“Network misconfigurations cost companies millions yet 70% of organizations suffer difficulties prioritizing remediation based on risk.” (CSO)
Accurate security risk detection and analysis
A misconfiguration on a device can often be the difference in allowing an attacker to escalate an attack from affecting a single part of the network to a much larger proportion. Many high-profile data breaches have been the result of a misconfigured device on poorly segmented networks. It’s why continuously monitoring the configuration of firewalls, switches and routers is so important. These network devices are key to network security.
In order to successfully close security gaps, network owners need granular detail about where a device’s actual configuration deviates from the desired secure configuration. Nipper solutions automate line-by-line granular assessment of the actual configuration and, in doing so, report the findings complete with mitigation advice to remediate configuration vulnerabilities. Where possible, command line syntax instructions are provided to fix any misconfigurations detected.
Informing network risk remediation workflows
In order to assess a device’s actual security response, as determined by its configuration, the configuration needs to be analysed as a single entity. Nipper solutions automate this approach, considering the interdependencies of the configuration settings and supressing findings that are irrelevant. For example, where settings are are not enabled elsewhere in the configuration. The same is true for complex configurations within firewall devices, where overlapping rules can cause security issues, but all of the rules must be ingested and analysed simultaneously to discover them.
For every misconfiguration detected, Nipper’s security analysis then considers:
- ease and likelihood of exploitation,
- potential impact to the network,
- remediating action required, and
- estimated time to fix.
This allows for automatic prioritization of the risks detected, according to Nipper’s trusted criticality rating. These in- depth risk analyses are best used to inform remediation workflows in order to optimize SOC and NOC resources.
Improving mean time to repair/remediate security gaps
Performing over 300 checks on a virtual model of the actual configuration, Nipper solutions detect instantly if the device is misconfigured. As well as significantly reducing the mean time to detect/discover (MTTD) misconfigurations present in the network, Nipper solutions help to improve the mean time to repair/remediate (MTTR) the security gaps found. The software does this in two ways:
- Automatically providing remediation advice and technical fixes – to expedite mitigation, and
- Automatically prioritizing risks to security/compliance by criticality – giving visibility to the most critical risks where the:
- Impact and likelihood of exploitation is high, AND
- The fix is easy to implement
Nipper’s configuration auditing accuracy, risk prioritization, and risk remediation capabilities are proven to save hundreds of labor years in the skilled-resources required to secure some of the most critical networks in the world.
Learn More >
Providing the accuracy needed to auto-remediate misconfigurations
As networks grow in size and complexity, auto-remediation is increasingly considered the only way to close security gaps at the velocity needed to effectively manage risk. Already delivering the accuracy of audit, risk analysis and remediation advice necessary, Nipper Enterprise is designed to facilitate automatic remediation, where it is considered appropriate by the network owner.
Nipper Enterprise can produce reports suitable for ingest by workflow tools (such as ServiceNow) and SOAR solutions (including Splunk Phantom and Cortex XSOAR).
Integrating Nipper Enterprise’s detailed findings with SOAR systems allows accurate configuration security and compliance data to be visualized and prioritized in those products as well. It can also be used in playbooks that step through the remediation processes. Enabling playbook-controlled automatic remediation capability for a variety of risk classes.
Check out our latest resources
Use Case: Identifying network compromise and prioritizing remediationRead more
New Report Reveals U.S. Federal Government Exposed to Significant Cybersecurity Risks Due to Exploitable Network MisconfigurationsRead more