Presented in partnership with SC Media
AI is transforming the data center landscape — and with it, the attack surface.
From GPU-packed “AI factories” to liquid-cooled inference clusters, today’s AI data centers have become the crown jewels of modern infrastructure. But as power and density grow, so do the risks — particularly from wireless threats that often go unseen.
In this discussion hosted by SC Media, industry leaders Bill Kleyman, CEO at Apolo, and Brett Walkenhorst, CTO at Bastille Networks, join Adrian Sanabria, host of the Enterprise Security Weekly podcast, to explore how attackers are leveraging wireless technologies to target AI data centers — and what operators can do to protect them.
Key Takeaways
- How the rise of AI-driven workloads is creating new wireless attack vectors
- Real-world examples of drone-delivered and proximity-based wireless intrusions
- Why attackers don’t need physical access to compromise “air-gapped” environments
- How rogue hotspots, Bluetooth beacons, LoRaWAN, and ZigBee sensors are being exploited
- Practical steps to gain visibility into the invisible layer of wireless activity inside your facility
- How to apply Zero Trust and continuous monitoring to RF and IoT security
Why It Matters
Modern AI data centers process some of the most valuable assets in existence — proprietary models, training datasets, and inference outputs that define competitive advantage. Yet many facilities still operate under the false assumption that their systems are fully hardwired and isolated.
“These facilities are now processing some of the most valuable assets in the world… that kind of digital gold is gonna attract some attackers.”
— Bill Kleyman, CEO, Apolo
As Brett Walkenhorst notes, there’s a 100% chance you have wireless in your environment you don’t know about. This webinar shows why that hidden layer matters — and how attackers are already taking advantage of it.
Speakers
Adrian Sanabria — Host, Enterprise Security Weekly; Founder, Defenders Initiative
Bill Kleyman — CEO, Apolo
Brett Walkenhorst — CTO, Bastille Networks
Who Should Watch
- Data Center & Cloud Infrastructure Leaders
- CISOs, CIOs, and Security Executives
- SOC & Threat Intelligence Teams
- AI Platform / GPU Infrastructure Managers
- Compliance & Risk Officers (cyber–physical)
Full Video Transcript
Hello, everyone. I’m Adrian Sonabria, host of the Enterprise Security Weekly podcast and founder of the Defenders Initiative. Welcome to this webcast sponsored by Bastille. I have two guests with me today, Bill Clayman, CEO at Apolo. Is it Clayman? Did I say that right?
Yep. Yes. Very very good. Thank you. Thank you. No. No. No. No points. Well done.
Alright. I should have asked before. Just so I was, taking a chance there.
Also with us is Brett Walkenhorst, CEO of Bastille. Did I say that correctly?
You did except for the title and the CTO, not the CEO. But I’ll take the promotion.
Did I It says it says CTO. Maybe it’s just because, CEO is written right above it, for Bill. That that I don’t mind the promotion.
There you go. Congratulations. It’s it’s it’s a it’s a fun place to be. I mean, you have to, like visit. Yeah.
Yeah. Good.
In my defense, it is late here in Armenia, and it’s been a long day. I gave a talk at a conference here, today put on by the Central Bank of Armenia, and I’m glad that I was able to do this webcast remotely on the road. And and, yeah, excited about today’s conversation. I have lots of questions, lots of legitimate questions. We haven’t gone too deep into this yet, and, I I kinda like that I don’t already know all the answers. So I’m excited to to I’m as excited as part of the audience, I I imagine, to hear some of the answers to these questions.
So today, we’re talking about wireless attacks against AI data centers. Sounds very specific. Right? You know?
So that’s part of the reason why I’m excited about it. And before we jump into the conversation, for the attendees, I just wanna direct you towards the buttons down below in this platform. There is a, a chat button there, the very first button there. You can chat with other attendees.
You can chat with us. You can ask questions there if you want. We also have a dedicated q and a button there, the the one the blue button right in the middle.
I saw someone already said good afternoon from New York City there.
And, yeah, that’s pretty much everything you need to know. Feel free to ask questions during the conversation, and I’ll try and pull them in when they make sense within the context of what we’re talking about. So I will be checking that periodically throughout the webcast.
So don’t hesitate to put stuff in there. Don’t don’t be shy, and let’s get into it.
Alright. So, Bill Yeah. AI How is the so first of all, how is an AI data center different than just a data center today? Aren’t all data centers AI data centers now?
You know, I think I think, you stole one of the phrases that I usually say out there, where I thoroughly believe that every data center in the very near future is gonna become an AI data center. Just kinda depends on how fast you get there.
Folks, hi. It’s really great to be here. This is a a really, really important, sometimes scary conversation. So like Adrian mentioned, Adrian, myself, and Brett, we love an interactive audience. So those blue buttons, you better be clicking them. Get off your Amazon shopping list and ask us some questions.
Overwhelm Adrian with so many questions that he has to stop and just answer all the stuff that’s coming into the chat.
I’m gonna answer your question as quickly as I can because I, you know, there’s a list of really great topics here that we need to discuss. But in case you’ve been living under a rock, you’ve noticed that the data center industry is having a moment. We are we are having a little moment. People are noticing us. Hey, we’re not just this obscure building in the middle of nowhere. We’re all of a sudden important, even though data center’s been around for a while.
We we’re experiencing not even so much of a technical shift or, you know, whatever you wanna call it. It’s it’s truly a renaissance. We have these things called AI factories, right, which I think is a better definition of this high density, high performance compute, throw some liquid cooling in there, really focus on maybe inference, some enterprise level large language model training, or back, maybe you’ve got a hundred thousand GPUs, so you’re just building your own large language model.
But then we have some more traditional facilities. Right? Let’s call them your pizza box servers. Right?
These are facilities that are really designed to house your SQL servers, your Exchange, your emails, your VMwares, and your Citrixes, your virtualization environments. But without getting too technical, it comes down to density. How much stuff, physical equipment can you shove into a rack efficiently, right, with either air or liquid cooling? Now, some data centers, they just they don’t they don’t have liquid cooling.
Right? They don’t have that level of density. So they will always be facilities that will house very important parts of infrastructure, email, SQL, those pesky mainframe data centers that’ll never ever ever go away ever. Like at the end of the world, it’s gonna be cockroaches and IBM mainframes, at least in my opinion.
