OT systems, which govern essential shipboard functions such as navigation, propulsion, and cargo handling, remain a major focus for attackers. Many of these systems rely on outdated software and lack modern cybersecurity measures, making them highly susceptible to breaches. Additionally, the growing interconnectivity of IT and OT systems introduces cascading risks, where a single breach can disrupt both operational and digital environments. Direct attacks on OT systems could result in vessel immobilization,navigational failures, or safety incidents, making the security of these systems a top priority.

Click Here to Read More

The post Maritime Cybersecurity, Risk, and the Threat Landscape appeared first on US ProTech, Inc..

“Managing the Cybersecurity of the largest Ports Critical Infrastructure in America is no small matter” stated Goetsch. Membership to the Ports Cybersecurity Subcommittee for the protection of Critical Infrastructure is intentionally kept to a small group of legislators and subject matter experts (SME’s) and Federal staff members from the CISA, DHS, the FBI, Port Authorities, and key Port tenants. The So-Cal based Subcommittee focusses on the smooth, safe and secure delivery of what is essential to the daily operations in Southern California.  Some members operate principal hubs of distribution for petroleum and manufactured products that you and rely upon every single day.  But what happens when the Supply Chain get interrupted and what causes those interruptions to being with? The Subcommittee is dedicated do preserving our way of life and it takes a small army of professionals to achieve the stated objective.

Not all welcome technology:  While modern technology in Port operations has already arrived, the fact is that some labor unions remain opposed due fears of losing total control.  Over the course of the coming year, Goetsch and his team of Cybersecurity experts, along with other SME’s and Federal Port staff will continue the introduction of advance technologies while working with labor who will benefit from such advancement in Port operations.  Stay tuned, US ProTech will continue to deliver “Cleared” information in the coming year to keep our readers up to date with the latest news affecting Port operations.

The post 2026 Cybersecurity Subcommittee for Critical Infrastructure: Ports of Los Angeles and Long Beach, California | SME Membership Extended appeared first on US ProTech, Inc..

October and November 2025 marked another critical and active period in the vulnerability landscape, with over 3,700 new CVEs published and 5,200 modified entries as critical flaws surged across software, hardware, and cloud platforms. US ProTech tracked 31,550 vulnerabilities year-to-date, expanded a correlated threat database containing 1,130 new CVSS v4 and EPSS v4 scores vulnerabilities, and recorded over 2.58 million vendor patch advisories. Exploitation risk remained high, with 408 critical CVEs (of which 13 rated 10) spanning Redis, Flowise, Cisco Firewalls, Microsoft Windows, and WordPress plugins. Cloud-based SSRF and RCE vulnerabilities underscored growing multi-platform attack surface patterns, while WordPress plugin exploits highlighted ongoing supply-chain exposure. Top weaknesses were dominated by code injection (CWE-74), buffer overflows (CWE-119), and SQL injection (CWE-89), confirming attackers’ focus on input-validation and memory-handling flaws.

US ProTech on Fall Vulnerability Trends

Cybersecurity threats continued to burden security professionals, vulnerability analysts and incident responders with specific patterns of exploitable, impactful vulnerabilities and a flurry of increased severities, and widespread across hardware, software, and cloud. The month saw a significant spike accounting of published vulnerabilities to about 3703 during the month, as compared to 3,738 in September and 3,360 in August. This Fall presented the most active month in the vulnerability landscape with a large portion of CVEs updated with newer risk score updates and advisories. US ProTech correlated and archived 31,550 published vulnerabilities so far during the year 2025, well on track to be one of the highest recorded in recent years. The number of modified vulnerabilities accounted for about 5,234 in October alone compared to 5,010 in September and 4,350 with modified risks, priorities, advisories during the month of August. A record 820 vulnerabilities published in August 2025 were revised in September. During the prior 2024 year, October only saw about 3,076 modified CVEs had their risk scores, advisories, and priorities revised, making the current month one of the most active seasons.

