Trustwave Holdings

Trustwave Holdings, Inc.
Trustwave
Subsidiary
Industry Managed Security Services, Information Security, Cloud computing
Founded 1995 (1995)
Headquarters Chicago, Illinois, United States
Area served
 Worldwide (Customers in 96 countries)
Key people
 Robert J. McCullen, Chairman & CEO
Products
Brands Trustwave
Trustwave TrustKeeper
Trustwave SpiderLabs
Services
Revenue US $216 million [1] (2014)
Number of employees
 1,400+ [2]
Parent Singtel
Website www.trustwave.com

Trustwave Holdings is an information security company that provides on demand threat, vulnerability and compliance management services and technologies for more than 3 million business customers in 96 countries.[3] The company’s international headquarters is located in downtown Chicago,[4] and regional offices are located in London, São Paulo, and Sydney. The company also operates Security Operations Centers in Chicago, Denver, Manila, Minneapolis, Singapore, Sydney, Tokyo, Warsaw, and Waterloo in Canada.[5] Trustwave is currently the only company that is an authorized PCI Forensic Investigator in all geographic regions.[6] Trustwave is a standalone business unit and core cyber security brand of Singtel Group Enterprise.

In 2016, IDC named Trustwave a Leader in the IDC MarketScape for Emerging Managed Security Services Providers based on industry analysis and buyer perception. [7] In the 2015 "Gartner Magic Quadrant for Managed Security Services, Worldwide," a report that evaluated 14 different global managed security service providers, Trustwave was named an industry challenger “due to the access it gained to greater resources and new markets resulting from the acquisition by Singtel, and its increasing investments in competing for enterprise customers.” [8] In 2014, industry analyst firm Forrester Research named Trustwave one of the leaders in the managed security services market.[9]

History

In April 2011, Trustwave Holdings filed for its IPO[10] though the company remains private today. Trustwave's website says the company has more than 1,400 employees.[2]

On April 8, 2015 (SGT), Singapore Telecommunications Ltd (Singtel) announced it had entered into a definitive agreement to acquire Trustwave Holdings, Inc. for a fee of $810 million—Singtel with a 98% stake in the company leaving 2% with Trustwave's Chairman, CEO and President.[1][11] According to media reports and Singtel filings on the Singapore Exchange, the enterprise value of Trustwave at the time of the deal was $850 million.[12]

Acquisitions

Products and technologies

Managed Security Services is a service offering from Trustwave that involves remotely managing its and third-party products such as Network Access Control, SIEM, and United Threat Management for companies who wish to outsource their security needs. According to the The Forrester Wave: Managed Security Services: North America, Q4 2014, Trustwave is a market leader in managed security services.

TrustKeeper is a cloud-based platform that ties together Trustwave's various managed security services. Through TrustKeeper businesses can access a variety of Trustwave "apps" ranging from enterprise-class managed security services to PCI compliance automation tools designed to help credit card merchants protect themselves against unauthorized access.

Managed Security Testing is an application within TrustKeeper that provides an interactive way to view and track penetration test reports as an alternative to conventional PDF based reports. Earlier versions were called Trustwave PenTest Manager, and it won the 2012 SC Magazine Europe Innovation award.[18]

Secure Web Gateway (formerly Finjan): an appliance-based secure Web gateway that uses real-time code analysis technology, URL filtering and antivirus scanning to prevent malware and Web-based threats.[19] In May 2011, the M86 Secure Web Gateway was designated as Visionary in the 2011 Gartner Magic Quadrant Report for Secure Web Gateways.[20]

Secure Email Gateway (formerly M86 MailMarshal): an email security solution, available as software or through a cloud-based service, that protects against malware, spam and data leakage. It also provides reporting, analyzes inbound and outbound content and assists with policy control.[21] In April 2010, the M86 MailMarshal SMTP product was designated Visionary in the 2010 Gartner Magic Quadrant Report for Secure Email Gateways.[22]

Associated Technologies:[23]

SpiderLabs is the advanced security services and research team at Trustwave that was developed by security researcher, Nicholas J. Percoco. The team specializes in forensic investigations, penetration testing, education services, and security research that is used to update Trustwave's products and services with threat intelligence. SpiderLabs also authors the Trustwave Global Security Report, an annual report detailing the latest security trends and risk areas.[24] SpiderLabs also actively develops the open source web application firewall, ModSecurity, and a supplementary commercial rule set available for purchase.[25]

