Officially opened in the mid-1990s, this busy international state airport is the largest in North America with over 35,000 employees working from its Western United States location. It handles traffic from 23 different airlines from North America, Latin America, Europe and Asia, providing non-stop flights to 215 destinations and taking travellers around the globe. Like many international airports, at any given time this airport’s IT system will process vast amounts of information for purposes ranging from ensuring people get from A to B safely to maintaining the highest airport security standards. Therefore, the international airport was searching for a trusted and experienced external partner to help review and bolster its cybersecurity.
For busy IT teams like the one at this airport, another key benefit of Nipper was that installation is complete within minutes, and auditing is a straight-forward, two-step process. Because Nipper is easy to set up and implement ‘straight out of the box’ it makes regulatory compliance a clear and efficient process.
Those responsible for cybersecurity can simply download the configuration file from the device to be interrogated and point Nipper at the file location and Nipper will identify the device from its contents. Or they can specify a directory where multiple files are stored and create a single report on all of them. Designed to suit all organizational requirements, four levels of auditing and reporting are available to choose from.
The security audit covers more than 20 key areas, including administrative access, authentication, IDS/IPS, SNMP, port configurations and software vulnerabilities. For maximum flexibility, the IT team can enable or disable each as required and also apply filters to fine-tune the information they want to see. Another valuable feature of Nipper is support for v2 of the CVSS (Common Vulnerability Scanning System) open framework. Prior to generating reports, cybersecurity professionals can select CVSS and also configure other associated environmental metrics if they wish to do so. These include settings for CDP (Collateral Damage Potential), target distribution, as well as confidentiality requirements, enabling users to define and prioritize which areas are most important to them.
Reporting and visibility
For the international airport’s IT team one of the most appealing aspects of Nipper was its reporting capabilities, giving them the tools to communicate with people at all different levels and in a variety of roles. Reports can be quickly produced to include raw data if required by the technical team, as well as more top-line information for the wider audience beyond the IT team, with summaries, graphs and other visual breakdowns to aid the reader in digesting its contents.
Describing the level of information in the reports as “remarkable” the airport team say they can clearly and succinctly highlight security issues within their network, provide an impact assessment and expose any potential security breaches and recommendations for remedial actions. Any other areas for concern are clearly highlighted and each is graded for overall impact and ease of remediation, empowering the team to quickly prioritize tasks.
Where a problem can be fixed through the command-line interface for a device, a list of all the relevant commands is provided, so that the team can fix the issue without having to rummage through the device’s user manual.
The team can also generate comparison reports to see whether unauthorized changes have been made to critical devices.
Why we chose Titania Nipper
- It supports an impressive range of firewalls, switches and routers
- Installation takes minutes
- Auditing is a straightforward two-step process
- The security audit covers more than 20 key areas, including administrative access, authentication, IDS/IPS, SNMP, port configurations and software vulnerabilities
- The sophisticated reporting makes regulatory compliance easier and more efficient
- Reports are well structured and clear
- It’s an informative, valuable and cost-effective solution
“The level of information in the reports is quite remarkable. Not only do they clearly highlight security issues with firewalls, but also provide an impact assessment, potential security breaches and recommendations for remedial actions.”