US ProTech vendor patch advisories exceeded 2.58M, led by sources including Suse, Ubuntu, Debian, Oracle, and Windows, accounting for nearly 76% of patched advisories issued during the month. US ProTech has consolidated and kept track of nearly 792K affected just in the last 5 years, one of the significant counts.

US ProTech vulnerability data feeds have continued to embrace NVD 2.0 schema for correlating and maintaining our threat intel feeds. Our feed database continues to build upon CVSS4 and EPSS4 risk scoring metrics as part of our threat intel feed, and so far we recorded 9,785 risk scores in 2025 alone, the largest we have seen so far in any year. The first half of Fall accounted for about 1,130 CVSS4 scores aggregated. Specifically, about 71 of those are determined to be critical vulnerabilities of which 23 also have a “higher exploitability percentiles” greater than 60%. A higher EPSS percentile score indicates the likelihood of being exploited in the wild soon in the coming months compared to other similar vulnerabilities in the platform.

Vulnerability Landscape

US ProTech has kept track of nearly 88K exploits so far with exploits, github, metasploit, and packetstorm accounting for a large portion of identified counts.

The number of critical vulnerabilities identified by US ProTech – those with a critical score of 9.0 or higher continued to rise significantly to 408 in October compared to 454 in the previous month. Among those critical vulnerabilities, about 43 of them (~ 10%) had a high likelihood of exploitations in the next few months with a probability of more than 50%. 

Among those, 13 critical ones (~ 3%) had a perfect 10.0 score observed in several hardware and software drivers and components. Particularly, an SQL Injection vulnerability in Esri ArcGIS Server (CVE-2025-57870) identified across Windows, Linux, and Kubernetes platforms causing unauthenticated users to execute arbitrary SQL commands via specific feature operation; embedded web server missing authentication enabling remote attackers to access and modify device configurations with ABB ALS-mini-S4 and ALS-mini-S8 IP load controllers (CVE-2025-9574); unrestricted IP address vulnerability in ProductivityService PLC Simulator allowing attackers to access or manipulate simulation parameters from any device on the network (CVE-2025-61934).

On the cloud front, Server-Side Request Forgery (SSRF) vulnerability affects Microsoft Azure Compute Gallery (CVE-2025-59503) where an authorized attacker could exploit this flaw to elevate privileges over a network. The current exploitation risk is high (about 25%), requiring minimal attack and network complexity and only basic privileges, making it easier for attackers to leverage.

Platform Impacts

In October, a series of critical exploitable vulnerabilities affected platforms such as Redis, MLflow, WordPress, Flowise, and Windows, and WordPress plugins with attackers actively targeting these systems for remote code execution, command injection and privilege escalation.

A series of WordPress plugin-based ecosystems are being targeted this Fall, underscoring a need for better plugin validation patch management.​ Specifically, plugins related to supply chain and open-source business platforms saw increased targeting, as attackers favored platforms with broader deployments for initial access and lateral movement attacks.

A particular Redis in-memory open source vulnerability (CVE-2025-46817) allowed authenticated users to send crafted scripts corrupted memory and the stack, potentially leading to RCE. Redis developers are urged to immediately upgrade or block Lua script execution for untrusted accounts.

Flowise, an open-source low-code user interface platform for building customized large language model workflows, was hit by multiple critical remote code execution vulnerabilities related to insecure dependency handling and flaws in its plugin architecture. Two notable ones in October, CVE-2025-34267 and CVE-2025-61913, stemmed from improper validation of JavaScript code connections to the model context protocol (MCP) server, allowing remote attackers to execute arbitrary code on affected systems.

Two Cisco Secure Firewall Adaptive Security Appliance (ASA) and Software and Cisco Secure Firewall Threat Defense (FTD) VPN Web server Software vulnerabilities (CVE-2025-20333, CVE-2025-20362) were identified in October, which allows authenticated, remote attacker to execute arbitrary code on an affected device caused due to improper validation of input in HTTP requests.

