Posted on Nov 24, 2020 4:34:02 PM
(Photo credit: CBS Studios)
In the 1960s TV show Get Smart, secret agent Maxwell Smart utilizes the 'Cone of Silence' to have top secret conversations, but it never worked quite the way it was intended, making for some very funny television. But yesterday’s cone of silence is today’s sensitive compartmented information facility (SCIF), and incomplete wireless intrusion detection in these real world areas can have devastating consequences. Being responsible for keeping SCIFs secure can be a particularly daunting challenge at a time when electronics manufacturers are in an arms race to add IoT functionality to all kinds of portable devices. From the obvious cell phone and laptops to the less obvious medical devices like hearing aids and insulin pumps, as devices keep getting smaller, less obtrusive, and loaded with recording and photographing capabilities, exfiltrating data is becoming easier and less detectable. Additionally, security professionals face multiple needs all requiring attention. They are responsible not only for being compliant with regards to personnel permissions and restrictions, but they must also comply with portable electronic device (PED) requirements. In a previous blog post, we talked about the challenges that come with pervasive IoT devices. In this blog post, we’ll be covering three common wireless detection challenges and how Flying Fox Enterprise™ assists security professionals in getting smart with their mission to keep secrets secret.
Wireless Detection in Large Buildings and Building Complexes
The first and probably most common type of wireless detection deployment is providing 24/7 monitoring for permanent buildings with SCIFs or other secure areas. Oftentimes, these areas don’t allow any PEDs at all. So, imagine a 20,000 square foot building or office complex where people with one or more PEDs are coming and going all day. Detecting all signals - Bluetooth®, Bluetooth Low Energy, Wi-Fi®, and cellular - from all PEDs as well as gaining operational insight into those signals and devices is critical to maintaining the security of the facility. The security experts responsible for these facilities rely on Flying Fox Enterprise to reliably detect, identify, and locate wireless devices that inevitably make it into these areas. They use the metadata collected from Flying Fox Enterprise to not only search for PEDs, but also for unauthorized access points and tracking tags that come in the unlikeliest ways.
Maintaining situational awareness into the RF environments of secure facilities is a 24/7 challenge (Photo Credit: US Army Cyber Command)
The detection, identification, and location data collected by Flying Fox Enterprise often becomes an integral part of a security department's cyber defense infrastructure through integration with cybersecurity tools such as a security information and event management (SIEM) or security orchestration, automation and response (SOAR) systems. Not only can Flying Fox Enterprise information be correlated with intrusion detection systems (IDS) and intrusion prevention systems (IPS) data to better characterize events and anomalies, but it can also be used to manage PED policy compliance by providing visibility into allowed devices. Security personnel can use Flying Fox Enterprise to identify wireless medical devices, for example, which allow them to make exceptions in 'no PED' restricted areas in real-time.
Wireless Detection and Networks
Another common use case is providing situational awareness for a building or facility that has an enterprise Wi-Fi network. These might be mixed-use spaces where security is important, but only for certain personnel or areas, and some overlap with wireless networks is expected or unavoidable. In this scenario, Flying Fox Enterprise operators can use the system to designate trusted devices that are allowed. This will prevent trusted devices from causing alarms, and allow the operator to focus on the devices that are detected but not known. Flying Fox Enterprise is capable of logging all wireless detection events so that operators can explore all aspects of a detection event - time, device i.d., provider details - at a later time or review for forensic purposes.
Wireless Detection in Temporary Spaces
A third use case is needing to secure a temporary space within an otherwise unsecured location. An example of this might be a conference room within a larger facility where meetings to discuss sensitive information require restrictions put on PEDs. In addition to the larger, unsecured space not having standard PED restrictions, attendees may be from different organizations and operate under different security postures or expectations so there may be no single set of guidelines that everyone is observing. Securing these temporary spaces, spaces within very active RF environments and trying to keep track of all of the activity in real-time can be tough. A deployable version of Flying Fox Enterprise, being small and portable, has been shown to be very effective in addressing the specific nature of wireless detection in temporary spaces. For convenience, the deployable Flying Fox Enterprise is able to be set up and ready to make detections in minutes. With 24/7 logging and playback functionality, Flying Fox Enterprise provides round-the-clock monitoring even when operators may not be able to access the space after hours. Operators can confidently start each new day by analyzing the logged and recorded events of what happened overnight, or during a specific timeframe, and all RF activity gets time stamped and plotted on a map so the operator can determine appropriate action.
Getting smart and staying ahead of risks to sensitive data exfiltration can consume a lot of time, but Flying Fox Enterprise brings convenience and full spectrum signal detection to make things a little easier. Do you need to get smart to secure your space? If you’re interested in how Flying Fox Enterprise can keep your area safer, we’d love to hear more about your challenges.
Gary Schluckbier is the Director of RF Sensing at Epiq Solutions where he leads a team of R&D experts developing leading edge products that improve safety and security.