: Data Quality Diagnostics
Focus
Focus

Data Quality Diagnostics

Table of Contents

Data Quality Diagnostics

Check the quality of data IoT Security is receiving about devices on the network.
The quality of the network data that firewalls process and forward to the logging service directly impacts the quality of analysis that IoT Security is able to make. The AdministrationData Quality page is where you can see the quality of data that IoT Security has to work with. Two key factors are IP endpoints and low-confidence devices.
IP endpoints are devices without a unique identifier, making them untrackable over time. When IoT Security cannot locate a unique device identifier for a device, it categorizes it as an IP endpoint. This typically happens when IoT Security knows the IP address but not MAC address of a device through DHCP or ARP, and when IoT Security knows the IP address of a device but its device profile isn't stable enough to classify it as a static IP device. In the first case, the MAC address is the unique identifier for a DHCP client. In the second case, the IP address is the unique identifier for a static IP device if its profile is stable enough to show that the IP address isn't shifting among different DHCP clients.
Low-confidence devices are devices that IoT Security can identify with a confidence level under 70%. One of the fundamental services that IoT Security provides is identifying network-connected devices and assigning device profiles to them. It considers a host of factors throughout this process and creates a confidence score for each identification. The score is a number between 0-100, with 100 being the most confident. The confidence level is important because IoT Security only sends a firewall an IP address-to-device mapping if the confidence score for a device identity is high (90-100%), and if it has sent or received traffic within the past hour.
A confidence score indicates the level of confidence IoT Security has in its identification of a device. IoT Security has three confidence levels based on calculated confidence scores: high (90-100%), medium (70-89%), and low (0-69%).
When firewalls forward fewer data logs to the logging service for IoT Security to analyze, it tends to identify devices less confidently. On the other hand, when firewalls forward more logs to the logging service, the more confidently IoT Security can identify devices and the more thoroughly it can baseline their behaviors. This results in higher device identity confidence scores.
This page shows the number of IP endpoints and low-confidence devices on the network and the percent of devices that fall into these two categories in relation to the overall number of devices on the network. You can infer the quality of device data that IoT Security is receiving from these numbers, which are taken from all devices over the last 30 days.
Each deployment has its unique characteristics and your reason for using IoT Security will determine the acceptable percent of IP endpoints and low-confidence devices on the network. For example, if your goal is to discover, identify, and protect only IoT devices, you might only use IoT Security with one or two firewalls near them. In this case, an acceptable percentage of IP endpoints and low-confidence devices would be fairly close to the percentage of non-IoT devices on the network. In short, consider what your goal is and use the data here to see how close you are to it. If there are more IP endpoints and low-confidence devices than you would like on your network, consider the recommendations offered on the page and follow those you think will reduce these numbers.
It’s good practice to check Data Quality Diagnostics weekly for the first few months after deployment to make sure IoT Security is getting the data it needs to identify devices and, if not, make adjustments as needed. After you’re satisfied, return periodically for spot checks and as follow-up whenever there are changes to the network.