Since 2012, Pwnie Express has been a pioneer in the field of professional-grade penetration testing “dropboxes,” starting with the original Pwn Plug and continuing up to the latest R3 version. These devices, essentially tiny computers loaded with the latest security tools and the engineering to tie it all together, can be deployed at remote locations and report back to a security auditor from halfway across town, or the world. With the Pwn Plug, the security auditor simply needs to ship the device to the location to be audited and instruct whoever receives the package to plug it in; absolutely zero technical expertise is required on the receiving end.
The Pwn Plug allows a security auditor to monitor a remote location as if they were there themselves, greatly cutting down on cost and increasing response time. It allows one person, from a central location, to monitor multiple remote branches for changes in network topography or operation. If a new piece of hardware was added to the network, or some suspicious activity started consuming resources, it could be found and identified without having to physically visit the location.
But if there was one piece of the puzzle missing, it was a way to turn all of the raw data collected by remote Pwn Plugs into a concise, real-time, overview of the network. Managing the deployed Pwn Plugs could become a daunting task for operations utilizing them at multiple branches, and important clues could slip through the cracks.
This is where Pwn Pulse comes in. Rather than thinking of the Pwn Plugs as remotely deployed computers that you manually interact with, Pwn Pulse reinvisions them as remote sensors. The data from these sensors is collected, filtered, and displayed to give the operator a snapshot of the overall network no matter where they are. Built-in analytics can identify trends in data over the entire network, or drill down to a single location. From rogue access points to an unfamiliar smartphone, network anomalies which may have otherwise gone unnoticed are immediately visible.
But Pwn Pulse isn’t limited to simply collecting data passively. It can also launch automated penetration tests and vulnerability scans from the remote sensors; so not only can the auditor see if a user has brought in their own device from home, they can instantly scan it for common vulnerabilities to determine its possible risk to the network. Scans can also be configured to run periodically, making sure the network is always operating as securely as possible.
The value of a distributed security system such as Pwn Pulse is easy to understand in scenarios where there simply aren’t enough security professionals on staff to cover all of the remote branches in the organization. Rather than abandon the less utilized branches so manpower can be devoted to the higher priorities, Pwn Pulse allows the staff to virtually be everywhere at once.
Take as an example a bank which has multiple small locations in addition to its main headquarters. The smaller locations don’t have on-site IT staff, and outside of the occasional visit would generally be left on their own in terms of routine preventative network maintenance. These are the kind of locations attackers love to target, and for good reason.
But with Pwn Pulse the situation is completely different. A Pwnie sensor can be shipped to each location, and all they have to do at the branch is plug in the power and Ethernet. After that, the sensor will call back home to Pwn Pulse and start adding its data to the collective. Rather than being a haven for attackers who want to remain undetected, every branch is now just as well protected as the others.
Naturally, increased security is the biggest advantage of a distributed security system, but it isn’t the only one. Organizations utilizing Pwn Pulse save money by not needing to staff each location with a security professional, and save downtime by keeping the IT staff constantly apprised of network health.