WordPress plugins recorded a larger number of exploitable vulnerabilities, accounting for nearly 326 of vulnerabilities published in October alone, way more than in September. Of those 26 (~ 8%) are deemed critical, with about 8 having a high degree of exploitability of greater than 50% likelihood in the coming months. CVE-2025-7526 and CVE-2025-7634 were caused by WP Travel Engine plugin, used by over 20,000 WordPress sites in the travel sector, caused by arbitrary file deletion vulnerability caused by insufficient file path and allowing unauthenticated attackers to perform local file inclusion respectively. WooCommerce Designer Plugin CVE-2025-6439 allows unauthenticated users to delete any files on the server, potentially causing RCE or data losses. A handful of WordPress CVE-2025-7721, CVE-2025-9485, CVE-2025-10294, CVE-2025-9209, CVE-2025-6388 relate to various WordPress plugins and themes reported causing issues like privilege escalation, authentication bypass, and arbitrary file upload leading to remote code execution. In general, it appeared like attacks favoring unauthenticated file deletions or inclusion type attacks, and targeting RCE compromise without requiring prior logins.

Microsoft accounted for about 52 published known vulnerabilities in the month. Of which, 3 were reported to be high scores and had high exploitability including CVE-2025-24990, CVE-2025-59237, CVE-2025-59501. A critical privilege elevation flaw in the Windows Agere Modem Driver (CVE-2025-24990) present in supported Windows versions up to Server 2025 flaw resulting from legacy driver code removed rather than patched. This vulnerability allows attackers to gain local admin access even if the modem hardware is inactive, making it a widespread and serious threat. Two other critical vulnerabilities such as CVE-2025-59237 and CVE-2025-59501 broadly fit the pattern of RCE and privilege escalation in Windows services and components, emphasizing the critical need for immediate patch installation. CVE-2025-59237 is significant with about 69% EPSS percentile, and potentially active exploits available, demonstrating high risk for enterprise environments. A potential Microsoft Edge (Chromium-based) flaw is known to execute arbitrary code remotely by exploiting weaknesses in Edge’s security controls. CVE-2025-60711 is a protection mechanism failure vulnerability that seems to have prevented unauthorized code execution from being bypassed or failing to work properly.

On the advisory side, Microsoft’s October 2025 Patch Tuesday reported nearly 175-193 vulnerabilities, including 7-9 critical and over 150 important flaws across Windows, Office, Windows Server Update Services (WSUS), graphics components, device drivers, and Microsoft Edge. Fixes for 6 zero-day vulnerabilities, of which 4 are exploited in the wild. Exploitation trends primarily targeted RCE (about 30), privilege elevation (about 80), and information disclosures (about 28).

Top Weaknesses

US ProTech identified several top weaknesses (CWE) that contributed to critical vulnerabilities during the month. Of the 408 critical vulnerabilities correlated in October alone, 89 (~ 22%) were CWE-74 Improper Neutralization injection weakness types, followed by 76 (~ 18%) CWE-119 Improper Restriction of Operations or buffer overflow, and 28 (~ 7%) CWE-89 SQL Injection weakness types. The trend seems to have a higher bias towards buffer overflow pattern of attacks during the month when compared to September.

Recent Critical Vulnerabilities – Fall 2025

US ProTech suggests that you pay attention to these top critical vulnerabilities that are likely exploitable this month.

Living in times of change does not mean life changes to the time at hand.

Hold Your Ground!

If you want more info about how CDM-SIEM has impacted Host-Based IT Systems and Air Gapped OT Systems, 

Anamo’s patented technology has you covered!

The Anamo Agent is a Host-Based CDM-SIEM which autonomously interrogates a wide variety of systems internally. The reason that this is important is because all other SIEM products and services are external to the Host and network-based which leaves then “Blind” to essential forensics and the ability stop “Unauthorized Privileges Account Escalation” which is proven to be the #1 Data exfiltration Cybersecurity risk.

Below: An “always-on” Risk Assessments of every System, Software, User, Group, Port, Permission, Transaction, and more…. Conducted continuously, without data entry, scheduling, or activation.  Imagine that….  the work is done for you and the Platform never sleeps, takes brakes, get sick or runs off on vacation.  Now you can get the facts, see the results of CDM, and find time to do what every IT executive must do…. The other 1,000 tasks which await us all!

