processes within your environment.

( January 2024 ) Create network visualization maps to view networks and device behaviors within those networks from different perspectives. Use maps to expose trends, observe relationships, and glean fresh insight into segmentation hygiene, blast radius in the event of compromise, and current network behaviors. The previously released Device Visualization feature has been redesigned to improve map creation and navigation.

Device Security creates network visualization maps based on the traffic and communication patterns that it learns from monitoring and analyzing network activity. Use the network visualizations to assess broad trends across your entire network, or to focus on different groups of devices or different facets of your network. You can group devices by various attributes to use for visualizations, and you can add a second layer by choosing a different attribute to focus on within the first attribute grouping. Device groupings include Purdue level to support network visualizations of Industrial OT IoT devices.

When viewing network visualizations, you can filter for certain characteristics to highlight them in the visualization map. By hovering over and interacting with the visualization, you can view information about specific nodes or groups, from a pop-up panel to a drill-down view. You can use the Map Builder to edit the device groupings and scope, and you can save map views that are useful to refer to often.