Pwnie Express Selected as a SINET 16 Innovator Remote Asset Discovery and Assessment Provider Lauded for Its Cutting-Edge Cybersecurity Defense Technology

BOSTON, Nov. 18, 2014 /PRNewswire/ – Pwnie Express, providing anywhere on-demand wired and wireless network security assessment, today announced that the Security Innovation Network (SINET) has named it a SINET 16 Innovator.

Pwnie Express was selected from a pool of 180 applicants worldwide by the SINET Showcase Steering Committee, which is made up of 60 security experts from government, academia and the private sector, for its ability to combat cybersecurity threats and vulnerabilities.

The SINET Showcase will feature Pwnie Express’s Pwn Pulse solution, which provides consolidated asset discovery, vulnerability scanning, and pentesting in a single unified offering. This delivers actionable risk information showing organizations where they are most vulnerable, allowing them to focus on high probability threats and threat vectors. The event will be held December 3-4 in Washington DC.

“We are honored by SINET’s recognition of our innovative solution whose integrated intelligence delivers continuous in-depth analysis to accurately identify attack paths, allowing organizations to level the playing field against the hackers,” said Paul Paget, Pwnie Express CEO. “Pwnie Express is the only solution to assess wired and wireless network security anywhere, on-demand. Leveraging the expertise of Pwnie Labs and using open source tools our SaaS solution allows organizations to easily protect themselves against attackers who are increasingly accessing confidential data and information through remote locations.”

The SINET Showcase provides a platform for the business of Cybersecurity to take place as emerging technology companies present their solutions and connect with a select audience of nearly 400 venture capitalists, investment bankers as well as industry and government buyers.

SINET is a community builder and strategic advisor whose mission is to advance innovation and enable global collaboration between the public and private sectors to defeat Cybersecurity threats.  Its public-private partnership events are supported by the U.S. Department of Homeland Security, Science & Technology Directorate.

SINET also offers advisory services and a membership program that have helped build thousands of relationships and delivered value across a broad spectrum of the security community to include buyers, builders, researchers and investors.  For more information, visit  Connect with us on Twitter at @SINETconnection.  Follow the conversation about SINET 16 at #SINET16 and this year’s SINET Showcase at #SINETDC.

About Pwnie Express

Pwnie Express provides an end-to-end security assessment solution that delivers real-time wired and wireless asset discovery, continuous vulnerability scanning, pentesting, risk trending and alerting. It provides sensors for individual locations and an enterprise-class Pwn Pulse solution using its sensors combined with central management for scalable continuous intelligence across remote locations.

Thousands of organizations worldwide rely on its products to conduct drop-box pentesting and provide unprecedented insight into distributed network infrastructures. Pwn Pulse allows organizations to see all the things using open source tools and platforms. The products are backed by the expertise of Pwnie Express Labs. It is headquartered in Boston, Massachusetts.

Contact: Sara Kantor
Phone: 617-267-1777

(Original Article)

10 Reasons Why Pwn Pulse Will Save You Time and Money

1. Real Time Wired, Wireless, and Bluetooth Asset Discovery

Pwn Pulse allows you to automatically discover both wired and wireless assets and helps security professionals locate rogue devices and create a comprehensive list of network devices and exceptions that may be noncompliant or harmful. Pulse detects wireless and Bluetooth devices, unlike software-agent-based solutions, so Pwn Pulse can let you actually “see all the things”.

2. Vulnerability Scanning and Validation

Runs a custom vulnerability scanner on a schedule determined by the user and visually displays aggregate data and trends while allowing technical users to drill down into the details. So you can know what’s out there to get you.

3. Penetration testing

Users can run custom scripts and assessments remotely through Pwn Pulse to further test and validate security gaps revealed by routine vulnerability scans. It’s the classic Pwnie pentesting experience.

4. Analysis of security information across a distributed network

Analytics allow users to visualize trends across the company and/or within a remote location including  a comprehensive view of assets and vulnerabilities discovered by specific sensors or groups of sensors. Results are graphically displayed on an intuitive dashboard.Because big data has taught us that more information is better… (but only when it’s organized well)

5. Frictionless Plug and play deployment

Easy to deploy without the need to install and manage agents, Pwnie Express sensors are plug-and-play, so employees in remote locations simply plug the sensors into the network. Pwn Pulse is the perfect solution for a company without technical resources at its remote sites – my grandmother could plug in a Pwnie sensor!