Significant discoveries

Congressional testimony

In February 2014, Trustwave SVP Phillip. J. Smith offered expert testimony related to data breaches and malware as part of a Congressional hearing for The House Committee on Energy and Commerce. In his prepared testimony, he presented observations based on the company's experience investigating thousands of data breaches, ongoing malware and security research and other forms of threat intelligence.[40]

Unrestricted sub-CA incident

Trustwave operates an X.509 certificate authority ("CA") which is used as the top level of trust by many web browsers, operating systems, and other applications (a "trusted root CA"). In 2011, Trustwave sold a certificate for a subordinate CA which allowed a customer to present SSL certificates identifying as arbitrary entities, in a similar mechanism to a "Man in the Middle Attack". This type of action is similar to the practice of running an SSL proxy on a corporate network, though in this case a public subordinate CA (valid anywhere) was used instead of an internal corporate-generated domain CA (valid only for machines that accept it as part of organizational policy), making the risk of abuse much higher.

Though Trustwave asserts that special precautions were put in place to ensure that the customer attached its device only to a particular customer-owned network on which it was acceptable for the customer to impersonate other entities and to intercept traffic, this cannot be independently verified as Trustwave is unable to disclose the customer due to a Non-Disclosure Agreement.[41]

As a result, there was some brief discussion as to whether it was an egregious enough action to have Trustwave's root CA removed from the Mozilla Firefox browser. However, no action was taken.[41]

Allegations against Trustwave

In March 2014, Trustwave was named in a lawsuit filed by Trustmark National Bank and Green Bank N.A. The lawsuit alleges that Trustwave failed to provide the promised level of security to Target, and for failing to meet industry security standards.[42][43] In April 2014, a notice of dismissal was filed by both plaintiffs, effective withdrawing their earlier allegations.[44][45] Trustwave Chairman, CEO and President Robert J. McCullen also stated in a letter that "Contrary to the misstated allegations in the plaintiffs' complaints, Target did not outsource its data security or IT obligations to Trustwave. Trustwave did not monitor Target's network, nor did Trustwave process cardholder data for Target.".[46]

