Because Device Security requires network traffic data for analysis, you must enable firewalls to forward logs with that data to a cloud logging service that Device Security can access. Depending on the subscription license type that you have, you can activate or associate Strata Logging Service when activating Device Security.
License subscriptions:
1. Enterprise Device Security, Medical, or OT Subscription License
Per-firewall basis
2. Device Security X Subscription License
Per-device basis
License type
- Enterprise, Medical, or OT Device Security Doesn't Require Data Lake (DRDL) - when you don't need to store streaming logs in a data lake
- Enterprise, Medical, or OT Device Security (with Data Lake) - when you have Strata Logging Service and want to store the streaming logs
How This Works Without SLS License
- Cloud Logging is still enabled on the firewall — you must enable it even with DRDL
- The firewall forwards EALs to the Strata Logging Service ingestion endpoint
- Strata Logging Service streams these logs directly to Device Security for real-time analysis
- No storage occurs in Strata Logging Service — logs pass through but are not retained
Here's a breakdown of the Palo Alto Networks IoT/Device Security subscription types, based on current documentation:
Palo Alto Networks Device Security (IoT) — Subscription Types
1. Device Security Subscription (per-firewall)
Comes in three vertical flavors — all licensed per firewall:
- Enterprise Device Security — for general enterprise IoT devices (office IoT, wearables, printers, etc.)
- Medical Device Security (IoMT) — for healthcare environments (imaging devices, infusion pumps, patient monitors, diagnostic equipment)
- OT Device Security — for operational technology / industrial environments (ICS, SCADA, manufacturing)
Each of these comes in two data lake variants:
| Variant | Data Lake Required? |
|---|---|
| Standard (with Data Lake) | Yes — requires Strata Logging Service |
| Doesn't Require Data Lake (DRDL) | No — no Strata Logging Service needed |
These per-firewall licenses are supported with next-generation firewalls, VM-Series, CN-Series, and Prisma Access.
2. Device Security X Subscription (per-device)
This subscription provides individual licenses for each device learned by Device Security, regardless of how many firewalls or VM-Series VMCs stream logs to it. It's suited for organizations where device count is more predictable than firewall count.
Device Security X is supported with next-generation firewalls, VM-Series, and CN-Series, as well as VM-Series bootstrapped in virtual metadata collector (VMC) mode.
Key Notes
- Using Strata Logging Service requires a Premium Support license or better.
- Trial/eval licenses are available for 60 days, extendable in 30-day increments through a Palo Alto sales rep.
- You cannot convert between a per-firewall and per-device (X) license type.
- Device Security requires firewalls to forward logs with network traffic data to a cloud logging service for analysis.
In summary, the main decision points are:
- Vertical — Enterprise, Medical, or OT
- Data lake — with Strata Logging Service or DRDL
- Licensing model — per-firewall (standard) or per-device (X)
Let me know if you need help comparing specific SKUs or sizing for a deployment!
Comments
Post a Comment