New Features - Device Security - January 2026

Demonstrating adherence to industry compliance frameworks such as HIPAA and IEC 62443 is often a complex process with the risk of an audit failure. Security teams can struggle to maintain continuous visibility into their compliance posture while managing active threats.

Device Security streamlines compliance monitoring of healthcare and industrial devices with dashboards for security compliance reporting. For healthcare, the HIPAA dashboard provides out-of-the-box alignment, automatically mapping your security posture to mandatory safeguards such as access control and audit verification. For industrial environments, the IEC 62443-3-3 dashboard addresses requirements, helping you validate security levels for Industrial Automation and Control Systems (IACS) and components defined in ISA/IEC 62443-4-2.

Beyond pre-built frameworks, you can leverage the Query Builder to clone existing dashboards and create user-defined compliance controls, allowing you to combine industry standards with your own internal baselines. By centralizing this data, Device Security helps you reduce the administrative burden of audits, ensure consistent regulatory alignment, and maintain a robust security posture without sacrificing operational efficiency.

Managing assets across fragmented IT, OT, and IoT environments often creates data silos that hinder accurate tracking and effective security responses. Keeping asset records synchronized manually between disparate systems is resource-intensive and increases the risk of working with outdated information.

The IBM Maximo integration for Device Security enables bidirectional exchange to ensure comprehensive asset visibility and automated workflow management. By integrating with IBM Maximo, Device Security can learn about assets and asset details from the Maximo database. Device Security uses that information to enrich the Device Security asset inventory, including creating new assets for devices learned through the IBM Maximo integration.

You can streamline incident response by converting high-priority Device Security alerts and critical vulnerabilities into IBM Maximo service requests. From the Alert and Vulnerability pages, you can create a work order to send an alert or vulnerability to IBM Maximo.

This unified approach ensures your asset inventory remains current, enriches investigations with security context, and reduces the operational overhead of maintaining accurate enterprise records.

Gaining visibility into proprietary patient monitoring networks is often difficult, leaving critical medical assets unmanaged and vulnerable to security risks.

The Philips Focal Point integration with Device Security now automates the discovery and profiling of connected medical devices within your healthcare environment. By directly querying Focal Point servers, this feature retrieves essential identity data, such as hostnames, IP addresses, MAC addresses, and serial numbers. Device Security uses the information it learns to update the Asset Inventory, including creating new records for devices not already in the Asset Inventory. Through the integration with Philips Focal Point, you gain comprehensive visibility into your patient monitoring infrastructure, covering hosts (PIIC systems), access points, controllers, and monitors, without requiring changes to your existing network configuration.

This enhanced visibility enables you to strengthen security policies and accurately assess risk for critical care devices previously hidden from standard discovery methods.

( January 2026 ) Device Security now supports uploading MDS2 files in Microsoft Excel format.

( April 2025 ) We improved the error messages for MDS2 file uploads to make it easier to tell why an MDS2 file upload failed.

Healthcare organizations often collect thousands of Manufacturer Disclosure Statement for Medical Device Safety (MDS2) documents, but the volume of files makes manual analysis difficult and leaves critical security data unused.

Device Security automates the digitization and mapping of MDS2 files directly to your device inventory. By integrating data from MDS2 files into the Device Security device identification and risk analysis process, this capability provides detailed device attributes and more precise, actionable alerts. For example, the system can confirm if a specific software version listed in an MDS2 file matches a known vulnerability.

You can also leverage the MDS2 Community, a shared ecosystem of files verified by security engineers, to reduce the effort of sourcing documents manually. The system automatically prioritizes the best available file for your fleet while allowing you to manage specific versions, ensuring your security posture remains accurate and up to date.

Security teams often struggle to prioritize remediation efforts when vulnerability data is scattered across separate asset management solutions. Manually correlating CVE details with risk scores from disparate tools is time-consuming and can lead to gaps in threat visibility.

Device Security consolidates this context by displaying risk scores and attributes from integrated third-party solutions directly within the Vulnerability Details view. This feature integrates data from vulnerability management and endpoint protection integrations alongside standard Device Security vulnerability information. You can now view CVE attributes specific to third-party solutions, such as proprietary risk scores and patch status, without switching between tools.

By combining vulnerability context from Device Security with CVE details from other vulnerability management tools, you gain a unified view that streamlines prioritization and remediation decisions. This unified view helps you more effectively manage risk across your environment.

( January 2026 ) Device Security now includes information from the European Union’s Medical Device Regulation (EU MDR) for medical device recalls. In the Recalls table, view the Source column to see if the recall comes from EU MDR.

( December 2025 ) When the Medical Device Security vertical is enabled, you can filter the Recalls table by the Source attribute.

( October 2025 ) Device Security now includes information from Germany's Federal Institute for Drugs and Medical Devices (Bundesinstitut für Arzneimittel und Medizinprodukte, BfArM) for medical device recalls. In the Recalls table, view the Source column to see if the recall comes from BfArM.

Manually tracking medical device recalls across multiple regulatory bodies is often a complex, error-prone process that can compromise patient safety and regulatory compliance. Device Security includes a Medical Device Recalls page that helps you identify and respond to recalls for medical devices in your network.

The Medical Device Recalls page provides a centralized view of all recalls for medical devices in your network, including the recall identifier, the recall status, the recall source, and the recalled devices and profiles in your network. You can view the recall source file by clicking on the Recall ID.

This centralized view of recalls helps you maintain regulatory compliance, reduce the operational overhead of manual tracking, and proactively mitigate risks associated with compromised medical equipment.

The Network Discovery plugin introduces multi-threading support for SNMP jobs to improve the time it takes to crawl network switches and discovery endpoints.

Sequential scanning methods in large-scale environments often cause network discovery jobs to run for extended periods or fail due to timeouts. These performance bottlenecks can lead to incomplete data sets and gaps in your network topology visibility.

The Network Discovery plugin now supports parallel SNMP operations to significantly reduce discovery time and ensure reliable data collection. By replacing serialized requests with concurrent SNMP walks, this feature addresses latency issues and shortens the time required to complete network and neighbor discovery jobs.

Device Security now supports using the Strata Cloud Manager API to provision a full-featured Cortex XSOAR server for third-party integrations. When configuring the Palo Alto Networks IoT 3rd Party integration instance for a full-featured Cortex XSOAR deployment, you can configure the instance to use the Strata Cloud Manager API. To do this, select the SCM API option, and then enter the TSG information and API Client ID and Client Secret.