On a mission to secure and assure the network
It has long been recognized that a determined attacker will gain access to a network eventually using one of a variety of techniques. Once in the network, it is important that their progress to their goal is made as difficult as possible, inhibiting lateral movement. This means that security within the network perimeter is as important as the security on devices forming the perimeter. Therefore, all the devices should maintain a secure configuration that matches both network policy and functional intent.
Unlike endpoints, firewalls, routers, and switches are pivotal to the security of all networks. Each device is managed through a complex configuration and misconfigurations (either accidental or deliberate) can result in critical security risks to the network, its data, applications and ultimately the organization’s mission and/or reputation.
The only way to accurately detect these misconfigurations is to virtually model the configuration as a single entity to consider interdependencies across the network. Only Nipper is able to assess the network in this way.
It's why for more than 10 years, elite cyber teams have complemented their network vulnerability analysis with our highly accurate configuration auditing software, Nipper – resulting in time savings of up to 80% due to not investigating false-positives and enhancing risk remediation workflows.
As networks can change on a daily basis – leading to configuration drift - trusted US Government security programs and risk management frameworks increasingly mandate continuous monitoring and assessment as foundational components of establishing a defendable network and meeting the Department of Defense’s zero trust architecture objectives.
To meet this market need, the unique features and properties of Nipper have now been embedded in our enterprise-ready solution: Nipper Enterprise, capable of accurately assessing the security and compliance status of every device, every day, on an up-to-hourly basis.
Nipper products provide:
Used across the US DoD since 2013, Nipper products offer unrivalled accuracy in detecting security and compliance issues in the network, and are used for configuration assessment over and above tools that utilize GREP analysis.
Nipper products determine the impact of misconfiguration exploitation, how easy it is to exploit the issue, and the time required to remediate - and automatically prioritizes based on criticality to network security and/or compliance.
Nipper products provide detailed device specific remediation advice, with command line syntax instructions wherever possible, allowing network professionals to inform remediation strategies and workflows, and remediate issues quickly.
Automated RMF Assurance
Traditional approaches to assessing the security status of the network involves personnel penetration testing the devices. This is a skilled and time-consuming job. The combination of network scale and the number of trained penetration testers available – even when using best of breed configuration auditing software to automate the process – means that only a sample of devices can be tested and/or the cadence of testing reduces to testing the devices once per year. This can result in any security issues remaining resident in the network.
Military and federal programs, such as DHS CDM, and Risk Management Frameworks, such as NIST 800-53, NIST 800-171 and CMMC, reflect that this sampling is insufficient to protect the networks, and continuous assessment must be implemented.
To help automate this RMF Assurance process, Titania has mapped these RMFs, as well as PCI DSS, to Nipper’s security audit capabilities, so that the findings can also be viewed through a compliance lens. For example, by running a NIST 800-53 report, Nipper will automatically produce an assessor-ready report that categorizes any misconfigurations found, prioritized for remediation according to the level of compliance that the network team needs to achieve.
Scale the savings across your entire network and transform your security posture
Titania software analyzes the configurations and interactions of your network infrastructure with the accuracy and expertise of a skilled Penetration Tester – in a fraction of the time.
Virtually eliminating the need for manual testing in some cases, Titania software is continuously updated to add automatable checks for a wide range of devices. The software also intelligently identifies where manual verification is necessary – for example when a physical or procedural checks is required to complete the audit.
Our user community tells us that this granular level of detail is an advantage over their other tools, which do not notify them when a manual check is required, potentially leaving them open to attack.
This accuracy is at the very core of our software.
Paving the way to playbook controlled auto-mitigation
Virtually modelling and analysing the entire configuration as a single entity, in the way that Nipper and Nipper Enterprise do, provides granular detail about where the actual configuration differs from the desired secure configuration. This means that the findings can be reported complete with command line syntax instructions to remediate any misconfiguration risks found.
Moreover, Nipper Enterprise can produce reports suitable for ingest by workflow tools, such as ServiceNow, or automatic playbook tools, such as SOAR (Security Orchestration Automation and Response) including Splunk Phantom and Cortex XSOAR.
Integrating Nipper Enterprise’s detailed findings with SOAR systems not only allows configuration security and compliance data to be visualized and prioritized in those products, it can also be used in playbooks that step through the remediation processes, enabling fully automatic remediation capability for a variety of problem classes.
So Titania’s software is not only proven to reduce the mean time to detect (MTTD) core network misconfigurations, it also addresses the mean time to repair (MTTR) and remediate risks, supporting users in their missions to establish a defendable network.
Titania at a glance
Trusted by 30+ federal
Founded in UK, satellite
ISO 27001 Information
New Report Reveals Exploitable Network Misconfigurations Cost Organizations 9% of Total Annual Revenue