That’s what’s gonna survive. And and then on the flip side, you’ve got this all new type of architecture and development where, you know, Jensen Huang at GTC recently came out and said that a single rack is going to consume six hundred, kilowatts, almost one megawatt of power, which without getting into too much detail is ridiculous. That’s absolutely silly understanding that the average rack right now is about sixteen, one six, and he’s saying you’re gonna get to six hundred. So to answer the question very briefly, a traditional data center is one that’s really designed against more traditional types of workloads.
Then you’ve got hybrid ones, ones that have taken the the leap, let’s say, into the AI space. They can do traditional as well as some of those really high density kinds of environments. And then you’ve got full blown, built from the ground up AI factories, immersion, direct to chip liquid cooling, like really crazy levels of densities.
And these new AI factories, the new AI data centers are quickly becoming, let’s call them the crown jewels of modern infrastructure, because right now, everyone listening right now, every single one of you has become a user of generative AI. Because if you’ve gone on Google or Bing recently, you’ve noticed one very, very important thing. Your response is no longer a blue link, is it? Nope.
Thirty years of conditioning gone, almost overnight, where your first response is now a generative AI response. And so as a result, these facilities are now processing some of the most valuable assets in the world. So proprietary models, training datasets, real time inference outputs, business making critical IP. And, you know, I know this is the topic of the conversation, that kind of digital gold, it’s gonna attract some attackers.
So traditional lower density AI factories, high density, really sort of taking out some of those really wild workloads that we’re seeing right now.
And I think in that explanation, you’ve already covered some of my next question, which would be why are AI data centers being targeted? Right? You know? And and yeah.
That’s a lot of compute. Right?
It’s it’s an extraordinary amount of compute. Right? There’s a reason why. So so Apolo, my organization, we we’re like Amazon, but we’re not.
We own the heart the software layer and our software kinda like Amazon SageMaker, let’s say it, but we’re deployed in private data centers specifically for security. So a lot of my customers are government, health care, financial services, those that can’t deploy in the major cloud providers. But believe me, there’s protection against jailbreaking, data leak prevention, you know, injection, all of these really, really core topics that are net new. These are all net new challenges in in the age of AI, and this data is is exceedingly valuable.
Yeah.
Alright. So coming to you, Brett. Why wireless devices?
Wouldn’t wouldn’t this kind of attack be more challenging since it requires physical proximity to the target?
Yeah. Good question, Adrian. So I guess the why wireless? That’s a big question. It could take a long time to try to answer comprehensively. But if you just narrow it down to that one thing, people recognize that wireless attacks are a thing, but they also see that you have to be close to the target in order to affect whatever it is that you want to do.
And that calculus has shifted a little bit. So we’ve had in the past instances where nation state actors were conducting a whole host of wireless based surveillance and attacks and were apprehended as a result of that and deported. So they kind of got smart about that and realized, hey, we can’t necessarily put our people on the front lines in order to conduct these attacks. So what are we going do?
Because wireless still presents a huge opportunity. And the reason that it’s such a huge opportunity is that people don’t pay as much attention to all the different mechanisms that are available to conduct those attacks. And so if we aren’t paying attention on the defense side, then the offense is going to look at that as a golden opportunity for them. So they invest in that.
Right? There’s a lot of research on the offensive side. There’s a lot of activity there. But the big constraint has been perceived to be well, you have to get close and that’s a liability.
Right? So then a few years ago, we had this example of an attack that was conducted. It was a drone based delivery of hardware that landed on the rooftop of a target organization and conducted wireless attacks, penetrated the network, and were able to do some things before they were eventually discovered. Now, of course, it’s nice that we discovered them that what we see is only ever the tip of the iceberg of what’s really there.
What other attacks have gone on that nobody found out about? That’s a really brilliant pivot, right, to say, I don’t need to put personnel on the front line.
I just need to get the equipment there, and I can deliver it via drone and command and control and exfiltrate over cellular. That’s pretty clever. Now, recently, we had nation state actors that targeted an organization from across the ocean by exploiting weaknesses in organizations that were physically near their target. They penetrated their networks, moved laterally, pivoted to wireless when they found dual home devices, of which there are many. You can picture a laptop plugged into Ethernet, and it has a wireless NIC. Take take take control of that NIC and use that to conduct wireless attacks to penetrate their primary target.
That’s scary and beautiful at the same time. Like, It’s amazing how creative these attackers got, but there was no piece of their attack chain that was really that difficult to execute.
So now we’ve come from this idea that, oh, I have to be really close to, well, I don’t have to be close, but I just need to get hardware close to now there’s tens of billions of wireless devices. I just need to compromise one that’s close to you.
I don’t have to own it. I just have to use the fact that you’re swimming in wireless and get access to the right thing. And now I can be half a world away and still leverage these wireless opportunities to attack you. So that’s a little bit of an answer to your question, Adrian. We could certainly go into more of why wireless, but hopefully that’s a start.
I I wanna I wanna add to that because I I think I think, Brett, what what you talked about is really is really paramount, there’s usually a bit of a a disconnect or disconnect as far as, like, wireless attack spectrum and physical data centers. Because the number one statement that I usually get, and this is for Adrian, this is for my notes, right? It’s like, well, Bill, everything’s hardwired. Everything’s hardwired in a facility, right?
Your network switch isn’t, it’s got wires plugged out of it, right? And there’s gonna be some hyperscale, some data center facilities that are truly, truly magnificent in their security, right? And then they really lock things down. But there’s many that don’t, right?
And so you think it’s all a hard line. In theory, it should be. It really should be, right?
It’s not. It’s not, right? And AI, these AI data centers, here’s the thing, they’re not just compute dense, they’re also operationally complex. And I need everyone to understand that.
So now we’re seeing things BLE, so Bluetooth Low Energy Beacons for asset tracking, things like LoRaWAN, l o r a w n. If you haven’t heard of that, it’s actually really neat technology for low power sensors, battery powered sensors, be able to connect over vast distances. You’ve got things like Zigbee for your biometric controls, even things like private five gs towers. Listen, when I was at Switch Data Centers, we had our own five gs tower for testing.
And it was standing right there. We would do our own private cellular networks just just for testing and messing around. So that’s that’s the reality. Now what what Brent said, Brent said something really, really, really powerful here.
