award winning flexible solutions - cyber …...security audit – perform a "best...
TRANSCRIPT
CONFIGURATION AUDITING FOR FIREWALLS, SWITCHES & ROUTERS
ASSURED ACCURACY
TRANSPARENT PRICING & COST OF OWNERSHIP
"A dramatic time-saving
innovation for device security
validation."
Accurate Confi guration Reporting & Mitigation – Trusted by Experts“Enterprise Teams dissatisfi ed with false positives and plagued by alert fatigue from their
scanning and monitoring systems, add Nipper to provide a true baseline of accurate information.”
AWARD WINNING FLEXIBLE SOLUTIONS
MOD Defence Contracts Bulletin
Devices Price (1 year)
Starter Pack $1,13550 Devices $1,985100 Devices $3,405250 Devices $5,985500 Devices $8,2251000 Devices $11,4405000 Devices $50,600
Because hackers shouldn’t have easy options
THE EXPERTS’ CHOICE FOR CONFIGURATION REVIEWS
Each technology is architecturally designed for one specifi c expertise area. The complementary technologies each have a capability that none of the others adequately provide:• Monitoring – Live Activity Detection• Scanning – Network Discovery• Confi guration Auditing – Granular Accuracy • SIEM Systems – Collating the ‘Big Picture’
The world's most secure networks leverage multiple technologies' strengths. Their goal is to use a multi-layered approach to create a combined solution, which is stronger and more resilient than its individual components.
Confi guration Auditing: Provides a “Granular View” of security systems. They analyze internal system information already present on your network devices, refi ning mass confi guration and operating system data into precise risks and remediation actions. Granular “line by line” analysis (delivered at scale) and virtual modeling technology builds human understanding into how device settings interact with each other, giving a more accurate picture of security and compliance risks.
DOES MORE & BRINGS GREATER ACCURACY
ACCURATEAuditing actual settings, software and options creates precise fi ndings
COVERAGEDirect access to a system enables the most complete audit coverage
NON�DISRUPTIVEAudits using standard administrative interfaces limit disruption. Offl ine auditing produces no network traffi c
FASTAuditing is quick in all scenarios
Titania.com
Device Auditing
Audit without Network Traffi cAuthentication Confi gurationAuthorization Confi gurationAccount/Logging Confi gurationIntrusion Detection/Prevention Confi gurationPassword Encryption SettingsTimeout Confi gurationPhysical Port AuditRouting Confi gurationVLAN Confi gurationNetwork Address TranslationNetwork ProtocolsDevice Specifi c OptionsTime SynchronizationWarning Messages (Banners)Network Administration ServicesNetwork Service AnalysisPassword Strength AssessmentSoftware Vulnerability AnalysisNetwork Filtering (ACL) AuditWireless NetworkingVPN Confi guration* Limitations and constraints will prevent a detailed audit
Scanners Nipper
X √X √X √X √X √X √X √X √X √X √X √X √X √X √√* √√* √√* √√* √√* √√* √√* √√* √
Titania.com/register/trial
CUSTOMIZABLE AUDITS
INDUSTRY COMPLIANCE
CIS - Nipper audits have been certifi ed as 100% accurate by CIS. They demonstrate compliance with FISMA, HIPPA, NIST, SOX, IRS 1075, FedRAMP, GLBA, ISO 27001, NERC, ETSI and CPNI
PCI – quickly complete automatable payment card system checks. Generate detailed advice that verifi es passes and explains failures so you can validate compliance
STIG – automate online audits or take them offl ine in secure environments. Generate detailed, verifi ed reports that include remediation in line with STIG baselines
SANS – assess compliance with SANS policies and benchmark your security levels according to this globally trusted industry body
CONNECTIVITY OPTIONS
• Audit online, offl ine, onsite, in the cloud, virtually or integrated into enterprise systems
Security Audit – perform a "best practice" security audit, combining multiple industry & pentesting checks. Use rating systems and mitigation advice to prioritize and plan fi xes
Confi guration Audit – detailed confi guration reporting, including information such as: fi ltering, routing protocols, administration services & more. This report off ers a quick, clear view of your device settings
Vulnerability Audit – audit against global public vulnerability repositories such as the US Govt NVD & the NIST CVE databases to fi nd easy-to-exploit security issues and de-risk your business
Benchmark & Validate your Compliance with Globally Trusted Providers
SECURITY & CONVENIENCE
the only offl ine confi guration
What if your network is secret or air-gapped?According to Gartner, Nipper is:• Agentless - no additional software to
install or maintain
• Scriptable for 24/7 continual analysis
• Enhances enterprise scanning and removes accuracy concerns
• Integrates easily with existing systems
• Standalone for remote workers and audit teams, or
• Fully integratable into SIEM solutions for SOCs and NOCs
Which means, one solution can handle both! Gartner Inc.
