New Features - Device Security - October 2025

Device Security supports integrating with ManageEngine Endpoint Central to learn about endpoints and vulnerabilities from ManageEngine . Device Security can retrieve device details or vulnerabilities from ManageEngine, and it uses that information to enrich the Device Security inventories and risk visibility. Device Security also creates new devices in the assets inventory for devices learned through the ManageEngine integration.

Device Security supports integrating with SentinelOne Singularity Endpoint to learn about endpoints and vulnerabilities from SentinelOne . Device Security can retrieve device details or vulnerabilities from SentinelOne Singularity, and it uses that information to enrich the Device Security inventories and risk visibility. Device Security also creates new devices in the assets inventory for devices learned through the SentinelOne integration.

Device Security supports integrating with Siemens Industrial Asset Hub to learn about devices managed by Siemens Industrial Asset Hub . Device Security can retrieve device details from Siemens and use that information to enrich the Device Security inventory. Device Security also creates new devices in the assets inventory for devices learned through the Siemens Industrial Asset Hub integration.

Device Security can now learn additional information when integrated with Microsoft SCCM. When configuring the integration instance, you can choose to have Device Security learn the following information:

• Installed software
• Windows updates
• BitLocker data

( January 2026 ) Device Security now includes information from the European Union’s Medical Device Regulation (EU MDR) for medical device recalls. In the Recalls table, view the Source column to see if the recall comes from EU MDR.

( December 2025 ) When the Medical Device Security vertical is enabled, you can filter the Recalls table by the Source attribute.

( October 2025 ) Device Security now includes information from Germany's Federal Institute for Drugs and Medical Devices (Bundesinstitut für Arzneimittel und Medizinprodukte, BfArM) for medical device recalls. In the Recalls table, view the Source column to see if the recall comes from BfArM.

Manually tracking medical device recalls across multiple regulatory bodies is often a complex, error-prone process that can compromise patient safety and regulatory compliance. Device Security includes a Medical Device Recalls page that helps you identify and respond to recalls for medical devices in your network.

The Medical Device Recalls page provides a centralized view of all recalls for medical devices in your network, including the recall identifier, the recall status, the recall source, and the recalled devices and profiles in your network. You can view the recall source file by clicking on the Recall ID.

This centralized view of recalls helps you maintain regulatory compliance, reduce the operational overhead of manual tracking, and proactively mitigate risks associated with compromised medical equipment.

( October 2025 ) The Network Discovery plugin version 2.2.3 introduces an enhancement for SNMP crawling to skip IP phones. This helps improve runtime and performance for an SNMP crawl. Version 2.2.3 also includes a number of addressed issues to improve runtime performance and results. See Known Issues in Network Discovery 2.2 for a full list of addressed issues. The Network Discovery plugin version 3.0.1 includes the same functionality as Network Discovery 2.2.3 for firewalls running PAN-OS 12.1.2 and later.

( August 2025 ) The Network Discovery plugin version 2.2.2 includes a number of addressed issues to improve runtime performance and results output. See Known Issues in Network Discovery 2.2 for a full list of addressed issues.

( July 2025 ) The Network Discovery plugin version 2.2.1 includes a number of addressed issues to improve configuration and runtime performance. See Known Issues in Network Discovery 2.2 for a full list of addressed issues.

When creating an Advanced Device-ID object in Device Security, you can now select from all device attributes for the matching criteria. This includes using third-party device attributes for the matching criteria. While you can select from all device attributes, you can only include up to 30 attributes for each Device-ID object, and you can't cross-reference to alert or vulnerability attributes. To take advantage of this expanded support for device attributes, your firewalls receiving Device Context (verdicts) must be running PAN-OS 12.1.2 or later, and you must enable Advanced Device-ID.

Device Security adds a new System-created Custom Attribute called Managed Status . You can edit the Value Rule for Managed Status to automate when and which devices should automatically be marked as managed or unmanaged. Unlike other custom attributes, you can define the Managed Status attribute with saved queries or saved filters. To view and customize the Managed Status custom attribute, visit the Custom Attributes page in Device Security in Strata Cloud Manager .

Device Security now supports adding third-party integration instances to network segments. You can configure network segments with third-party integration instances, firewalls, or both. By adding third-party integration instances to network segments, you ensure that devices and attributes learned from third-parties are mapped correctly in instances where you may have overlapping IP addresses in your network.

Device Security now generates daily system alerts as System Event when third-party integration jobs fail. If jobs run multiple times a day, the system alert only happens if more than 50% of jobs fail. To get email notifications about the system alerts, update the setting under System Event Notifications Configuration in Device Security in Strata Cloud Manager .