That wireless layer, remarkably, oftentimes sits outside of the purview of traditional SecOps.
So it’s a target, right? Even unbeknownst to the traditional network security teams, they might not realize, I’m just gonna put this little Bluetooth thing so I can track the server or track, like, if somebody opens the door or not. But you land a drone on top of a roof that’s capable of of seeing, hey. This thing is running on two year old firmware. Here’s a list of holes that are already well published in the CBE. I’m gonna go after one of them.
That’s that’s my gold nugget, by the way. For everyone listening, if you’re working in a facility, there’s a decent chance you have wild stuff in your environment you might not know about, and there’s an even more decent chance that it’s out of date. Sorry. I’ll I’ll get off my soapbox, but I think what you said is is paramount. I wanted to make sure that we connect this this sort of, you know, a little bit of a of a disillusionment between traditional data centers thinking it’s all hardwired when that’s not entirely the case.
I’m I’m just gonna foot stomp one thing you said, and then I’ll let Adrian talk.
Foot stomp.
That that thing you said, if there’s a decent chance that there’s wireless in your environment that you don’t know about it, I’m gonna I’m gonna trump that and say, no way.
There there is a hundred percent chance that you have wireless that you don’t know about. And the reason I say that, I’ve been doing this for a few years now with Bastille. And we go into customer organizations like, like super secure government facilities that are supposed to have zero wireless.
And they have people who are supposed to go in periodically and make sure.
And we go in and we immediately find stuff. We immediately find infrastructure related wireless devices, and we find periodic people coming in with things that they just forgot, or maybe they’re intentionally trying to compromise security. So this kind of stuff happens in even the most secure areas. We have so much wireless around us.
It is unbelievable. I guarantee you, you have stuff you wouldn’t even think about. They have wireless in shoes, in medical devices, in sweaters, And of course, industrial related cooling systems, you don’t think about those. Or RFID readers, Bluetooth enabled RFID readers.
There’s so much stuff that you don’t even think about.
Coffee mugs, why do you need a RFID?
Not RFID, why do you need Bluetooth and a coffee mug? But they have it. It’s so easy to put in. And there’s some little use case that someone thinks this could be a differentiator.
We’ll just do this. It’s cheap. And so they do. There’s tons of this stuff around.
I guarantee you’ve got more than you know.
Oh, Brett, and and we’re gonna we’re gonna foot stomp all day. And and I think Adrian’s just gonna sit there and stop Romania. Look. There’s as as let’s let’s put let’s put the malicious actor hat on for a second.
I I had a chance, I played a role of the social engineer in some of these, you know, red teams, tiger teams, whatever you wanna call them back in the day when I did more network engineering. I’m gregarious. I can call Adrian and be like, hi, Adrian. This is Bill Clinton with your IT department.
I’m here to update your Microsoft Teams. Can I get your username and password real quick? Because, you know, I sound convincing. Adrian’s a middle manager.
It’s the middle of a Wednesday. He’s tired. Here’s my username and password. Go update it.
Remarkably, people would give me that information. But kind of going back, as if I put my hat on, right, and I pick a target, I wanna go after this target with the path of least resistance. Right? It’s a really fun little chess game, so I’m gonna look at where your holes are.
What’s out of date? What kind of wireless devices that you potentially have that you haven’t updated in forever? And back back in my day, I’m a geriatric millennial. I don’t know why they have to call me that.
That’s completely unnecessary. Just call me an older millennial. It’s fine.
Okay. Right?
But like, back when I first started, like about fifteen years ago in this specific network security space, printers, network connected printers were somehow never updated. Never ever updated, like ever, right?
So you find one with like firmware on it that’s like six years old, and you just go on practically any CV or security site and see what those holes are, and you literally potentially in a non segmented unsecured network, you could gain access.
The printers and peripheral devices were the unknowns of our previous days, and now that’s been transplanted by these wireless systems.
No. Those those printers are still there, and they each have a hotspot on them.
And there is There is a wireless system.
It worse.
Yeah. Yeah. Yeah.
And and and to your point, you know, if you’re just scanning wireless for two point four and five gigahertz, you’re probably missing some stuff. Right? Like, lot of the stuff mentioned, like LoRa, and then, you know, now there’s six gigahertz with with even standard Wi Fi.
There’s a like, you need the right adapters to even be able to find the stuff or or to have any observability of this stuff. Right, Brent?
Yeah. Absolutely.
Yeah. The six gigahertz is interesting because there’s gonna be if you evolved your network to 6E or seven, there are still clients that may be able to connect to your network that have the ability to operate at those levels of the protocol.
And so they could access the six gigahertz spectrum.
And it’s actually pretty easy to de auth one of those devices from the authorized network and evil twin that guy to a six gigahertz carrier.
And then whatever monitoring capabilities you have in place on your protected network are blind to that because you haven’t upgraded. So that’s kind of an interesting little tangent. But in general, yeah, we’re not looking in the right places.
And we don’t have comprehensive visibility in general. One example that we’ve seen, and just to kind of tie wireless specifically to data centers, we had an example of a client where they had a hotspot that was regularly coming into their data hall.
Somebody would have a phone and they’d fire up their hotspot and it would connect to a client in a rack.
And guess what? Nobody’s looking for hotspot based data exfiltration. They’re looking for network penetration.
But this is completely off to the side. Now you have a data exfil path through the cellular network that nobody’s looking at. We have to I guess my my takeaway from this, if you get nothing else is wireless is a problem. It’s bigger than we think.
And we need to start paying attention to it. We need to start using tools that bring visibility to this space. Because the worst nightmare in my mind is data compromise from a secure data center. And these are like the crown jewels that you access that information, You can get access to not only the algorithms they’re running, but all the data that they’re using, including training data that cost them hundreds of millions of dollars work through.
So now if you can compromise that using a simple hotspot that exfiltrates the data, the jewels, right from inside and no one is looking, that’s huge. We have to bring visibility to this space. Otherwise, we’re open to some craziest and simple attacks.
Yeah. Yeah. It’s so I don’t know if you guys have ever played Watch Dogs.
But in in this game, like, the main way that you hack stuff is by hopping using Wi Fi through different devices. And it’s it’s, like, near future where there’s drones for delivering packages and drones for, like, all kinds of different things left and right, and you’re just compromising these drones and using that drone to get to a building. And then once the drone gets to a building, then you take over the cameras, and that’s how you can see where the people are. And, like, this whole game is based around, you know, the types of threats that we’re talking about, which is is, you know, feasible today.
