Enterprise Device Security
Seamlessly protect all devices across managed unmanaged and IoT

Precision AI

Precision AI® leverages machine learning, deep learning and generative AI to analyze rich and diverse threat data to deliver real-time protection for the entire network.

Device Security Delivers Aggregated Visibility, Risk Prioritization, and Proactive Mitigation for All Assets

To enable teams to move faster, make smarter decisions, and do more with less, Device Security provides a comprehensive, actionable approach to help organizations gain visibility and secure their entire attack surface. Our AI-first security platform enables security teams to improve security outcomes with simplified operations and a reduced total cost of ownership.

Aggregated Device Visibility

Device Security goes beyond mere discovery to provide aggregated visibility with over 1,600 identity and posture attributes for all connected devices—including managed IT, unmanaged BYOD, and IoT/OT. Asset discovery is powered by a three-tier machine learning model that both passively processes and actively collects network traffic. Device Security also enriches asset data from a diverse set of sources, including a large language model knowledge base and telemetry from leading endpoint detection, mobile device management (MDM), and vulnerability management systems. This comprehensive dataset eliminates blind spots and provides a single, unified view for comprehensive security posture insights.

Risk Assessment and Prioritization

Without effective prioritization, critical risks can become buried. Device Security reduces time spent triaging risks by 90% with multifactor risk scoring. It considers factors like severity (Common Vulnerability Scoring System [CVSS] or Exploit Prediction Scoring System [EPSS]), asset criticality, business impact, exploitation status, compensating control, and user-defined custom factors. This way, security teams can focus on the highest-priority risks that matter within their business context.

Proactive Risk Mitigation

Seeing the problem isn’t enough. Teams need the ability to act. Device Security enables and recommends risk-adaptive Layer 7 policies based on a device’s unique identity, risk posture, and unique behaviors relative to crowdsourced baselines from over 17 million devices. For unpatchable vulnerabilities—for example, due to a lack of vendor support, operational downtime, or system compatibility—Device Security provides guided virtual patching in Strata™ Cloud Manager using Palo Alto Networks industry-leading Advanced Threat Prevention signatures.

Continuous Monitoring

To keep pace with the rapidly evolving threat landscape, organizations need the ability to catch threats in real time. Device Security continuously monitors all device traffic and uses machine learning to develop and continuously reevaluate device behavioral baselines against both contextspecific and crowdsourced (across more than 3,500 customers) baselines. When malicious, anomalous, or high-risk behaviors are observed, Device Security generates alerts, providing 24/7 monitoring across the entire network.

Use Cases: Identify and Mitigate Risks Across Devices

Today’s enterprise environments include a mix of managed, unmanaged, and special purpose IoT/ OT assets. These assets include company-issued laptops, unmanaged shadow-IT servers, legacy routers, and devices for which security was never seriously considered, such as an IoT air quality monitor. Each presents its own unique security challenges, and requires a unique approach to managing risk. The following use cases show how Device Security helps teams reduce risk, increase control, and respond faster across all of these environments.

Secure Managed Devices: Close the Gaps in Your Device Coverage

Even in well-managed environments, gaps often emerge when endpoint tools are inconsistently deployed or policies drift across business units. Devices might be missing EDR agents, running outdated configurations, or excluded from vulnerability scans. These issues are hard to catch when asset and risk data are siloed across dozens of systems. Device Security builds a comprehensive profile for every connected device using over 1,600 identity and posture attributes. It continuously monitors assets and aggregates telemetry from integrated endpoint detection, MDM, and vulnerability management systems. Multifactor risk prioritization factors in CVSS, EPSS, asset criticality, business impact, and compensating controls, highlighting the risks that matter most.

Through aggregated asset visibility and comprehensive risk prioritization, security teams can quickly identify the most impactful compliance gaps and take immediate action through risk-adaptive Device-ID policies or trigger enforcement directly within existing tools via Cortex XSOAR or the NGFW. Device Security saves teams weeks of manual effort in identifying gaps. It also automates the process of triaging and remediating risks, enabling security teams to spend less time tracking down risk instances and more time on strategic security initiatives

Secure Unmanaged Devices: Discover and Control Shadow IT

Unmanaged or unauthorized devices, such as personal laptops, rogue access points, and contractor-owned systems, often connect to enterprise networks without visibility or control. These assets bypass standard security controls and introduce hidden risks.

Device Security uses machine learning-based discovery and enriched metadata from multiple data sources to uncover every device connected to the network, including those outside formal IT management. It also builds a behavioral and risk profile for each device and recommends identity-aware segmentation policies that can be enabled on our NGFWs using Device-ID. Continuous traffic monitoring detects anomalous or high-risk behavior, with alerts generated in real time. Teams can quickly identify and contain risks from unmanaged devices with risk-adaptive Device-ID policies until they are secured or removed, eliminating shadow IT exposure risks.

Secure IoT/OT Devices: Protect Devices Using Insecure Protocols or Unsupported Systems

Many operational environments rely on specialized devices that use insecure protocols, like the Server Message Block (SMB) protocol, or run outdated, unsupported operating systems. These systems often cannot be patched due to vendor limitations, operational constraints, or the risk of disruption. Without proper controls in place, these assets introduce persistent exposure risks.

Device Security identifies these devices and continuously monitors their traffic to establish and refine behavioral baselines. It alerts security teams when deviations or malicious patterns are observed, using both local context and crowdsourced baselines across more than 16 million devices. Layer 7 Device-ID policies enable organizations to define least-privilege policies based on App-ID™ and destination. Guided virtual patching enables organizations to natively mitigate risks from unpatchable vulnerabilities. Both controls help teams contain threats without costly or disruptive device updates.

Best-in-class IPS

Decrease risk by 45% and get a return on spend in six months versus stand-alone network threat protection.

Documentation:

Download the Enterprise Device Security Datasheet (PDF).