Wireless Intrusion Detection System (WIDS)
Cellular - Wi-Fi - Bluetooth
Following high profile SCIF data exfiltration, the Secretary of Defense (SECDEF) initiated a DoD wide review of SCIF and SAPF security. The resulting SECDEF memo on June 30th, 2023 requires Department of Defense Services and Agencies to program and implement appropriate electronic device detection systems and mitigation measures to ensure the integrity of National Security and Mission needs, protecting against US National Security data exfiltration. (Full SECDEF memo available here)
“Electronic device detection shall be continuous, comprehensively covering the entirety of Department SCIF and SAPFs, with immediate identification, precise device location, and alerting to the appropriate facility personnel, with full audit and time series data, providing a device’s pattern of life over time and space. Uninterrupted SCIF and SAPF observation telemetry data shall provide device type, location, and historic accounting of the device’s presence within the SCIF and SAPF, with data provided to the appropriate security and insider threat teams, as necessary. Electronic device detection systems shall protect the integrity of the SCIF and SAPF spaces with a permanently installed observation system.
Systems shall provide complete observability of the entirety of the SCIF and SAPFs spaces. Programming efforts shall include the cost of the electronic device detection system, system installation costs and planned out-year sustainment costs."
The SECDEF memo follows several Federal policies and instructions, such as DoDI 8420.01 require that agencies secure and protect their Wireless infrastructure, where the WIDS solution:
“must continuously scan for and detect authorized and unauthorized WLAN activities 24 hours a day, 7 days a week. Scanning must include a location-sensing capability that enables designated personnel to locate, identify, and take appropriate actions to mitigate…” DoDI 8420.01 Section 3.
As WIDS solution requirements have evolved, where once it was sufficient to locate and identify Wi-Fi devices, at a minimum a solution must now accurately detect and locate Bluetooth, Bluetooth Low Energy and devices only emitting cellular signals.
For clarity, this means a comprehensive cell phone detection and location product must be able to discover a cell phone even when the Wi-Fi and Bluetooth are not active. After four years of intense R&D and more than a dozen patents, Bastille has created the solution.
Accurately Locate Cell Phones Inside Your Facility Using Just Their Cellular Signals
Other solutions claim to ‘detect smartphones’ when all they can do is detect Bluetooth and Wi-Fi signals, not cellular signals. Still other companies claim to detect cellular phones when all they can do is detect cellular energy. Those systems can not tell the difference between one phone close to a sensor and 10 phones farther away. Bastille’s Cellular Intrusion Detection is the first system which accurately detects, counts, and locates cellular devices inside your facility. To be clear, we can track devices via Bluetooth and WiFi like the other companies but the bad actors turn off those signals when they plan to undertake bad actions. To know that your facility is locked down from unauthorized devices you need to detect and locate cellular signals.
Don’t be fooled by misty clouds of cellular energy
Distinguishing and locating individual cell phones, and placing an accurate dot on a map to show you exactly where a cell phone is right now, is a very hard problem. Inferior technologies based on spectrum analyzers just alert you when they detect energy in a cellular frequency. Those products cannot distinguish between one phone close to a sensor or 10 phones farther away.
Not all Cell Phones are Smart or Smart All The Time
Many cell phones have Wi-Fi and Bluetooth capabilities. Bastille can detect cell phones by their Wi-Fi and Bluetooth signals, but when W-Fi and Bluetooth are disabled, Bastille can still detect the cell phone by just its cellular signal, which means Bastille also sees basic and ‘burner’ cell phones which don’t have Wi-Fi or Bluetooth.
When a device is smart, Bastille sees it better than anyone else
Bastille’s sensor arrays provide advanced detection and location for Wi-Fi and bluetooth. For example, Bastille is constantly demodulating all 79 bluetooth channels all the time. This is in contrast to other technologies that only listen to one Bluetooth channel at a time. That is, other devices can only see 1.2% of the traffic that Bastille can see. Moreover, by listening to all channels, all of the time, Bastille’s patented device and traffic fingerprinting machine learning technology can determine the types of data traffic being conveyed by each bluetooth network. For example, Bastille can tell the difference between malicious bluetooth tethering event and other innocuous events like music streaming.
