Data Quality Diagnostics
Table of Contents
Expand all | Collapse all
-
- Firewall and PAN-OS Support of IoT Security
- IoT Security Prerequisites
- Onboard IoT Security
- Onboard IoT Security on VM-Series with Software NGFW Credits
-
- DHCP Data Collection by Traffic Type
- Firewall Deployment Options for IoT Security
- Configure a Pre-PAN-OS 10.0 Firewall with a DHCP Server
- Configure a Pre-PAN-OS 10.0 Firewall for a Local DHCP Server
- Use a Tap Interface for DHCP Visibility
- Use a Virtual Wire Interface for DHCP Visibility
- Use SNMP Network Discovery to Learn about Devices from Switches
- Use Network Discovery Polling to Discover Devices
- Use ERSPAN to Send Mirrored Traffic through GRE Tunnels
- Use DHCP Server Logs to Increase Device Visibility
- Plan for Scaling when Your Firewall Serves DHCP
- Prepare Your Firewall for IoT Security
- Configure Policies for Log Forwarding
- Control Allowed Traffic for Onboarding Devices
- Support Isolated Network Segments
- IoT Security Integration with Prisma Access
- IoT Security Licenses
- Offboard IoT Security Subscriptions
-
- Introduction to IoT Security
- IoT Security Integration with Next-generation Firewalls
- IoT Security Portal
- Vertical-themed Portals
- Device-to-Site Mapping
- Sites and Site Groups
- Networks
- Network Segments Configuration
- Reports
- IoT Security Integration Status with Firewalls
- IoT Security Integration Status with Prisma Access
- Data Quality Diagnostics
- Authorize On-demand PCAP
- IoT Security Integrations with Third-party Products
- IoT Security and FedRAMP
Data Quality Diagnostics
Check the quality of data IoT Security is receiving about
devices on the network.
The quality of the network data that firewalls process and forward to the logging service
directly impacts the quality of analysis that IoT Security is able to make. The AdministrationData Quality page is where you can see the quality of data that IoT Security has to
work with. Two key factors are IP endpoints and low-confidence devices.
IP endpoints are devices without a unique identifier, making
them untrackable over time. When IoT Security cannot locate a unique device
identifier for a device, it categorizes it as an IP endpoint. This
typically happens when IoT Security knows the IP address but not
MAC address of a device through DHCP or ARP, and when IoT Security
knows the IP address of a device but its device profile isn't stable
enough to classify it as a static IP device. In the first case,
the MAC address is the unique identifier for a DHCP client. In the
second case, the IP address is the unique identifier for a static
IP device if its profile is stable enough to show that the IP address
isn't shifting among different DHCP clients.
Low-confidence devices are devices that IoT Security can identify
with a confidence level under 70%. One of the fundamental services that
IoT Security provides is identifying network-connected devices and
assigning device profiles to them. It considers a host of factors throughout
this process and creates a confidence score for each identification.
The score is a number between 0-100, with 100 being the most confident.
The confidence level is important because IoT Security only sends
a firewall an IP address-to-device mapping if the confidence score
for a device identity is high (90-100%), and if it has sent or received
traffic within the past hour.
A confidence score indicates the level of confidence IoT Security has in its identification of a device. IoT Security has three
confidence levels based on calculated confidence scores: high (90-100%),
medium (70-89%), and low (0-69%).
When firewalls forward fewer data logs to the logging service
for IoT Security to analyze, it tends to identify devices less confidently. On
the other hand, when firewalls forward more logs to the logging
service, the more confidently IoT Security can identify devices
and the more thoroughly it can baseline their behaviors. This results
in higher device identity confidence scores.
This page shows the number of IP endpoints and low-confidence
devices on the network and the percent of devices that fall into
these two categories in relation to the overall number of devices
on the network. You can infer the quality of device data that IoT Security is receiving from these numbers, which are taken from all
devices over the last 30 days.
Each deployment has its unique characteristics and your reason
for using IoT Security will determine the acceptable percent of
IP endpoints and low-confidence devices on the network. For example,
if your goal is to discover, identify, and protect only IoT devices,
you might only use IoT Security with one or two firewalls near them.
In this case, an acceptable percentage of IP endpoints and low-confidence devices
would be fairly close to the percentage of non-IoT devices on the
network. In short, consider what your goal is and use the data here
to see how close you are to it. If there are more IP endpoints and
low-confidence devices than you would like on your network, consider the
recommendations offered on the page and follow those you think will
reduce these numbers.
It’s good practice to check Data Quality Diagnostics weekly
for the first few months after deployment to make sure IoT Security
is getting the data it needs to identify devices and, if not, make
adjustments as needed. After you’re satisfied, return periodically for
spot checks and as follow-up whenever there are changes to the network.