And it’s, you know, something we’ve noticed, like, for a long time, we were like, yeah, attackers only target Windows. And then one day, somebody built the MirrorEye botnet out of IoT devices that were just hanging out on the public Internet with admin admin, you know, default credentials. And they scooped up hundreds of thousands of these devices in the better part of a couple of days and put on some of the biggest denial of service attacks we ever saw. So, yeah, nobody was doing these attacks until one day everyone just scooped up every IoT device exposed to the public Internet.
So it it is something that we see in cybersecurity where, yeah, sure, these attacks aren’t popular until we get really good at security in some other portion of what we’re doing, and we force attackers into what’s left, into the the next low hanging fruit that’s still out there that that we haven’t addressed.
Absolutely.
Alright. So, you know, I I think one of the things that’s interesting here, Brett, do you find that, you know and maybe this is something you can chime in on too as well, Bill. But is there kind of like a management or culture gap between the network admin folks, the people who manage, like, the corporate networks, and then all the wireless stuff that’s that’s going on? Like, you’ve already mentioned in a couple of these cases, some of this wireless just walks in the door, you know, attached to people. Right?
Yeah. So part of the issue is tooling. We lack visibility because we don’t have the right systems, but you’re asking about a culture gap. And I think that’s that’s really interesting question.
So let me first give just a brief background on who I am because that will help you. Like I’m actually kind of a newcomer to the cybersecurity space. I’ve been in it for a few years, but most of my experience comes from electrical engineering, signal processing, electromagnetics, wireless communications research, and then a whole host of other things related to that. But really my core is signal processing applied to RF based systems for all kinds of purposes, all kinds of use cases and applications.
So that’s my background. And when I was pursuing a PhD at Georgia Tech back in the day, I would go to conferences to present papers and I would see this sort of a firewall between people who were interested in the physical layer and people who were interested in the higher layer research.
And the reason that firewall existed, there were a few people who could penetrate it. But the reason that it existed is because different skill sets and interests were attracted to vastly different domains. The physical layer required a certain, understanding of physics and mathematics that was very different than, network routing application layer experts who understood how to package things, how to optimize, routing of packets or whatever it might be at those higher layers. Now full disclosure, I was a physical layer guy.
And so as cyber became more and more of a focus, at least in the United States, funding started to pour into that domain. It began to attract And this is my perspective, Bill. I know you’ve lived on the other side of the aisle, so feel free to contradict me. But my perspective is that it attracted all of the network level people who didn’t really They weren’t aligned, they weren’t calibrated to understand the physical layer as well.
Some of them did, I’m sure. But we focused mostly on wired threats because that’s where the problem was. As Julian said, that we focus where the problem is, that’s perfectly appropriate. But then we start to wherever we’re not focusing attention, we start to open that up to the attention of the other side.
So offensive right now seems to be interested in wireless because we’re not paying much attention on the defensive side.
So as the industry grew, we saw this influx of people who were very biased on one side of things. And I think it’s difficult to kind of orient people who don’t really appreciate and maybe don’t have the interest or the skills to appreciate the nuances of the wireless domain to say, Hey, this is why the problem exists. This is kind of how it works.
They’re just not oriented that way. We’ve historically not been oriented that way. So I think there is a gap there that we can bridge over time, but it’s gonna take some time and effort. It’s gonna take some training.
It’s probably gonna take more people like me who had a very different background to be interested in this domain and come over and help bridge the gap. So I think that what you asked about, Adrian, is very legitimate. I think there is a gap and that’s my perspective on where it is, but I think we need to address it. I think we need to work to allocate resources to train people.
The very least, like get maybe some subset of a team who can speak wireless and start with something simple. You probably already have someone who can speak WiFi at least a little bit.
Maybe have them try to better understand some of these other protocols and frequencies and dig a little deeper into the phenomenology and understand how waves propagate and how systems work, that kind of thing.
So anyway, hope that answers that question.
Brett, there’s no contradiction here. Quick side note, I wanna give a shout out to the audience for all the comments that they’re throwing into the chat window. Good good job, everybody. Keep keep those coming.
I I’m trying to look at them. They’re quite entertaining and great. By the way, I see the one from Raymond over there as far as AI governments and building private white. That’s exactly what we do at Apolo.
Great great point. I love it. Thanks for validating my business. I appreciate it. But but as far as as far as going back to what Brett said, so my undergrad was in network, engineering and communications management.
So I was really fortunate to study both physical and physical wired and wireless architecture.
I I think what I what I’d like to make sure that we we point out with with folks like Brett and and everybody else, if your specialty is network engineering, right, or architecture infrastructure design, you will have a good base understanding of wired systems and wireless. But wireless in the simplest sense of just a a Wi Fi ecosystem within your environment. Right? Really, really simple.
How does it plug in? You know, there are there are you know, I’ve I’ve I’ve had a chance to work as a Cisco Meraki master for for ages, and I know that, you know, some of their Cisco Meraki stuff will do a really good job as far as isolating rogue access points and so on. But that that is sort of the traditional sense of of network security architecture, just traditional wired and traditional wireless architecture. But the gap in terms of new types of wireless architecture remains significant with new protocols that are being sidelined as opposed to being a part of a comprehensive security review.
So if we talk LoRaWAN, ZigBee, cellular modems, that’s not technically WiFi anymore, right? Is it? It’s a different type of wireless system.
And the challenge that we see, these types of sensor technologies, especially in my space, are most commonly used for, like, facility sensors, remote monitoring, and notably, they’re vulnerable. Right? That that’s a part of the big challenge that we’re we’re starting to experience. And what’s really sort of surprising is that we see people coming in, like your contractors, third party suppliers, and vendors, they regularly use these systems, these wireless connections, actually compounding the risk. Because now you have Zigbee or whatever it is that you need to manage, then your consulting, your managed services partner comes in and uses that. Now how do you know if their systems are up to par? Because they’re connected to your environment.
We’re seeing a lot of these infrastructure components. Again, not just not just the wireless, the two point four, the five gigahertz, your your we can we’re we’ll talk about WPA two and WPA three. That’s another actual that is a real pain point, I think, in industry as far as what they call protocol downgrades, or there’s a special specific word for it. But I I don’t you know, the only thing, Brett, I would talk about is not don’t look for dual home devices.
