Wireless Intrusion Detection – taking on the cyber-physical and information leakage threats

This post is also available in: עברית (Hebrew)

Based on Netline’s experience in wireless communication control, Netline’s NetSense Solution is designed to address the specific need of monitoring the RF (Radio Frequency) spectrum to identify cyber, eavesdropping or other information security threats.

Many security tools, both traditional and cyber, fall short in protecting their organizations against espionage or cyber security threats that use hidden wireless transmitters to bypass defenses. In the past, organizations have implemented various rudimentary measures to minimize threats, such as air-gapped networks and restrictions on the use of various devices. There is now a growing understanding, however, that these basic measures are either insufficient, lacking real effectiveness, or impractical, because they impede excessively on the organizations’ operations. Furthermore, to date, attempts to deal with eavesdropping and wireless cyber intrusions have focused on periodic surveys of wireless communications in sensitive areas using specialized spectrum analysis devices. This approach has proven insufficient: firstly, surveys only “clear” an area at the specific moment-in-time that it is surveyed. Threats that either don’t transmit during the survey period, or are introduced after the survey is completed will go undiscovered. Secondly, the use of a single detection point for such surveys yields partial information at the moment of detection and does not make use of the ability to compare detection data to historical data and thresholds or to cross-reference information from multiple detection points for the same transmitter, for example to aid in locating the transmitter.

Addressing the information leak problem with a fresh approach, the Israel-based company Netline Communications Technologies (NCT) Ltd. offers its Wireless Intrusion Detection solution called NetSense. – NetSense provides continuous, hi-speed, hi-sensitivity monitoring of the wireless spectrum across multiple detection points located in and around a sensitive area.
These wireless communication sensors are strategically placed at key locations in a facility or campus, and are combined with the NetSense Monitoring application, a powerful software tool that enables the detection and neutralization of wireless cyber and espionage threats.

This fresh approach represents a paradigm shift in wireless intrusion detection as it creates a simple to use centralized monitoring system that leverages the “power of the network” and offers continuous monitoring and does not require highly specialized technical manpower for its operation. Furthermore, the NetSense sensors are based on a software defined radio (SDR) that yields performance that in some aspects surpasses that of spectrum analyzers and enables the detection of signals that might go undetected by spectrum analyzers, such as short bursts or signals deliberately hidden in close spectral proximity to legitimate signals.

The NetSense solution framework consists of two layers:

.

.

The RF Detection Platform Layer is the foundation of the NetSense solution and is responsible for scanning the spectrum to discover possible threat signals and for performing real-time signal processing, recording and analysis to identify the relevant parameters of the signal or for enabling offline processing.  This layer yields the initial identification of which signals are present and may represent a threat.

The Management & Monitoring Layer has three main purposes. First and foremost,  the NetSense Monitoring Software processes data created by the RF Detection Platform, translating it into actionable information by organizing information in a useful manner that both helps to locate the threat and in understand its nature.  The Monitoring software is designed to be used  by SOC/NOC personnel (24/7) without requiring that they be trained in RF theory or be skilled in the field of spectral analysis.

.

Second, the Management & Monitoring layer enables integration with third party products (such as Access Control) and to enrich and add context to the data provided by the RF Detection Platform. Last, the Management & Monitoring layer contains the Configuration & Management tools are used to setup a baseline of legitimate RF activity in the facility. This layer also ensures that the multiple (networked) components of the NetSense solution (including its interfaces to third party systems such as access control) are centrally managed and act in synchronicity.