Additional Info

CompanyTitania
Websitehttps://www.titania.com/
Company size (employees)50 to 99
Headquarters RegionEurope

Overview

Nipper is trusted by US military and civilian federal agencies and their prime and sub-contractors to accurately analyze network devices against trusted risk management and control frameworks, and is available as an offline configuration review tool, enabling the assessment of air-gapped networks.

By virtually modelling device configurations as single entities to consider interdependencies across the network, Nipper accurately detects vulnerabilities in routers, switches and firewalls, by providing evidence-based compliance reporting for risk management frameworks including STIGs, NIST SP 800-53 and PCI DSS 4.0, and exception-based security reporting for CIS Benchmarks, NIST SP 800-171, and CMMC.

Nipper automatically prioritizes findings by security and/or compliance risk and provides risk remediation advice with exact technical fixes for misconfigurations, to further support and accelerate the process of customers becoming secure and compliant. Nipper helps customers reduce MTTD vulnerabilities, as well as MTTR, in order to reduce their exposure to critical risks.

As part of the assessment phase for Zero Trust maturity, Nipper can also help assess the compliance state of routers, switches and firewalls, discovering any vulnerabilities, identifying where configurations drift away from a secure and compliant state, and recommending how to mitigate the risk to improve the compliance posture of the network.

Nipper’s accuracy-advantage has proven to reduce audit times by up to 80% as a result of not wasting time investigating false positives. Delivering the accuracy in configuration assessment that is critical to the security of network devices, Nipper has been helping NOCs and SOCs build operational confidence in threat detection and management for over a decade. The software’s accuracy-advantage and trusted risk criticality rating have made it a must-have tool for organizations and CNI leaders around the world, including the UK Ministry of Defence, Aldi, Deloitte and US Department of Defense.

Key Capabilities / Features

Customers rely on Nipper for proactive network configuration assessments, enabling organizations to close their most critical security and compliances gaps with prioritized risk and remediation findings, even on air-gapped networks. Analyzing configurations with the precision and knowledge of a pentester, Nipper is a must have on-demand solution for configuration management, compliance and control.


One of Nipper's standout features is its robust security and compliance reporting functionality, which enables customers to assess their adherence to industry standards and regulatory requirements, including DISA RMF, NIST SP 800-53/171, STIG, CMMC and PCI DSS 4.0, providing comprehensive insights into their networks security and compliance posture.


This added advantage of evidence-based, assessor-ready compliance reporting is game-changing for some customers, and many report that Nipper reduces assessment times by up to 80% compared to using other solutions, which in some cases, equates to hundreds of labour hours for customers - in any given audit - as well as demonstrable improvements in network security posture.


Nipper provides customers with a risk-prioritized view of configuration vulnerabilities. The software visualizes the significance of its findings according to CVSS, STIG, Cisco SIR, and its own trusted risk criticality rating systems as well as providing remediation analysis to improve security posture. With device-specific guidance on how to fix misconfigurations, it can decrease the mean time to remediate security and compliance risks and inform POAMs.


Nipper’s time-saving advantage means that customers have been able to increase the cadence and/or scope of their audits to improve their network security/compliance posture. Where some customers previously only had the capacity to audit firewalls, or a sample of their firewalls - Nipper has provided automation gains that mean they now regularly audit routers, switches and firewalls and are able to assure the security and/or compliance posture of their entire fleet of network devices.


How we are different

1. Nipper specializes in assessing complex network devices - routers, switches and firewalls - immediately differentiating from endpoint vulnerability assessment vendors. Nipper also out-competes firewall-only vulnerability assessment vendors, with its ability to accurately automate the vulnerability analysis of routers and switches, in seconds.


2. Another point of significant differentiation is the method of assessment. Where vulnerability scanners probe devices over the network, Nipper analyses the running configuration of the device. By virtually modelling the device configuration, Nipper analyses configurations as a single entity to consider interdependencies and suppress irrelevant findings. As a result, Nipper’s findings reports are proven to offer unrivalled levels of accuracy which saves customers thousands of labour hours, and provide the granular detail needed to evidence compliance and/or provide remediation advice for detected vulnerabilities. As organizations’ mandated and regulatory compliance needs have evolved over the years, Titania has ensured that Nipper’s reports are closely mapped to these data security requirements, as evidenced in regard to PCI DSS by this statement from customer, Jeff Man, NSA Certified Cryptanalyst, NSA Red Team, PCI SME, PCI QSA, INFOSEC Curmudgeon, Sr. Information Security Consultant from Online Business Systems:


“I’ve worked in the payment card industry for 20 years, and I have rarely encountered any vendor that seems to know or care about PCI and how it relates to the products and services they sell. Titania not only shows an interest in PCI with its release of Nipper v3.0 but also demonstrates that it understands the data security requirements that Nipper impacts and/or could measure in terms of how well an entity is meeting the expectations of the requirements.”


3. According to Gartner, Nipper is also the only offline configuration review tool, enabling auditing of air-gapped networks, which is vital for defence agencies.