Bastille promises to find malicious wireless devices in corporate networks
- 13 August, 2015 04:59
Startup Bastille can flag suspicious radio traffic within enterprises to give security pros a means for keeping an eye on wireless Internet of Things devices that would otherwise elude detection.
The company is beta testing its system, which consists of radio-frequency sensors that gather data about radio traffic in the enterprise and a cloud-based analysis engine that figures out what traffic represents a threat, says company founder and CEO Chris Rouland.
The gear continuously scans all radio-frequency traffic from 50MHz to 6GHz to find the ones CISOs don't want in their airspace, he says. "For enterprises, this gives them situational awareness," he says.
For example, an employee could bring their personal Android phone to work that is infected with malware that tries to connect to network devices via Bluetooth and compromise them. But with no management client on the phone the enterprise would have no way to find out about the threat, he says.
Bastille's gear can see such promiscuous attempts to pair with Bluetooth devices and trigger warnings. Such attempts to connect to devices in a data center could indicate an attempt to access corporate data. A 5MHz wireless connection to the data center could be an innocent phone call and not particularly suspicious. But a 20Mbps LTE data transmission out of the data center at 2 a.m. would raise an alarm, he says.
If the Bastille system detects suspicious activity it can trigger alerts in SIEMs. Technically the system could jam such traffic but that might run afoul of regulations. Being able to kick devices off the network for suspicious activity, though, could move Bastille from intrusion detection to intrusion prevention, Rouland says.
+ ALSO ON NETWORK WORLD: 5 ways to prepare for Internet of Things security threats +
The sensors are deployed in an overlapping mesh like Wi-Fi access points to give full coverage to an area. The data collected is sent encrypted to a private cloud run by Bastille and processed. The company hasn't decided yet where that cloud will be located. The analysis determines where discovered devices are located in the building.
Typically customers would deploy the devices where their most important assets reside data centers and executive suites, he says. Businesses can set up policies that forbid any unauthorized devices within a geo-fence surrounding data centers and Bastille would discover any violations.
The system looks for protocols running across the wireless connections. It has been writing software to detect the most popular ones, and can add more as demand requires with a software upgrade to the sensors. It also analyzes behavior such as trying to make connections with any and all other devices it can locate or performing Wi-Fi scanning. If a new cell tower suddenly pops up within the building that would be flagged.
A dashboard visualizes the environment based on what the scanners find.
Customers would buy the sensors and pay an annual subscription for the analysis services. Pricing hasn't been set yet.
He says the company is hoping to sell to enterprises concerned about the security of Internet of Things devices that are designed with little security built-in. Such businesses have little in the way of securing their networks against these devices. "There is no IoT-security line item in CISOs' budgets," he says. He acknowledges that it may be necessary to convince security pros that there is an IoT security problem.
The system is in beta this year and general availability is scheduled for the first quarter of 2016, possibly at the RSA security conference.
The company is backed by $9 million from Bessemer Venture Partners.
The company name comes from the famous fortress and prison in Paris taken over during the French Revolution.