Thursday, 20 November 2014

Titania Welcomes Rt Hon Francis Maude at Office Opening


On Thursday the 20th of November we will be joined by friends, partners and media in welcoming the Cybersecurity Rt Hon Francis Maude MP to cut the ribbon at our new headquarters in Worcester. 

As part of a cybersecurity campaign, in the lead up to Cyber Monday, the busiest day of the year for online shopping , the Minister will be travelling across the UK to promote awareness of increasing online threats. After discussing cyber defence strategies, with industry and academia, at the Cybersecurity Summit 2014, Rt Hon Francis Maude MP travels to the cyber valley, to deliver a speech and to officially open the building. 

Titania was founded 5 years ago by one information security professional, Ian Whiting, who wanted to replace the sometimes repetitive and time-consuming audit and report writing side of penetration testing with software that automates much of the network device auditing process. The Network Infrastructure Parser, developed by Ian, evolved into Nipper Studio, Titania’s flagship and most successful product.

Five years, and countless awards later, Titania has a new home where it will continue to develop and deliver trusted solutions to a community of information security professionals in over 60 countries.


Program:

13.00  Welcome & networking

14.00  Live performances from Worcestershire LitFest & Fringe (sponsored by Titania) from Worcestershire Poet Laureate - Fergus McGonigal and Poet Laureate Emeritus - Maggie Doyle. 

15.30  Opening remarks by Ian Whiting  & Speech by Rt Hon Francis Maude MP

15.50  Ribbon-cutting ceremony 

16.30  Networking


Follow us on Twitter for quotes, photos and updates: @TitaniaLimited


Friday, 31 October 2014

#InfosecHeroes Nominate & Donate

What is #InfosecHeroes?

Titania’s CEO, Ian Whiting was recently named this year’s winner of the “Personal Contribution to IT Security” in the Computing Security Awards ceremony. While this has been a great honour for Ian and a very proud moment in Titania's history, it also made us realise how many more hardworking individuals in information security there are out there who deserve recognition for their efforts. That is why we created #InfosecHeroes; because sometimes even a thank you and a mention go a long way to recognise people’s efforts!

How does it work?

You nominate an information security professional that you consider has brought some outstanding achievements to the industry. You share it over Twitter including the hashtag #InfosecHeroes and the name / handle of the elected hero and make a charity donation. Any donations are entirely up to you, but we would be really grateful if you could help us reach our goal of raising £500 for WhiteHatRally.

Have you been nominated? Congratulations – someone somewhere has learnt something from your research, benefited from a tool you developed, or has found your conference talks really inspiring! Why not give something back with a nomination and a donation? 

If you don’t like the idea, that’s fine too, but you might like to be a Barnardo’s hero by making a small donation to WhiteHat Rally. As the industry’s representative charity we decided all funds raised through this campaign should go to them.

We will make the first donation of £25, divided among 5 teams which will take turns in nominating their own #InfosecHeroes! Follow us @TitaniaLimited to find out who we chose…


Thank you, infosec community! 






Tuesday, 28 October 2014

Good News for Auditors – Nipper Studio 2.3.4 Is Here and Includes a Check Point Configuration Retriever







With the launch of Nipper Studio’s 2.3.4, Titania is integrating Check Point devices into the 
software’s remote audit functionality. Now auditors will be able to use the tool to remotely retrieve files from Check Point devices, with the configuration retriever supported by Nipper Studio 2.3.4. This includes the Check Point management systems, thus allowing the auditing of multiple devices simultaneously. 

Aside from the convenience that remote auditing adds to any Nipper Studio audit, the configuration retriever was created specifically to assist Titania customers. Check Point software can run on a variety of different operating systems and platforms, but extracting the configuration file is a time-consuming process that many auditors often struggle with. The configuration retriever is designed to simplify the process and reduce support time for penetration testers.