Contact US ProTech about Anamo today to get your own extended free trial.

The fact is… the smartest organizations have already taken the step towards gaining a real understanding of Risk and Behavioral analytics with Anamo’s patented technology and its ability to correlate data that’s never been harnessed before, until today!

www.Anamo.io

The post Welcome to the First Fall Edition of 2025: US ProTech Cybersecurity Vulnerability Newsletter appeared first on US ProTech, Inc..

Understanding Host-Based Vs. Network Based Cybersecurity Threats

Security Incident Event Management (SIEM) is a saturated industry with over 30 notable businesses specializing in the correlation of Cybersecurity threat analytics, but only one of those companies focus on Host-Based devices rather than Network-Based events. The problem for industry is insatiable rise of Hackers and that they have proven that they are skilled as they continuously usurp the current “Tech-Stack” of modern Cybersecurity tools, services, and protections, used by Mid-Market Corporations and Enterprises today. 

Proof is everywhere and everyone has heard about breaches where technical adversaries have gained “UNAUTHORIZED PRIVILEGED ACCOUNT ESCALATION,” but the public generally learns of these breaches after they have been publicly disclosed. These types of headlines happen everywhere and are far too frequent for anyone to feel cyber-safe or comfortable. But what if there was an actual process for stopping hackers in One-Move, which was based upon objective-based events and forensic artifacts?

Compare SIEM Solutions: Host-Based ANAMO CDM vs. System-Based Splunk

ANAMO CDM is a highly specialized, host-based Continuous Diagnostics and Mitigation (CDM) platform that uses advanced comparative HashID Analytics which continuously identifies a broad range of forensic evidence in near real-time to deliver its version of SIEM.  Splunk is a broad, system-agnostic SIEM solution requiring the mass collection of logs and highly curated rules to subjectively identify anomalous behaviors. The primary difference lies in their scope: ANAMO focuses internally on deep, real-time analysis of individual host risks and vulnerabilities over Operation Technology (OT) and Internet Technology (IT) devices, whereas Splunk collects and correlates network-based which amount to volumes of comprehensive log data from across the entire system or enterprise. To simplify, the following breakdown highlights the most obvious attributes of both, of course other remain.

Which is right for your needs?

Your choice between ANAMO CDM and Splunk depends on your organization’s security technical capabilities, posture, goals, and budget.

Choose ANAMO if:

• You seek rapid identification of internal host-based threats based upon objective facts from forensic artifacts in near real-time
• You need to focus on deep, real-time monitoring and mitigation of threats across Operational Technology (OT) and Internet Technologies (IT) specifically at the host level across Open-Systems and Operating Systems such as Linux or Windows.
• Your priority is to proactively identify insider threats, target file paths, zero-day exploits, and lateral movement by malicious actors within endpoints.
• Your environment requires an easily managed SIEM which is financially affordable, offers strong Cybersecurity capabilities, and can also achieve advance security and monitoring requirements for compliance with federal frameworks like NIST. 

Choose Splunk if:

• You need a centralized platform to collect logs and analyze machine data from a wide variety of sources across a large, complex IT environment.
• Your security operations require the collection of logs or correlating logs from network devices, servers, and applications to get an enterprise-wide view of security events.
• Your organization needs flexible data management and powerful search capabilities for both security and operational intelligence use cases. 

In many cases, organizations choose to integrate specialized host-based solutions like ANAMO with broader SIEMs like Splunk to achieve comprehensive security. The host-based tool provides granular, real-time endpoint threat detection, while the system-based SIEM offers holistic, enterprise-wide analysis and compliance reporting

The Deeper Dive: Log Parsing vs. Comparative HashID Analytics

The primary difference in real-time alerting between ANAMO CDM and Splunk lies in their focus, source of data, and method of detection. ANAMO provides deeper, agent-based alerts focused on host-centric anomalies, while Splunk offers broad, customizable alerts based on log data from across the enterprise. The best approach for many organizations is to use a combination of both. 

