Resource Type: Webinars

FROM CELLULAR, BLUETOOTH, BLE AND IOT DEVICES

Bastille’s threat detection capabilities allow full visibility into RF devices operating in or close to your environment. Bastille detects the persistent threats that other enterprise threat hunters cannot detect, sending data to your SIEM and existing enterprise infrastructure to give you all the information you need to identify and locate the threat
Bastille-Threat-Hunting-Image-NO-Shadow.png
devices by protocol.gif
Use Case: Data Exfiltration — Mobile Devices Remaining Suspiciously Static and / or Transmitting Inside OR Outside your buildings.
When a cellular near-network device such as a cell phone comes inside your building or comes suspiciously close to your buildings, but never comes inside, the Bastille API will communicate with your SIEM to provide this data to the SOC. If the device is then static for several hours or days in an unusual location (inside or outside), and is exhibiting tell-tale signs of data exfiltration such as transmitting data, then Bastille can trigger an investigation using your existing security systems and personnel.

Bastille Threat Hunter offers constant monitoring and visibility into risks of data exfiltration from near-network devices using radio frequencies from 25 MHz to 6 GHz. This includes but is not limited to:
Bastille Threat Hunter for Near-Network Devices
Bastille Threat Hunter for Near-Network Devices

Cellular

Wi-Fi

Bluetooth and BLE

IoT protocols (Zigbee, Z-Wave, LoRa and more)

Plus many proprietary channels

During the webinar Bob will discuss use cases and techniques, plus demonstrate the Bastille Threat Hunter, a portable kit. Bob will also cover how Bastille integrates with enterprise infrastructure and fits within the Mitre ATT&CK framework.

Presenter: Dr. Baxley is CTO, Bastille and former Director of the Software Defined Radio Lab at Georgia Tech (bio here). Bob is the former Director of the Software Defined Radio Lab at Georgia Tech, where he led projects on SIGINT, Electronic Warfare and Covert Communications for DoD and IC customers. During the webinar, Dr. Baxley will discuss Bastille’s research about RF and wireless based APTs and vulnerabilities. He will also demonstrate how the Bastille Threat Hunter can add unique data into your Threat Hunting systems and practice.

Who should watch:

Threat Hunters

Network and Cyber Security Professionals

Network Operations Professionals

Anyone concerned with data exfiltration risks

FROM CELLULAR, BLUETOOTH, BLE AND IOT DEVICES

Time and again we hear “If you want to hunt threats, you have to have data.” Advanced Persistent Threats and Vulnerabilities from near-network devices using Cellular, Bluetooth or one of the many IoT protocols are invisible to most enterprise threat hunters, as few have any solution to collect the data regarding these devices. Without the data for threat hunters to investigate, the devices and threats persist, making the threat invisible.

Bastille’s threat detection capabilities allow full visibility into near-network devices operating in or close to your environment. Bastille detects the persistent threats that other enterprise threat hunters cannot detect, sending data to your SIEM and existing enterprise infrastructure to give you all the information you need to identify and locate the threat
devices by protocol.gif
Use Case: Data Exfiltration — Mobile Devices Remaining Suspiciously Static and /or Transmitting Inside OR Outside your buildings.
When a cellular near-network device such as a cell phone comes inside your building or comes suspiciously close to your buildings, but never comes inside, the Bastille API will communicate with your SIEM to provide this data to the SOC. If the device is then static for several hours or days in an unusual location (inside or outside), and is exhibiting tell-tale signs of data exfiltration such as transmitting data, then Bastille can trigger an investigation using your existing security systems and personnel.

Bastille Threat Hunter offers constant monitoring and visibility into risks of data exfiltration from near-network devices using radio frequencies from 25 MHz to 6 GHz, this includes but is not limited to:
Bastille Threat Hunter for Near-Network Devices
Bastille Threat Hunter for Near-Network Devices

Cellular

Wi-Fi

Bluetooth and BLE

IoT protocols (Zigbee, Z-Wave, LoRa and more)

Plus many proprietary channels

During the webinar Bob will discuss use cases and techniques, plus demonstrate the Bastille Threat Hunter, a portable kit. Bob will also cover how Bastille integrates with enterprise infrastructure and fits within the Mitre ATT&CK framework.

Presenter: Dr. Baxley is CTO, Bastille and former Director of the Software Defined Radio Lab at Georgia Tech (bio here). Bob is the former Director of the Software Defined Radio Lab at Georgia Tech, where he led projects on SIGINT, Electronic Warfare and Covert Communications for DoD and IC customers. During the webinar, Dr. Baxley will discuss Bastille’s research about RF and wireless based APTs and vulnerabilities. He will also demonstrate how the Bastille Threat Hunter can add unique data into your Threat Hunting systems and practice.

Who should watch:

Threat Hunters

Network and Cyber Security Professionals

Network Operations Professionals

Anyone concerned with data exfiltration risks

Dr. Bob Baxley, CTO and Head of the Bastille Threat Research Team examines how hackers can use recently disclosed Bluetooth and Bluetooth Low Energy (BLE) vulnerabilities to bypass your security, gain access to your systems, and exfiltrate data and voice information. Using research from the Bastille Threat Research team as well as analysis of data from the National Vulnerability Database, Dr. Baxley will examine 8 Recent Bluetooth and BLE Device Attacks.

Presenter: Dr. Baxley is CTO, Bastille and former Director of the Software Defined Radio Lab at Georgia Tech (bio here).

