Device Profile Overview
Table of Contents
Expand all | Collapse all
-
- Firewall and PAN-OS Support of IoT Security
- IoT Security Prerequisites
- Onboard IoT Security
- Onboard IoT Security on VM-Series with Software NGFW Credits
-
- DHCP Data Collection by Traffic Type
- Firewall Deployment Options for IoT Security
- Configure a Pre-PAN-OS 10.0 Firewall with a DHCP Server
- Configure a Pre-PAN-OS 10.0 Firewall for a Local DHCP Server
- Use a Tap Interface for DHCP Visibility
- Use a Virtual Wire Interface for DHCP Visibility
- Use SNMP Network Discovery to Learn about Devices from Switches
- Use Network Discovery Polling to Discover Devices
- Use ERSPAN to Send Mirrored Traffic through GRE Tunnels
- Use DHCP Server Logs to Increase Device Visibility
- Plan for Scaling when Your Firewall Serves DHCP
- Prepare Your Firewall for IoT Security
- Configure Policies for Log Forwarding
- Control Allowed Traffic for Onboarding Devices
- Support Isolated Network Segments
- IoT Security Integration with Prisma Access
- IoT Security Licenses
- Offboard IoT Security Subscriptions
-
- Introduction to IoT Security
- IoT Security Integration with Next-generation Firewalls
- IoT Security Portal
- Vertical-themed Portals
- Device-to-Site Mapping
- Sites and Site Groups
- Networks
- Network Segments Configuration
- Reports
- IoT Security Integration Status with Firewalls
- IoT Security Integration Status with Prisma Access
- Data Quality Diagnostics
- Authorize On-demand PCAP
- IoT Security Integrations with Third-party Products
- IoT Security and FedRAMP
Device Profile Overview
IoT Security summarizes the network behaviors and security
risks of IoT devices in the same device profile.
To access the Overview page of a device profile, select AssetsProfiles >
profile_name
> Overview.
The Overview page displays data about the devices in this profile. The data is drawn only from
IoT devices with high confidence scores of 90-100%; that is, devices that IoT Security has identified with a high degree of confidence. If the number of
high-confidence devices is less than 50%, consider using the recommendations provided on
the Data Quality Diagnostics page (AdministrationData Quality) to increase the number of high-confidence devices in the profile.
Time filter – The time filter controls the data displayed
on the Overview page by the number of high-confidence devices in
the profile that were active on the network during the past 1 Day
(past 24 hours up until now), past 1 Week, or past 1 Month. Clicking
the Reset filter icon (
) sets it to 1 Day.
The time filter only affects the display of high-confidence
devices in the local network, not that of all devices.
Summary bar – The profile summary across the top of the
Overview page concisely presents important information about the
devices in the profile: the overall number of devices, the number
of high-confidence devices, the risk score for this device profile
(for risk assessment details, see IoT Risk Assessment), the number
of alerts and vulnerabilities of the high-confidence devices, and
the number of policy sets configured for this profile.
You can configure multiple policy sets for the same profile
but only one of them can be activated at a time.
Below the summary are several sections about key aspects of the
device profile and related risk factors. IoT Security produces this
information by using machine learning to observe and analyze the
network activity of all the high-confidence devices in the profile.
It then compares the information about your devices with those in
the same device profile in other IoT Security tenant networks to
give you a sense of how your device behaviors and risk levels match
up with others.
Profile Behavior – This shows the different types of outbound
and inbound behavior of the high-confidence devices. Switch between
the two behaviors by clicking Outbound and Inbound.
IoT Security compares the applications that the high-confidence
devices in this profile use during the time range set at the top
of the page with the applications that devices in the same profile
use in other IoT Security tenants. The time filters are 1 Day, 1
Week, or 1 Month. It then shows how many applications were observed
in other tenants’ environments only (common, not locally observed),
in both your and other tenants’ environments (common, locally observed),
and in your environment only (unique applications).
Most Common Alerts for
profile_name – This lists up to five of the most common security alerts raised by
devices in this device profile across multiple IoT Security tenants and their
severity levels. The number of alerts raised by your devices is also shown in the column
labeled Your Alerts.
Top Vulnerabilities in for profile_name – This lists up to five of the top
vulnerabilities affecting devices in this device profile across multiple IoT Security tenants and their severity levels. The number of vulnerability
instances in your network environment is also shown in the column labeled Your
Vulnerability Instances.
Risk Score – This shows the risk score for the device
profile in relation to the overall range and to the average of all
IoT Security tenants with the same profile. This helps you see the
level of risk for your devices relative to the average level of
other IoT Security tenants.
In the following screen capture, the range extends from 10 to
89, which are the lowest and highest risk scores for this device
profile among all IoT Security tenants, and the average risk score
is 13. With a local risk score of 74, you might consider addressing
some threats to reduce risk and lower the score away from the high
end of the range.