6. Centrally managed, easy-to-use graphic interface

Security professionals can both see its output and control its capabilities remotely. Pwn Pulse is designed to be integrated with System Integration and Event Management (SIEM) software, but even without SIEM software Pwn Pulse is the aesthetically pleasing way to assess security – anybody can see how beautifully secure your remote sites are.

7. Safe and Secure – even Dave Kennedy of TrustedSec thinks so!

Sensors are pre-configured to only communicate with their central management server, all communications and databases are encrypted, and all services are segmented to provide the highest level of defense. Because a security tool should be secure.

8. Customers love it!

You’re not the first one to use it, and people seem to like it so far:

  • It’s a “solution that allowed me to do these scans more frequently and without having to be onsite.”
  • “It allows us to have true policies in regards to our networks and computers and a true way to test that. It gives us the ability to not only have the policies on hardening our hardware but also a way to verify that it’s where it’s supposed to be.”
  • “It solves the pressing problem of continuous and comprehensive assessment of remote locations.”

 9. Enterprise Capable

Pwn Pulse is designed to be a highly scalable solution capable of supporting thousands of sensors at remote locations. Each sensor reports back to its central console and users can remotely control individual sensors for penetration testing. This Pwnie grows with you.

10. It can find that *rogue* printer in your office

All jokes aside, wirelessly-connected printers are a problem.

*If you really want to read the dry stuff, Pwnie Express has also released a press release on Pwn Pulse.*



Crunching the Numbers: A Snapshot of Security

Here at Pwnie, we want to know just how we’re helping the industry. So we conducted a survey of you and your peers — hundreds of IT security professionals last month.

The survey found that 40.6 percent of you have no visibility into your wireless assets at remote sites. That’s right – zero. As wireless becomes omnipresent and businesses are increasingly distributed, often with hard-to-reach branch offices and remote sites, this could potentially spell disaster. TJX, anyone?

Additionally, the survey found that this may be because 43.9 percent of you are not even required to assess the wireless assets at your remote sites. And on top of it, even when assessments are taking place 53.6 percent of the time they are only happening quarterly or less. The survey also revealed that despite increasing compliance mandates, including the Payment Card Industry Data Security Standard (PCI DSS), 51.8 percent of you said they did not conduct penetration tests at remote locations.

Many of you have expressed to us how they would like to do more penetration testing and have full visibility into both the wired and wireless assets at all of your locations. The intentions are there, and so were many of the open-source tools, but by packaging these tools we at Pwnie Express are trying make it easier for the security community to effectively use them across the organization.

Here is the official press release.

What’s Up, Doc?

Black Hat 2014 had a roundtable on “Medical Devices Roundtable: Is There a Doctor in the House? Security and Privacy in the Medical World”. Rapid 7’s Jay Radcliffe presented the major issues facing the healthcare industry as it moves in the direction of increasing automation both of information and devices, an expanding surface for all sorts of potential problems.

Though the roundtable was well-attended, Forbes’ Dan Munro pointed out that it was more incredible that medical care was surprisingly not present at the conference. Healthcare is becoming increasingly more automated, and rightly so — bioanalytics and cloud-based monitoring are helping to save lives by giving doctors up-to-date information on patients and remote oversight of their health. As he pointed out, this is not a bad thing: lives are not only being saved by wirelessly controlled pacemakers and insulin pumps; the lives of sick patients are often being improved by the ability to monitor and control processes that were previously invisible to patients. In addition, medical research is infinitely easier when the information from thousands of people — all willing participants, of course — can instantly be aggregated.

Radcliffe was quick to point out the main issues: lack of regulatory oversight, lack of understanding even within regulatory organizations, and lack of knowledge within the industry. As it exists, he pointed, security is under no domain. The FDA gives cybersecurity “guidance”, a tricky word that lacks the emphasis of retail’s PCI regulations and fines. They rightly point out that cybersecurity is a shared responsibility, which is simultaneously a problem and an opportunity, if the industry rises to the challenge.

