SC Lab Approved: One Year Later: Pwnie Express

We started watching Pwnie Express years ago when it's forte was covert penetration testing tools. We watched that suite of products evolve into tools to monitor the network and, finally, to take into account the increasing use of wireless technology. The company has been in the forefront of network monitoring ever since. Nor has it forgotten its roots. There are embedded tools for penetration testing as well. Take all of the information gathered about the health of the enterprise, analyze it in the cloud for display on a cloud-based set of dashboards and management screens, and you have a first-rate tool set.

We deployed a single Pwnie sensor in the SC Lab to get a feel for what we could do with it. We used it regularly over the past year to test wireless management tools and found that it told us more about what was going on in the wireless network than the tools we were testing. It became a sort of gold baseline for us.

Then we deployed several sensors as an experiment at Super Bowl 50 to monitor the behavior of nearly 100,000 fans throughout the bowl and inside the lounges in the stadium. Again, the Pwnie knocked it out of the park. Finally, we deployed around 15 sensors of various types – Pwnie Express has a small sensor that looks a bit like a square hockey puck and a full-featured sensor, the PwnPro, that allows several additional add-in features beyond its smaller sibling – throughout a small financial services firm with multiple physical locations. That was really illuminating for us. We took the product out of the SC Lab, past the proof of concept and put it into a challenging production environment and the results were beyond satisfactory.

For example, one of the locations we deployed in was at the end of an airport runway with a railroad track beside it. Additionally, there was a shopping center with a large computer store in the same parking lot. We saw access points from the store and we saw users on planes departing and trains passing. The sensors are remarkably sensitive and listen on all channels and frequencies. Additionally, they offer a lot of functionality that helps us differentiate between access points about which we care and those about which we have no interest, such as the computer store.

Deployment is a walk in the park but tuning isn't. To deploy, all you need is power and a wired connection to your internal network (or another wired route to the internet to talk to the Pulse cloud). To tune, you need to know what access points for your wireless network and what devices to watch on your wired network.

The wireless is more challenging since there are very likely to be wireless devices about which you have no information – so marking them as APs of interest can be a challenge. We select working with your wireless management system to locate those APs about which it knows as a starting point. With that accomplished you can use another Pwnie Express tool, the PwnPad, to locate the rogue devices and either get rid of them, if they really are rogue devices, or mark them as uninteresting, if they are real but just not yours, as in the computer store example.

For a big network with lots of sensors, that can be a bit tedious, but it all is part of what is necessary in any case to tune any monitoring system. And, in fact, we have found that using the detailed information on the Pulse dashboards and inventories the task, while tedious, certainly is not onerous and once done no further tuning should be required unless you make major changes in your network.

There is a lot to like about the Pwnie Express suite of tools. Pricing, while reflected below, actually is a lot more flexible depending on what purchase options you select, so a chat with a Pwnie sales engineer definitely is in order.


Product Pulse

Company Pwnie Express       

Price Sensor prices range from $100/month to $200/month depending on sensor model.

What it does Multipurpose enterprise monitoring and penetration testing tool.

What we liked While we really like the ability to mix testing (vulnerability) and monitoring (threat) to get a full picture of risk on the enterprise from any perspective – internal, external or both – what we like best is the detailed threat monitoring on wireless networks, both Wi-Fi and Bluetooth. Pulse lets you see an entire picture of the security behavior on your enterprise.

The bottom line It really doesn't matter what tools you are using to manage your wireless network, the Pwnie will add immeasurably to your arsenal. We are going to keep this in the SC Lab another year and we are working on some very interesting testing projects with Pwnie Express about which we'll report next year.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.