Company:Trustwave Holdings

From HandWiki
Trustwave Holdings, Inc.
Trustwave
TypeSubsidiary
Industry
Founded1995; 29 years ago (1995)
Headquarters
Chicago, Illinois
,
Area served
Worldwide
Key people
Eric Harmon, CEO[1]
RevenueUS $216 million [2] (2014)
Number of employees
1,600+ [3]
Parent
  • Independent (1995–2015)
  • Singtel (2015–24)
  • The Chertoff Group (2024–present)
Websitewww.trustwave.com

Trustwave is an American[4] cybersecurity subsidiary of The Chertoff Group. It focuses on providing managed detection and response (MDR), managed security services (MSS), database security, and email security to organizations around the globe.

With costumers in 96 countries, it has its international headquarters in downtown Chicago [5] and regional offices in London, São Paulo, and Sydney. The company also operates Security Operations Centers in Chicago , Denver, Manila, Minneapolis, Singapore, Sydney, Tokyo, Warsaw, and Waterloo, Ontario.[6]

As of 2015, the company was a standalone business unit[7] cybersecurity independent subsidiary and brand of multinational telecommunications company Singtel.[8] In January 2024, it was announced that The Chertoff Group had completed its acquisition of the firm for $205 million.[9]

History

In April 2011, Trustwave Holdings filed for its IPO[10] even though it was a standalone subsidiary of Singtel until 2024. Trustwave's website says the company has more than 1,600 employees.[3]

In February 2014, Trustwave SVP Phillip. J. Smith offered expert testimony related to data breaches and malware as part of a Congressional hearing for The House Committee on Energy and Commerce. In his prepared testimony, he presented observations based on the company's experience investigating thousands of data breaches, ongoing malware and security research and other forms of threat intelligence.[11]

On April 8, 2015 (SGT), Singapore Telecommunications Ltd (Singtel) announced it had entered into a definitive agreement to acquire Trustwave Holdings, Inc. for a fee of $810 million—Singtel with a 98% stake in the company leaving 2% with Trustwave's CEO and President.[2][12] According to media reports and Singtel filings on the Singapore Exchange, the enterprise value of Trustwave at the time of the deal was $850 million.[13]

In October 2021, Trustwave sold its PCI compliance business to cybersecurity firm Sysnet for $80 million.[14] The sale gave Trustwave the ability to invest more in its core capabilities of managed detection and response (MDR) and managed security services (MSS), according to research firm IDC.[15]

Significant Discoveries

In 2013 and again in 2014 Trustwave SpiderLabs did an analysis of primary Pony botnet controllers. The results of the analysis found that the botnets had gathered more than two million passwords and credentials for accounts on ADP payroll, Facebook, Twitter, Yahoo and more,[16] and over US $220,000 in crypto-currency like Bitcoin.[17]

In June 2020, Trustwave SpiderLabs discovered a new malware family, which they named GoldenSpy, embedded in tax payment software that a Chinese bank requires corporations to install to conduct business operations in China.[18] Trustwave said it was uncertain whether the malware was embedded in all of the tax software or if it was deployed against specific targets. The FBI sent a subsequent warning about this malware threat to companies in healthcare, chemical, and finance industries.[19]

Leading up to the 2020 U.S. presidential election, Trustwave SpiderLabs found a hacker selling info on 186 million U.S. voters during its Dark Web and cybercriminal forum research.[20] Trustwave turned this information over to the FBI.[21]

In February 2021, Trustwave SpiderLabs discovered two "severe" vulnerabilities in SolarWinds Orion. One of the flaws could’ve allowed a hacker to gain complete remote control of a targeted SolarWinds system. Patches were released January 25 and customers of SolarWinds were urged to patch immediately.[22]

Criticism

Trustwave operates an X.509 certificate authority ("CA") which is used as the top level of trust by many web browsers, operating systems, and other applications (a "trusted root CA").[citation needed] In 2011, Trustwave sold a certificate for a subordinate CA which allowed a customer to present SSL certificates identifying as arbitrary entities, in a similar mechanism to a "Man in the Middle Attack". This type of action is similar to the practice of running an SSL proxy on a corporate network, though in this case a public subordinate CA (valid anywhere) was used instead of an internal corporate-generated domain CA (valid only for machines that accept it as part of organizational policy), making the risk of abuse much higher.