References

  1. 1 2 Aravindan, Aradhana (7 April 2015). "Singtel buying U.S. cyber security firm Trustwave for $810 million". Reuters. Retrieved 9 April 2015.
  2. 1 2 "Trustwave: Our Story". Retrieved 25 May 2016.
  3. 1 2 3 4 5 6 7 "Trustwave Holdings". Crunchbase. Retrieved 9 April 2015.
  4. "Company Overview of TrustWave Holdings, Inc.". Bloomberg. Retrieved 9 April 2015.
  5. "Trustwave security firm opens first Canadian security operations centre in Kitchener-Waterloo". Global News. 12 August 2015. Retrieved 30 September 2015.
  6. "PFI Companies". Payment Card Industry Security Standards Council. Retrieved 9 April 2015.
  7. "Trustwave Named a Leader in IDC MarketScape for Emerging Managed Security Services Providers". Marketwired. 2 September 2016. Retrieved 12 September 2016.
  8. "Trustwave Named a Challenger in 2015 Gartner Magic Quadrant for Global Managed Security Service Providers". Marketwired. 4 January 2016. Retrieved 17 January 2016.
  9. "Trustwave Named a Leader in Managed Security Services by Independent Research Firm". Trustwave. 24 November 2014. Retrieved 9 April 2015.
  10. Lennon, Mike (22 April 2011). "Trustwave Files for IPO, Reveals Finances". SecurityWeek. Retrieved 8 April 2015.
  11. "Singtel to Acquire Trustwave to Bolster Global Cyber Security Capabilities". Trustwave. 7 April 2015. Retrieved 9 April 2015.
  12. Shu, Catherine (7 April 2015). "Singtel Acquires Chicago-based Cybersecurity Firm Trustwave For $810M". TechCrunch. Retrieved 13 April 2015.
  13. "Trustwave Acquisition Bolsters Data Protection". Trustwave. 11 November 2013. Retrieved 8 April 2015.
  14. "Trustwave Completes Acquisition of M86 Security". Trustwave. 19 March 2012. Retrieved 8 April 2015.
  15. "Trustwave Acquires Intellitactics/". Trustwave. 3 March 2010. Retrieved 8 April 2015.
  16. "Trustwave Acquires Vericept". Trustwave. 10 September 2009. Retrieved 8 April 2015.
  17. "Trustwave Acquires Mirage Networks". Trustwave. 17 February 2009. Retrieved 8 April 2015.
  18. Raywood, Dan (24 April 2012). "SC Magazine Awards Europe 2012 - winners announced". SC Magazine UK. Retrieved 8 April 2015.
  19. Stephenson, Peter (1 April 2010). "M86 Security Secure Web Gateway Review". SC Magazine US. Retrieved 8 April 2015.
  20. Lawrence Orans & Peter Firstbrook (25 May 2011). Magic Quadrant for Secure Web Gateways (PDF) (Report). Gartner. p. 2. Retrieved 8 April 2015.
  21. "MailMarshal Email Content Security and Anti-Spam". Messagingsolutions.com. Retrieved 8 April 2015.
  22. Peter Firstbrook & Eric Ouellet (27 April 2010). Magic Quadrant for Secure Email Gateways (PDF) (Report). Gartner. p. 2. Retrieved 8 April 2015.
  23. "Email Security » MailMarshal SMPT, providing services to the City of London Police Force". Secure Content Technologies. Retrieved 8 April 2015.
  24. "Trustwave SpiderLabs". Retrieved 8 April 2015.
  25. "ModSecurity Commercial and Community Support/Services". ModSecurity. Retrieved 8 April 2015.
  26. "Trustwave Security Report [Patch Included]". Zen Cart. 17 March 2016. Retrieved 8 April 2016.
  27. "Top websites served out malicious ads harboring the Angler exploit kit". PCWorld. 15 March 2016. Retrieved 8 April 2016.
  28. "Dridex Botnet Spreading Locky Ransomware via JavaScript Attachments". SecurityWeek. 10 March 2016. Retrieved 8 April 2016.
  29. "The Neutrino exploit kit has a new way to detect security researchers". CIO. 4 February 2016. Retrieved 8 April 2016.
  30. "Cherry Picker POS Malware Has Remained Hidden For Four Years". Dark Reading. 12 November 2015. Retrieved 13 November 2015.
  31. "Newest RIG exploit kit driven by malicious advertising". CSO Magazine. 3 August 2015. Retrieved 3 August 2015.
  32. "New malware program Punkey targets point-of-sale systems". Network World. 16 April 2015. Retrieved 17 April 2015.
  33. "Alert (TA14-212A) Backoff Point-of-Sale Malware". US-CERT. 31 July 2014. Retrieved 8 April 2015.
  34. "Reflected File Download: New Attack Vector Enables File Downloads Without Upload". Security Week. 14 October 2014. Retrieved 21 April 2015.
  35. "Black Hat Europe: Hijacking Clicks With Same Origin Method Execution". Security Week. 16 October 2014. Retrieved 21 April 2015.
  36. "Exposed: An inside look at the Magnitude Exploit Kit". CSO. 5 August 2014. Retrieved 21 April 2015.
  37. "Two million stolen Facebook, Twitter, Yahoo, ADP passwords found on Pony Botnet server". ZDNet. 4 December 2013. Retrieved 21 April 2015.
  38. "'Pony' botnet steals bitcoins, digital currencies: Trustwave". Reuters. 24 February 2014. Retrieved 21 April 2015.
  39. "New Exploit Kit RedKit Discovered in Wild". ThreatPost. 7 May 2012. Retrieved 21 April 2015.
  40. "Protecting Consumer Information: Can Data Breaches Be Prevented?". United States House Committee on Energy and Commerce. 5 February 2014. Retrieved 8 April 2015.
  41. 1 2 "Bug 724929 - Remove Trustwave Certificate(s) from trusted root certificates". Mozilla. 7 February 2012. Retrieved 8 April 2015.
  42. Schwartz, Mathew J. (26 March 2014). "Target, PCI Auditor Trustwave Sued By Banks". Darkreading. Retrieved 9 April 2015.
  43. Heun, David (25 March 2014). "Banks Sue Security Vendor Trustwave After Target Data Breach". American Banker. Retrieved 9 April 2015.
  44. Kirk, Jeremy (1 April 2014). "Banks withdraw data breach claim against Target". ComputerWorld. Retrieved 9 April 2015.
  45. "Security firm Trustwave says Target data breach claims baseless". Reuters. 29 March 2014. Retrieved 9 April 2015.
  46. "A Letter to our Valued Customers". 29 March 2014. Archived from the original on 18 March 2015. Retrieved 9 April 2015.
This article is issued from Wikipedia - version of the 12/4/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.