Audit every device accurately, every time
Analyzing the configurations and interactions of your network infrastructure with the expertize of a skilled penetration tester – Nipper’s unrivaled accuracy can save Network Administrators up to 3 hours per audit, per device. Instead of spending time investigating false positives of non-compliance, Nipper enables you to dedicate your valuable resources to analyzing and prioritizing fixes by providing:
- Visibility of actual network vulnerabilities including existing false-negatives
- Significantly fewer false-positives to investigate
- Automated risk prioritization
- Precise remediation with exact technical fixes
- Flexible, configurable easy to read reports
- Device configuration audit
- Security audit
- Vulnerability audit
- Compliance audits
- Easy to read reports written in plain English
- Machine consumable outputs
Scheduling and integration
- Audit scheduling (with re-audit function)
- Inbuilt redaction
- SIEM integration
- Exact technical fixes
- Typical 'time to fix'
- Mitigation classification table
- Customizable CVSS rating
Our software helps you accurately identify risks in your network infrastructure and provides precise remediation, including command line fixes. You can customize Nipper's best practice audits or analyze your networks using ‘out of the box’ industry compliance standards (such as the STIG, CIS, PCI DSS benchmarks).
Try it now on your own devices and see what it can do for you.
Nipper has a wealth of different report options to fit your auditing needs
Best Practice Security Audit
Perform a Best Practise Security Audit
(combining multiple industry checks). Use
rating systems and mitigation advice to
prioritize and plan your fixes.
Detailed configuration reporting
Including: filtering, routing protocols,
administration services and more. This report
offers a quick, clear view of your device
Audit against globally known
Including US Government National Vulnerability
Database (NVD) and NIST Common Vulnerability
and Exposure (CVE) databases. Security issues
in the public domain are easy to exploit; this
report helps you quickly identify these risks.
The Center for Internet Security (CIS) benchmark reports
These reports can be run against Cisco ASA
and IOS devices. The reports have been
externally certified by CIS and verified as
auditing against their baseline.
PCI DSS audits
PCI (Payment Card Industry) audits perform the
automatable system checks and supports
integrating this verified data with nonautomatable
policy checks. Results offer:
detailed advice, verifying passes and explaining
failures so you can quickly become compliant.
US Military STIG compliance
This audit was developed in conjunction with
DoD IA user groups. Nipper is favored by
many Government and Defense agencies
because reports are detailed, verifiable and
include remediation in line with STIG
baselines. Reports can be generated offline
for secure environments and scaled to audit
any number of devices.
Compliance audit against SANS policy documents
The SANS Institute is a trusted industry body
which also trains information security
professionals. Their policy is a compliance
benchmark to audit against in order to assess
your security level.
Cisco PSIRT audits
The Cisco PSIRT audit analyses devices against Cisco’s community-managed list of security advisories, reporting identified vulnerabilities, including Cisco’s Security Impact Rating (SIR) and the respective Common Vulnerability Scoring System (CVSS) base score for each vulnerability.
Below are the basic system requirements needed to operate the Nipper system
Microsoft Windows Vista or above (Server 2008 or above)
400MB disk space
GNU/Linux (RHEL, Ubuntu, CentOS)
300MB disk space
Cisco Aironet (IOS)
Cisco Aironet Wireless AP (IOS)
Cisco Catalyst Switches (CatOS)
Cisco Catalyst Switches (IOS)
Cisco Catalyst Switches (NMP)
Cisco CRS (IOS XR)
Cisco Content Services Switches
Cisco Nexus Appliances
Cisco Routers (IOS)
Cisco Routers (IOS XE)
Cisco Routers (IOS XR)
Cisco Security Appliance (ASA)
Cisco ASA with FirePOWER Services
Cisco ASA Applicance Contexts
Cisco Security Appliance (FWSM)
Cisco Security Appliance (PIX)
Cisco PIX Appliance Contexts
Cisco Wireless LAN
Check Point Firewall Management
Check Point Power-1 Firewalls
Check Point VPN-1 Firewalls
Check Point Appliance
Palo Alto Panorama
3COM 4400 Series Switches
3COM 4500 Series Switches
3COM 5500 Series Switches
3COM SuperStack 3 Firewalls