As well as the configuration retriever, Nipper Studio 2.3.4 has also added the “Exclude
Vulnerabilities” functionality for vulnerability auditing, which allows users to specify vulnerabilities that may be erroneously flagged due to the system they operate. The “Exclude Security Issues” functionality was already available for security auditing, in order to exempt specific issues for bespoke network setups. This enhancement was added in response to customer feedback carefully reviewed by the Technical Team.

Nipper Studio was designed by Ian Whiting, a former penetration tester who truly believed that “an auditor’s time is best spent assessing things that require human input, while mundane and routine tasks are excellent candidates for automation”. This was the underlying concept for Nipper Studio. Today the software serves information security professionals worldwide, in more than 60 countries, while features and functionalities continue to be added in answer to their needs.

More information about Nipper Studio 2.3.4, supported devices and features can be found here. For updates from the Titania team, follow us on Twitter @TitaniaLimited 

Tuesday, 14 October 2014

Two Accolades for Titania at the Computing Security Awards 2014

The prestigious ceremony for the Computing Security Awards 2014 brought outstanding results for Titania. Thanks to everyone’s votes, Titania took part in five categories. Last night, Titania’s CEO and founder, Ian Whiting took home the coveted “Personal Contribution to IT Security Award 2014” and Nipper Studio scooped up the nomination of Runner Up for “Enterprise Security Solution of the Year”.

Ian Whiting, the creator of Nipper Studio, said: “We were up against well-established names in the industry, so these awards are very important, even more so as the winners were chosen through public votes. It is so encouraging to know we have so many customers and partners that believe in us and the services we provide. We want to thank everyone for all the support and kind words we received.”

The Computing Security Awards were created to celebrate the best solutions of the industry, the best information security providers and individual representatives whose efforts have made a difference to the cybersecurity community. Running in their fifth year (with the third consecutive win for Titania), the awards are well-known and highly regarded by the industry. All applications were submitted to two rounds of public vote, via the Computing Security Awards website, to determine the winners.









































Titania joins a long list of acclaimed winners, including Celestix, Egress, Fortinet, CheckPoint, Nettitude, WatchGuard, Palo Alto Networks, CyberArk, VASCO, Assuria and Cyberoam. For more details visit the Computing Security Awards website.

“It was an incredible night. Everyone was celebrating and networking. The venue was outstanding, but the infosec community really built up a wonderful atmosphere.” said Marketing and Sales Manager, Ruth Inglis.





The runner up for Enterprise Security Solution, network security auditing software, Nipper Studio started as a tool intended to simplify the work of penetration testers, in the laborious task of auditing firewalls, switches and routers. Soon after, it garnered interest worldwide and multiple awards, from the acclaimed Govies in the US government IT security, to innovation-driven European Smart Metering awards, while gaining praise from cybersecurity professionals as well as non-security specialists that needed accurate and detailed analysis regarding the security of their network. The team has now returned to the office with two more prestigious accolades as standing proof that the acclaims are grounded.


Titania was a proud sponsor for the Computing Security Awards 2014 alongside CheckPoint, Celestix, ZeroDayLab and Brookcourt. To keep up to date with news from Titania, please follow us on Twitter @TitaniaLimited. If you would like more information regarding our network auditing solutions, please email us at enquiries@titania.com



Friday, 26 September 2014

Shellshock: Titania Confirms Nipper Studio and Paws Studio Are Not Affected


The Technical Support Team at Titania would like to inform all users that the network security auditing software, Nipper Studio and the compliance auditing tool, Paws Studio are not affected by the Shellshock vulnerability. Neither tool relies on Bash, which is the shell software vulnerable to the exploit.  We can also confirm that our own infrastructure and our website are up to date and not subject to the vulnerability.

Patches to operating systems are being currently issued and a complete list can be found on the US-CERT (United States Computer Readiness Team) website. For accurate results, keep checking this page, as patches are continuously developed and improved.

We will continue to monitor the situation and keep you up to date.  

