SIA New Member Profile: Bastille

By Kara Klein, Associate Director of Marketing and Media Relations, Security Industry Association on June 6, 2022 |
Bastille logo

New Security Industry Association (SIA) member Bastille is a leader in enterprise threat detection through software-defined radio. The company has offices in Atlanta, Georgia; Herndon, Virginia; Santa Cruz, California; and San Francisco, California.

SIA spoke with Justin Fry, chief marketing officer at Bastille, about the company’s history and offerings and the security industry.

Tell us the story of your company.

Justin Fry: Until Bastille was started in 2014, there was no way to apply network security mechanisms and countermeasures to radio frequency (RF)-enabled devices such as cellular, Bluetooth or Wi-Fi-enabled devices on a 24/7 basis. IT security professionals couldn’t buy a security service like Bastille Enterprise until we built it. The only solution was to employ technical surveillance and countermeasures professionals with wands and spectrum analyzers – which by their nature are not “on” 24/7. These types of solutions, being ad-hoc professional services, did not have any way to link back to enterprise security infrastructures such as SIEMs or integrated into physical security systems such as camera or badge scanning. With the proliferation of cellular data devices, Internet of Things devices and Bluetooth, this was no longer an acceptable solution for enterprises or governments seeking to enforce “no cell phone” and other restrictions in sensitive areas.

What solutions/services does your business offer in the security industry? And what makes your offerings/company unique?

JF: Bastille customers can detect and locate all the cell phones in their facilities, whether or not those phones have Wi-Fi or Bluetooth turned on. Bastille ensures there are no nonauthorized cell phones and therefore no infected phones turn on in sensitive areas. Bastille is available as a permanently installed solution, Bastille Enterprise, or as a portable solution, as Bastille FlyAway Kit.

Use cases from enterprises, defense and civilian agencies include:

  • Enforce device policy: Detect cell phones in breach of cell phone policies for sensitive or no-cellphone areas. Bastille can also help enforce policies on devices using other RF protocols include: Wi-Fi, Bluetooth, BLE, Zigbee, WirelessHart, Thread and other protocols.
  • Scan tent buildings and remote offices: Scan a room or building to understand the presence and location of all emitters/transmitters and building systems.
  • Secure meeting areas: Detect transmitting electronic devices in secure meeting areas.

What is something we might not know about your company – or something new you are doing in security?

JF: Deploying Bastille can equip customers to set up alerts based on wireless device behavior. Examples include:

  • Compromised devices: Bastille baselines facilities, all wireless devices (including cellular, Wi-Fi, Bluetooth and BLE) and their typical behavior and can alert when a device is compromised and exhibits abnormal behavior
  • Secure area data breaches: Alert when an allowed Bluetooth hearing aid performs an unauthorized BLE pairing with a device outside the secure area or detect when a company phone at a desk is joined by a personal phone at the same desk
  • MDM enhancement: Alert when a phone which is not under mobile device management is turned on
  • Insider threats: Alert when a device is seen in an area where it is not allowed, or forensically investigate to understand the devices and their behavior from weeks or months ago

What is your company’s vision, and what are your goals for the security industry?

JF: Bastille is trusted by Fortune 500 customers, military and government to instantly detect, locate and alert on the presence of rogue cell phones and other RF transmitters anywhere within a facility. Bastille can produce an accurate dots-on-the- floor-plan of facilities, offering security teams situational awareness with features such as geofencing, hotspot detection, SIEMS integration and DVR forensics.

What are your predictions for the security industry in the short and long term?

JF: The recent Pegasus “Spyware” on cell phones demonstrates that without the user making any mistake whatsoever, their phone can receive a message which the user never sees, and that message can install spyware, which gives the attacker complete access to a user’s phone. “Complete Access” includes all the email and text messages on a cell phone, all the photographs, videos, recordings, locations and notes stored on the phone. Complete access also allows the attacker to listen in on every conversation on the phone or turn on the camera and microphone to stream everything that is happening in a meeting. That streaming can go out of the building across the street or to any location in the world.

What are the biggest challenges facing your company and/or others in the security industry?

JF: While there’s widespread recognition of the need to eliminate potential intrusions and attacks, there’s limited awareness of the invisible threats in the airwaves.

The views and opinions expressed in guest posts and/or profiles are those of the authors or sources and do not necessarily reflect the official policy or position of the Security Industry Association.