ANAMO CDM: Host-centric and predictive

ANAMO’s alerting is designed for identifying and responding to threats at the endpoint level, with a focus on mitigating the threat dwell time. 

• Data source: ANAMO uses a lightweight, “log-less” agent on open systems such as a Host or Server to collect and analyze data directly from endpoints. It continuously monitors key indicators like user permissions, network ports, and file systems, rather than simply parsing logs.
• Detection method: It builds, monitors, and alerts upon modifications to the HashID of any system where Anamo is installed. It uses machine learning and generative AI to establish a baseline of normal host behavior. This allows it to proactively identify and alert on suspicious deviations, such as an authorized user making unauthorized changes or a zero-day exploit attempting to run.
• Alerting speed: The alerts are generated in near real-time because the analysis is performed directly on the host data as it is collected. The goal is to notify security teams immediately about threats like lateral movement or privilege escalation.
• Context: Alerts from ANAMO are highly contextualized for the host. They can flag specific users, groups, or software vulnerabilities that are associated with malicious activity.
• Key alerts:
  • Insider threats: Abnormal behavior from an authorized user, such as Permission or Port modifications or accessing sensitive directories.
  • Zero-day exploits: Anomalous behavior that indicates a new, unknown exploit, cross-referenced with CVEs and port changes combined with User behavior.
  • Adversary pivoting: Real-time tracking of unauthorized credential changes or movement across the system, associations to groups, or access to File paths. 

Splunk: System-wide and customizable

Splunk’s alerting is built on its capability to ingest, index, and search massive volumes of machine-generated data from any source across the enterprise. 

• Data source: Splunk’s alerts are based on data from closed systems such as network devices, servers, applications, and endpoints. The data is collected by forwarders, sent to indexers, and then searched.
• Detection method: Alerts are triggered by a saved search that runs either on a schedule or continuously in real-time. Security analysts can create a wide range of custom alerts using Splunk’s Search Processing Language (SPL) to look for specific event patterns.
• Alerting speed: Splunk offers both scheduled and continuous real-time searches.
  • Scheduled alerts are resource-efficient but introduce a delay. For example, a search that runs every 15 minutes will only detect an incident after the next scheduled search.
  • Continuous real-time searches provide a faster response but are resource-intensive, making them impractical for monitoring a markedly high volume of data.
• Context: Splunk alerts benefit from a broader, enterprise-wide context. They can correlate events across many different systems, such as a failed login on a server combined with firewall alerts. However, the data can be voluminous and require more analysis to pinpoint the root cause on a specific host.
• Key alerts:
  • Failed logins: A specified number of failed logins on a server within a certain time window.
  • Access anomalies: An account accessing a resource from an unusual IP address or at an unusual time.
  • Vulnerability scans: Alerts generated when a vulnerability scanner logs a critical finding. 

Combining ANAMO CDM and Splunk for a robust defense

For maximum security, organizations can integrate ANAMO with a SIEM like Splunk to achieve both deep host-level and broad system-level visibility.

1. ANAMO detects and alerts on internal host-level threats in real-time, such as insider activity or zero-day exploits, providing immediate, granular insight.
2. ANAMO data is sent to Splunk to be correlated with other enterprise-wide security events from firewalls, network infrastructure, and other devices.
3. Splunk provides the holistic view, allowing security teams to see if an ANAMO alert on a single host is part of a larger, enterprise-wide attack.
4. Together, they enable faster and more informed threat response. The combination provides deep, forensic-level detail from ANAMO, alongside the broad, customizable alerting and reporting capabilities of Splunk.

What does Internal, Host-Based, Continuous Diagnostics & Mitigation SIEM Look Like?

Below:  Screenshot of Anamo’s active CVE dashboard which without any effort or scheduling, autonomously interrogates all Transactions, Permissions, Users, CVEs, and Forensic Modifications of Internet Technology (IT) devices and Operational Technology (OT) devices, on both Windows and Linux Operating Systems:

Question:  Who might have “777” or “WRX*** Privileged Accounts on any system across an entire Enterprise at any moment, and what is the correlated System and File Path which is associated to each Permission?

