IoT Security is an on-demand cloud subscription service designed to discover and protect the growing number of connected “things” on your network. Unlike IT devices such as laptop computers that perform a wide variety of tasks, IoT devices tend to be purpose-built with a narrowly defined set of functions. As a result, IoT devices generate unique, identifiable patterns of network behavior. IoT Security recognizes these behaviors and identifies every device on the network, creating a rich, context-aware inventory that’s dynamically maintained and always up to date. IoT Security then uses those behaviors and identities to automatically generate security policy recommendations that allow IoT devices to continue doing normal network activities while blocking any unusual activities. Panorama or next-generation firewalls can then import and enforce these policies.

In PAN-OS 8.1, PAN-OS 9.0, and PAN-OS 9.1, the usefulness of IoT Security is primarily IoT device visibility. IoT Security applies machine learning and AI to discover and identify connected devices and then presents them in a dynamically generated inventory. Although you can generate policy recommendations in IoT Security, they must be manually imported into firewalls running these PAN-OS versions.

PAN-OS 10.0 introduces a new concept for policy enforcement: Device-ID. Device-ID is the mapping of an IP address to an IoT device identified by IoT Security. These IP address-to-device mappings are then automatically pushed to firewalls or Panorama for use as sources and destinations in security policies.

To use IoT Security, you must have a valid IoT Security subscription license.