Today, the Bastille team is proud to announce Bastille Enterprise, an integrated solution that delivers enterprise security through software defined radio to some of the world's largest and most admired organizations. People and devices enter your building every day. Some are authorized to be there, but many are not. As the number of connected items in your buildings increases, how do you monitor them? How do you know what protocols they are using? How do you know if they've been securely configured, and how do you know if their communications are encrypted
We're taught to be cautious online ... to use multiple passwords, to not share our social security numbers, and to be wary where we use our credit cards. And as we protect ourselves, we trust that the websites we use will have strong security in place to protect us as well. With major hacks occurring almost daily, we expect companies to be prepared. We also expect the devices we use to connect to the internet to be safe and secure, but a new discovery by the Bastille research team finds that this, unfortunately, is not the case.
Bastille has recently announced the discovery of a security vulnerability that puts billions of PC’s and millions of networks at risk. Maybe even yours.
2015 has been a very exciting year for car hacking, from Chris Valasek and Charlie Millers “road show” - to seeing a jeep literally stripped to pieces at DEFCON the blood is certainly in the water for exploitation of the advanced new software as our vehicles rapidly turn into computers.
Dan Virgillito is a Security Researcher for the InfoSec Institute. Absorbing the data from the growth of interconnected devices that produce large data quantities is becoming the natural focus of all big data companies, especially when it comes to driving MDM (Master Data Management)/DQ (Data Quality) going beyond the acquisition of these continuous data streams.
Seeing high profile research announcements in the weeks leading up to the infamous Black Hat and DefCon conferences is common. This year, our research team was getting pretty excited about ProxyHam, that is, until it was mysteriously pulled from the DefCon lineup.
Big Data. Cloud Computing. The Quantified Self. The Internet of Things. These things are not just marketing buzzwords, they are concepts that are fueling today’s IT ecosystem. And the one thing that they all have in common is the consumption and analysis of large quantities of data for better decision-making.
Searching for a cure for insomnia, I spent the weekend combing through the 162 page report released last week from RAND Corporation,the independent research organization best known for its influence on policy. The report titled "The Defender’s Dilemma: Charting a Course Toward Cybersecurity," was fraught with fear and warnings about impending attacks that will target companies around the world over the next decade.
One of America’s greatest contributions to society in the last 100 years has been advancements in medical care. This furthering has been made possible, in large part, by our achievements in technology. So, it should be no surprise that the two have become explicitly intertwined; medical technology has given way to incredible improvements in cost, efficiency, and patient health. However, this marriage of computers, communication, and devices has not come without challenges. TV shows have hypothesized about the hijacking of a vice president's pacemaker, but are devices really vulnerable or is this just a theatrical plot line for primetime drama?
This week OpenDNS released a report on the Internet of Things and Enterprise security. I found this report to be one of the most thorough, yet troubling, to date. I wanted to use this blog to summarize the findings and provide some context in which Enterprises can approach safety and the Internet of Things.
The world is awaiting the idea of the smart city; a city digitally connected to its residents and operators to provide an enhanced quality of life and cost savings. South Korea, Barcelona and now India are all boasting about their cleaner, greener, and yes, smarter city projects. And, while the idea of digitally driven cities is less common in North America, there is a growing momentum behind the idea, driven in large part by the massive growth and interest in the Internet of Things.
A very elite club was just created by Chris Roberts, if his allegations of commandeering an airplane are true. Modern day transportation relies heavily on remote access to the outside world…and consumer trust. These two things have been at odds recently, ever since the world read a tweet from Chris Roberts, in which he jokingly suggested releasing oxygen masks while aboard a commercial flight. Whether or not Roberts was actually joking, about hacking the aircraft is up for debate, but the move led the Government Accountability Office to issue a warning about potential vulnerabilities to aircraft systems via in-flight Wi-Fi.
The alphabet soup of acronyms describing the coming connected world is a signaling that is time get brush up on your security lingo, because the world is changing. IoT, M2M and ICS devices introduces an incomprehensible expansion of exploitable attack surfaces. Historically, information security has been defined as a perimeter of security around your most valuable IT assets. This security included different layers of protection for various areas of vulnerability. And while there is still a very healthy and innovative market for traditional information security, the ecosystem is changing and an increasing number of new threat vectors are being established.
It’s been a great two days of information sessions and expo mingling at the 2015 RSA Conference (#RSAC) in San Francisco. In conjunction with our first birthday, Bastille is debuting at RSA in booth S2426, and demo’ing our IoT security solution for the 30,000 security professionals in attendance. The trade show isn't nearly over, but one thing is clear - IoT is hot.
It is impossible to create a usable environment that is 100% free from risk. Whether in your home or business, the cost of embracing technology is accepting some risk via new IT services. The more services in use, the more vectors are created for bad guys to exploit.
Over the weekend, I combed through the FTC’s recent report – all 71 pages - on the Internet of Things (IoT), entitled, The Internet of Things - Privacy and Security in a Connected World. Everything that I had previously read online about the report didn't reveal anything novel about IoT that I had not already heard- or said myself. But since it took the FTC over a year to produce, I though a close inspection of the report was warranted. Surely there would be some nuggets of substantive information lodged within six dozen pages of bureaucratic conjecture, right?
The Internet of Things has gained historic momentum and exposure since the last quarter of 2014. No longer are there differing opinions around viability – general consensus is that IoT is here to stay. Beyond staying power is the staggering amount of growth that is expected in the coming years. If you follow IoT, which you likely do if you’re reading this blog, I’ll just simply reiterate that there will be TENS OF BILLIONS of devices in a market worth TRILLIONS of dollars in the next five years.
But, what about this year? There are five ways that IoT will impact every organization before the year is over.
Nearly a billion Android users are more vulnerable today then they were yesterday. Google has casually discontinued support for their WebView tool to Android users that haven’t yet upgraded to KitKat version 4.4. According to Google, nearly 60% of Android users will be left in the lurch when it comes to safety on their Android devices.