Unfortunately, the industry is already behind. A DEF CON talk by Scott Ervin and Shawn Merdinger further explored just how lacking in security many medical device currently are, with another Munro article noting that over 90% of cloud services used by healthcare could pose a major security risk. New devices being marketed as health monitors also have the potential to be extremely detrimental, as information gathered from the devices could be used to collect sensitive data.

Meanwhile, data breaches at hospitals and health centers are already occurring, as the recent CHS incident attests. Data breaches, surprisingly enough, are a portion of the healthcare industry that is regulated under HIPAA (the Health Insurance Portability and Accountability Act), a Health and Human Services Act that protects Personally Identifiable Information (PII). Even with HIPAA and the guidance of the FDA, more has to be done in this field.

And with the potential implications of a hack or breach being human life, the stakes could not be higher.

Pwnie Express Releases Next Generation Penetration Testing Device: The Pwn Plug R3

September 3, 2014

Pwnie Express today announced the release of the latest version of its cutting edge Pwn Plug, the R3, an inconspicuous pentesting device whose drop box form factor provides unprecedented ease of use at remote locations at a fraction of the cost of traditional penetration testing solutions.

Pwnie Express is the only company to assess wired and wireless network security anywhere, on demand. Its Pwn Plug R3 is a next-generation penetration testing device in a portable, shippable, “Plug-and-Pwn” form factor. With onboard 802.11a/b/g/n wireless, external high-gain Bluetooth, 4G/GSM cellular, ruggedized case design, and greatly improved performance and reliability over its much-lauded R2 predecessor, the Pwn Plug R3 is the enterprise penetration tester’s dream tool.

This easy-to-deploy sensor can be remotely controlled over a covert Internet channel or a cellular data connection. Preconfigured, once plugged in and turned on, the Pwn Plug R3 will look to find a way to establish a persistent SSH connection between the device and its operator’s server—including a GSM-based 4G cellular data connection.

The R3 rounds out the Pwnie Express line of comprehensive vulnerability assessment and penetration testing solutions. The solutions include Pwn Pad 2014 and Pwn Phone, mobile form factors for the on-the-go tester, Pwn Plug R3 and its more powerful medium to large enterprise Pwn Pro counterpart, drop-box sensors used for remote testing, and Pwn Pulse software as a service (SaaS) solution for those organizations with multiple hard-to-reach distributed sites that require continuous monitoring and assessment.

“Our customers are constantly looking for ways to keep cost down and quality high. With the products at Pwnie Express we can cut travel costs to zero and still provide outstanding internal assessments. They have changed our business model and hopefully the whole business model for pentesters everywhere for the better,” said John Strand, senior security analyst/principal of Black Hills Information Security.

Product benefits:
o    Provides a cost-effective lightweight, non-intrusive and easy-to-deploy solution for remote locations
o    Preconfigured, doesn’t require onsite management
o    Extends on demand penetration beyond the headquarters to remote sites
o    Allows for easy anywhere drop box deployment
o    Increases frequency and scope of remote site assessments
o    Expands awareness of wired, wireless, BYOD and rogue devices across all sites
o    Addresses PCI DSS and HIPAA compliance requirements at remote sites
o    Greatly reduces travel and operational overhead required to do security testing

Core features include:
o    Onboard dual-band 802.11a/b/g/n wireless supporting packet injection & monitor mode
o    Onboard Bluetooth supporting device scanning & monitor mode
o    External 6-band (worldwide) 4G/GSM cellular USB adapter
o    Intel-based hardware delivers professional-grade performance & reliability
o    Onboard 802.11a/b/g/n wireless supporting packet injection & monitor mode
o    Onboard Bluetooth supporting device scanning & monitor mode
o    External unlocked 4G/GSM cellular adapter (SIM not included)
o    Runs Pwnix, a custom Debian distro based on Kali Linux
o    Over 100 OSS-based pentesting tools including Metasploit, SET, Kismet,
o    Aircrack-NG, SSLstrip, Nmap, Hydra, W3af, Scapy, Ettercap,
o    Bluetooth/VoIP/IPv6tools, and more
o    Simple web-based administration and in-product updates with “Pwnie UI“
o    One-click Evil AP & Passive Recon services
o    Persistent reverse-SSH access to your target network
o    6 unique covert channels for remote access through application-aware firewalls and IPS
o    Supports HTTP proxies, SSH-VPN, & OpenVPN
o    Out-of-band SSH access over 4G/GSM cell networks
o    Wired NAC/802.1x/RADIUS bypass capability
o    Unpingable and no listening ports in stealth mode
o    Local console access via HDMI

“It’s challenging for today’s globally-distributed organizations and consultants to assess the security of remote sites and branch offices. Today’s cyber criminals know this and are increasingly concentrating their efforts on these often-overlooked entry points,” said Dave Porcello, Pwnie Express CTO and Founder. “The Pwn Plug R3 helps these organizations and consultants gain deep visibility into these remote locations without physically traveling to each site, providing a cost-effective means to mitigate these attacks.”

