New Features in September 2025
Focus
Focus
Device Security

New Features in September 2025

Table of Contents

New Features in September 2025

Review the new features introduced in Device Security in September 2025.
Where Can I Use This?What Do I Need?
  • Device Security (Managed by Strata Cloud Manager)
  • (Legacy) IoT Security (Standalone portal)
One of the following subscriptions:
  • Device Security subscription for an advanced Device Security product (Enterprise, OT, or Medical)
  • Device Security X subscription
The following new features and enhancements were introduced for Device Security in September 2025.
New Features
Controller Configuration and Inventory Files Support
Device Security extended support for parsing device configuration files to include:
  • Mitsubishi MELSOFT Series GX Works2 files (.gxw)
  • Emerson DeltaV Explorer files (.fhx)
Vulnerability signatures
The Device Security Research team added detections for 403 vulnerabilities this month. Of the 403 vulnerabilities, 18 of them had a critical CVSS score. You can see a complete list of the CVEs for which detections have been added at Vulnerability Signatures in 2025.
Dictionary file update
There were four dictionary file updates in September 2025. The following summarizes what was added in each update:
  • September 04 update – 6 new profiles, 20 new OSes, and 57 new models
  • September 10 update – 28 new profiles and 31 new models
  • September 17 update – 9 new profiles
  • September 24 update – 5 new profiles and 39 new models

Inbound Policy Rule Recommendations for Device Security

September 2025
  • Introduced in PAN-OS 11.1.11
Device Security enables you to secure your connected device environments with both inbound and outbound policy recommendations. While PAN-OS and Panorama initially supported only outbound policy recommendations, the addition of inbound policy recommendations lets you create a more comprehensive security posture for your IT and IoT devices. Creating policy rule recommendations based on both outbound and inbound profile behaviors helps prevent vulnerability exploitation, lateral movement, and other security risks that outbound policies alone cannot address.
You can now view both inbound and outbound behaviors for device profiles in the UI and create security policies accordingly. For outbound behaviors, the source is the IT/IoT device profile, while the destination can be any. For inbound behaviors, you can now set the source as any, and the destination is the IT/IoT device profile. This symmetrical approach lets you control both what your IT/IoT devices can access, as well as what other enterprise sources can access your IT/IoT devices, implementing a true Zero Trust security model.
The policy recommendation workflow supports both per-device and per-profile levels, giving you flexibility in how you implement security policies. When creating policies, you can specify source and destination attributes including device profiles, IP addresses, and FQDNs. The naming convention for policies intelligently selects the appropriate profile name (whether in source or destination) to ensure clarity in your policy set. For policy rule recommendations based on inbound profile behaviors, the name has "-inbound" appended.
By leveraging both inbound and outbound policy recommendations, you can significantly reduce your attack surface by allowing only trusted behaviors for your IT/IoT devices. This is particularly valuable for securing critical infrastructure and sensitive device deployments where you need to control both inbound and outbound traffic.

Log Viewer for Device Details Page

For customers with Strata Logging Service, Device Security in Strata Cloud Manager introduces a Log Viewer on the Device Details page. The Log Viewer displays the 10 most recent logs for the device. You can filter the displayed log by time range and traffic direction. Access the Log Viewer under Device SecurityAssetsInventoryDevice DetailsBehaviorsLog Viewer. From the Log Viewer on the Device Details page, you can also go to All Traffic Logs, which takes you to the Strata Cloud Manager Log Viewer.

API Search Support for Multi-Interface Devices

You can find devices and multi-interface devices when querying for devices using the Device Security API. Use the Device Search API to find (multi-interface) devices in your assets inventory when searching by IP address or MAC address. This API can only be used with Device Security in Strata Cloud Manager, and it isn't supported by the legacy IoT Security portal.