Dashboard Activity

Summary

Excerpt From Introduction to Wireless Threat Intelligence Webinar/
Learn More About Bastille’s Activity Dashboards With CTO Dr. Brett Walkenhorst/
Dr. Brett Walkenhorst, CTO, demonstrates the dashboards on the platform that are intended to examine device activity in relation to time, place, and other metadata variables. With more than eighteen million observations made in a typical corporate setting, the Bastille system discovered considerable wireless activity using data spanning a month. Unusual patterns are found by looking at unique device IDs, which encourages more research into the causes of abrupt spikes in activity. Users can identify potential security concerns or unusual behavior by correlating wireless activity with other facility information by using this data analysis tool.

Video Transcript

We have built a number of dashboards, but you can start to understand where these devices are, how they behave in time, space, and other metadata dimensions. So this is an example, just at a very high level, where over some period of time, in this case, a month's worth of time, I can look at all the observations that the best deal system has detected for all the different protocols.

Maybe just the first thing to note here is that's a ton of observations. Eighteen million observations within a month. And this is not a large space. It's a typical corporate environment. And we do have people come in and and we do demos and stuff, but You can see there's just a ton of observations, ton of wireless activity here.

Notice that there's some spikes in certain days, maybe in the afternoons looks like maybe three consecutive days around the middle of the month. We had some extra activity going on. So you could correlate that with other information you have about the facility and try to understand if that's reasonable or if there's a spike in activity due to some other unknown event that might not be so benign.

And if I look at just unique device IDs, not total observations, but those devices that have unique identifiers I get a very different picture. In this case, you gotta ask what the heck is going on on that one day where I've got this huge spike. And so we do some interesting things in our research and and there are reasons things play out the way they do in our demo center, but But you see data like this and this is an indicator that there's some digging to be done to find out why there were suddenly so many apparent unique identifying devices for WiFi on one afternoon.