On a mission to secure and assure the core network
It has long been recognised that a determined attacker will gain access to a network eventually using one of a variety of techniques. Once in the network, it is important that their progress to their goal is made as difficult as possible, inhibiting lateral movement. This means that security within the network perimeter is as important as the security on devices forming the perimeter. Therefore, all the devices should maintain a secure configuration that matches both network policy and functional intent.
Unlike endpoints, core network devices (firewall, routers and switches) are pivotal to the security of all networks. Each device is managed through a complex configuration and misconfigurations (either accidental or deliberate) can result in critical security risks to the network, its data, applications and ultimately the organization’s mission and/or reputation.
The only way to accurately detect these misconfigurations is to virtually model the configuration as a single entity to consider interdependencies across the network. Only Nipper is able to assess the core network in this way.
Its why for more than 10 years, elite cyber teams have complemented their core network vulnerability analysis with our highly accurate configuration auditing software, Nipper – resulting in time savings of up to 80% due to not investigating false-positives and enhancing risk remediation workflows.
As core networks can change on a daily basis – leading to configuration drift - trusted US Government security programs and risk management frameworks increasingly mandate continuous monitoring and assessment as foundational components of establishing a defendable core network and meeting the Department of Defense’s zero trust architecture objectives.
To meet this market need, the unique features and properties of Nipper have now been embedded in our enterprise-ready solution: Nipper Enterprise, capable of accurately assessing the security and compliance status of every device, every day, on an up-to-hourly basis.
Nipper products provide:
Used by all four arms of US DoD since 2013, Nipper products offer unrivalled accuracy in detecting security and compliance issues in the core network, and are used for configuration assessment over and above tools that utilize GREP analysis.
Nipper products determine the impact of misconfiguration exploitation, how easy it is to exploit the issue, and the time required to remediate - and automatically prioritizes based on criticality to network security and/or compliance.
Nipper products provide detailed device specific remediation advice, with command line syntax instructions wherever possible, allowing network professionals to inform remediation strategies and workflows, and remediate issues quickly.
Automated RMF Assurance
Traditional approaches to assessing the security status of the network involves personnel penetration testing the devices. This is a skilled and time-consuming job. The combination of network scale and the number of trained penetration testers available – even when using best of breed configuration auditing software to automate the process – means that only a sample of devices can be tested and/or the cadence of testing reduces to testing the devices once per year. This can result in any security issues remaining resident in the network.
Military and federal programs, such as DHS CDM, and Risk Management Frameworks, such as NIST 800-53, NIST 800-171 and CMMC, reflect that this sampling is insufficient to protect the networks, and continuous assessment must be implemented.
To help automate this RMF Assurance process, Titania has mapped these RMFs, as well as PCI DSS, to Nipper’s security audit capabilities, so that the findings can also be viewed through a compliance lens. For example, by running a NIST 800-53 report, Nipper will automatically produce an assessor-ready report that categorizes any misconfigurations found, prioritized for remediation according to the level of compliance that the network team needs to achieve.
Paving the way to playbook controlled auto-mitigation
Virtually modelling and analysing the entire configuration as a single entity, in the way that Nipper and Nipper Enterprise do, provides granular detail about where the actual configuration differs from the desired secure configuration. This means that the findings can be reported complete with command line syntax instructions to remediate any misconfiguration risks found.
Moreover, Nipper Enterprise can produce reports suitable for ingest by workflow tools, such as ServiceNow, or automatic playbook tools, such as SOAR (Security Orchestration Automation and Response) including Splunk Phantom and Cortex XSOAR.
Integrating Nipper Enterprise’s detailed findings with SOAR systems not only allows configuration security and compliance data to be visualized and prioritized in those products, it can also be used in playbooks that step through the remediation processes, enabling fully automatic remediation capability for a variety of problem classes.
So Titania’s software is not only proven to reduce the mean time to detect (MTTD) core network misconfigurations, it also addresses the mean time to repair (MTTR) and remediate risks, supporting users in their missions to establish a defendable network.
Titania at a glance
Used by all four arms of
Founded in UK, satellite
Trusted by 30+