Device Security enables you to secure your connected device environments with
both inbound and outbound policy recommendations. While PAN-OS and
Panorama initially supported only outbound policy recommendations, the
addition of inbound policy recommendations lets you create a more comprehensive
security posture for your IT and IoT devices. Creating policy rule recommendations
based on both outbound and inbound profile behaviors helps prevent
vulnerability exploitation, lateral movement, and other security risks that
outbound policies alone cannot address.
You can now view both inbound and outbound behaviors for device profiles in the UI
and create security policies accordingly. For outbound behaviors, the source is the
IT/IoT device profile, while the destination can be any.
For inbound behaviors, you can now set the source as any,
and the destination is the IT/IoT device profile. This symmetrical approach
lets you control both what your IT/IoT devices can access, as well as what
other enterprise sources can access your IT/IoT devices, implementing a true
Zero Trust security model.
The policy recommendation workflow supports both per-device and per-profile levels,
giving you flexibility in how you implement security policies. When creating
policies, you can specify source and destination attributes including
device profiles, IP addresses, and FQDNs. The naming convention for policies
intelligently selects the appropriate profile name (whether in source or
destination) to ensure clarity in your policy set. For policy rule recommendations
based on inbound profile behaviors, the name has "-inbound" appended.
By leveraging both inbound and outbound policy recommendations, you can
significantly reduce your attack surface by allowing only trusted behaviors for
your IT/IoT devices. This is particularly valuable for securing critical
infrastructure and sensitive device deployments where you need to control both
inbound and outbound traffic.