 Below: Screenshot of Anamo’s Permission Modification dashboard which without any effort or scheduling, autonomously interrogates all Transactions, Permissions, Ports, Users, Groups, and associated Forensic Modifications of Internet Technology (IT) devices and Operational Technology (OT) devices, on both Windows and Linux Operating Systems:

Question:  Across an entire Enterprise of IT and OT systems; Could automated SOC Notifications of any Port-Modification direct User-Session-Termination before Data Exfiltration transmission could begin?

Below: Screenshot of Anamo’s Port investigation dashboard which without any effort or scheduling, it autonomously interrogates all Ports and Transactions and gathers Forensic data on all Host-Based systems.  Data points which are Continuously Monitored and Alerted upon, including: The Port, Service On Port, Address, Protocol, Socket, Family, Net Namespace, PID and more, as shown:

To Schedule a Demonstration or for More Information:  Contact Anamo.io

The post Compare SIEM Solutions: ANAMO vs. Splunk appeared first on US ProTech, Inc..

Published: October 3, 2025 

Red Hat admitted it was breached:

But have they failed to disclose what really happened? Maybe Red Hat is just going to wait that out, you know, just like the US Dept. of Treasury did after they were breached, then lied about the extent of the Hack, until the truth was realized and disclosed.

Oh well… here we go again. 

The author of this article doubles-down on corporate-crafted-speech when they bought the Red Hat Tag Line “It hasn’t found evidence of personal or sensitive data theft.” Just read it for yourself: https://cyberscoop.com/red-hat-gitlab-attack-consulting-data/

This breach all boils down to one single point of failure: Unauthorized Privileged Account Escalation. The breach will soon be further investigated, the results will establish that PII was accessed, and you can bet that data was exfiltrated, just like it was at the USDoT!

Today, it’s 100% clear that there was a Cybersecurity failure due to there being a lack of a Host-Based CDM-SIEM (such as the Anamo CDM) solution in place to prevent such a privilege escalation. IoA’s or “Indicators of Attack”, along with IoC’s (Indicators of Compromise), are the essential data sets in breach prevention. Breach prevention isn’t working for most entities because they have become reliant upon external Network-Based SIEM services that are slow and outside of a Host, therefore they remain blind and unable to see IoA’s and IoC’s from the inside of a compromised system.

Over 5,000 Compromised:

Dear Red Hat: Here’s the way to eliminate the failure that led to your breach: https://www.youtube.com/watch?v=ByTKwyAzZB4. 

Red Hat Consulting compromised over 5,000 Enterprise businesses and an untold number of Federal assets, putting them all at risk:

https://doublepulsar.com/red-hat-consulting-breach-puts-over-5000-high-profile-enterprise-customers-at-risk-in-detail-90114f18f706

So, What Did Anamo’s CI’s at the Fed Say?

CI’s in DC have disclosed some interesting facts and offered some of their own opinions. For the sake of keeping secrets, we’ll just state my “opinion.” Red Hat may have compromised client information, including government information. While that has not (yet) been confirmed, the investigation will likely prove that fact. Additionally, sources close to the matter have stated that the PII that was captured… may not have been encrypted either. If these statements are found to be true, I’ll have some additional juicy facts to share in my next post.

Over 1,000 views < 24 Hours: 

https://www.linkedin.com/pulse/red-hat-hacked-cis-fed-remain-skeptical-jonathan-j5bac/?trackingId=eqqx1gcNQ8iPfvWwFFs8kg%3D%3D

The post RED HAT HACKED…. appeared first on US ProTech, Inc..

Still using 20+ Yr old Splunk or another Log-Based SIEM? While obvious, it’s 2025, and there’s been new SIEM technology available for years! It’s Anamo, a log-less SIEM that’s eliminating traditional “Blind Spots” and various anomalies related to System-Based Indicators of Attack (IoA”s), Modifications of Users, Permissions, Ports and Transactions… and much more!  Anamo is named after its ability to rapidly identify Host-Based attack vectors and other Indicators of Compromise (IoC’s) where all other Network-based SIEMs remain blind.