"
review tool."
15www.computingsecurity.co.uk computing security
product review
TITANIA NIPPER STUDIO
Total compliance with data protectionregulations is now essential,otherwise businesses could find
themselves faced with hefty fines. There isa wide range of security auditingsolutions available, but some can beprohibitively expensive, many rely only onnetwork scanning and few extend theirfocus beyond firewalls.
Nipper Studio takes a refreshingly newapproach to security auditing, as itsupports an impressive range of firewalls,switches and routers from all the majorplayers. Naturally, Cisco is at the top of the list, but it can also audit devices fromBrocade, Check Point, Fortinet, HP,Juniper, WatchGuard and many more.
Installation takes minutes and auditing isa simple, two-step process. First, you needto download the configuration file fromthe devices to be interrogated. We testedwith HP ProCurve and Cisco Catalystswitches, and found the process welldocumented. You point Nipper Studio tothe configuration file location and itidentifies the device from its contents.Usefully, you can specify a directory wheremultiple files are stored and it can createa single report on them all.
Four options for the level of auditingand reporting are available. The securityaudit covers more than 20 key areas,including administrative access,authentication, IDS/IPS, SNMP, portconfigurations and softwarevulnerabilities. Each can be enabled ordisabled as required and you can apply arange of filters to fine-tune theinformation you want presented.
Two rating systems are supported, withthe software defaulting to Nipper's ownsystem. A valuable feature is support for v2of the CVSS (Common VulnerabilityScanning System) open framework.
Prior to report generation, you can selectCVSS and also configure other associatedenvironmental metrics. These includesettings for CDP (collateral damagepotential), target distribution, plusconfidentiality requirements, so you candefine and prioritise which areas areimportant.
User policies tell Nipper Studio whatpassword tests you want carried out. Theseinclude checks on the maximum andminimum password ages, authenticationtimeouts, length, repeated characters andso on. Nipper Studio can include a full report on deviceconfigurations and also provide it in raw format as well.
Reports are generated quickly, and wescore Nipper Studio highly for their classydesign and content. The reports are wellstructured and very clear, so they willappeal to a much wider audience than justtechnical staff. The reports can be brandedwith your own company name and logo,and start with a summary of the auditscope, with devices and graphs showing abreakdown of issues identified.
The level of information in the reports isquite remarkable. Not only do they clearlyhighlight security issues with firewalls, but also provide an impact assessment,potential security breaches andrecommendations for remedial actions.
Other areas of concern - such as weakpasswords, unsecured administrative accessand open services for all devices -are clearlyhighlighted, and each graded with ratingsfor overall impact and ease of remediation.Where the CLI can be used to fix aproblem, the report includes a list of allrelevant commands and their format, sothere's no need to rummage through thedevice's user manual.
Nipper Studio provides changemanagement features, as during reportconfiguration you can point it to a second file taken from an earlier time. The reportcompares them and highlights anydifferences, so you can see easily ifunauthorised changes have been made to critical devices.
Nipper Studio can start auditing straightfrom the box and its sophisticatedreporting takes all the guesswork out ofregulatory compliance. It represents verygood value, and is far more efficient andinformative than products that rely only onnetwork scanning. CS
Product: Nipper StudioSupplier: Titania LtdTelephone: +44 (0)1905 888785Website: www.titania.comPrice: From £24 per device (per pack of 25) to£5 per device (per pack of 1,000).
