Arthur Wong, CEO
In a technology-driven world, it is no longer a question of “if” but “when” a breach might occur. Adversaries are becoming more sophisticated and are well equipped to attack the most important asset of an organization—its data, whether it’s on-premises, in the cloud or both. In the recent past, an alarming increase in cyber threats has hit the headlines. A report from research firm Cybersecurity Ventures estimates, cybercrime will cost the world in excess of $6 trillion annually by 2021, up from $3 trillion in 2015. Given the proficiency of malicious hackers, implementing technology alone is insufficient to protect organizations from a breach. In many instances, most damage is caused by the inability to rapidly discover and respond to threats rather than the attack itself. To detect vulnerabilities, organizations need to have high-level cybersecurity experts on hand, along with the right processes and technology. However, with the existing industry-wide talent gap, experienced and qualified cybersecurity professionals are hard for many enterprises to hire, train and retain on their own.
Fulfilling this gap is Trustwave, a leading cybersecurity and managed security services provider that helps enterprises and government agencies fight cybercrime, protect data and reduce security risk. In 2018, Trustwave’s parent company Singtel (a large telecommunications provider in Asia/Pacific), pooled its cybersecurity resources composed of Singtel, Optus, Trustwave, and NCS, into a single global corporate identity operating under the Trustwave brand. Essentially, Trustwave doubled in size and capabilities and has quickly risen to become one of the foremost players in the enterprise cybersecurity space—recognized by industry analyst firms like Gartner, IDC and Forrester as industry-leading.
Trustwave offers a wide range of managed security services, data protection technologies and consulting and professional services to help organizations monitor for, detect, and quickly eliminate external and internal threats. “As a company on the front lines battling cybercriminals and nation-state adversaries bent on stealing data, disrupting operations for ransom or destroying infrastructure, Trustwave is well-positioned to help organizations secure their operations both today and tomorrow as needs change.Our clients benefit from having a security partner with global reach and deep regional expertise,” says Arthur Wong, chief executive officer of Trustwave.
The company has proprietary solutions such as Trustwave DbProtect, a government-grade database security testing platform, and Trustwave Secure Email Gateway, delivering advanced protection against email-based threats including phishing, malicious links, business email compromise, and others. Alongside data protection and email security solutions, the company has technology partnerships with those on the leading edge of endpoint detection, artificial intelligence, automation and behavioral analytics.
High-Level Security Expertise
Trustwave’s consulting and professional services begin first with a one-on-one engagement to better understand an enterprise’s environment and assets. Trustwave consultants then architect a plan based on risk tolerance levels, needed resources and security maturity endgame. “We help clients augment their cybersecurity capabilities to identify and safeguard against security risks and threats to critical assets— be it users, applications or data,” says Wong. As part of the engagement, Trustwave advises on comprehensive security solutions that may include technologies and/or managed security services—regardless of what security vendor provides them—that offer the best level of protection and risk reduction.
Unlike legacy managed security services providers, Trustwave offers specialized managed security services you won’t find anywhere else or those that are unique compared to what else is on the market. Advanced services like Managed Threat Detection and Response are core to what Trustwave calls its most innovative services. The Trustwave Fusion platform is a cloud-based cybersecurity platform that serves as the foundation for the company’s managed security services, products and other cybersecurity offerings.
With an ever-expanding attack surface as a result of the Internet of Things technology and multi-cloud environments, Trustwave is continuously innovating and developing its capabilities to best serve organizations at varying stages of digital transformation
It is purpose-built to meet the enterprise where they are today in their operations and in the future as they embrace digital transformation and contend with a continuously evolving security landscape.
“The Trustwave Fusion platform is a quantum leap in how cybersecurity is applied and managed within corporate and government environments,” says Trustwave’s Wong. “We have fused market leading technologies, powerful managed security services and the prowess of elite practitioners onto a single pane easily accessed and controlled by browser or mobile app. Having the capability to run database scans and vulnerability tests as needed, bolster security resources in a hybrid operation or order an elite threat hunting force into action by simply pointing and clicking is truly a game changer.”
The Trustwave Fusion platform connects the digital footprints of enterprises and government agencies to a robust security cloud comprised of the Trustwave data lake, advanced analytics, actionable threat intelligence, a wide range of security services and products the company’s security specialists.
Once connected, the traditional dichotomy of customer and security partner evaporates by giving internal security teams deep visibility, technologies and the advanced security expertise necessary for protecting assets and eradicating threats as they arise – a true paradigm shift in how cybersecurity programs are applied, managed and executed.
