Bastille promises to find malicious wireless devices in corporate networks

Startup Bastille can flag suspicious radio traffic within enterprises to give security pros a means for keeping an eye on wireless Internet of Things devices that would otherwise elude detection.

Startup Bastille can flag suspicious radio traffic within enterprises to give security pros a means for keeping an eye on wireless Internet of Things devices that would otherwise elude detection.

The company is beta testing its system, which consists of radio-frequency sensors that gather data about radio traffic in the enterprise and a cloud-based analysis engine that figures out what traffic represents a threat, says company founder and CEO Chris Rouland.

The gear continuously scans all radio-frequency traffic from 50MHz to 6GHz to find the ones CISOs don't want in their airspace, he says. "For enterprises, this gives them situational awareness," he says.

For example, an employee could bring their personal Android phone to work that is infected with malware that tries to connect to network devices via Bluetooth and compromise them. But with no management client on the phone the enterprise would have no way to find out about the threat, he says.

Bastille's gear can see such promiscuous attempts to pair with Bluetooth devices and trigger warnings. Such attempts to connect to devices in a data center could indicate an attempt to access corporate data. A 5MHz wireless connection to the data center could be an innocent phone call and not particularly suspicious. But a 20Mbps LTE data transmission out of the data center at 2 a.m. would raise an alarm, he says.

If the Bastille system detects suspicious activity it can trigger alerts in SIEMs. Technically the system could jam such traffic but that might run afoul of regulations. Being able to kick devices off the network for suspicious activity, though, could move Bastille from intrusion detection to intrusion prevention, Rouland says.

+ ALSO ON NETWORK WORLD: 5 ways to prepare for Internet of Things security threats +

The sensors are deployed in an overlapping mesh like Wi-Fi access points to give full coverage to an area. The data collected is sent encrypted to a private cloud run by Bastille and processed. The company hasn't decided yet where that cloud will be located. The analysis determines where discovered devices are located in the building.

Typically customers would deploy the devices where their most important assets reside data centers and executive suites, he says. Businesses can set up policies that forbid any unauthorized devices within a geo-fence surrounding data centers and Bastille would discover any violations.

The system looks for protocols running across the wireless connections. It has been writing software to detect the most popular ones, and can add more as demand requires with a software upgrade to the sensors. It also analyzes behavior such as trying to make connections with any and all other devices it can locate or performing Wi-Fi scanning. If a new cell tower suddenly pops up within the building that would be flagged.

A dashboard visualizes the environment based on what the scanners find.

Customers would buy the sensors and pay an annual subscription for the analysis services. Pricing hasn't been set yet.

He says the company is hoping to sell to enterprises concerned about the security of Internet of Things devices that are designed with little security built-in. Such businesses have little in the way of securing their networks against these devices. "There is no IoT-security line item in CISOs' budgets," he says. He acknowledges that it may be necessary to convince security pros that there is an IoT security problem.

The system is in beta this year and general availability is scheduled for the first quarter of 2016, possibly at the RSA security conference.

The company is backed by $9 million from Bessemer Venture Partners.

The company name comes from the famous fortress and prison in Paris taken over during the French Revolution.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitymobile security

More about CustomersRSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts