(April 2025) Device Security added many other risk factor options when customizing risk scores. You can view Other Risk Factors on the Device Details page. This lets you see the details of the other risk factors, their risk types, and the default matching rule used to determine which devices the other risk factors affect.

Device Security provides a risk framework to understand and manage risks within your network of IoT devices. The Device Security risk scoring algorithm accounts for vulnerability threat metrics and for additional risk factors and asset criticality. The asset risk score breakdown displays all relevant risks (alerts, vulnerabilities, and other risk factors), along with their individual scores and the asset's criticality contribution.

Risk scoring customization lets you to tailor your Device Security risk assessment framework to match your organization's security posture and risk tolerance. By adjusting various risk factors, you can create a more accurate representation of your environment's security risks.

You can customize how vulnerabilities and security alerts affect risk scores, helping you prioritize vulnerabilities and alert severities based on their relevance to your environment. Beyond vulnerability and alerts, you can customize other risk factors, such as system status, and you can customize asset criticality weights to define how much a device's importance amplifies its risk score.

Compensating controls represent an important aspect of risk score customization, providing a way for you to account for mitigation you've implemented that reduces actual real risks. Compensating controls account for things such as endpoint protection, or joining devices to Active Directory. These controls adjust device risk scores by reducing the risk score of vulnerabilities, thereby more accurately reflecting your security posture.

You can manage risk score customization. From the Risk Score Configuration page, you can adjust all risk factors and create compensating control types. For specific devices, you can view and manage compensating controls directly from the Device Details page. Regular review of these settings ensures your risk assessment remains relevant as your environment evolves.

Device Security supports integrating with Cortex XDR directly through the Cortex XDR API, and does not require a Third-Party Integration Add-on License. The API integration learns the same information as the integration through Cortex XSOAR, although with additional attributes for OS, hostname, serial number, and vendor. You can configure the Cortex XDR API integration by going to IntegrationsCortex XDR Integration in the Device Security portal.

Device Security supports integrating with IGEL Universal Management Suite (UMS) to cover visiblity gaps between devices and network traffic. When integrating with IGEL UMS, Device Security can learn about devices and endpoints from IGEL UMS. Device Security retrieves detailed device information from IGEL UMS and uses that information to enrich device information in the Device Security assets inventory. Device Security also creates new devices in the asset inventory for devices learned through the IGEL UMS integration. By correlating this endpoint data with existing network traffic analysis, you gain more visibility into IGEL-managed devices. This enhanced visibility improves asset inventory accuracy, streamlines security compliance reporting, and enables more effective vulnerability management.

Device Security supports integrating with Cisco Spaces to learn about Wi-Fi and switch-connected devices, including about their physical locations. Device Security retrieves device details and creates new devices for assets learned from Cisco Spaces. Through the integration, you can identify a device’s physical location on a floor plan by navigating to Device DetailsDevice Location and viewing the Device Location Map. When the Cisco Spaces integration is enabled, you can also view all devices by floorplan by navigating to AssetsLocation.

When creating alert suppression rules, you now have the flexibility to specify hostname or traffic patterns as matching criteria. You can also specify if alerts need to match all defined criteria, instead of just any defined criteria, for Device Security to suppress related alerts. You can create new alert suppression rules from the Alerts inventory of the Alert Details page.

(January 2026) Device Security now supports uploading MDS2 files in Microsoft Excel format.

(April 2025) We improved the error messages for MDS2 file uploads to make it easier to tell why an MDS2 file upload failed.

Healthcare organizations often collect thousands of Manufacturer Disclosure Statement for Medical Device Safety (MDS2) documents, but the volume of files makes manual analysis difficult and leaves critical security data unused.

Device Security automates the digitization and mapping of MDS2 files directly to your device inventory. By integrating data from MDS2 files into the Device Security device identification and risk analysis process, this capability provides detailed device attributes and more precise, actionable alerts. For example, the system can confirm if a specific software version listed in an MDS2 file matches a known vulnerability.

You can also leverage the MDS2 Community, a shared ecosystem of files verified by security engineers, to reduce the effort of sourcing documents manually. The system automatically prioritizes the best available file for your fleet while allowing you to manage specific versions, ensuring your security posture remains accurate and up to date.