FROM CELLULAR, BLUETOOTH, BLE AND IOT DEVICES
Time and again we hear “If you want to hunt threats, you have to have data.” Advanced Persistent Threats and Vulnerabilities from near-network devices using Cellular, Bluetooth or one of the many IoT protocols are invisible to most enterprise threat hunters, as few have any solution to collect the data regarding these devices. Without the data for threat hunters to investigate, the devices and threats persist, making the threat invisible.
Bastille’s threat detection capabilities allow full visibility into near-network devices operating in or close to your environment. Bastille detects the persistent threats that other enterprise threat hunters cannot detect, sending data to your SIEM and existing enterprise infrastructure to give you all the information you need to identify and locate the threat
devices by protocol.gif
Use Case: Data Exfiltration — Mobile Devices Remaining Suspiciously Static and /or Transmitting Inside OR Outside your buildings.
When a cellular near-network device such as a cell phone comes inside your building or comes suspiciously close to your buildings, but never comes inside, the Bastille API will communicate with your SIEM to provide this data to the SOC. If the device is then static for several hours or days in an unusual location (inside or outside), and is exhibiting tell-tale signs of data exfiltration such as transmitting data, then Bastille can trigger an investigation using your existing security systems and personnel.
Bastille Threat Hunter offers constant monitoring and visibility into risks of data exfiltration from near-network devices using radio frequencies from 25 MHz to 6 GHz, this includes but is not limited to:
Bastille Threat Hunter for Near-Network Devices
Bastille Threat Hunter for Near-Network Devices
Cellular
Wi-Fi
Bluetooth and BLE
IoT protocols (Zigbee, Z-Wave, LoRa and more)
Plus many proprietary channels
During the webinar Bob will discuss use cases and techniques, plus demonstrate the Bastille Threat Hunter, a portable kit. Bob will also cover how Bastille integrates with enterprise infrastructure and fits within the Mitre ATT&CK framework.
Presenter: Dr. Baxley is CTO, Bastille and former Director of the Software Defined Radio Lab at Georgia Tech (bio here). Bob is the former Director of the Software Defined Radio Lab at Georgia Tech, where he led projects on SIGINT, Electronic Warfare and Covert Communications for DoD and IC customers. During the webinar, Dr. Baxley will discuss Bastille’s research about RF and wireless based APTs and vulnerabilities. He will also demonstrate how the Bastille Threat Hunter can add unique data into your Threat Hunting systems and practice.
Who should watch:
Threat Hunters
Network and Cyber Security Professionals
Network Operations Professionals
Anyone concerned with data exfiltration risks