Wednesday, 3 September 2014

Security B-Sides MSP 2014 - Automating Compliance

Last week, our team flew across the ocean, to Minneapolis to attend and present at Security B-Sides MSP 2014.





Security B-Sides is an information security event, that follows an "unconference" format and was setup by a few renowned security experts, in 2012, after large hacking conferences (BlackHat, DefCon) experienced a huge amount of subscriptions to their CfP (Call for Papers) and simply ran out of space to accommodate them all. 






Our team came to discuss Automating Compliance. Titania's founder, Ian Whiting, spoke about his background as a penetration tester, the concept behind creating the network security auditing and compliance tools, Nipper Studio and Paws Studio and why he thinks it is essential that software "should just work". 


My background is a penetration tester. I used to be one of those geeks, hackers that would sit in the corner of the room, and got the blame for everything that went wrong: "it must be the guy coming in doing the auditing that's causing all of these network problems today."

I used to have to run a wide variety of different kind of tools to do those jobs and it's very important to understand exactly what the software is doing, but also to understand the weaknesses of the software.


I was once given a job, many years ago, to audit some network switches and I think it's very important that auditors' time is best spent doing things that require a human to look at, while things that are fairly mundane and routine are excellent candidates for automation. I truly believe that. So I sat down and someone gave me 30 configs for different switches to go through manually. At this point I thought: "now is the time to start automating this kind of process. It's a very mundane task, computers are ideal at automating those very basic checks".

One of the things that being a penetration tester has led me very strongly to believe is that all software should be easy to use. I don't care if it takes the software developer an extra 6 months to code a bit of software. For the users it should be intuitive and easy to use. It should be there to help you and it should go hand in hand with the way you work, in order to reduce the amount of time that it takes you to audit. It should just work. I don't want a bit of software that I install on a system and then have to tweak  for the next half an hour, using Google to try and work out what's going wrong and fix it along the way. It's one of the founding principles of the software that we develop. 



We have a product called Nipper Studio which automates the auditing of firewalls, routers, switches and your various network infrastructure devices and another called Paws Studio, which does similar things for servers and workstations. Both products offer free evaluations, so that you can give it a go on your own platform. One of the things I think it's very important, is to be able to try these things for yourself. You shouldn't have to go and buy something blind, in the hope that what the sales person told you about the product is true and that it's going to do what they said it'd do. You have to try things out for yourself and that's why we provide evaluations for our software. 

Download your free evaluation license here

Although the first edition of the Minnesota chapter, the event was appreciated by the industry and praised by the media








Aside from numerous talks from cyber security experts (an overview of the talks can be found in this previous post), the keynote opening speech was delivered by a legend in the Chinese cyber warfare arena: Lt. Col. (ret) William Hagestad (@RedDragon1949). A very worthwhile talk to listen to and the Colonel is a very engaging presence on the scene. The talk can be found here and it is number 2 on the list, right after the Opening Ceremonies from Matthew J. Harmon, Bradley Ammerman and Tom O'Neill. You can also read the story in CSO Online: Why our lack of understanding on China may be the biggest risk 

An overview of all the talks can be found in our previous post, or viewed / downloaded
off the Security B-Sides wiki.



Video and images courtesy of @mjharmon

Friday, 22 August 2014

Titania Presenting At Security B-Sides MSP – Minnesota Chapter of Security B-Sides

Come And See Us At The Nerdery

Titania’s MD, Ian Whiting, and COO, Nicola Whiting are traveling to Minnesota this week to discuss compliance and security with infosec experts at Security B-Sides MSP, hosted at the Nerdery, Minnesota. 