Look for multi home devices. A lot of these things don’t have just two connection points anymore. It might be like a a Wi Fi, a Zigbee, and a Bluetooth, like legit. Right?
And you think you might turn all enough radios off, and it’s still like waving the Zigbee flag for some whatever reason it might be. And the challenge with that, these types of devices that fall outside of your traditional wired and wireless spectrum, they use legacy wireless protocols because of budget constraints, hardware incompatibility, presenting persistent, security vulnerabilities simply because you hope nothing will happen. Right? You hope that that’s not the attack spectrum that somebody will go after, but that’s not you know this isn’t this isn’t like Star Wars.
Right? We can’t say, you know, hope is like the sun. If if you don’t believe in it, you won’t survive the night. That’s great.
It works in Star Wars, but not in security.
You know, you mentioned multi home Princess Leia.
That’s a Princess Leia statement, by the way.
I’m not gonna take credit for Okay.
Good to know. You you mentioned multi home devices, Bill, and most of us carry one of those around with us all the time. Our smartphones have cellular modems.
They have cellular modems. They have Bluetooth classic Bluetooth low energy interfaces. They have WiFi. They have NFC. Yes.
Good job.
Yep. They have UWB, many of them. They’ve exploded in terms of the number of protocols. Pivoting from one to the other is super easy.
Yeah. Absolutely. Because there’s tons of opportunities out there to compromise a device that speaks many of those protocols. They’re all around us.
Yeah. For sure. Yeah. And and not necessarily you you know, a lot of this is not malicious. You know, people are just trying to get work done. Right? You know, they they’re just trying to make things more convenient for themselves maybe, you know, but potentially opening up some holes.
And some of it could be malicious. Right? You know, we’ve seen cases where malicious insiders, there’s I often talk about the the angry admin profile. You know?
Like like, these people know where everything lives. You know? They know the passwords that you forgot to change when you fired them. You know?
The these stories come up over and over and over where, you know, just the the account governance and stuff like that. Oh, we forgot to change the password on it because it’s a shared password or something like that. It’s not tied to their identity, and they can still get back in. Or, you know, I remember back in when I worked for a payment processor, we never figured out how they did it, but the network had some kinda the network team had some kinda backdoor way of getting into our network because they they didn’t wanna do all the stuff that security was making them do.
So, like, any number of cases that that could open up holes in your environment. Now that was that was early two thousand, so showing showing my age there. I I don’t think they got away with that after we had to start doing PCI.
But but, yeah, there’s a lot of stuff that can go I I wanna I wanna jump in there very briefly.
It’s it’s so the latest AFCOM State of the Data Center report, which, by the way, if you’re curious, you could you can send me a DM. I’ll get you the report. We can we can connect on LinkedIn.
We’ve written that report for nine years. I’m very proud to be the author of that report. And for nine years, we asked, you know, what are your top security and infrastructure threats? Right?
And ransomware for nine years in a row. Yay. Wave that flag. But for the first time, coming in at number two, breaking into the top five are are human threats.
Right? Internal or external, malicious or accidental. A lot of times, users just, you know, you you’d hope they know better. But, hope is a very strong word when it comes to security.
They don’t. Right? We’ve seen massive reports. I think, like, it’s like, at least sixty percent won’t even change their password oftentimes even though they’ve known they’ve been hacked.
Thirty four percent will get use let their kids use their personal or work sorry, their work machine to watch, you know, Blippier cat videos. Clearly, have, like, a seven year old and a four month old, so I I got all these cartoons up in the background, so I know all of them.
But that’s that’s that’s a real threat right now, whether it’s whether it’s malicious or or so human threats for the first time, fifty seven percent of respondents came back and said, this is this is what we’re worried about. Insider threats, malicious or completely accidental. Like, this is this is scary to us.
That’s a fascinating finding, Bill, and it it kinda corroborates what I’ve seen a little bit with some of our customers. We we see we see so much of, you know, inadvertent disclosure or compromise of information based on people who may have taken a device where they shouldn’t have or they were using it in some way that they shouldn’t have, but it wasn’t intentional. And then of course the whole malicious insider thing that’s becoming a bigger deal from what I’m seeing. So that jives with this finding that you said. So we can’t just trust that everything is good because we hire good people. Need to have systems in place that adjudicate and enforce policy to make sure that we’ve locked things down appropriately. And that that goes for the wireless as well the wired domain.
I I challenge everyone on this call. Find find an article written by this guy right here. It’s called the ransomware that cost you everything. And it it’s literally, I wrote an article on data center knowledge about a ransomware attack that took down a data center.
And the way they got in was through a management management VM that was inadvertently transferred into production systems and the entire facility. Was all customer data, everything. Gone. Irrecoverable.
Right? And so I think that the point here is that understand that the the attack spectrum, and and this is something that Brett’s really trying to, you know, to to hammer home here, it’s changed. It’s fundamentally changed. The the the way and the lens of security that we have to look at, especially now with these AI factories and the value behind these systems, it’s a shift.
It’s it’s almost, like I said, a renaissance in our in our industry. And, you know, you can’t you can’t turn a blind eye to this kind of these kinds of attacks because, again, you you can initiate a ransomware attack off of a poorly configured Bluetooth beacon or a Zigbee device that has access to your network, and all of a sudden, you’re in a much worse shape.
Absolutely.
Yeah. So I I did find that, and I’m gonna drop that into the chat here. There are a bunch of questions in the there are a bunch of questions in the chat. Like, some of them are more comments. Some of them aren’t really on on the topic.
I I think some of them are interesting, and we can get to them.
But maybe I’m gonna I’m gonna save those for later on. I’m looking for stuff that that’s more associated with what we’re talking about right now that is something that we could easily answer. Like, one of them is, is there a best practice to protect users of a wireless technology attack from AI?
And that’s that could be a whole webinar in in itself.
From AI, we you know, we we’re that is a we’re seeing we’re seeing one hundred percent these new GPT technologies being used for adversarial attacks.
That’s probably a separate conversation outside of wireless. There’s they they’ve become exceedingly sophisticated.
But the bottom line there, really quick, ninety four percent of modern attacks come in through your inbox, so just be careful what you click on.
