IoT Security is an on-demand cloud subscription
service designed to discover and protect the growing number of connected
“things” on your network. Unlike IT devices such as laptop computers
that perform a wide variety of tasks, IoT devices tend to be purpose-built
with a narrowly defined set of functions. As a result, IoT devices
generate unique, identifiable patterns of network behavior. IoT
Security recognizes these behaviors and identifies every device
on the network, creating a rich, context-aware inventory that’s
dynamically maintained and always up to date. IoT Security then
uses those behaviors and identities to automatically generate security
policy recommendations that allow IoT devices to continue doing
normal network activities while blocking any unusual activities.
Panorama or next-generation firewalls can then import and enforce
these policies.
In PAN-OS 8.1, PAN-OS 9.0, and PAN-OS 9.1, the usefulness of
IoT Security is primarily IoT device visibility. IoT Security applies
machine learning and AI to discover and identify connected devices
and then presents them in a dynamically generated inventory. Although
you can generate policy recommendations in IoT Security, they must
be manually imported into firewalls running these PAN-OS versions.
PAN-OS 10.0 introduces a new concept for policy enforcement:
Device-ID. Device-ID is the mapping
of an IP address to an IoT device identified by IoT Security. These IP
address-to-device mappings are then automatically pushed to firewalls
or Panorama for use as sources and destinations in security policies.
To use IoT Security, you must have a valid IoT Security subscription license.