Jonathan Goetsch, CEOFrom deep within their Tier- 4 Design-Certified Secured Data Center, thousands of software vulnerabilities are constantly monitored, investigated, and vigorously blocked at their Center of Security Intelligence (CSI). US ProTech asks, “so, what’s really at risk in cybersecurity?” “We anticipate that in the future, resources devoted to cyber-based threats will equal or even eclipse the resources devoted to non-cyber based terrorist threats,” said James B. Comey, (FBI Director) to the Senate Committee on Homeland Security and Government Affairs on Nov 14, 2013. Since that time we’ve seen the Target-FireEye breach and well over a 100 or so other major breaches to Government, Banking, Healthcare, and Retail. Cyber-Criminals have actually proven that every industry continues to be vulnerable to their crafty skills and insatiable thirst for achieving the dubious status of Hacker@#1.
What’s next and how will we anticipate future breaches? US ProTech is taking cyber-criminals head-on and are doing so in three areas; innovation, people and the correct deployment of comprehensive security solutions. “Clients are seeking the abilities we are able to provide them such as our unique Behavioral Malware Detection,” says Jonathan Goetsch, CEO of US ProTech, an elite group of expert engineers specialized in offensive-side penetration testing since 2001. “It is high time the Industry becomes proactive not reactive, offensive and not defensive in posture, this is what clients want and is exactly what we deliver.”
So then the real question would be “how do we do that and how would we know it works?” The answer is somewhat simpler than expected. The first is having the right strategic relationships and innovative tools which US ProTech is ready, willing and able to discuss. The second is “IP”, no, not Internet Protocol, rather “innovative people” who are credentialed, experienced and thought leaders in their practices. Lastly, there are “Quant” processes available that are superior to 1-10 scales and that allow for alternative—even revolutionary—methodology in the area of how to measure cyber-security risk. US ProTech is actively collaborating with author Doug Hubbard (How to Measure Anything) with his newest book “How to Measure Anything in Cybersecurity” to quantify risk in a way that is actuarially sound, a measurable improvement over alternatives, and can be directly used to inform individual security investment decisions by computing a “return on cybersecurity.”
It is high time the Industry becomes proactive not reactive, offensive and not defensive in posture
Application: US ProTech was contracted by a customer to ensure financial and medical data security. The client, a multi-billion dollar Union Fund and Self-Insured Medical Insurance organization required a highly secure network with enhanced behavioral monitoring and reporting capabilities in order to become HIPAA and GBLA compliant. A Risk Assessment was conducted that included external and internal networks and application examinations which revealed multiple areas of vulnerability, a lack of network segmentation, no defined security policies and no demonstrable disaster recovery plan. US ProTech engineers were able provide 100 percent client satisfaction with a redesign of the client’s network and the production of policies and procedures to meet their compliance requirements. Also, prepared was a Business Continuity Plan that included a complete failover infrastructure that could bring the client back online from a secondary location within hours of a declared disaster.
US ProTech uses a centralized security management system to address multiple security challenges that face enterprises today. From their CSI, engineers are able to monitor client’s network security and manage multiple systems including: Real-Time User Behavioral intelligence, Next Gen Firewalls, APT Protection, VPN Access, Identity Management & Authentication, Email Security, Intrusion Prevention, Log Management, and Wireless Security. With all these systems in place we still find that human oversight is the key differentiator, allowing our engineers to correlate a variety of events and respond in the appropriate manner to any possible threats.