Nipper Enterprise is a web application using a set of containerized Nipper instances that scale up and automate the auditing of the configuration of every network device, every day. This brings the power and accuracy of Nipper to the whole network and enables the continuous audit and compliance assessment against risk management frameworks, such as NIST 800-171 and CMMC that advanced cyber teams need.
Evidence for
Compliance Assurance
- Where a security benchmark or RMF control is deemed to have been met, specific information on the test(s) performed to reach this conclusion is provided.
Support for zero
trust based networking
- Determine baseline configurations in preparation for zero trust then continuously monitor that networks remain adequately segmented and secure according to zero trust principles.
Configuration
Drift Detection
- Gain immediate awareness of any device configuration changes, providing assurance that planned network changes have not created new vulnerabilities as well as alerting to unplanned changes (potential indicators of compromise).
Remediation advice
to expediate MTTR
- Where possible, device-specific guidance on how to fix misconfigurations – command line scripts in some cases – is provided to inform POAMs and decrease the mean time to remediate.
A comprehensive
view of network risk
- Considers impact to the entire network if a misconfiguration is exploited as well as the ease of exploiting it, providing an informed view of network risk posture.
Accurate findings from virtual modelling
Configuration files are used to build virtual models of device configurations, enabling consideration of overlapping or contradicting rules/settings.
Proactive auditing of new or changed configs
Automatically performs audits on device configurations when configuration files are changed or added to the configuration repository.
Customizable scheduling of audits per network segment
Schedule audits according to device labels, which reflect, for example, network criticality, geographic location, manufacturer, device type, etc.
Configurable checks to meet requirements
Easily configure checks in policy enforcement and compliance assessments to meet the standards of your organisation’s security policies, for example, minimum password criteria.
Secure deployment and user profiles
Integrates with trusted 2FA, Active Directory, PAM and IDAM providers, satisfying stringent operational security requirements.
Operates in air-gapped environments
Assessment methodology does not require direct access to devices, enabling deployment in offline networks.
Agnostic data-pipeline
Visualize, explore and prioritize findings with machine readable JSON and syslog outputs that enable integration with dynamic data enrichment and exploration tools.
Flexible architecture for range of use cases
Flexibly designed to support not only internal but also external use cases through multi-tenanted deployments.
Nipper Enterprise is a horizontally scalable, agentless web-based application.
It can be deployed either on-premises in an air-gapped environment with an OVA or on a virtual private cloud with an AMI and is accessible through modern web browsers with 2FA.
Risk-prioritized findings are provided in both human readable and machine-readable formats, enabling integrations with SIEM, SOAR, ITSM and GRC solutions.
Nipper Enterprise’s integrations with trusted Active Directory, 2FA, PAM and IDAM providers ensure it meets operational security requirements.
Cisco
Palo Alto
Juniper
Fortinet
Checkpoint
.png)