Recent Bluetooth and Bluetooth Low Energy Attacks, which:

• Affect Billions of Devices
• Allow Hackers to use RF as a Vector for Cybercrime
• Affect All Networks and Locations
• Impact the Devices we use Everyday
• Disrupt our Networks, Buildings and National Infrastructure
• How to use Radio Frequency (RF) detection and location technologies to:
• Detect, Locate and Isolate Devices Vulnerable to Attack
• Integrate Radio Frequency for Bluetooth and BLE security into your Security Infrastructure
• Geofence Sensitive Areas and Receive Alerts
• Conduct Forensic Analysis of Threats
• Tag Devices by Manufacturer

Speaker:

Dr. Bob Baxley, CTO at Bastille and former Director of the Software Defined Radio Lab at Georgia Tech

Dr. Bob Baxley, CTO, Bastille examines two aspects of how Covid-19 will impact the workplace. The RF complexity of our workplaces will change as workers return based on the devices they bring, and the devices that they may be asked to wear. Adversaries will attempt to use the confusion to defeat existing security systems and protocols. In large workplace environments and campuses, the assumption that an infected worker has interacted with all workers is likely wrong, and technology to assist with contact tracing in the workplace will become prevalent. Security professionals can leverage existing tools and add others to help them identify breaches and help their organization with contact tracing in the event of a new infection.

Presenter: Dr. Baxley is CTO, Bastille and former Director of the Software Defined Radio Lab at Georgia Tech, during the webinar he will provide updates on how to use Bastille for contact and zone tracing as well as how to use Bastille to mitigate the unforeseen new threats from other contact tracing technologies.

Workplace Contact Tracing

While phone apps from Apple and Google offer phone proximity tracking, they specifically avoid location tracking for privacy reasons. Public health officials have decried the Apple/Google emphasis on privacy over contact discovery, saying that the design will be “essentially worthless” for public health purposes. Employers bear responsibility for the health and safety of their workers and in that context location history is very important. If your employer decides to rely on the Apple/Google proximity tracking system, then Bastille can tell you what percentages of the phones on your floor are using the application. Bastille through its DVR capability can track a particular phone or other RF device assigned to a user and map out that device’s pattern of life within a facility to help with contact tracing. Pattern of life tracking also makes deep surgical cleaning more efficient, by highlighting the zones in which a device associated with an infected person has been present. In addition, Bastille can provide historic patterns of life throughout buildings to demonstrate where infected people have been to warn others who were there shortly after e.g. in a conference room or kitchen. Traffic pattern data and dwell times at locations can also deliver information about building layout or areas which may present issues for social distancing.

Covid-19’s Implications for RF Security

When workers return, adherence to RF security policy will not be their primary concern. Adversaries will attempt to take advantage of the confusion. For example, in order to accomplish one-click ease of use, some applications install software to bypass the security aspects of the operating system…and these bypasses stay in the operating system even when the application is not in use. That’s a whole new attack vector for the bad guys. What’s the chance that your workers have used their corporate laptop with software that creates backdoors during their Work From Home period? Leveraging these sorts of vulnerabilities, attackers could take advantage of Bluetooth, BLE and Wi-Fi radios on the laptop to compromise your security. Further, the newest “medical wearables” are devices designed to help with contact proximity tracing. Most have not been designed around security. Their radios could be compromised or just used to obfuscate a rogue device. Security professionals will need to re-think which devices are authorized and how they operate in an environment which may be not as quiet as the day before the shelter-in-place orders began. Of particular interest will be devices which are behaving one way on entrance to a facility, and then change their behavior after going inside.

Learn how to use Bastille’s RF detection and location technologies to:

Contact Trace Throughout Buildings and Campuses

Monitor Social Distancing Policies

Evaluate Staff Rotation Tracking

Manage Security in the Covid Aware Workplace

Detect & Authorize New Devices (including Covid-19 Tracing enabled devices)

Understand percentage uptake of the Apple/Google exposure tracking app

Increase Facility Up-Time

Reduce Cleaning Time & Costs

Who should attend?

Covid-19 Response & Facility Teams

Operations

Physical Security

Cyber Security

Speaker:

Dr. Bob Baxley, CTO at Bastille and former Director of the Software Defined Radio Lab at Georgia Tech

Until recently, device policy for secure buildings has effectively been “No Devices Allowed”. However, in some situations exceptions are now being granted for personal medical devices, health monitors and some other operation associated devices. Questions are being asked about the ability to allow some devices in some areas, some of the time. Consequently, there is a need for stratified policy and sophisticated technology which can accurately distinguish between approved and unapproved electronic devices in secure areas.

Presenter: Dr. Baxley is CTO, Bastille and former Director of the Software Defined Radio Lab at Georgia Tech, he will provide updates on the current technologies available to security professionals as they seek to effectively implement and enforce more nuanced electronic device policy.

What you will learn:

In a world where you need to detect and locate unauthorized Cellular, Bluetooth, BLE, Wi-Fi and IoT devices at temporary sites such as forward deployed, conference/hotel, tent, and other remote locations, Dr. Baxley will discuss:

• Nature of RF Propagation within Buildings
• How Point Frequency Device Finders Work
• Review of the Technologies in the Marketplace
• DoD Case Studies of Policy and Device Challenges
• Likely Changes to Device Policy Resulting from COVID-19

Devices covered:

• Handheld Detectors
• Single-Sensor Wall Mounted
• High-End Portable TSCM Tools
• Software Defined Radio Detectors
• Networked/Enterprise Solutions

Who should attend?

• Security Professionals (Physical, Cyber, SIGINT, TSCM)
• J2/6, G2/6, A2/6, N2/6
• Network Operations Professionals
• Intelligence, Surveillance and Reconnaissance and Cyber Effects Operations
• Command, Control, Communications and Computer Systems (C4)
• Joint Staff Intelligence
• Information Dominance, Intelligence, Network Operations, Cyberspace Operations

Speaker:

Dr. Bob Baxley, CTO at Bastille and former Director of the Software Defined Radio Lab at Georgia Tech