'Workstation Configuration Hardening' talk 
As sponsors and supporters of the B-Sides series, we are contributing a 1h long presentation appropriately called “Workstation Configuration Hardening” featuring our compliance solution – Paws Studio. The talk will take place in the Crypto Party room, from 13.00 – 14.00. In this presentation, Ian Whiting will be discussing configuration management, how compliance fits in with organizational needs, the issue of compliance vs. security and the need for automated solutions, while finishing with an interactive demonstration of Paws Studio. To take part in the demo you only need to bring a device (laptop, tablet) and install Paws Studio on the machine. You also have the option to get an evaluation key to try it later at home, or check out other policies supported

You can also come and listen to Ian's talk on “Automating Compliance” which will take place in the Auditorium, from 12:15, followed by Josh Paul, from Dakota State University and Mike Lutgen, from Palo Alto Networks


BSides happened for all the ‘great talks that never got heard’

The “mother” organization for BSides MSP is Security BSides and it has since its beginnings spawned a multitude of chapters all over the world B’Sides started in 2009 when Mike Dahn (@MikD), Jack Daniel (@jack_daniel), Chris Nickerson (@isc4thepeople) decided to hold their own conferences ‘on the side’, as the CFP (Call For Papers) at BlackHat or DEF CON was oversubscribed. In its non-conformist style, the event defines itself through a negation: B-Sides is not the All-Conference-Rejects, while adamant that it is not a conference looking to discuss the current big thing. B-Sides is on the lookout for the people who are discussing the NEXT BIG THING. 

The event has a different structure to other established conferences in the industry. The Structured chapters follow a more “official” conference format and are usually run alongside other security conferences (Black Hat, RSA etc.). The other style, which is also what you can expect at the Minnesota chapter, is the Unconference format; it is meant to be relaxed, interactive and the general idea is to take part in the conversation, ask questions and “make it as good as you want it to be”.


What Else Is On?

BSides MSP schedule


There are plenty of exciting keynotes, presentations and competitions to choose from including a Crypto Party, a Capture The Flag competition as well as other initiatives.

The keynote program includes well-known names in the infosec and was determined by community vote:

Opening the keynote track is Lt. Col. William Hagestad II  (@RedDragon1949)  is a renowned expert in Chinese cyber warfare who will be giving an overview of the 'Chinese Use of Computers & Networks as a Strategic Weapon'.

Mike Saunders (@hardwaterhacker) talks about 'Problems with Parameters' - After networks and servers become more secure, the soft belly of the Internet consists of vulnerabilities in Web Applications.

Leonard Jacobs from Netsecuris (@Netsecuris) opens the conversation on 'Using Your Brain To Beat The Hackers' – automated threat monitoring and threat-detection software are not enough to determine whether a threat is real. The human brain is needed.

Dr. Jared DeMott (@JaredDeMott) talk on 'Appsec: Overview, Deep Dive & Trends' will look at the 3 pillars of Application Security: static, dynamic and manual analysis, popular bugs in code auditing, and file fuzzing and network fuzzing.

Paul Dokas (@pauldokas) presents on 'World Class Network Defense', or 'How I Learned To Ignore Vendors And Use Tools That Work' brings a non-commercial perspective on open source tools to create a defense system for the network.

The ending keynote is held by Rafal Los (@RafalLos) Director Solutions Research at Accuvant who makes a compelling case for 'Succeeding in Security by Measuring Your Failure'. When it comes to breaches, understanding what to measure is just as important as understanding how to measure effectively. Here, in the failures, we can find success.

We are proud to join forces with other industry names in sponsoring the Security B-Sides MSP: The Nerdery (@the_nerdery), ISC2 (@ISC2), Palo Alto Networks (@PaloAltoNtwks) DSU Dakota State (@DakotaState), Milton Security Group (@MiltonSecurity), Bromium(@bromium), Symantec (@SYMCPartners), Netsecuris (@Netsecuris), Global Velocity (@GlobalVelocity), Silent Circle (@SilentCircle), IT Risk Limited (@itriskltd). 

Come on over!
If you are in Minnesota on Saturday, 23rd of August, visit us, talk to us, ask us questions and most important, don’t take our word for it! Try Paws Studio for yourself and tell us what you think. As with all BSides events entry is free, but registration is required. Wheaton’s Law applies. Also, do not socially engineer the staff. 


