Titania Security

Introducing Nipper Studio

News   •   Nov 07, 2011 14:54 GMT

Nipper is an established industry leading security auditing and configuration reporting tool. Visitors stopping by our stand at the recent Infosecurity Europe show in London were treated to a preview of the next generation in Security Auditing ~ Nipper Studio.

Nipper is already trusted by world leading organizations and professionals, we have continued to move further forward with exciting new features suggested by our customers. Nipper Studio enhances the time and cost benefits of using Nipper whilst still enabling professionals with no security experience to perform a comprehensive security audit.

Saving You Even More Time And Money

Nipper Studio now enables you to audit multiple network devices. Using the Nipper Studio, simply select the "New Report" menu option, add all the device configurations that you want to audit (selecting an entire directory if you want). Click the "Next" button to customize your report, then click on "Finish" to let Nipper Studio do all the work for you.

Typically Nipper Studio will finish auditing your configurations within a few seconds, enabling you to get on with reading the report that would of taken weeks to produce and deliver. As with traditional security and configuration audits, your reports can include:

  •  a title page with your company name or logo;
  •  a non-technical management summary including statistics and graphs;
  •  a report contents section that lists the report sections, tables and graphs;
  •  introductions, including a break down of any rating systems used and the report format conventions;
  •  detailed security audit issues which include a rating, what was found, the impact of the issue, how easy it would be for an attacker to exploit and the mitigation recommendations which will typically include the commands required to resolve the issue;
  •  a security audit conclusions which outlines the findings and a recommendations section that summarizes the recommendations;
  •  a configuration report which details how each network device is configured and explaining what many of the configuration settings mean;
  •  an appendix section which includes a break down of any abbreviations used within the report together with other supporting information.

Customizable Reporting

Nipper Studio includes advanced report writing technology that enables the software to write a report in a similar manor to how a human would write a report. This is just one of the many areas that Nipper Studio stands above other automated software that generate reports by combining predefined sections of text together. When reading a Nipper Studio report it is easy to forget how it was authored.

A significant advantage of this technology is the ability to provide Nipper Studio with details about the report and your organization. For example, when you provide your organizations name Nipper Studio will write the report as if you had written it yourself. So Nipper Studio will report what issues you found and what recommendations you make.

The screenshot to the right shows Nipper Studio being customized with the company name "Cisco", a company logo and setting the report classification to "Restricted". Sections from the report are shown below highlighting just a few areas within the report where Nipper Studio has used this information.

Nipper has always featured a huge number of customization options, enabling you to tailor your reports for your organizations requirements. Enabling you to change your reports look and feel with your own organizations branding, such as fonts, colors and report layout. Your reports can then be saved in a variety of different formats including HTML, XML and CSV, enabling you to make use of productivity suites such as Microsoft Office or import the results in to your own custom systems.

Security Auditing And Issue Reporting Customization

Although having a well written and presented report is important, with years of real world security auditing experience with leading international corporations, financial institutions and government departments we also understand that the standard of the audit is essential. Nipper Studio performs a comprehensive audit of your devices settings, not just an examination of the firewall rules. Which is why so many of the worlds leading organizations trust Nipper for their auditing.

Just like with the report customization options, Nipper Studio provides a wide range of auditing options that will enable you to tailor your audits to meet the requirements of your organization. For example you can set your password policy or highlight key network services and network hosts that you would like identified during the firewall rule auditing. Then if Nipper Studio identifies any issues that are related to your organizations policy, your policy will be included in the recommendations.

Features that we have recently introduced based on our customers feedback include adding your own notes / comments to an issue once the report has been written, and excluding a particular device from an issue altogether. This functionality can quickly be accessed using the "Report" menu shown below.

Support For Multiple Rating Systems

When performing a security audit you can now choose between the industry standard CVSS v2 rating system or the more traditional Nipper rating system. Both rating systems have their advantages:

  •  CVSS v2 enables you to customize the security issue ratings for what is most important in your environment. For example if integrity and confidentiality are more important to you than system availability then when Nipper Studio  writes your security audit report the issue ratings can reflect those priorities;
  •  the more traditional Nipper rating system rates issues based on what is traditionally perceived to be the most serious and gives more significance to issues that are deemed to be "best practice" than the CVSS v2 rating system which does not score a number of key best practice findings.

Configuration Reporting

Although Nipper includes some powerful and extensive security auditing capabilities, some of our clients primarily use Nipper for its configuration reporting capabilities. Nipper can write a clear, consise and consistent configuration report for your devices regardless of which company manufacturered the device.

The configuration of each device is reported in related sections, such as administration services. To further explain what the configuration settings mean many of the protocols and options detailed in the report and accompanied with a description of what they are used for and the related RFCs.

Device Support

Nipper Studio supports over 80 different devices from manufacturers such as Cisco, HP, Juniper, CheckPoint and many others. With the new plugin-based architecture Titania will be extending this support further in the future.

And There Is Even More To Nipper Studio

There is even more to Nipper Studio than what is on the box. We also include additional functionality within Nipper that further adds to the value of the product. For instance Nipper Studio includes a CVSS v2 calculator, a Cisco Type-7 password decoder and an IP calculator.

Platform Support

As usual, Nipper Studio includes both a simple point and click interface as well as a scriptable command line tool. Nipper Studio also provides an API for integrating Nipper Studios functionality. Nipper Studio is available for Microsoft Windows, Apple MAC OS X and GNU/Linux platforms.

Availability

Nipper Studio is now available for download on our site. Just Register (or log on) to see your "My Downloads" section.
There's great news for existing Titania customers too, if you have a Enterprise or Auditor licence of Nipper we'll be giving you our latest product Nipper Studio - FREE of Charge (as part of your licence subscription)

For more information on how Nipper Studio can help you secure your devices and save you time and money, contact us atenquiries@titania-security.com. Or alternatively get in touch with one of our partners in your area.