And just to kinda clear up something that I’m seeing in a lot of the chat here, I I don’t really see anybody talking about getting hacked by AI directly. Like, maybe the attackers are using AI.
Like, it’s a good way. Like, instead of the re reading the documentation, I can just ask it how to how to Here.
Let’s let me let’s let me tell you how let’s let me put my malicious user I’m I’m a bad guy suddenly.
Right? I’m not, but let’s just pretend. Right? And Brett Data Centers has, well, I don’t know, a couple of environmental sensors using, I don’t know, Zigbee.
Right? Or what just Zigbee. Let’s just say Zigbee. Right? And I do some I do some scanning.
I do some scanning. I land that little helicopter, the quadruped on top, I see, wow. He’s using a Zigbee protocol that is two years old, a year and a half old. Cool.
I have my own little generative AI, little little little portal. Right? I can even I can even download the entire llama large language model, the four four zero five b, put it in my own little mini cheap little cluster right now, while all of a sudden I have this powerful LLM that’s outside of the cloud. I can do whatever I want with it.
So now what I’m gonna do is I’m gonna take the settings. Right? I’m I’m gonna just just skim over what what protocol he’s using. I’m gonna go into that.
I’m gonna say, this is the version of Zigbee that Brett Data Centers is using right now. Find me all the vulnerabilities and write me a Perl script for it.
And it’ll it’ll do it. Or Java or pick pick your attack spectrum language, and it’s gonna create that for you. Now as a good guy, I would do the exact same thing, but then I go back to you and tell you, you are on two versions old. Here’s how I would attack your environment.
You should go fix this. But as a malicious actor, I will become your what what’s the there’s a there’s a special word for it, isn’t it? I think it’s called, oh my god, the nearest neighbor. Is that right?
I think I think that’s what you call it, the nearest neighbor attack. Thank you. And so I I park myself. I scanned for your wireless devices, and I just need one hit.
I just need one hit that’s a version or two old. I’ll take that. I’ll look up the documentation for that version. I’ll see what was updated, and they almost always have security patches.
I’ll see the security patch that you’re not on, upload it into my GPT, say, write me a vulnerability for it, and then I’ll I’ll get to work. That’s scary. That’s why you need to keep this stuff updated because that is how a malicious actor will, in its simplest forms, use a GPT like engine to find your vulnerabilities.
So let me just address the question really quickly, and I know you wanna move on, Adrian. But but the question was how do we know, what are best practices to defend against that? Well, if AI is really used to shorten the timeline to create a targeted attack chain, then the best practices don’t really change. We have to use AI to help us shorten the pen testing loop to make sure that we patch things appropriately, just like Bill talked about.
But really our defensive measures need to be very similar to what they would be without AI, perhaps exactly the same. We need to make sure that we’re up to date. We need to make sure we’re patching systems. We need to make sure that we’re using the latest encryption.
We need to make sure that we’ve tested for vulnerabilities.
And by and large, we have to have things running all the time to be monitoring activity that could be threatening. That is key. So those kinds of things can be enabled with AI as well. But the basic ideas really don’t change. We just have to do the same stuff that we’ve been told for a long time that we need to be doing. We need to do it better.
And that that’s what want to clarify here.
Yeah. It is it we yeah. We don’t necessarily need brand new AI defenses here. It’s just, it’s accelerating things, potentially.
Yeah.
Alright. Moving on. Let’s see. Yeah. So we’ve we’ve talked about lot of this.
Know what? This is gonna bother me. This is gonna bother me if I don’t say it. Okay.
You you can use more modern GPT like environments. I’m gonna I’m gonna tell you about data center infrastructure management. These are decent, decent platforms. You may have heard of them, you’re not.
They they’re they’re platforms. They’re software platforms that help you manage all the aspects of a data center. Everything from is my rack closed, or how is my heating, my cooling, my power systems being distributed, and all of that. With the advent of generative AI, you now can connect all those sensors, your environmental sensors into these decent environments.
And for the first time, right now, for the very some of the first times, you can sit down, open up your portal, right click on AI assistant, and a little little private GPT opens, and you say, show me all of my devices that are currently out of date. My firmware is out of date. It’ll list them for you. And you can say, update them all.
Now, for now, a lot of administrators don’t wanna give up that much control to an AI, but at least at this point, you could start to use generative AI without clicking, without going through a lot of complexity, specifically asking which one of my sensors are out of date. So finally, we’re starting to get to a point where AI, generative AI specifically, this new type of stuff, becomes a powerful, powerful ally to help you visualize, to help you, like Brett said, expedite that security process to become more secure far more effectively. Now, we couldn’t do this in the past. Using natural language to communicate with a network is insane.
But now we’re getting to that point where we can actually ask our DSIM, our networking environments, which of my sensors, which of my access points, what is out of date? And it’ll give you stuff that maybe you didn’t even know was out of date or just became, and then you can apply patches or updates accordingly. So AI can become a very powerful ally, including and this is some of work that we’re doing, some of the most modern applications of GenAI.
And and AI, besides LLMs, should also be used to help improve the analytics. As you’re monitoring systems, you want to have AI algorithms that help identify abnormal behavior, even if it doesn’t match a specific profile. If it’s not heuristics based detection, it could be this is statistically aberrant.
Let’s, you know, let’s flag this and you and you can look into it deeper. And so that that’s important, I think, in monitoring technologies. That’s not an LLM capability, but it is an AIML capability.
True.
So something I meant to ask earlier, Bill, is like, should you have wireless in a data center in the first place? Right? You know, is that too insecure to even have in a data center, or you feel like you can secure enterprise wireless, you know, WPA three, you know, with with certificates? Like, you really, like, do all the stuff that you’re supposed to do.
You know, does that belong in a data center environment?
Look, my challenge isn’t having wireless in a data center. My challenge is tech debt. Like like, that’s that’s the biggest that’s the biggest issue that we’ve got where many facilities are stuck on legacy protocols, WPA two, for example, and are, you know, are in transition mode for way longer than they need to be. And it’s a very dangerous crutch to lean on and allowing these downgrade attacks where w w p a three networks get tricked into accepting weaker WPA two connections.
Right? So even though you have kind of a secure architect, you think you do, right? You still allow these less secure environments to get in or these endpoints. And all of a sudden, what’s the point of having WPA3 at all?