Monday, 18 August 2014

Titania Shortlisted for the Computing Security Awards 2014


Thanks to your votes we are delighted to announce we have been made finalists in 5 categories of the 2014 edition of Computing Security Awards. The winners are decided by public vote and as a special thank you we are offering £100 in Amazon vouchers, or $1000 worth of Nipper Studio software. Here is what you need to do to qualify for the prize draw:
Go to Computing Security Awards fill in a few details (to ensure the vote is legitimate) and submit your choice before 30th of September, 2014. 

The categories are as follow:

Network Security Solution of the Year: Titania – Nipper Studio

SME Security Solution of the Year: Titania – Nipper Studio

Enterprise Security Solution of the Year: Titania – Nipper Studio

Security Company of the Year: Titania

Personal Contribution to IT Security Award: Ian Whiting – Titania

To be entered in the prize draw please forward your confirmation e-mail to alina.stancu@titania.com and specify ‘Nipper’ or ‘Amazon’ in the subject title, if you have a preference for the prize. Winners will be announced at the beginning of October. Please feel free to vote for us in as many categories as you like! More than one vote per company is allowed, if you want to share this with your colleagues and friends.

If you are not familiar with the industry, here’s a quick refresh on our products: Nipper Studio is a network security software for auditing firewalls, switches and routers, while Paws Studio is a compliance auditing and vulnerability assessment tool for servers, workstations and laptops.

Please click here to vote for Titania in Computing Security Awards.

A big thank you for your support from the entire team at Titania.

Wednesday, 13 August 2014

Cybersecurity: What the U.S. Can Teach Europe

Article originally published in FCW magazine.


By Edwin Bentley (Senior Software Developer, Titania) 

About the Author

Edwin joined Titania in 2011 and has since become a key member of development team, having primary involvement in advancement of both the Nipper Studio and Paws Studio software. He has a keen interest in Information Security and the role that the industry will play in the future advancement of technologies.


Having attended two reputable information security conferences this year, one on each side of the Atlantic, a few observations emerged on the differences and similarities of opinion on cybersecurity issues in the U.S. and Europe.

Although similar questions were raised at both conferences, the response manner was notably different. Europe took a reactive stance by signaling problems and bringing them to the attention of government agencies and legislators. The U.S., however, had a top-down approach, with industry searching for viable solutions in response to already adopted government directives.

The first event was Infosecurity Europe. The 2014 edition was hosted in London and attended by more than 11,000 information security professionals. With a 20-year tradition, the event is considered a reference point for the cybersecurity industry to find out about the latest trends and tools and keep up-to-date with European laws and compliance policies.

This year, the discussion focused on big data, the accelerated increase in organized cybercrime, the need to stay ahead of threats and an honest admission from Europol that cybercrime is best mitigated or disrupted because law enforcement lacks the resources to prosecute all crime. Staying ahead of threats was high on the agenda. Finally, there were comments on security issues in the cloud, which just like the bring-your-own-device trend, needs to be accommodated in its own right from a protection point of view.

Similar points were made at FOSE. (Editor's note: FOSE is owned and produced by FCW's parent company, 1105 Media.) As an industry event, FOSE is recognized as an official source for voicing the latest concerns in government IT. Among the issues discussed at the conference, cybercrime and cyber terrorism figured high on the agenda for defense and policy.


Continuous Diagnostics and Mitigation


In terms of security tools and trends, automation and continuous monitoring were held in high regard at the U.S. conference. The conversation on the FOSE floor focused on the Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program. It comes on the heels of the National Institute of Standards and Technology's Cybersecurity Framework and is part of achieving the last step of that directive: monitoring security on an ongoing basis with the use of automation tools.

Released as a best-practice guidance document, the framework was embraced by the federal sector. After the latest high-profile breaches in the retail industry, a wide range of other companies have started to look at the framework as a template for assessing security practices.

