Trustwave Holdings is an information security company that provides threat, vulnerability and compliance management services and technologies for more than 3 million business customers in 96 countries. The company's international headquarters is located in downtown Chicago, and regional offices are located in London, São Paulo, and Sydney. The company also operates Security Operations Centers in Chicago, Denver, Manila, Minneapolis, Singapore, Sydney, Tokyo, Warsaw, and Waterloo in Canada. Trustwave is currently the only company that is an authorized PCI Forensic Investigator in all geographic regions. Trustwave is a standalone business unit and core cyber security brand of Singtel Group Enterprise.
In 2016, IDC named Trustwave a Leader in the IDC MarketScape for Emerging Managed Security Services Providers based on industry analysis and buyer perception. In the 2015 "Gartner Magic Quadrant for Managed Security Services, Worldwide," a report that evaluated 14 different global managed security service providers, Trustwave was named an industry challenger "due to the access it gained to greater resources and new markets resulting from the acquisition by Singtel, and its increasing investments in competing for enterprise customers." In 2014, industry analyst firm Forrester Research named Trustwave one of the leaders in the managed security services market.
Video Trustwave Holdings
History
In April 2011, Trustwave Holdings filed for its IPO though the company is now a standalone subsidiary of Singtel. Trustwave's website says the company has more than 1,600 employees.
On April 8, 2015 (SGT), Singapore Telecommunications Ltd (Singtel) announced it had entered into a definitive agreement to acquire Trustwave Holdings, Inc. for a fee of $810 million--Singtel with a 98% stake in the company leaving 2% with Trustwave's CEO and President. According to media reports and Singtel filings on the Singapore Exchange, the enterprise value of Trustwave at the time of the deal was $850 million.
Acquisitions
- Cenzic, Inc. (18 March 2014)
- Application Security, Inc. (12 November 2013)
- SecureConnect, Inc. (3 April 2013)
- M86 Security. (6 March 2012)
- Breach Security. (22 June 2010)
- Intellitactics. (3 March 2010)
- BitArmor Systems. (12 January 2010)
- Vericept. (10 September 2009)
- Mirage Networks. (17 February 2009)
- ControlPath. (27 August 2008)
Maps Trustwave Holdings
Products and technologies
Managed Security Services is a service that involves remotely managing third-party products such as Network Access Control, SIEM, and United Threat Management for companies who wish to outsource their security needs. According to the Forrester Wave: Managed Security Services: North America, Q4 2014, Trustwave is a market leader in managed security services.
TrustKeeper is a cloud-based platform that ties together Trustwave's various managed security services. Through TrustKeeper businesses can access a variety of Trustwave "apps" ranging from enterprise-class managed security services to PCI compliance automation tools designed to help credit card merchants protect themselves against unauthorized access.
Managed Security Testing is an application within TrustKeeper that provides an interactive way to view and track penetration test reports as an alternative to conventional PDF based reports. Earlier versions were called Trustwave PenTest Manager, and it won the 2012 SC Magazine Europe Innovation award.
Secure Web Gateway (formerly Finjan): an appliance-based secure Web gateway that uses real-time code analysis technology, URL filtering and antivirus scanning to prevent malware and Web-based threats. In May 2011, the M86 Secure Web Gateway was designated as Visionary in the 2011 Gartner Magic Quadrant Report for Secure Web Gateways.
Secure Email Gateway (formerly M86 MailMarshal): an email security solution, available as software or through a cloud-based service, that protects against malware, spam and data leakage. It also provides reporting, analyzes inbound and outbound content and assists with policy control. In April 2010, the M86 MailMarshal SMTP product was designated Visionary in the 2010 Gartner Magic Quadrant Report for Secure Email Gateways.
Associated Technologies:
- Deep Content Inspection
- SpamBotCensor
- Blended Threats Module
SpiderLabs is the advanced security services and research team at Trustwave that was developed by security researcher, Nicholas J. Percoco. The team specializes in forensic investigations, penetration testing, education services, and security research that is used to update Trustwave's products and services with threat intelligence. SpiderLabs also authors the Trustwave Global Security Report, an annual report detailing the latest security trends and risk areas. SpiderLabs also actively develops the open source web application firewall, ModSecurity, and a supplementary commercial rule set available for purchase.
Significant discoveries
- Skype for Mac vulnerability (2016) - Trustwave discovered a local backdoor in the code of Skype for Mac OS X that could have existed since 2005. Microsoft quietly patched the Mac OS X client for Skype in October, closing a backdoor that could have existed for as long as a decade and would have allowed attackers to control many aspects of the software.
- Zen Cart XSS Vulnerabilities (2016) - Trustwave discovered multiple Cross-Site Scripting (XSS) vulnerabilities in the popular online open source shopping cart Zen Cart. Zen Cart released version 1.5.5 to resolve the security flaws and also introduced a new sanitization class with a number of sanitization groups, each meant to perform a defined sanitizations on specific GET/POST parameters. Both reflective and stored XSS flaws were affecting multiple parameters of a number of requests, and successful malicious XSS injection could result in access to cookies and sensitive information or site defacement.
- "Angler" Malvertising (2016) - Trustwave discovered the domain takeover of what once was a reputable advertising site, which was purchased and repurposed with the "Angler Exploit Kit" to deliver a payload known as the "BEDEP Trojan" (and sometimes "TeslaCrypt") through malicious ads. Very popular websites both in the US and internationally were affected by this malvertising campaign: "answers[.]com" (Alexa rank 420 Global and 155 in the US), "zerohedge[.]com" (Ranked 986 in the US) and "infolinks[.]com" (Ranked 4,649 Internationally) were a few of the notable websites involved.
