*Quantifying the value of a network asset to the enterprise
 *Applying control requirements of government regulations, industry best practices, and/or enterprise policies to an organization's network assets
 *Defining high-level rules and guidelines down to specific steps, both manual & automated
 *Identifying and remediating or mitigating vulnerabilities associated with an enterprise's assets, which includes automatically applying controls, patches, countermeasures and configuration changes over potentially vulnerable points in an environment
 *C5 EVM uses the Common Vulnerability and Exposures (CVE) dictionary for standardized naming and vulnerability identification and other information security exposures.

The Architecture

C5 EVM consists of a secure sensors that report into the decision support and asset control server at the customer site. C5 EVM provides an asset control and decision-processing framework for implementation of automated responses to security incidents. All automated actions are based on policy templates or user-defined policies that are the basis for assessing, monitoring and responding to security incidents and vulnerabilities. Tasks such as deep asset inventories, patch management, configuration management, attribute monitoring and audit logging for network and system administration are implemented as needed to support the security centric mission of the Security Administrator.

Control Across All Network Assets

C5 EVM identifies, uniquely watermarks and assigns a priority to all network assets. Priorities are assigned based on asset function and operator input to incorporate business critical dependencies. Each asset has a series of attributes that are used in data correlation, policy enforcement, and incident response activities.

Automated, Real-Time Policy Management

C5 EVM allows the operator to import industry Best Practice policy templates as well as create unique policies for individual assets, groups of assets, or asset categories for implementing business critical security procedures.

Depending on the response policy and asset criticality determined by each security administrator, actions are either recommended or automatically implemented when vulnerabilities or policy violations occur. Secure Elements monitors all major threat intelligence sources including CERT and leading commercial threat intelligence vendors. In addition, the C5 EVM Security Adapters provide an out-of-the-box capability to provide a policy-based response for vulnerability scanners including eEye, FoundStone, Harris Stat, ISS, nCircle, Nessus, Tenable, as well as IDS and IPS products.

Remediation Across the Enterprise

C5 EVM responds to incidents in several ways depending on the severity of the security breach, the criticality of the attacked asset and whether security patches and other automated remediation strategies are available. C5 EVM can employ hundreds of tactics, to include:

 *Security patch installation or removal
 *Configuration modification or rollback
 *Start or stop services
 *Modification of account privilege
 *File management
 *System reboot
 *Registry key modification
 *DLL modification or removal

Remediation may require multiple steps. Where necessary, C5 EVM deploys predefined action plans. Action plans combine and order remediation actions where conditional statements can be incorporated.

No Patches, No Updates, No Problem

C5 EVM develops action plans to mitigate risks when no patches or software updates are available. This facilitates conditional propagation steps to include decisions based on short-term monitoring conditions established in the action plans.

Workarounds or configuration changes such as blocking unwanted or unauthorized traffic to/from a device are deployed, giving security administrators the ability to deploy conditional, enterprise-wide responses countering aggressive and unknown threats.

Software + Hardware + System Hardening = C5 AIR

C5 EVM is often delivered as a hardened appliance known as C5 AIR, and is a complete plug-and-play solution for rapid implementation of an enterprise vulnerability management solution. The unit is delivered with a purpose built hardware platform running a hardened, secured operating system. The appliance is quickly operational and offers a wide range of customization options. Customers benefit from the feature-rich functionality and enterprise-level scalability in a complete, cost-effective package.

Reporting

C5 EVM customers can also measure and report progress to each level of concern in the organization through pre-defined or custom reporting capabilities. With a simple point-and-click interface for standard reports, and support for several leading reporting tools, and an documented ODBC views into the database, C5 EVM meets every organization's reporting needs.

Total Infrastructure Protection/Support

C5 EVM protects the following platforms: Win 2K/Server 2003/XP, RedHat Linux, Suse Linux, Solaris, Fujitsu (Solaris) FreeBSD, MAC OS X, and IBM AIX. Environments suitable for assessment now extend beyond server and workstation environments to include infrastructure devices such as routers and switches (Cisco, Foundry, Juniper NetScreen, Nortel ), and will be extended to high risk mobile devices (PDAs, smartphones).

Updates & Advisories

Included with C5 EVM is an on-line update service allowing clients to respond immediately to the latest threats. Each vulnerability or threat is documented, and has detailed information provided by our security analysts. When there are one or more recommended actions, the tested and validated remediations are included as well. And not only are they tested, but they can be automatically deployed to your infrastructure.