Startup Bastille can flag suspicious radio traffic within enterprises to give security pros a means for keeping an eye on wireless Internet of Things devices that would otherwise elude detection.
The company is beta testing its system, which consists of radio-frequency sensors that gather data about radio traffic in the enterprise and a cloud-based analysis engine that figures out what traffic represents a threat, says company founder and CEO Chris Rouland.
The gear continuously scans all radio-frequency traffic from 50MHz to 6GHz to find the ones CISOs don't want in their airspace, he says. "For enterprises, this gives them situational awareness," he says.
For example, an employee could bring their personal Android phone to work that is infected with malware that tries to connect to network devices via Bluetooth and compromise them. But with no management client on the phone the enterprise would have no way to find out about the threat, he says.
Bastille's gear can see such promiscuous attempts to pair with Bluetooth devices and trigger warnings. Such attempts to connect to devices in a data center could indicate an attempt to access corporate data. A 5MHz wireless connection to the data center could be an innocent phone call and not particularly suspicious. But a 20Mbps LTE data transmission out of the data center at 2 a.m. would raise an alarm, he says.
If the Bastille system detects suspicious activity it can trigger alerts in SIEMs. Technically the system could jam such traffic but that might run afoul of regulations. Being able to kick devices off the network for suspicious activity, though, could move Bastille from intrusion detection to intrusion prevention, Rouland says.
The sensors are deployed in an overlapping mesh like Wi-Fi access points to give full coverage to an area. The data collected is sent encrypted to a private cloud run by Bastille and processed. The company hasn't decided yet where that cloud will be located. The analysis determines where discovered devices are located in the building.
Typically customers would deploy the devices where their most important assets reside data centers and executive suites, he says. Businesses can set up policies that forbid any unauthorized devices within a geo-fence surrounding data centers and Bastille would discover any violations.
The system looks for protocols running across the wireless connections. It has been writing software to detect the most popular ones, and can add more as demand requires with a software upgrade to the sensors. It also analyzes behavior such as trying to make connections with any and all other devices it can locate or performing Wi-Fi scanning. If a new cell tower suddenly pops up within the building that would be flagged.
Sign up for CIO Asia eNewsletters.