Availability And Pricing
Pwn Plug R3 is generally available, priced at $995.

About Pwnie Express
Pwnie Express provides a simple and scalable asset discovery, vulnerability scanning, and penetration testing solutions for remote sites and all wireless spectrums. At its core are open source tools integrated on a smart platform available in a variety of form factors, which have helped thousands of enterprises worldwide get unprecedented real-time actionable insight into their distributed network infrastructure. The award-winning products are backed by the expertise of Pwnie Express Labs, the company’s security research arm. The company is headquartered in Boston, Massachusetts.

[Press Release]

Congratulations to the Winners of our Vegas Pwn Phone Drawings!

Congratulations to Eric Meyers of Corning, Inc. and Joe Burgos of Molina Healthcare, the winners of our Pwn Phone drawings at Black Hat and DEF CON! The Pwn Phone 2014 is a high-speed, lightweight LG Nexus 5 smart phone that is the ideal choice for on-the-road pentesting and onsite assessments. The Pwn Phone 2014 can evaluate wired, wireless, and Bluetooth networks and has over 100 open source pentesting tools.

Pwnie Express’s Dave Porcello and Vic Wheatman on Securing Branch Locations


Episode 20: Securing the Branch Location and Remote Sites

Hackers continue to go after the easiest target — the branch or remote office be it a gas station, retail store, bank branch, local health clinic or the like.

Armed with the knowledge that organizations are increasingly distributed and most organizations’ budgets are allocated to headquarters, a branch or remote office often provides an easy access point for attackers.

Vic Wheatman speaks at Black Hat with Dave Porcello, CTO and founder of Pwnie Express on what kinds of attack the organization should actually be concerned about.

Is it the advanced persistent threat or is it that unknown rogue access point? As you’ll hear from Porcello, your organization may have unbelievable security 99 percent of the time but it’s that one computer, or air conditioning duct, that often opens the door.

Listen Now!

(Original Post)

Security Pulse of the Company

The heart of any company is the headquarters. Organizations go to great lengths to protect this center of human and security activity, but like wearing a Kevlar vest to protect the vitals, securing just the headquarters is not enough. And even scarier? Until now, there was no cost-effective way of consistently monitoring the security of systems at your remote locations.

What is it?

That’s why Pwnie Express is releasing Pwn Pulse, a centralized SaaS solution that allows security teams to “see all the things” in their remote offices. Pwn Pulse gives users complete remote control over Pwnie’s innovative white hat “hack-in-a-box” sensors, allowing them to test security systems without travel or cumbersome bandwidth requirements.

What does it do?

Pwn Pulse automatically discovers all wired, wireless, and Bluetooth devices at a location, whether on the network or unknown. Give Pwn Pulse a schedule and it will run vulnerability scans from within the firewall at each remote location. More technical users can run custom scripts and assessments remotely through Pwn Pulse to further test security gaps revealed by routine vulnerability scans. And, if necessary, security professionals can remotely operate one-to-one penetration tests.

How does it look?

Most importantly, the Pulse dashboard presents the information in an intuitive format with analysis capabilities. In addition to seeing and controlling specific sensors, the Pulse dashboard allows the user to see the information across a set of sensors or locations so as to track broader company security trends.

That’s what makes Pwn Pulse so exciting! One-to-one asset discovery and penetration testing is useful, but we wanted to make those tools even better for defending against your attackers. Pulse gives you the most important protection: information. A better-informed security team can find the chinks in the armor and appropriately allocate resources where they’re most useful. Pwn Pulse lets you can take the pulse of your organization, to properly diagnose the problem.

For more questions, please visit our website or the Pwn Pulse FAQ. Additionally, you can access the official press release here.