Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Shadow IT in Stores and Branches: How to Stay Compliant

Branches are where the rubber still hits the road for many organisations; where retailers still do most of their selling, where much banking is still carried out, and where health care is often dispensed. However, for IT managers, branches are outliers, where rogue activity is hard to curb; this means branches can become security and compliance black spots.

Branch employees may see fit to make their lives easier by informally adding to the local IT infrastructure, for example installing wireless access points purchased from the computer store next door. Whilst such activity could also happen at HQ, controls are likely to be more rigorous. What is needed is an ability to extend such controls to branches, monitoring network activity, scanning for security issues, and detecting non-compliant activity before it has an impact.

A proposition from Boston, USA-based vendor Pwnie Express should improve branch network and security visibility. Founded in 2010, Pwnie Express has so far received $5.1 million Series-A venture capital financing from Fairhaven Capital and the Vermont Seed Capital Fund. The name is a play on both Pony Express, the 19th century US mail system and the Pwnie Awards, a competition run each year at the Black Hat conference to recognise the best discoverers of exploitable software bugs.

Pwnie Express’s core offering is to monitor IT activity in branches through the installation of plug-and-play in-branch network sensor hardware. These enable branch-level vulnerability management, asset discovery and penetration testing. As such the sensors can also scan for wireless access points, which may have been installed by branch employees for convenience or even by a malicious outsider, and monitor the use of employee/visitor-owned personal devices.

To date Pwnie monitoring has been on a one-to-one basis and so hard to scale. That has changed with the release of a new software-as-a-service (SaaS) based management platform called Pwn Pulse. This increases the number of locations that can be covered from a single console, allowing HQ-based IT management teams to extend full security testing to branches. Pwn Pulse also improves back-end integration to other security management tools and security information and event management (SIEM) systems improving an organisation’s overall understanding its IT security and compliance issues.

Currently 25 percent of Pwnie Express’s sales are via an expanding European reseller network, mainly in the UK. With data protection laws only likely to tighten in Europe in the coming years, Pwnie Express should provide visibility into the remote locations other security tools simply cannot reach.

What’s Hot on Infosecurity Magazine?