The security landscape is changing rapidly, with rogue devices and complex malware becoming increasingly common attack vectors. The best weapon in this new era is information, and the best way to stay informed about your network is with a distributed security system like Pwn Pulse.
With Pwn Pulse, IT staff can see the entirety of their network at a glance, helping to determine which machines are at risk, where the vulnerabilities are, and even show if they’ve already been victimized. This capability is exceptionally important to organizations with remote locations, as it allows the same level of oversight to be applied to every part of the network, even if it’s a thousand miles away.
Detecting Rogue Devices
One of Pwn Pulse’s most valuable functions is the ability to see new devices almost as soon as they connect to the network. Any new device which connects to the network can automatically be immediately flagged as suspicious within Pwn Pulse, which helps staff sort out devices which need to be investigated. Once the device has been verified to be legitimate, it can be marked as such in Pwn Pulse, along with some notes that help describe what it is and why it’s necessary.
The detailed history Pwn Pulse keeps on every device particularly helps in the fringe cases which have traditionally been difficult to effectively deal with. For example, it can make a clear distinction between an approved device which is only on the network infrequently and one that has never been connected before.
Scanning for Wireless Threats
More importantly, these capabilities extend beyond the physical network Pwn Pulse is monitoring. By way of WiFi and Bluetooth scanning software in the sensors, Pwn Pulse can even see when new wireless devices have come into range. This can be anything from the Bluetooth on a user’s smartphone to somebody attempting to setup a rogue access point in the parking lot.
Pwn Pulse features historical record keeping that also applies to these more nebulous wireless hits, allowing staff to find trends and associations which may otherwise have been impossible to identify. If somebody suspicious was snooping around one of your branches, you may be able to find out if he’s been around any of the other branches by seeing if the same Bluetooth phone or headset was picked up at multiple locations.
Fingerprinting Network Devices
Pwn Pulse does more than just find devices, it can also help identify them. Using a suite of software tools installed on each sensor, Pwn Pulse is able to glean information from devices on the network from high level things like device manufacturer and operating system, all the way down to what services are running on which ports. It can even scan those services for known vulnerabilities and exploits, allowing for the creation of a unique and very specific “fingerprint” for every device detected.
Using these software and hardware fingerprints can help determine what each network device actually is, as well as track their movements throughout the network. If a rogue access point running a specific set of services was detected at one remote branch, Pwn Pulse could tell you if another rogue access point with the same parameters was seen elsewhere.
Evaluating Rogue Access Points
Being able to detect a rogue access point attempting to victimize one of your branch locations is incredibly important, but even better is the ability to determine if it has actually been effective or not. To that end, Pwn Pulse has the unique capability to show which wireless clients have connected to which networks over time.
By selecting a suspected rogue access point in Pwn Pulse, a list of clients which have connected to it can be generated. Pwn Pulse can automatically cross reference that with the list of nominal wireless clients which connect to the network, so administrators can see which machines have actually fallen victim to the rogue access point. These devices can then be singled out in an investigation to help determine what information may have been leaked during the attack, or examined for software modifications such as malware installations.
Automated Vulnerability Scanning
Rogue devices and access points aren’t the only threat to the modern network. Malware is becoming increasingly sophisticated, with some security researchers now even claiming physical damage resulting from such software isn’t outside the realm of possibility. As more and more hardware becomes connected in the “Internet of Things”, complex malware that can manipulate devices will become a very real threat to the digital as well as physical security of the workplace.
With the ability to regularly scan the network for vulnerabilities and exploits with constantly updated industry recognized tools, Pwn Pulse gives the administration peace of mind by giving them the knowledge that all of their software is up-to-date and as secure as it can be. Through its scripting system Pwn Pulse can adapt to new threats, or even perform tests specific to the software running on a particular network. These scripts, both user-defined and provided remotely by Pwnie Express, give Pwn Pulse the exceptional flexibility required to stay relevant in a constantly evolving environment.