3COM TippingPoint IDS/IPS
Brocade FastIron Switch
Brocade NetIron Switch
Brocade ICX Switch (IronWare)
Dell PowerConnect J SRX
Dell PowerConnect Switches
Dell SonicWALL NSA
Dell SonicWALL TZ
Extreme Alpine (XOS)
Extreme BlackDiamond (XOS)
Extreme Summit (ExtremeWare)
Extreme Summit (XOS)
Foundry Networks FastIron Switch
Foundry Networks NetIron Switch
Foundry Networks ServerIron
H3C 5500 Series Switches
HP JetDirect Print Servers
HP ProCurve Switches
Huawei CX Series Routers
Huawei Eudemon Series Firewalls
Huawei NE Series Routers
IBM Proventia M Series
Juniper EX Series Switches
Juniper IDP Devices
Juniper ISG Firewalls
Juniper J Series Routers
Juniper M Series Routers
Juniper MX Series Routers
Juniper NetScreen Firewalls
Juniper SA SSL VPN (IVE)
Juniper SA SSL VPN (JunOS Pulse)
Juniper SRX Firewalls
Juniper SSG Firewalls (JunOS)
Juniper SSG Firewalls (ScreenOS)
Juniper T Series Routers
NETGEAR ProSafe FVS Firewalls
Nortel Ethernet Routing 8k Switch
Nortel Passport 8k Switches
Nortel Switching Firewalls (CP)
Nortel VPN Routers
Secure Computing (SecureOS 7)
SonicWALL NSA (SonicOS Enhanced)
SonicWALL Pro (SonicOS)
SonicWALL Pro (SonicOS Enhanced)
SonicWALL TZ (SonicOS)
SonicWALL TZ (SonicOS Enhanced)
Using both scanners and Nipper will give you a much higher level of security than scanning tools alone.
The table below highlights some of the differences:
Authentication and authorization configuration
Account and logging configuration
IDS and IPS configuration
Password strength and encryption analysis
Physical port analysis
Network address translation
Network filtering (ACL) audit
Warning messages (banners)
Network administration services
Network service analysis
Software vulnerability analysis
Perform an audit on your firewall, switch or router configurations to effectively manage your security risks.
Computing Security - Titania Nipper Studio 2.5
Network routers, firewalls and switches are essential to business operations and yet their very complexity makes them easy targets for cyber criminals
Configurations, access rules and security policies need to be audited regularly to identify weaknesses; however, many organisations don't have the time or resources to do this manually.
Titania offers a simple and innovative solution, as its Nipper Studio does all the hard work so you don't have to. Capable of auditing critical infrastructure devices from an impressive range of vendors, it doesn't need to scan the network and so has zero impact on general operations.
Nipper Studio analyses device configuration files, allowing it to offer far more detailed reporting than vulnerability scanners. Even better, it includes compliance reporting modules for key data protection regulations, including PCI-DSS, STIG, NIST, SANS plus CIS, and brings them all together to provide essential vulnerability audits and best practice guides.
Nipper Studio is very amenable, as it can be installed on any host system running Windows XP/2003 upwards, macOS Sierra or Linux. We used a Windows Server 2012 R2 host, and had the software installed and ready to audit in two minutes.
The Nipper Studio console sees a refresh, although we've always found it very easy to use. Along with swift access to report generation and program settings, it provides links to help files, a supported device list and a new audit scheduler.
There are now two methods of interrogating devices as you download their configuration files to the host or access them directly from Nipper Studio over Telnet, SSH, HTTP or HTTPS. Either way, the first thing to do is choose a device from the extensive list, which includes Check Point, Cisco, Dell EMC, Fortinet, HPE, SonicWALL, WatchGuard and more.
Now you can aggregate your audit reports in Elasticsearch!
Nipper’s accurate audit data – such as your detailed compliance posture against standards including DISA STIG, DHS CDM/NIST 800-53 and PCI – can now be injected into the Elastic Stack via JSON, where the combined solution provides greater scope to analyze and remediate large numbers of your machines on a daily basis.
The Kibana dashboard then gives you the power to examine your security posture from different angles, filtering by categories of error and drilling down to precise detail about devices/models impacted and how to mitigate risks.
To learn how to aggregate your Nipper audit reports in Elasticsearch and explore the data in Kibana – download the guide by clicking on the cover >