At the core of the company’s managed security services is Trustwave SpiderLabs, a renowned team of ethical hackers, threat hunters, digital forensic investigators and security researchers. These practitioners work shoulder to shoulder with enterprises to co-manage or fully manage security operations. From penetration testing and red teaming to incident response and full investigations, Trustwave SpiderLabs fills gaps in security expertise that for most companies would be impossible to achieve in-house. “Businesses today are under constant threat from adversaries tirelessly working to steal data to sell on the dark market or simply cause destruction. Having a battle-tested security team ready to take action on a moment's notice greatly enhances security posture," says Wong.
The Trustwave SpiderLabs Fusion Center, a 6,000 square foot, state-of-the-art cyber command center, connects both SpiderLabs and the company’s global network of security operation centers (SOCs). These facilities work in tandem identifying, tracking, and collecting the latest threat intelligence from active cybercrime campaigns, forensic investigations, product telemetry, and third-party sources. Strike teams with specialized knowledge on industries and environments apply this constant flow of information to augment their abilities for detecting, responding, and eradicating threats down to individual endpoints on behalf of the enterprise.
“The command center coupled with the knowledge of our security experts helps ensure businesses have complete security visibility across their entire environment and the means to keep pace with threat actors who are continuously refining their techniques to evade detection,” mentions Wong. Further, the Trustwave SpiderLabs Fusion Center serves as a security education mecca regularly conducting training sessions for CIOs, CISOs, security analysts and IT teams.
Rigorous instruction on cutting-edge techniques for discovering hidden adversaries and defending networks highlights industry-recognized certifications in penetration testing, data forensics, incident response, and other disciplines.
Protecting Customers as the Threat Landscape Evolves
In an instance, a U.S.-based organization specializing in large-scale public utility work, specifically R&D for heating/cooling within large industrial environments, was expanding their operations in Asia. To expedite the setup of IT systems in new locations in this region, corporate IT shared a master or “gold image” to ensure consistent configuration and performance settings. What they didn’t realize was that in addition to system setup details, the gold image was also sharing suspicious files to every new system deployed. These files did two things. They injected .dll libraries into running memory space to give a malicious actor remote command and control of the victim systems. They also inserted a cryptominer. A malicious actor with access to the systems and cryptominer could then use the processing power of the organization’s server network to mine cryptocurrency. This was the situation when the organization came to Trustwave.
Trustwave SpiderLabs threat hunters began an investigation into the organization’s corporate network and new locations in Asia and discovered something wasn’t right and quickly took steps towards mitigation.
The threat hunters follow a comprehensive approach to systematically target complex threats. In investigating this organization, the hunters first identified suspicious internal Server Message Block (SMB) scanning activity on port 445. This indicated that a malicious actor or group was looking for open ports to exploit the SMB vulnerability EternalBlue. Interestingly, this scanning began immediately as new systems came online. Additional investigation identified the suspicious files on the gold image that were giving command and control access to remote users and dropping the cryptominer on new systems. Trustwave practitioners specializing in malware reverse engineering showed these files were consistent with malware from Dynamite Panda, an Asian-based advanced persistent threat (APT) group known for targeting the U.S. enterprises and industrial base. The threat hunters added key findings from this case to Trustwave’s threat intelligence database and devised unique endpoint use cases to identify and eradicate telltale signs of Dynamite Panda throughout the organization’s environment. The organization rebuilt its gold image and after deep internal investigations, identified a senior IT staff member as the primary culprit. Today, Trustwave continues to support the company through managed detection and response services to help ensure threats are identified and eradicated before they have a serious impact.
"As a company on the front lines battling cybercriminals and nation-state adversaries bent on stealing data, disrupting operations for ransom or destroying infrastructure, Trustwave is well-positioned to help organizations secure their operations both today and tomorrow as needs change"
Much of Trustwave’s cybersecurity prowess, which is behind many customer success stories, can be attributed to Wong and his team. Wong has served the cybersecurity space for over two decades. Developing cybersecurity technologies and solutions has helped Wong gain immense knowledge of risk management and protection of assets. He has helped some of the world’s largest enterprises and government organizations overcome complex cybersecurity challenges and adhere to constantly shifting data regulations. Under his watch, Trustwave has been recognized by several key industry analysts as a top cybersecurity company and most recently was named a Leader in the 2019 Gartner “Magic Quadrant for Managed Security Services, Worldwide” for the second year in a row. “We feel our placement in the Leaders quadrant reflects our innovation in threat detection and response capabilities as well as service delivery excellence we have brought to organizations,” Wong added.
“With an ever-expanding attack surface as a result of the Internet of Things technology and multi-cloud environments, Trustwave is continuously innovating and developing its capabilities to best serve organizations at varying stages of digital transformation,” concludes Wong.