Dosu Logo
Home
Documents
Competitive Landscape Brief — March 2026
Competitive Landscape Brief — March 2026
Type
External
Status
Published
Created
Apr 19, 2026
Updated
Apr 19, 2026
Source
View

Prepared: March 17, 2026
For: Ken & Krystal — Product Planning Session
Focus: Where does opnDossier fit in the market, who are we competing with, and where are the gaps?

The Market at a Glance#

The "firewall configuration audit" space has two very different tiers, and opnDossier sits in the gap between them.
Tier 1 — Enterprise Firewall Policy Management ($50K–$500K+/year)
Tufin, AlgoSec, FireMon, RedSeal. Massive platforms for enterprises managing hundreds of firewalls across hybrid cloud. Policy automation, change management, topology modeling, continuous compliance, ITSM integration.
Tier 2 — Config Audit Point Tools ($1,900–$3,800/year)
Titania Nipper. The only real player. Parses firewall/router/switch configs offline, runs security checks, generates compliance reports. Targets pen testers, auditors, mid-market security teams.
Tier 3 — Free/Open Source (Free, limited)
nipper-ng (abandoned, circa 2008), pynipper-ng (alpha), CIS-CAT (generic), manual work. This is what most people actually use: read the XML by hand or write ad-hoc scripts.
opnDossier's opportunity: there is no affordable, modern, offline config audit tool focused on the open-source firewall ecosystem (OPNsense, pfSense).

Titania Nipper — The Direct Competitor#

What: Desktop app that parses network device configs and generates security audit + compliance reports. Offline, air-gap friendly.
Pricing: $1,900–$3,800/year (Vendr data), avg ~$2,600/year. 30-day trial.
Devices: Cisco (IOS, ASA, PIX, FWSM, CSS, Catalyst), Juniper, Check Point, Palo Alto, SonicWall, Fortinet, HP/Aruba. Does NOT support OPNsense or pfSense.
Compliance: DISA STIGs, NIST 800-171, CMMC, PCI-DSS, CIS Benchmarks, HIPAA, SOX.

Strengths#

  • Mature product (10+ years), trusted by government and military
  • Deep compliance automation — CMMC module automates 18 practices across 6 domains
  • White-label reports (pen testers love this)
  • Air-gap deployment
  • "Precision of a pentester" positioning

Weaknesses (from real user reviews)#

  • Getting worse, more false positives (r/AskNetsec reports)
  • Recent 3x price hike
  • No OPNsense/pfSense support
  • No Cisco FTD (next-gen) support (multiple G2 reviewers)
  • Unclear audit methodology — "CEO's expertise was used as part of compilation of the audit tests"
  • Closed source, originally was GPLv2 open source before Titania commercialized it

Enterprise Tier — Tufin, AlgoSec, FireMon#

NOT direct competitors — different market segment. But validates the market.
Tufin: $50K–$100K+. Policy automation, topology modeling. Heavy platform.
AlgoSec: Application-centric. #1 on PeerSpot (8.9). Audit-ready reports.
FireMon: 15,000+ devices. Real-time policy management. Strong API.
These sell to Fortune 500. opnDossier's buyer can't afford $50K+ and doesn't need it.

RedSeal — The Cautionary Tale#

Once a leader in network modeling. Now struggling. Java-based GUI, lack of community. Tried to be a platform when it should have been a tool. Lesson: don't over-architect. Stay sharp and focused.

The Real Competition: Doing It By Hand#

  • nipper-ng (Kali): Free, unmaintained since ~2008, no OPNsense/pfSense
  • pfFocus: Converts pfSense config to readable format (not an auditor)
  • pf2opn.com** / pfopn-convert:** Config converters, all incomplete and fragile. 461 Reddit upvotes.
  • CIS-CAT: Generic benchmarks, not firewall-specific
  • Manual work: Most people read XML by hand and grep for patterns

Feature Comparison#

CapabilityNipperEnterprise Tiernipper-ngopnDossier (current)opnDossier (Pro)
OPNsense parsingNoNoNoYesYes
pfSense parsingNoNoNoPlannedYes
CIS BenchmarksYesYesNoNoYes
DISA STIGsYesYesNoNoYes (Pro)
PDF reportsYesYesBasicMarkdown/JSONYes (Pro)
Config conversionNoNoNoNoPlanned
Open source coreNo (was, then closed)NoYes (abandoned)YesOpen core
Price$1,900–$3,800/yr$50K–$500K+/yrFreeFree~$20–$50/mo

Opportunities#

  1. Own the open-source firewall audit category. Nobody supports OPNsense/pfSense.
  2. Config converter gap is validated. 461 upvotes, broken existing tools.
  3. Nipper losing goodwill. 3x price hike, false positives, closed source.
  4. Pen tester workflow. Offline analysis → branded PDF report. Nobody does this for OSS firewalls.
  5. MSP opportunity. Batch audit across client firewalls.

Threats#

  1. Nipper adds OPNsense/pfSense support. Mitigation: move fast, build community moat.
  2. CIS/DISA releases official tools. Mitigation: our value is the combination, not single features.
  3. Well-funded startup enters. Mitigation: OSS community model is defensible.
  4. Market smaller than expected. Mitigation: community engagement reveals this before we overbuild.

Pricing Recommendation#

  • Community (Free): Core parsing, basic audit, Markdown/JSON
  • Professional ($15–$30/month or $150–$300/year): CIS/STIG compliance, PDF reports, config conversion
  • Enterprise (custom): Server deployment, multi-user, batch audits, custom rules
    At $20/month, need 50–250 paying users for $1–5K/month target.

Positioning#

Don't say: "We're a cheaper Nipper"
Do say: "The open-source firewall security toolkit that Nipper doesn't support"

Research date: March 17, 2026. Revisit quarterly.
Sources: Titania.com, G2, Gartner, Capterra, Vendr, Reddit, Kali, GitHub, PeerSpot

Competitive Landscape Brief — March 2026 | Dosu