IoT Security
Configure IoT Networks
Table of Contents
Expand All
|
Collapse All
IoT Security Docs
-
-
- Firewall Deployment Options for IoT Security
- Use a Tap Interface for DHCP Visibility
- Use a Virtual Wire Interface for DHCP Visibility
- Use SNMP Network Discovery to Learn about Devices from Switches
- Use Network Discovery Polling to Discover Devices
- Use ERSPAN to Send Mirrored Traffic through GRE Tunnels
- Use DHCP Server Logs to Increase Device Visibility
- Control Allowed Traffic for Onboarding Devices
- Support Isolated Network Segments
-
Configure IoT Networks
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
IoT Security combines networks and sites to create a comprehensive model of your
organization's network topology. This integrated approach enhances device discovery,
classification, and risk assessment capabilities.
Networks
form the foundation, representing logical groupings of IP subnets that align
with your network infrastructure. IoT Security learns about your networks by
observing firewall traffic, IPAM integrations, SNMP crawls, and manual user subnet
upload. IoT Security also creates CIDR blocks where appropriate based on
discovered subnets. You can define network segments
within these networks to further refine device organization and policy application when
different sites use overlapping IP addresses. This granular approach allows you to group
devices with similar functions or security requirements, enabling more precise control
over your IoT environment.
Sites
overlay your network architecture, representing physical locations or logical
groupings of your infrastructure. The site hierarchy facilitates efficient multi-site
management and location-specific policy implementation. You can create parent sites for
larger entities like countries or regions, and child sites for specific locations such
as individual offices or campuses. This structure mirrors your organization's layout,
making it easier to manage devices across diverse geographical or organizational
boundaries.
By integrating networks and sites, IoT Security develops an understanding of your
network topology. This comprehensive view enables more accurate device discovery, as the
system can identify devices in context of their network and site location. It also
facilitates precise classification, taking into account the device's network segment and
site-specific characteristics.
IoT Security automatically maps discovered devices to sites based on their network
location. This automatic mapping streamlines device management and ensures that security
policies consider both network segmentation and physical or logical location.
IoT Security can evaluate device risks by assessing factors such as network
exposure, site-specific threats, and the device's role within its segment. This
contextual risk assessment allows you to prioritize security measures more effectively.
Furthermore, this integrated model allows for targeted policy enforcement. Using
Device-ID, you can apply
security policies based on a combination of network, segment, and site parameters,
ensuring that devices receive appropriate protections regardless of their location or
network position.
The flexibility of this approach accommodates various network architectures and
organizational structures. Whether you manage a single office or a global enterprise
with multiple sites and complex network segmentation, IoT Security adapts to and
helps secure your specific topology.