Read More

The post Eliminate (SIEM) Blind Spots (While Adding CVE’s, Vul-Scan, EDR, Forensics & eDiscovery) appeared first on US ProTech, Inc..

Read More

The post CISA CYBERSECURITY 2025 REPORT / PRC BREACH OF CRITICAL INFRASTRUCTURE appeared first on US ProTech, Inc..

Read More

The post THE UNITED STATES 2025 CYBER COMMAND CHALLENGE PROBLEM SET appeared first on US ProTech, Inc..

• Software & Hardware Vulnerability Management of the OS, Patch and Kernel. 
• Attack–Surface Management from the Workstation and Server, to Cloud Containers. 
• Objective–Based Behavioral Risk Analytics of Users, Permissions, File Tree, and Ports. 
• A Gathering of Deep Data Forensics for Finite and Comprehensive, Global Reporting.

See all major operating systems (Windows, Linux, macOS) across the enterprise in near real–time.

Read More

The post THE NEW CYBER SHIELD ALLIANCE (CDM + DE-MFA) appeared first on US ProTech, Inc..

 This year, all eyes will once again be on DEFCON (https://defcon.org/index.html). DEFCON is where the world’s elite Hackers come to play under the heat of the Las Vegas sun, and by night, well that’s Vegas!  Still, inside the cool dark ballrooms of the Convention Center and swanky Strip hotels, stakes are high. Crowds will be watching and waiting to see who will win the Big-Fight.  Anamo (https://anamo.io/), the  newcomer (The Challenger) has been given Vegas-Odds to challenge the Red Teams (The Reigning Champions) of DEFCON, in an all-out battle to determine who will dominate C2 of US-Based Critical Infrastructure assets.

Who will take home the prize belt?  Check with your favorite Sports Book and join in the fun, because this year, you can bet this fight will go to the Final-Round!

DEFCON and US ProTech

DEFCON celebrates its 33rd year in Las Vegas.  US ProTech, a 25-Year-Old Cybersecurity MSSP and software development company, also based in Las Vegas, NV, created products like the GRC App and the Anamo CDM Cybersecurity platform. US ProTech security engineers were once Red-Team Pen-Testers which spurred the concept to reverse engineer Pen-testing techniques and Anamo was born. Now matured and currently deploying version 3, Anamo delivers it functionality from patent-pending technology that evaluates Comparative HashID Analytics against a deep collection of Cybersecurity forensics nested in a set of relational databases 

Anamo claims the ability to identify a Hacker, on any system (where the Anamo Agent has been deployed) in one-move.  Yes, the facts are out, Anamo has cracked the code to delivering near real-time dashboard updates that track IoA’s (Indicators or Attack) and IoC’s (Indicators of Compromise) using Never-Before-Seen functionality that has been described by a General of the U.S. Air Force, as “Phenomenal!” 

The Audience will be top-notch

Expected overseers include ranking members of CISA, the DHS, even the FBI will be in the room (no doubt wearing their refined costumes of dark suits). But it will be the Red Teams of Hackers who will be most present in The Hacker Village as they prepare and attack replications of some our Nation’s most important industrial systems, aka Critical Infrastructure. Who will capture the flag?  The cat and mouse games played at DEFCON have long been revered as the playground of the BlackHats.  But over the past 20 years, GrayHats and WhiteHats are now equally represented and equally dangerous behind those rather attractive back-lite keyboards. Can the Red Teams usurp the security measures of today’s critical infrastructure?  Will they be able to land, load, and maneuver at will in an effort to “Capture the Flag?  Or will Anamo “CDM,” in support of the Blue Teams, demonstrate that CDM (aka Continuous Diagnostics & Mitigation) is better, faster, and more effective at identifying the hackers and supporting the elimination of unauthorized privileged account escalation.  The action is on!  And this August 7th through the 10, the competition will take center stage.  Be there to witness the action, limited tickets to DEFCON are still available, get your tickets today!

The post ANAMO “CDM” Selected to be featured at: DEFCON HACKING VILLAGE appeared first on US ProTech, Inc..