Titania - SUBBED BW.qxd 05/09/2012 11:50 Page 1
15www.computingsecurity.co.uk computing security
product review
TITANIA NIPPER STUDIO
Total compliance with data protectionregulations is now essential,otherwise businesses could find
themselves faced with hefty fines. There isa wide range of security auditingsolutions available, but some can beprohibitively expensive, many rely only onnetwork scanning and few extend theirfocus beyond firewalls.
Nipper Studio takes a refreshingly newapproach to security auditing, as itsupports an impressive range of firewalls,switches and routers from all the majorplayers. Naturally, Cisco is at the top of the list, but it can also audit devices fromBrocade, Check Point, Fortinet, HP,Juniper, WatchGuard and many more.
Installation takes minutes and auditing isa simple, two-step process. First, you needto download the configuration file fromthe devices to be interrogated. We testedwith HP ProCurve and Cisco Catalystswitches, and found the process welldocumented. You point Nipper Studio tothe configuration file location and itidentifies the device from its contents.Usefully, you can specify a directory wheremultiple files are stored and it can createa single report on them all.
Four options for the level of auditingand reporting are available. The securityaudit covers more than 20 key areas,including administrative access,authentication, IDS/IPS, SNMP, portconfigurations and softwarevulnerabilities. Each can be enabled ordisabled as required and you can apply arange of filters to fine-tune theinformation you want presented.
Two rating systems are supported, withthe software defaulting to Nipper's ownsystem. A valuable feature is support for v2of the CVSS (Common VulnerabilityScanning System) open framework.
Prior to report generation, you can selectCVSS and also configure other associatedenvironmental metrics. These includesettings for CDP (collateral damagepotential), target distribution, plusconfidentiality requirements, so you candefine and prioritise which areas areimportant.
User policies tell Nipper Studio whatpassword tests you want carried out. Theseinclude checks on the maximum andminimum password ages, authenticationtimeouts, length, repeated characters andso on. Nipper Studio can include a full report on deviceconfigurations and also provide it in raw format as well.
Reports are generated quickly, and wescore Nipper Studio highly for their classydesign and content. The reports are wellstructured and very clear, so they willappeal to a much wider audience than justtechnical staff. The reports can be brandedwith your own company name and logo,and start with a summary of the auditscope, with devices and graphs showing abreakdown of issues identified.
The level of information in the reports isquite remarkable. Not only do they clearlyhighlight security issues with firewalls, but also provide an impact assessment,potential security breaches andrecommendations for remedial actions.
Other areas of concern - such as weakpasswords, unsecured administrative accessand open services for all devices -are clearlyhighlighted, and each graded with ratingsfor overall impact and ease of remediation.Where the CLI can be used to fix aproblem, the report includes a list of allrelevant commands and their format, sothere's no need to rummage through thedevice's user manual.
Nipper Studio provides changemanagement features, as during reportconfiguration you can point it to a second file taken from an earlier time. The reportcompares them and highlights anydifferences, so you can see easily ifunauthorised changes have been made to critical devices.
Nipper Studio can start auditing straightfrom the box and its sophisticatedreporting takes all the guesswork out ofregulatory compliance. It represents verygood value, and is far more efficient andinformative than products that rely only onnetwork scanning. CS
Product: Nipper StudioSupplier: Titania LtdTelephone: +44 (0)1905 888785Website: www.titania.comPrice: From £24 per device (per pack of 25) to£5 per device (per pack of 1,000).