Constant Cell Phone Monitoring
It’s not sufficient to spot a cell phone only when it is first turned on or taken out of airplane mode. For accurate location, a system needs to continuously monitor for cell phones, update their location and alert when the device enters a restricted area.
Look back over the Cellular History of your facility using Bastille’s DVR capability
In addition to showing you where cell phones are right now, Bastille’s DVR functionality lets you look back over days or weeks and see where cell phones in your building were 3 weeks ago and how they moved around your facility. This forensic capability contributes to security investigations.
100% Passive Technology Protects Privacy and Complies with FCC requirements
Bastille was originally designed for use in the Enterprise where there are no special exceptions from FCC regulations as exist for certain Federal Government users. Consequently Bastille is a 100% passive technology and complies with all FCC requirements and is currently approved for use in Government and Corporate environments.
Bastille’s Patent Protected Key Cell Phone Detection Technologies
Bastille’s localization technology is covered by 6 patents. A critical feature of the technology is the use of RF Tomography to estimate the shadowing loss field of the environment being monitored. Shadowing loss is created by the walls, and other physical features of a facility. By knowing the loss field, Bastille’s multilateration algorithm is able to create extremely accurate position estimates of all emitters in a facility. That is, Bastille can resolve whether an emitter is far away or whether it is just behind a wall. The localization happens autonomously and passively without any calibration.
Set your Own Geo-Fences and Policies
Bastille’s ability to accurately detect and locate cell phones, and distinguish between multiple phones leads to the ability to create a geo-fenced area within a facility, set a policy for that area, and alert when a phone enters. For example, the trading floor or research lab can be “geo-fenced” and alerts sent when an unauthorized cell phone enters.
ON YOUR PREMISE OR IN YOUR PRIVATE CLOUD. DEPLOYMENT MODELS
Bastille can be installed as a Virtual or Physical Appliance in your Private Cloud, data center or on your premises.
Key Capabilities
Detection via Cellular Signal Only
Bastille is the first and only solution to detect and locate the presence of cell phones even if the only available signal they are producing is the cellular signal.
Don’t be fooled by other solutions’ claims
Other solutions claim to observe phones but actually rely on detection of Wi-Fi and Bluetooth which can easily be turned off by bad actors. Some competitors even claim to detect cell phones but, in fact, they are only detecting energy in cellular frequencies near a sensor. So the other solutions can’t tell if it is one cell phone close to a sensor or 10 cell phones farther away. Only Bastille can tell you how many cell phones are in a room and where those phones are located.
Detect & Alert in Real time
Bastille alerts on the presence of a cellular phone in a facility within two seconds and alerts through the system of your choice via open standards based APIs.
BLUETOOTH PAIRING
Many locations approve and permit certain bluetooth or bluetooth low energy deviceswithintheir secure facilities e.g. medical devices such as hearing aids or insulin pumps. However, when even an approved BT/BLE device pairs with another device, that typically contravenes the policy to permit that device, as there is a live connection which can exfiltrate data, voice or video. Bastille is the only solution which can detect both ends of a bluetooth pairing and alert upon it.
DVR Playback
Bastille records all the cell phones seen, and their movements, to permit DVR-like playback for forensic purposes. If you want to find out what happened in your facility 2 months ago, simply jump back to that date and replay all activity before and after that event.
Locate within 2 meters
Bastille sees every cellular phone within a space and puts a separate Dot-on-a-Map to mark the location of each device. Location accuracy is 1 to 3 meters.
Detect when a cell phone powers on
If someone brings a cell phone into the building which is powered down, Bastille can alert you when it is powered back up in your facility.
Detect unauthorized cell phone Activity
Some organizations allow employees to bring personal cell phones into secure facilities but ask them to leave the secure area if a call comes in. Bastille alerts you when an inactive personal cell phone becomes active and let s you track whether it leaves the secure area to continue to call.
Alerting via Your Existing Systems
Bastille integrates with your existing SIEM and/or alerting systems via its open standards based APIs. Native Integration with systems like Splunk(R) and Elasticsearch/Kibana(R), PagerDuty(R), SMS and email. Alternatively customers can view alerts via the Bastille Portal, and use that platform to dig into alerts for more information.
Passive monitoring protection
Bastille provides a passive monitoring solution by allowing firms to detect and locate cellular phones without accessing data content, thus alleviating key privacy concerns.
For more information please contact us.