In order to understand why CDM is seen as the best solution by IT professionals, below are a few well-debated problems it answers:

  • Top of the agenda for information security experts is how best to integrate security with business processes. Reducing user disruption and enabling business innovation will be more easily addressed with the introduction of automated security.
  • Although CDM does not guarantee that its users will stay ahead of threats, it does offer a near-real-time state of security with risk-based assessments reported and analyzed at network speed to ensure ongoing awareness and protection.
  • A challenge for chief information security officers and CIOs everywhere is the compliance versus security conundrum. CDM implies moving away from layer upon layer of compliance in favor of perpetual alertness and security.
  • The other issue in compliance is log aggregation and reporting. Continuous monitoring would produce automated event logs that can be filed for audits or analyzed for patterns in forensic investigations.
Continuous monitoring does not promise to answer every cybersecurity problem, but it offers a practical way forward. The voluntary adoption within the U.S. business community reflects that its advantages have been recognized.


Cyber directives in Europe and U.K.

Source: fcw.com
Meanwhile, that shift in security perception has yet to happen in Europe. The latest European Union cyber directive -- Network and Information Security (NIS) -- has been taken with a pinch of salt by the industry, and some organizations fear that the stick of compliance will come down hard on their budgets while doing very little for the state of their security.

In a similar way to the NIST framework, the U.K. government released a Cyber Essentials Scheme as a best-practice guide for organizations. Operating in a less intrusive manner with smaller, more practical steps, the scheme has been received with cautious but definite approval by the business spectrum.

Although a promising start, neither the Cyber Essentials Scheme nor the NIS directive alone is sufficient to bring forward the visionary changes the industry needs. The European efforts are moving in the right direction, but compared to the older, more experienced industry in the U.S., they need further development. The Cyber Essentials Scheme might be too small, while NIS could be seen as too complicated and faces an uncertain fate amid changes to the European Parliament.

If the cybersecurity industry is to address the issues raised at Infosecurity Europe 2014 such as staying ahead of threats, mitigating cyber crime, transforming security into a business enabler and dissipating the predicament of compliance versus security, then Europe needs to continue to move in the right direction and could be inspired by the top-down approach to security in the U.S.

Friday, 25 July 2014

Nectar Small Business Awards 2014 – Titania Made The Shortlist

We are delighted to be named finalists for the Nectar Small Business Awards. Nectar Business is a rewards program for small business owners, achieved through partnerships with leading business suppliers. Experiences such as cinema trips, meals out, holidays or gifts can be obtained with Nectar points, either for personal or business use. The Awards are intended to celebrate the achievements of the SME community across the UK and we are very happy to be recognised by them.

The winner of the £2000 and 50 000 points will be determined by a panel of business experts including Apprentice star and Lord Alan Sugar’s business advisor, Karren Brady. Aside from the financial reward, the winner will also benefit of Ms. Brady’s valuable advice and business insights, at a Round Table event, in September. 





As for what would happen to the reward, should we win, Shelley Gunnell, HR manager and Titania representative for the Worcestershire Works Well scheme, has an idea: “We are always looking for new ways to improve the working lives of our staff, whether this be a health and wellbeing-related reward or just a bit of fun outside the office. The last corporate fun day was a trip to Alton Towers and before that was Diggerland. We will be putting some fun and fresh ideas out there for activities that we can all enjoy together.” 










Titania is the product of the years of experience in the information security industry of CEO, Ian Whiting. The challenges of the pentesting and auditing profession have led him to develop Nipper Studio; a network security tool that facilitates the auditing and reporting process for penetration testers and global organisations. Four years into this venture, Titania is a worldwide recognised supplier to government agencies, financial institutions and other private organisations.

For updates on Titania follow us on Twitter @TitaniaLimited and catch up with the winners of Nectar Business Awards by following #NBsba14.