Yeah.
I don’t I I think I think wireless technologies within a data center, they’re they’re a must. Right? I’ve seen I work very closely with really wonderful organizations called like RF Code or even like HyperView. These are folks that provide DSIM or sensor based technologies within the data center.
And they’re powerful. Right? And they’re wireless. They’re wireless sensors with some wired aspects.
And you’re just not gonna be able to get away from it. And I don’t think you necessarily should. I think it comes down to what Brett’s been talking about, and you as well, Adrian, is hygiene.
I think having better awareness of what your wireless systems are are are doing. And I think, like we’ve been talking about, this this the goal isn’t to, like, scare scare the pants off anybody. It’s it’s literally to go back and ask the questions. Well, I do have all these devices.
Are they dual honed? Are they multi home? Maybe we should just maybe we should just check. And if that’s the only thing that you do after this webinar is you go back and you check, I’m giving Brett and Adrian a high five.
We did something. We did something today. Right? But that’s the thing. I can’t possibly get on this, you know, communication here and be like, oh, this should be all wired.
Know? In theory, critical communication, you know, back end network’s fine. All that stuff should be wired. But like, there’s so much.
There’s so much availability now for these wireless systems. It’s a part of the reason why we’re seeing data centers emerge in, you know, secondary, tertiary, in emerging markets, right? Where there’s not this fiber that’s coming in, but now it’s being connected to wireless systems. And there’s, you know, not enough people potentially to manage these new remote edge environments.
So now you’re relying more on these sensors, this wireless technology to help manage these environments as well, it’s gonna stay there. Think there’s a place in the home for wireless communications within data centers. You just need to make sure that you’re not deprecating it. You don’t have rogue access points.
You have your multihones, dual whatever home kind of devices you’ve got, just know what they are and shut down the the antennas or communications because that you don’t need it.
Yeah. Tell you what. Like, personally, if you’ve got a megawatt going into a rack, I’m not walking anywhere near that. I wanna access that remotely.
Oh my god. But that’s that’s I bet your your your hair just stands on the end of your arm when you even get close to that much power flowing through a cable.
It’s a true story. I mean, at GTC, Jensen Huang debuted the NVL five seventy six.
Five hundred and seventy six GPUs in a single rack. Are you kidding me right now?
No.
Six hundred kilowatts going into a single rack, and it’s literally the term that’s being tossed around as we are entering the megawatt class rack era, which silly.
Just silly.
That’s crazy.
So it’s like over five hundred a one hundreds basically. Right? Something like that?
So yeah. Yeah. It’s it’s a ton. Like a twenty million dollar rack.
Yeah. That’s crazy.
If you can get it. Right? Like, the demand is ridiculous for this stuff right now. Yeah. Yeah.
Yeah. So, Brett, I don’t know if you feel comfortable making a prediction, but, you know, wanna come to you. Like like, do you see attacks becoming more mainstream against wireless devices, or do you think this stuff is gonna stay niche?
Well The detox, not the wireless technology itself.
Yeah. Yeah. Clearly, wireless is a big part of our lives no matter what. That’s a good question, Adrian. I I’m allergic to crystal balls. They never work for me. I break them.
Okay. Fair enough.
But but I think it’s I think it’s fair to say that based on what we have been seeing, that there is a trend toward using wireless either as a point of entry or point of data exfiltration or, devices that have wireless mechanisms in them as tools for compromising security. I mean, for example, we compiled a list, and I know this is a data center, call, not a government secure facility call, but I mentioned them before because they’re a great edge case customer.
And we’ve had this list of compromises in the last few years. I don’t know, there must be like a dozen of them that have involved the use of mobile technology to compromise classified information.
It’s so easy to do. And we talked about this multi protocol devices before.
One trend that concerns me that I think points to the possibility that the answer to your question is yes, these will become more mainstream is the presence of, what we call, spyware that is used to compromise the integrity of, smartphones.
And there’s a range of capabilities in this domain of malware.
But basically, the most effective and sophisticated tools that are available in this domain are nation state level tools that can literally take over every aspect of your device, every interface, every piece of hardware, all of the applications, anything resident in memory, which means an attacker can read all your emails, read all your text messages, They can initiate emails and texts. They could turn on your camera and your microphone. And don’t imagine that that’s gonna be viewable to the user. It’ll be surreptitious and they’re using it to spy on you wherever you go.
Now, the good news about that is that the most sophisticated versions are expensive to maintain. So most of us are probably not going to be targets. The bad news is that it’s getting out. These capabilities are getting into the hands of bad actors. We saw an example where there was a Russian APT that had conducted an attack that clearly had taken code from Pegasus, one of the big spyware toolkits that’s been in the news.
So those capabilities that involve zero click attacks, that means they can dump a payload on your device and you didn’t have to do anything and it compromised your device.
Those have gotten into the hands of bad actors. So now I’m seeing trends like this and increasing numbers of infections of those kinds of things. And now a nearest neighbor like attack can be conducted across the ocean by dumping a payload to your phone. You don’t have to do anything. It infects your phone, and now they’ve got access to all of your wireless interfaces. And anywhere you go, not only can they be spying on you, which maybe most of us, that would be a boring thing, but anywhere you go, they can use those interfaces to conduct attacks.
This is only one of many trends that I see, but it points to a concern that there is more going on wirelessly than we know. And until we start paying attention, offense guys are gonna continue to take advantage of our lack of visibility. Maybe just one other quick trend I’ll point out.
There are thousands of CVEs related to wireless technologies. We saw a twenty five percent increase in the year twenty twenty four for CVEs that were published for those protocols and implementations relative to all previously published CVEs. When I plot that kind of a chart, it’s a very clear exponential curve of growth showing the numbers of CVEs. That’s just the good guys that have publicized vulnerabilities and have worked with vendors to make sure that those are patched.
There’s more stuff out there. And when I see that trend just based on what we know, I know that the bad guys are doing the same kind of thing. They’re paying attention to this too, and they’re using it. And we do see examples of wireless being discovered, wireless attack.
I’m saying this all wrong. Wireless pieces of an attack chain being discovered. And again, that’s the tip of the iceberg. What more do we not know about?
So yes, I see trends that point to this very likely possibility this is going to become more mainstream over time.
