Demystifying IT Security and Measurably Quantify Risk

US ProTech, Named to the 2015 Top 20 List of Most Promising RSA Security Solution Providers, Globally!

Excerpt from May Edition, 2015:

Demystifying IT Security and Measurably Quantify Risk

Jonathan-Goetsch-2From deep within the Secured Network Operation Center, thousands of software vulnerabilities are constantly monitored, investigated and vigorously blocked at the US ProTech, center of security intelligence. US ProTech asks “so, what’s really at risk in cybersecurity?”We anticipate that in the future, resources devoted to cyber-based threats will equal or even eclipse the resources devoted to non-cyber based terrorist threats” said James B. Comey, (FBI Director) in front of the Senate Committee on Homeland Security and Government Affairs on Nov 14, 2013.  And since that Target-Time breach and the other 100 or so other major breaches to Government, Banking, Healthcare, Retail, etc., Cyber-Criminals have actually proven that every single industry is, and continues to be, vulnerable to their crafty ways and insatiable thirst for achieving the dubious status of hacker @#1.

What’s next and how will we anticipate future breaches?  US ProTech is taking cyber-criminals head-on and they are all about three things; innovation, people and correct application of comprehensive solution deployments. “Clients are seeking the abilities we are able to provide them” says Goetsch, CEO of US ProTech an elite group of expert security technicians specialized in offensive-side penetration testing for nearly two decades.

It is high time we become proactive not reactive, offensive and not defensive in posture.

So then the real question would be “how do we do that and how would we know it works?”  The answer is somewhat simpler than expected, that answer has three more components.  The first is having the right strategic relationships and innovative tools which US ProTech is very open to discussing with clients.  The second is IP, no, not Internet Protocol but rather innovative people who are experts, credentialed, experienced and thought leaders in their practices.  Lastly there are processes available that have been tried and true that allow for alternative – even revolutionary – methodology in the area of how to quantify cyber-security risk.  US ProTech is actively collaborating with the author Doug Hubbard (How to Measure Anything) with his newest book coming soon “How to Measure Anything in Cybersecurity” to quantify risk in a way that is actuarially sound, a measurable improvement on alternatives, and can be directly used to inform individual security investment decisions by computing a “return on cybersecurity.”

Application: In 2013 US ProTech was contracted by an existing customer to ensure financial and medical data was secure.  The company, a multi-billion dollar Union Fund and Medical Insurance organization required a highly secure network with enhanced reporting capabilities in order to become HIPAA and GBLA compliant. A Risk Assessment was conducted that included full external and internal network examinations which revealed multiple areas of vulnerability that included outdated and unmanaged firewalls, lack of network segmentation, no defined security policies, and no disaster recovery plan. US ProTech engineers were able to redesign the client’s network and produce policies and procedures for the client to meet their compliance requirements. They also prepared a Business Continuity Plan that included a complete failover infrastructure that could bring the client back online from a secondary location within hours of a declared disaster.

US ProTech, Inc. uses a centralized security management to address multiple security challenges that face enterprises today. From their Secure Network Operations Center (SNOC) US ProTech engineers are able to monitor client’s network security and manage multiple systems including: Next Gen Firewalls, Advanced Threat Protection, VPN Access, Identity Management and Authentication, Email Security, Intrusion Prevention, Log Management, and Wireless Security. With all these systems in place we still find that human oversight is the key differentiator allowing our engineers to correlate a variety of events and respond in the appropriate manner to any possible threats.

CIO