Titania - SUBBED BW.qxd 05/09/2012 11:50 Page 1
If you don't see your device here - talk to us
LOWEST COST OF OWNERSHIP � MOST DEVICES COVERED � THE EXPERTS' CHOICE
Cisco ASR (IOS XR)Cisco Aironet (IOS)*Cisco Aironet Wireless AP (IOS)Cisco Catalyst Switches (CatOS)Cisco Catalyst Switches (IOS)*Cisco Catalyst Switches (NMP)Cisco CRS (IOS XR)Cisco Content Services SwitchesCisco IDS/IPSCisco Nexus Appliances*Cisco Routers (IOS)*Cisco Routers (IOS XE)Cisco Routers (IOS XR)Cisco Security Appliance (ASA)*Cisco ASA Applicance Contexts*Cisco Security Appliance (FWSM)Cisco Security Appliance (PIX)Cisco PIX Appliance ContextsCisco Wireless LAN
Juniper E Series RoutersJuniper EX Series SwitchesJuniper IDP DevicesJuniper ISG FirewallsJuniper J Series RoutersJuniper M Series RoutersJuniper MX Series RoutersJuniper NetScreen Firewalls*Juniper SA SSL VPN (IVE)Juniper SA SSL VPN (JunOS Pulse)Juniper SRX Firewalls*Juniper SSG Firewalls (JunOS)Juniper SSG Firewalls (ScreenOS)Juniper T Series Routers
H3C 3600 Series SwitchesH3C 5500 Series Switches
Huawei Quidway Switches (3COM)Huawei RoutersHuawei CX Series RoutersHuawei Eudemon Series FirewallsHuawei NE Series Routers
Brocade BigIron SwitchBrocade FastIron Switch*Brocade NetIron SwitchBrocade ServerIronBrocade ICX Switch (IronWare)*
Crossbeam Firewalls
3COM 4200 Series Switches3COM 4400 Series Switches3COM 4500 Series Switches3COM 5500 Series Switches3COM SuperStack 3 Firewalls3COM TippingPoint IDS/IPS
IBM Proventia G SeriesIBM Proventia M Series
Netfi lter IPtables
Alteon Switched Firewall (CP)
Arista Routing Switches
Barracuda NetContinuum
Blue Coat ProxySG
CyberGuard Firewalls (SecureOS 6)
Dell PowerConnect J EX-SeriesDell PowerConnect J SRXDell PowerConnect SwitchesDell SonicWALL NSADell SonicWALL TZDell SuperMassive
Extreme Alpine (ExtremeWare)Extreme Alpine (XOS)Extreme BlackDiamond (XOS)Extreme Summit (ExtremeWare)Extreme Summit (XOS)
F5 BIG-IP
Forcepoint Sidewinder
Fortinet Fortigate Firewalls
Microsoft Forefront
Foundry Networks BigIron SwitchFoundry Networks FastIron SwitchFoundry Networks NetIron SwitchFoundry Networks ServerIron*
GTA Firewall Appliances
McAfee Enterprise FirewallMcAfee Sidewinder
Microsoft Forefront Firewalls
NETGEAR ProSafe FSM SwitchesNETGEAR ProSafe FVS Firewalls
Nortel Contivity RoutersNortel Ethernet Routing 8k SwitchNortel Passport 8k SwitchesNortel Switching Firewalls (CP)Nortel VPN Routers
Check Point IP FirewallsCheck Point Firewall Management*Check Point Power-1 Firewalls*Check Point VPN-1 Firewalls*Check Point Appliance*
HP Routers (ComWare and ProCurve)HP JetDirect Print ServersHP Switches (ComWare and ProCurve)
Ruggedcom RuggedSwitch
Secure Computing (SecureOS 6)Secure Computing (SecureOS 7)
WatchGuard 2 Series FirewallsWatchGuard 5 Series FirewallsWatchGuard 8 Series FirewallsWatchGuard 1050 FirewallsWatchGuard 2050 FirewallsWatchGuard XTMvWatchGuard XTM 1500*WatchGuard XTM 2520*WatchGuard XTM 3 Series*WatchGuard X Core (XTM)*WatchGuard X Edge (SS)WatchGuard X Edge (XTM)*WatchGuard X Peak (XTM)*
SonicWALL Firewall (SonicOS)SonicWALL NSA (SonicOS Enhanced)SonicWALL Pro (SonicOS)SonicWALL Pro (SonicOS Enhanced)SonicWALL TZ (SonicOS)SonicWALL TZ (SonicOS Enhanced)
Sophos UTM
Bay Networks Accelar Switches
* = Most Popular
HP ComWare RoutersHP JetDirect Print ServersHP ProCurve Switches*
Palo Alto FirewallsPalo Alto Panorama
Nokia IP Firewalls (Check Point)
Confi guration & Build Analysis
An attacker normally probes and scans a network using a variety of tools to gain knowledge of available entry points and routes to data. Many powerful tools are available which detect common attacker behaviour, providing valuable early warnings of potential attacks. (For more information, see Titania’s whitepaper:‘The Future of Autonomous Mitigation’.)
