C5 Enterprise Vulnerability Management

A Vulnerability Management Suite for the Enterprise
C5 EVM determines the applicable risk levels for each enterprise asset including:

• Quantifying the value of a network asset to the enterprise
• Applying control requirements of government regulations, industry best practices, and/or enterprise policies to an organization's network assets
• Defining high-level rules and guidelines down to specific steps, both manual and automated
• Identifying and remediating or mitigating vulnerabilities associated with an enterprise's assets, which includes automatically applying controls, patches, countermeasures and configuration changes over potentially vulnerable points in an environment

C5 EVM uses the Common Vulnerability and Exposures (CVE) dictionary for standardized naming and vulnerability identification and other information security exposures.

The Architecture

C5 EVM consists of a secure sensor/server architecture. C5 EVM provides an asset control and decision-processing framework for implementation of automated responses to security incidents. All automated actions are based on policy templates or user-defined policies that are the basis for assessing, monitoring and responding to security incidents and vulnerabilities. Tasks such as deep asset inventories, patch management, configuration management, attribute monitoring and audit logging for network and system administration are implemented as needed to support the security centric mission of the Security Administrator.

Control Across All Network Assets

C5 EVM identifies, uniquely watermarks and assigns a priority to all network assets. Priorities are assigned based on asset function and operator input to incorporate business critical dependencies. Each asset has a series of attributes that are used in data correlation, policy enforcement, and incident response activities.

Automated, Real-Time Policy Management

C5 EVM allows the operator to import industry Best Practice policy templates as well as create unique policies for individual assets, groups of assets, or asset categories for implementing business critical security procedures.

Depending on the response policy and asset criticality determined by each security administrator, actions are either recommended or automatically implemented when vulnerabilities or policy violations occur. Secure Elements monitors all major threat intelligence sources including CERT and leading commercial threat intelligence vendors. In addition, the C5 EVM Security Adapters provide an out-of-the-box capability to provide a policy-based response for vulnerability scanners including eEye, FoundStone, Harris Stat, ISS, nCircle, Nessus, Tenable, as well as IDS and IPS products.

Remediation Across the Enterprise

C5 EVM responds to incidents in several ways depending on the severity of the security breach, the criticality of the attacked asset and whether security patches and other automated remediation strategies are available. C5 EVM can employ hundreds of tactics, to include:

• Security patch installation or removal
• Configuration modification or rollback
• Start or stop services
• Modification of account privilege
• File management
• System reboot
• Registry key modification
• DLL modification or removal

Remediation may require multiple steps. Where necessary, C5 EVM deploys predefined action plans. Action plans combine and order remediation actions where conditional statements can be incorporated.