Yeah? And one of my concerns here is sometimes when we try and do better security in an area like wireless, it’s not necessarily connected to the rest of the security team. Right? Like, maybe it’s something that the security or the network team buys and the network team owns, but maybe the SOC isn’t necessarily getting these alerts.
Is that something you know, you validate that for me. Like like, does that happen? Does it not happen? Is is that a a struggle to get, the information about insecure wireless or wireless attacks and things like that in front of the right people?
It it does happen, but not because of technological reasons. It happens because of policy and personnel reasons. So it’s a challenge to get the data to flow from the systems that are necessary to put in place to the people who would actually take action based on the findings. But that’s a policy issue. It does happen. We try to work hard when we put a system in place to help the customers work through that stuff.
But the technology is there. I mean, integrations are relatively straightforward to build. You pass the data to an endpoint when you’ve given the right credentials, and you just set up the endpoint that’s receiving to configure that data and assimilate it however it needs to be assimilated. That isn’t difficult to do. It’s just trying to work through the bureaucracy to make it happen.
All right. Before we wrap here, I wanna give the audience some recommendations.
So several have asked about best practices.
Are there good resources that we could point people to for, like, what how would I know my protocols? Or out of date, how are people scanning this stuff?
You know? Or or where do I find out what the you know, more information about these different protocols, how I would scan them, how I would update them, that kind of stuff. So each of you, you know, a couple minutes on on just where we can find good best practices and recommendations of this.
Brett, I’m I’m sure you’ve got, like, a like a a phone book of wonderful things that you could rattle off, probably way more than I can.
One of the things that Brett talked about was really important. So losing data, especially in today’s age, is so much different than just a few years ago. Going back to the AFCOM state the data state of the data center report, for the first time, data exfiltration broke into the top five of security threats. I’m actually gonna look at it.
Forty three percent came back and stated that that was that was one of their biggest concerns concerns and threats. That’s up from twenty seven I’m sorry, twenty eight percent last year. So a lot more people are concerned about losing this information and and these and these physical attacks. But one of the things that I wanna make sure everyone sort of hears about, when we start to take a look at AI and just not just AI, but wireless communication, the modern landscape of the architecture and data centers we see right now, the biggest things I can recommend is three.
One, there’s a concept called zero trust, right? Trust nothing, verify everything. And it’s not If anyone tells you my software can do it, kick them out of your office, because it’s not a piece of software. It’s a tool, it’s a practice, it’s a philosophy.
It’s so many things, right?
And being able to segregate IoT and legacy devices on distinct isolated wireless networks to minimize that exposure is just elemental. Right? If you have to have legacy wireless, put it on its own segment. Make sure nothing else can communicate with it.
I get it. I get it. Right? I’ve I’ve spent days working with legacy Citrix environments, old VMs that can’t migrate because if you upgrade, you know, Windows ME I can’t believe that was the reference I decided to pull out.
Or or o o Windows NT, because those still exist. Right? Yeah. Because my my green screen will fail.
Fine. Fine. Right? We’ll put it on a on a segment in isolated, network.
You mitigate them. You mitigate the the issues. Right? Yeah.
The other big thing that I wanna make sure that we talk about is if you haven’t looked at your visibility, because that’s where it’s king, right? So implementing a dedicated wireless intrusion detection system for granular protocol visibility is gonna be huge. Right? So in many situations, you can scan things for those for those rogue multihone devices or what’s potentially out there and just being able to much more granularly control what’s connecting to your environment. And finally, I think you started with this conversation, by the way, Adrian and Brett, like the gap between these security teams. This comes down to probably the first thing you should do is create an integrated security framework where you ensure that your wireless threat detection seamlessly integrates to a broader SecOps toolset and practice set to support that real time proactive threat mitigation.
Even if you don’t think there’s a gap, there’s probably a gap. And if this is your one moment to go back and review your best practices or your teams, however you currently manage your security architecture between wireless devices, and now that you understand you should be also looking at, you know, ZigBee and all these other different kinds of protocols, take a moment. Take a moment to make sure that those frameworks are truly aligned.
And Brett, bring us on.
Yeah. I guess I guess the way you phrased the question, Adrian, it it my mind went to Chasm Solutions. And there’s a whole host of solutions out there for devices that are connected on the wire. I won’t hold to recommend any specifically, but you can go and do the research. There’s plenty of good options.
The problem I see is You make one.
I mean, you can say that you make one, right?
Well, I’m gonna go there because when it comes to wireless chasm, there really aren’t too many good options. So there’s lots of tools that are available that can start to bring visibility.
What do you mean by CASM? First of all, CASM might not be like like, that that might not be something everybody understands.
Oh, I’m not gonna rattle off the terminology. I can’t remember the acronym, but it has to do with asset discovery and management.
Cyber asset attack surface management.
Thanks, Adrian. That’s perfect.
Yeah, identifying what’s on your network, what speaks what protocol, it’s logically connected, what its firmware is like, all that kind of information. We talk about wireless, there really aren’t too many good solutions out there for identifying assets. There are some good tools that can bring visibility to maybe a subset of the protocols there. So this is where I will be a little bit shameless in plugging Bastille because we have a great solution for providing comprehensive visibility. So you ask for resources. And again, I’m a little bit stumped because there are some good tools that you can kind of, you go out there and you find out about software defined radios or you find about how protocols work or whatever. There’s a lot of good educational material out there, but it’s kind of sparse and disjointed.
And again, I’m going be shameless and say, check out the Bastille website. And there’s lot of good material there to try to dig through and figure out what’s going on and what some of the threats are and what some of the countermeasures might be.
We’re happy to chat with you. I know that’s very salesy, but really, there’s it’s a bit limited right now. And so I’d like to see more more people become interested in this. And then I’d love to see more competition in that marketplace, but it’s it’s really like there needs to be more people noticing that this is a problem.
I did drop a link. I know we gotta wrap now. We we’re out of time, but I did drop a link to that nearest neighbor attack in the chat. So be sure to grab that and the other links that we dropped down there.
Bill and Brett, thank you so much. This went by super fast. A lot of interesting stuff you guys shared. Thank you so much.
Thank you, Adrian.
Thank you.
Thanks also to our sponsor, Besteel, for making today’s webcast possible. And finally, a big thanks to the audience. This is why we do it. We’ll see you next time.