Examining systems using automated confi guration & build analysis tools is a huge advantage for a SOC or NOC. Using these tools to examine your system set-ups, in detail and at speed – means you can fi nd and close exploitable vulnerabilities that monitoring or scanning based solutions would miss.
Confi guration and build analysis tools have no need to scan systems, so do not generate mass network traffi c and therefore avoid the risk of killing network services. You can quickly gain detailed knowledge of your systems' defences, the monitoring capabilities you have deployed, and more importantly, any vulnerabilities you have.
PRACTICAL EXAMPLE
When Pentesters automate a build review, Nipper is their tool of choice for providing granular accuracy. Now, Enterprise teams dissatisfi ed with false positives and plagued by alert fatigue from their current systems have also added Nipper to provide a true baseline of accurate information.Nipper helps secure the networks of clients including: The Department of Defence, FBI, global banks, fi nancial institutions, US Treasury and payment providers (such as Visa and Mastercard).
The following example shows how easy it is to perform a detailed security review of a network router.
In this example, Nipper is used to perform a review of a Cisco router (one of the most popular network routing devices). We are using Nipper to query a backup of a saved confi guration. One distinct advantage of auditing this way is that it does not disturb potentially business critical devices.
In this example, ‘New Report’ has been selected and a router confi guration added to the device audit list.
ASSURED ACCURACY
Titania.com/register/trial
USE CASE: PRACTICAL EXAMPLE
There are many report and compliance audits available within Nipper, including confi guration build reviews and industry standards such as the CIS benchmarks.
Vulnerabilities are categorised by severity and area aff ected e.g. Administration, Authentication, Best Practice, Clear Text (Encryption) and Filtering issues.
The reporting options can be used to export all report information and data tables.These can be fed into SIEM consoles (or other systems) as data feeds. In addition to the GUI, a full command line version is available with APIs.
"Nipper enables Cisco to test devices in a fraction of the time it would normally take to perform a manual audit."
Cisco Systems Inc.
A Mitigation Classifi cation Table is also provided. Mitigation includes:• The easiest issues to fi x quickly
(low hanging fruit) • What to do to fi x those issues• Command line fi xes
(device specifi c)
We have selected the best practice ‘Security Audit’ and the ‘Vulnerability Audit’ options.Reporting options can be fi ne-tuned using the settings button.
Titania.com/register/trial
OPTIONAL EXTRAS
Advanced confi guration reviews for workstations, servers & databases
• Online and offl ine auditing support for Windows, Linux and Mac OS• Advanced SQL database analysis• Policy editor enables complete customization of analysis• Integrate into existing enterprise systems• Combines procedural and confi guration compliance checks
DOWNLOADwww.titania.com/register/trial
Want to ditch alert fatigue and get more accurate results?
Trial Nipper on your data, for FREE
Microsoft Windows Vista or above(Server 2008 or above)• 400MB disk space• 2GB memory
GNU/Linux (RHEL, Ubuntu, Fedora, CentOS, openSuSE)• 300MB disk space• 2GB memory
System Requirements
Support Options
Product updatesand maintenance
Email-based support
Web-based support
Phone support
24/7 support logging
Guaranteed response 24 working hours
Guaranteed response 8 working hours
Remote assistance
Bronze Silver Gold
√ √ √
√ √ √
√ √ √
√ √
√ √
√
√
√Free 15% 20%