Pentest Magazine

September 4, 2015

Interview With Pwnie Express

By Pentest Magazine

Pwnie Express was founded in 2010 by Dave Porcello, who developed the original Pwn Plug to fulfill his own penetration testing needs while working as the IT Security Director at Vermont Mutual Insurance Group. Since its founding, Pwnie Express has become the world leader in remote security assessment, and the first company to empower organizations of all sizes with a full visibility and threat detection platform that discovers and alerts unknown or high-risk devices and their potential threats wherever they exist on the network.

Through its enterprise-class Pwn Pulse platform and its long-trusted Pwn Plug, Pwn Phone and Pwn Pad devices, Pwnie Express provides continuous visibility throughout the wired/wireless/RF spectrum, across all physical locations including remote sites and branch offices, detecting “known-bad”, unauthorized, vulnerable, and suspicious devices. Pwn Pulse enables central management from a single cloud dashboard for scalable, continuous intelligence across the enterprise, as well as remote and branch locations.

Backed by the powerful security research of Pwnie Labs and regular feedback from customers and community partners, Pwnie Express helps its customers reduce the attack surface created by the explosion of devices introduced by Bring Your Own Device (BYOD and the expansion of threat vectors brought on by the Internet of Things (IoT). It is headquartered in Boston, Massachusetts.

PenTest Mag: Can you speak to your experiences starting/developing a small company in a market as competitive as IT security?

Pwnie Express: Pwnie Express CEO Paul Paget joined founder (and current CTO) Dave Porcello because they shared a vision for how remote penetration testing tools could be used in a much more substantial way. Dave created the first Pwn Plug, which has since become the industry standard for remote penetration testing around the world. The success of the Pwn Plug led to the bigger idea of distributed pentesting, which caused Dave to seek venture funding and a CEO to help build the business. With more than 30 years experience bringing information security products to market, Paget had built the first company to establish penetration testing as a product, and had experience with highly secure hosted security systems. For the past 15 years, he has specialized in leading early stage companies and bringing new, innovative security products to market.
In all cases, Paul sees the primary challenge – and opportunity – as this: find a way to connect the technology to the right people who will help you with the initial phases of the product’s lifecycle. Together you shape the product into something that can be successful in the marketplace. You HAVE to be able to connect your idea to the market and find a seam where you can enter. In Pwnie Express’ case, the team leveraged the original Pwn Plug to create automated pentesting on a distributed basis. As the market shifted toward BYOD, the marketplace presented a larger problem for Pwnie to solve: the lack of visibility into devices within an organization.

PenTest Mag: Your products make heavy use of open source projects, would it be safe to say that you wouldn’t have been able to bring them to market if you had to develop all of this software in house, or pay licensing fees to include them?

Pwnie Express: No, we would not have been able to bring this rich of an offering to market without the use of open source technology. By leveraging the open source technology in the Pwn Pulse system we were able to make a collection of powerful products scalable, and at a price point that makes the solution readily available for customers. Ultimately, we have contributed to the further development of open source tools and shared them back with the community.

PenTest Mag: Could you tell us more about the Pwnie Express training, the skills and tools?

Pwnie Express: Pwnie Express offers live training for users of the mobile line of products, i.e. Pwn Pad and Pwn Phone and for users of the fixed sensor line of products, i.e. Pwn Plug R3 and Pwn Pro. The training session for the mobile and fixed line of products provides new or infrequent users of the Pwn Pad and Pwn Phone, or  Pwn Plug R3 and Pwn Pro respectively,  with an introduction to the hardware, the Kali based Operating System, and product usage, configuration, updating, installation of additional software, remote access, and advanced functionality (such as NAC Bypass with the Pwn Plug R3).

The training session for the “fixed” line of products provides new or infrequent users with an introduction to the hardware, the Pwnix operating system, and product usage. Including the subjects of the Pwnie UI, configuration, deployment, updating the device, installation of additional software, enabling remote access, enabling Stealth Mode and NAC Bypass (R3 only), hints & tips, troubleshooting, etc.

Both training classes are interactive, delivered online via WebEx and attendees are encouraged to ask questions of the instructor. Training sessions usually last three hours.  Afterwards attendees are provided with a recording of the session for later reference.

PenTest Mag: In terms of the OSI (Open Source Interconnection) 7 layer model, at which layers do your products and solutions operate at?

Pwnie Express: Out of the box, Pwn Pulse primarily operates at Layers 2 and 3 due to our focus on device discovery. If the advanced features — such as a custom script to leverage Nmap’s Heartbleed checker– are utilized, Pwn Pulse is able to operate at layers 2 through 7.

PenTest Mag: For branch offices are distributed servers an option? Or does each sensor communicate back to the Central Pwn Pulse system?

Pwnie Express: Each sensor is essentially a server that communicates back to the central Pwn Pulse system. The beauty of the system is that it can be shipped to remote locations, plugged in by any employee, and it will start collecting date without any special configuration.

PenTest Mag: Is the communication between remote sensors and the central Pwn Pulse system encrypted? What protocols are used?

Pwnie Express: The communication between the sensors and Pwn Pulse is encrypted. Specifically, we utilize an encrypted TLS tunnel to transmit Sensor data back to Pwn Pulse.

PenTest Mag: How is the Pwnie Express experience and intelligence translated down into the customer organization for those who do not specialize in Information Security; Risk Assessment and Security Planning?

Pwnie Express: Our solution does not require IT to put agents on employee-owned devices, the threat detection and added visibility preserves privacy and ownership so that IT does not have to interfere with the employee’s personal devices. At the same time the Pwn Pulse provides the enterprise with the ability to identify devices that do not belong in the workplace. The ability to track and know which devices are employee-owned enables them to say “these devices belong.” Pwn Pulse also provides a “safety net” for IT where they can track and monitor all employee-owned devices on an ongoing basis. For example, an employee could bring in a device that helps them do their job more effectively, i.e a printer that connects to wifi. Employees may not realize that this printer in its default state provides a gateway into the network for an attacker. The Pwn Pulse would alert IT that the device has been added to the network and is a potential threat.

PenTest Mag: How is the pricing model structured?

Pwnie Express: Pwnie Express offers a subscription service based on the number of sensors required.  Pricing starts at ~$180 per month per sensor and includes access to the Pwn Pulse system,

 Al la carte device prices are available at www.pwnieexpress,com or by contacting sales via phone at (855) 793-1337 or email sales@pwnieexpress.com.