- "Dridex" botnet using "Locky" ransomware (2016) - Trustwave found that the Dridex botnet had adopted "Locky" ransomware to spam massive numbers of targets, sometimes up to 200k spam emails per hour. In the first week of March 2016, the "Locky" campaigns accounted for 18% of the 4 million malware spam emails monitored by the Trustwave Spam Research Database.
- "Neutrino Exploit Kit" updated (2016) - Trustwave discovered that the popular "Neutrino Exploit Kit" had been updated to avoid detection by security researchers. Neutrino had been re-engineered to use passive OS fingerprinting, which is a method to collect and analyze data packets without the entity that is sending the packets knowing their computers are being profiled. In this case, the computer sending the packets is a security researcher's system that's probing the hackers' server.
- "Cherry Picker" point-of-sale malware (2015) - Trustwave discovered a new form of sophisticated malware designed to steal payment card data from point-of-sale systems. The company's SpiderLabs team discovered the malware during data breach forensic investigations. Cherry Picker remained largely undetected by antivirus tools and security companies because of the sophisticated techniques it uses to hide itself from sight.
- RIG 3.0 Malvertisement Campaign (2015) - Security researchers from Trustwave monitored the operations of the RIG 3.0 exploit kit over about six weeks, during which attackers attempted to exploit more than 3.5 million potential victims and succeeded with about 1.25 million - an infection rate of 34 percent. RIG 3.0 is the next generation of a service for distributing malware. RIG 3.0 works by infecting users who are simply browsing the web through malicious advertisements (known as a malvertisement). Trustwave determined that nearly 70 percent of the traffic being delivered to RIG could be directly linked to a number of malicious ad campaigns.
- "Punkey" point-of-sale malware (2015) -- Security researchers from Trustwave SpiderLabs discovered RAM-scraping point-of-sale threat they named "Punkey" during an investigation with the U.S. Secret Service. The malware uses a variable called 'unkey' to send the data to the C&C server, and the data is sent using an 'HTTP POST' command. So Punkey is a portmanteau of 'POST' and 'UNKEY': P(ost)unkey.
- "Backoff" point-of-sale malware (2014) -- Trustwave SpiderLabs investigators were the first to identify and name the Backoff point-of-sale malware that infected 1,000+ businesses in North America. The malware targeted point-of-sales systems by exploiting weak passwords on remote access software. Trustwave found it to be a unique new family of malware.
- Reflected File Download (2014) -- Trustwave SpiderLabs researcher Oren Hafif identified a new method of attacking web clients dubbed Reflected File Download. The new attack method allows attackers to piggyback on the trust given to a valid website to send malware to their victims.
- Same Origin Method Execution (2014) -- Trustwave SpiderLabs researcher Ben Hayak identified a new method of attacking web clients dubbed "Same Origin Method Execution" (SOME). The method capitalizes on a flaw in JavaScript Object Notation with padding (JSONP) that allows an attacker to execute arbitrary methods on affected websites. A victim that clicks on a specifically malicious link could expose confidential data to an attacker utilizing this attack method.
- Magnitude (2014) -- Trustwave SpiderLabs researchers found an instance of the Magnitude exploit kit that shed light on how the exploit kit's business model works and how exactly it infects its victims.
- Pony Botnet Discoveries (2014 and 2013) -- Twice in 2013 and again in 2014 Trustwave SpiderLabs did an analysis of primary Pony bontnet controllers. The results of the analysis found that the botnets had gathered more than two million passwords and credentials for accounts on ADP payroll, Facebook, Twitter, Yahoo and more, and over $220,000 USD in crypto-currency like Bitcoin.
- Redkit (2012) -- Trustwave SpiderLabs researchers discovered a new exploit kit they named RedKit. The exploit kit was one of the first to provide a constantly changing attack URL to make it difficult for organizations to block the exploit kit.
Congressional testimony
In February 2014, Trustwave SVP Phillip. J. Smith offered expert testimony related to data breaches and malware as part of a Congressional hearing for The House Committee on Energy and Commerce. In his prepared testimony, he presented observations based on the company's experience investigating thousands of data breaches, ongoing malware and security research and other forms of threat intelligence.
Unrestricted sub-CA incident
Trustwave operates an X.509 certificate authority ("CA") which is used as the top level of trust by many web browsers, operating systems, and other applications (a "trusted root CA"). In 2011, Trustwave sold a certificate for a subordinate CA which allowed a customer to present SSL certificates identifying as arbitrary entities, in a similar mechanism to a "Man in the Middle Attack". This type of action is similar to the practice of running an SSL proxy on a corporate network, though in this case a public subordinate CA (valid anywhere) was used instead of an internal corporate-generated domain CA (valid only for machines that accept it as part of organizational policy), making the risk of abuse much higher.
Though Trustwave asserts that special precautions were put in place to ensure that the customer attached its device only to a particular customer-owned network on which it was acceptable for the customer to impersonate other entities and to intercept traffic, this cannot be independently verified as Trustwave is unable to disclose the customer due to a Non-Disclosure Agreement.
As a result, there was some brief discussion as to whether it was an egregious enough action to have Trustwave's root CA removed from the Mozilla Firefox browser. However, no action was taken.
Allegations against Trustwave
In March 2014, Trustwave was named in a lawsuit filed by Trustmark National Bank and Green Bank N.A. The lawsuit alleges that Trustwave failed to provide the promised level of security to Target, and for failing to meet industry security standards. In April 2014, a notice of dismissal was filed by both plaintiffs, effective withdrawing their earlier allegations. Trustwave Chairman, CEO and President Robert J. McCullen also stated in a letter that "Contrary to the misstated allegations in the plaintiffs' complaints, Target did not outsource its data security or IT obligations to Trustwave. Trustwave did not monitor Target's network, nor did Trustwave process cardholder data for Target.".
References
Source of article : Wikipedia