Combining Titania’s accurate reporting capability with Elastics’s powerful technology stack, allows large networks to accurately audit and analyse their devices across the whole enterprise.
Nipper reports are now available in JSON format, making it easier for large networks to inject their findings into Elastisearch, either directly, or via Elastic Logstash.
By ingesting the Nipper audit data into Elastic, a number of Elastic’s standard visualizations will aid in determining conclusions that would be difficult to reach by analyzing individual device reports.
The aggregated analysis gives you valuable insight, revealing ‘problem areas’ and ‘hot spots’, such as those analyzed in this ‘Technology Spotlight’:
• Which device manufacturers have the most issues?
• Which vulnerabilities are most prevalent in my network?
• What proportion of my STIG errors are CAT1?
• Which operating systems have the most CAT1 vulnerabilities?
• Which device types are showing the greatest number of vulnerabilities?
• What is the vulnerability text associated with a particular vulnerability?
Of course, the power of Elastic Kibana lies not just in being able to see the overall picture, but to be able to explore and interrogate the data, by pivoting the displays. This allows analysts to explore a single device, a single vulnerability, a single configuration error, or a category of configuration errors and see how they appear.
The Titania data is accurate and deterministic, ensuring the reports give your internal auditors and IA professionals the data they need to keep your network safe. Visualizing or aggregating the data according to Risk Management Frameworks, such as PCI, CMMC, NIST 800-53, or DISA RMF is a common use case.
Together, the Titania sensors and audit data coupled with the power of the Elastic’s aggregation, analysis and visualization stack helps to keep networks safer and ensures activities like threat-hunting are more efficient and effective.
Download our CTO’s ‘Technical Spotlight on Elastic and Nipper’ below for more on how to automate core network auditing, analysis and remediation.