DDI NIRV™

Organizational pressure to keep sensitive data and intellectual property secure is only increasing. Headline news associated with frequent and hard-hitting data breaches underscores the importance of staying on top of key security risks. And now – with CEOs, CIOs, CFOs, CISOs and security teams being held personally accountable – the stakes are higher than ever.

When Accuracy Matters

DDI NIRV – the technology core of Frontline RNA™ – works on the principle of real-time event-based tuning. As it learns more about hosts and the network, NIRV adjusts its plugin sets and auditing mechanisms in real time – leading to far more accurate and complete data scans through continuous vulnerability scanning. NIRV enables RNA to “dig deeper” than competitor scanners through capabilities including:

  • Cross service parsing for capturing and vetting webserver directory structure and scripts, significantly improves the ability to find brute force and fault injection attacks on other discovered hosts and services.
  • SSL deep dive means critical SSL issues, e.g., Heartbleed and BEAST, are audited beyond traditional web-based SSL services. SSL deep dive scans embedded SSL modes including FTP, SMTP, POP3, VPN, RDP, RPC and UDP based DTLS services.
  • Privilege escalation checks covers usernames, password hashes and authentication tokens gathered from RPC services to automatically tokenized, translated to different authentication formats and leveraged in an attempt to gain access to other host and network services.
  • ARM baseboard interface auditing will find weaknesses exposed in RMCP and IPMI, and are correlated and reused against the primary host O/S to expose networked side-channel access to otherwise secure systems.

 

DDI NIRV™ Scanning Engine Cross Context

At the heart of Digital Defense’s Frontline RNA™ appliance is the DDI NIRV™ scanning engine which represents a fundamental break from traditional network scanning methodology and allows the discovery of critical flaws often missed by other engines.

Whereas traditional network auditing technology focused on auditing services in isolation in a highly repeatable manner; the NIRV engine is capable of auditing networks as contiguous entities where information gleaned from each host, service, and application is reused throughout the network, allowing for a more thorough audit of its peers.

Select examples of this network security auditing technology include:

  • Webserver directory structure, scripts, and arguments discovered by webroot spidering or WSDL parsing on one service can be used to improve brute force, and fault injection on other hosts and services discovered; allowing tests to run multiple times in the same context if necessary for complete testing.
  • Usernames, password hashes, and authentication tokens, gathered from RPC services are automatically tokenized, translated to different authentication formats and leveraged in an attempt to gain access to other services on both the host and network level.
  • Critical SSL issues such as Heartbleed and BEAST are audited not just on traditional web-based SSL services but through the embedded SSL modes such as FTP, SMTP, POP3, VPN, RDP, RPC and even alternate-transport UDP based DTLS services.
  • Weaknesses exposed in RMCP and IPMI embedded ARM baseboard interface auditing can be correlated and reused against the primary host operating system in order to expose networked side-channel access to otherwise secure systems.

Free
14-Day Trial

Take advantage of our 14-day free trial and discover how the cloud-native Frontline.Cloud platform makes vulnerability management and threat assessment much easier, more accurate, and more efficient than any other solution.

By Default: All Trial accounts are created in the United States. If there are data residency concerns, please contact us before submitting this request.

Privacy Policy