Network-Centric Wireless Intrusion Detection Needs to Evolve

Until fairly recently, wireless intrusion detection has had a myopic focus on Wi-Fi® networks. This wasn’t necessarily due to short-sightedness, it’s just that Wi-Fi networks were among the first to become so widely available that users could find them virtually everywhere. Private and public entities saw the benefits of Wi-Fi which fueled demand for these networks, including in areas where information is supposed to be secure from exfiltration. For the government and military, this demand prompted the need for technical guidance on monitoring networks within secure areas.

Today, Wi-Fi accounts for just a small portion of the entire wireless activity happening on networks. Bluetooth®, Bluetooth LE (BLE), and cellular devices also add their signals to the crowded wireless environment. Providing meaningful situational awareness such as device type, device identification, device location, event time, etc., not just for Wi-Fi activity but for all active signals within a monitored area, requires adopting a plan for monitoring  physical spaces as well as networks. Unauthorized portable electronic devices (PEDs) or rogue access points present some formidable challenges to keeping sensitive areas safe, not the least of which is the sheer number of these devices in the world. Just about everyone carries a cell phone at all times and generally cell phones are top-of-mind when it’s time to secure devices in a PED locker before entering a SCIF. Chances are, you can look around you right now and spot at least one device that is capable of sending an RF signal, something you might have used for years as an analog, single-use device like a watch or headphones, or even a medical device.  But with the onset of the internet of things (IoT), these once innocuous devices are now connected and capable of recording and transmitting all types of data. 

Traditional wireless intrusion detection systems (WIDS) have not evolved along with the threats, and a system that doesn’t account for Bluetooth and cellular signals is only seeing a small part of the potential threat matrix. There are so many connected devices that pose potential threats that the only sure-fire way to be ahead of the risk is with always-on, full spectrum monitoring that can detect and locate ALL devices. Providing this insight is why Epiq Solutions partnered with the US Naval Research Lab (NRL) to develop Flying Fox® Enterprise. Originating from an NRL research project, Flying Fox Enterprise is the first commercially available software-defined radio (SDR) based system that accurately detects, identifies, and locates Wi-Fi, Bluetooth, BLE and cellular signals. The system is a passive sensor that can be setup in existing networks to offer the continuous high-accuracy wireless monitoring and detection facilities directors and government personnel need. The use of multiple wideband SDRs allows Flying Fox Enterprise to provide cellular insight by being able to decode messages between a handset and a cell tower, not just energy signatures, ensuring around-the-clock cellular detection with zero false positives. Furthermore, since Flying Fox Enterprise is based on SDRs, it is virtually future-proof, able to stay current with the latest technology standards and protocols with only a software upgrade. 

Wireless intrusion detection alone is no longer adequate to provide situational awareness for physical spaces. (Photo Credit: US Army Cyber Command)

Whether someone brings a device into a SCIF with bad intentions or they simply forget they have a wireless device with them, there is an inherent risk to the presence of any unauthorized PED. There are countless apps and peripherals on smartphones and other connected devices that would make the exfiltration of data pretty easy and, without wireless detection, pretty invisible. Flying Fox Enterprise has identified unsecured access points in highly sensitive areas that turned out to be originating from seemingly harmless devices, including the monitors or ceiling projectors in conference rooms. Flying Fox Enterprise has also identified tracking devices that make their way into DoD facilities in shipping containers.

Being able to detect, identify, locate, and take action against all potential threats to a network is critical to information security, and being able to adapt to changing technology and evolving threats is key. But expanding the security purview beyond the network and into physical space is a requirement in today’s always-connected, always-on reality. If you are interested in learning more about how Flying Fox Enterprise is helping SCIFs with situational awareness, you can read our latest case study or watch our demo.