In March 2014, Trustwave was named in a lawsuit filed by Trustmark National Bank and Green Bank N.A. The lawsuit alleges that Trustwave failed to provide the promised level of security to Target, and for failing to meet industry security standards.[23][24] In April 2014, a notice of dismissal was filed by both plaintiffs, effectively withdrawing their earlier allegations.[25][26]

Recognition

In May 2019, Trustwave was named a leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.[27]

In August 2019, Trustwave won Threat Indicator Top Contributor Award from Microsoft.[28]

Trustwave was named a winner in the Best Managed Security Service category of the SC Awards for the second consecutive year in February 2020.[29]

In March 2020, Trustwave was named a leader in both the IDC MarketScape: Asia/Pacific Managed Security Services 2020 Vendor Assessment and the IDC MarketScape: Asia/Pacific Professional Security Services — Advisory, Assessment, and Awareness 2020 Vendor Assessment.[30]

In August 2020, Trustwave was named a leader in the Forrester Wave: Global Managed Security Services Providers, 2020 report.[31]

Trustwave joined the Microsoft Intelligent Security Association (MISA) in April 2021.[32]

In March 2021, Trustwave was named a Strong Performer and one of the top 9 "Providers That Matter Most" to clients in terms of current capability in the Forrester Wave for Managed Detection and Response (MDR).[33]

Trustwave was recognized as a Microsoft Security 20/20 Partner Award Winner for Top Managed SOC in May 2021.[34]

References

  1. "Trustwave Leadership". https://www.trustwave.com/en-us/company/about-us/leadership/. 
  2. 2.0 2.1 Aravindan, Aradhana (7 April 2015). "Singtel buying U.S. cyber security firm Trustwave for $810 million". Reuters. https://www.reuters.com/article/us-singtel-m-a-trustwave-idUSKBN0MY2C820150408. 
  3. 3.0 3.1 "Trustwave: Our Story". https://www.trustwave.com/Company/About-Us/Our-Story/. 
  4. "Singtel acquires Trustwave in $810M security services deal". https://www.zdnet.com/article/singtel-acquires-trustwave-in-810m-security-services-deal/. 
  5. "Company Overview of TrustWave Holdings, Inc.". Bloomberg. https://www.bloomberg.com/research/stocks/private/snapshot.asp?privcapId=11777224. Retrieved 9 April 2015. 
  6. "Trustwave security firm opens first Canadian security operations centre in Kitchener-Waterloo". Global News. 12 August 2015. http://globalnews.ca/news/2160691/trustwave-security-firm-opens-first-canadian-security-operations-centre-in-kitchener-waterloo/. Retrieved 30 September 2015. 
  7. "Trustwave: Our History". https://www.trustwave.com/en-us/company/about-us/our-history/. 
  8. "TRUSTWAVE PTE. LTD. (200616191R) - Singapore Business Directory". SGPBusiness.com. https://www.sgpbusiness.com/company/Trustwave-Pte-Ltd. Retrieved 30 August 2017. 
  9. "Chertoff Group Affiliate Completes Trustwave Acquisition" (in en). Dark Reading. https://www.darkreading.com/cloud-security/chertoff-group-affiliate-completes-trustwave-acquisition. 
  10. Lennon, Mike (22 April 2011). "Trustwave Files for IPO, Reveals Finances". SecurityWeek. http://www.securityweek.com/trustwave-files-ipo-reveals-finances. 
  11. "Protecting Consumer Information: Can Data Breaches Be Prevented?" United States House Committee on Energy and Commerce. 5 February 2014. Retrieved 8 April 2015.
  12. "Singtel to Acquire Trustwave to Bolster Global Cyber Security Capabilities". Trustwave. 7 April 2015. https://www.trustwave.com/Company/Newsroom/News/Singtel-to-Acquire-Trustwave-to-Bolster-Global-Cyber-Security-Capabilities/. 
  13. Shu, Catherine (7 April 2015). "Singtel Acquires Chicago-based Cybersecurity Firm Trustwave For $810M". TechCrunch. https://techcrunch.com/2015/04/07/singtel-trustwave/. 
  14. Novinson, Michael (2021-10-24). "Trustwave Sells PCI Compliance Business To Sysnet For $80M". https://www.crn.com/news/security/trustwave-sells-pci-compliance-business-to-sysnet-for-80m. 
  15. "IDC Report | A Strategic Move to Make Trustwave Laser-focused in its Core Offerings" (in en-US). https://www.trustwave.com/en-us/resources/library/documents/idc-report-a-strategic-move-to-make-trustwave-laser-focused-in-its-core-offerings/. 
  16. "Two million stolen Facebook, Twitter, Yahoo, ADP passwords found on Pony Botnet server". ZDNet. 4 December 2013. http://www.zdnet.com/article/two-million-stolen-facebook-twitter-yahoo-adp-passwords-found-on-pony-botnet-server/. 
  17. "'Pony' botnet steals bitcoins, digital currencies: Trustwave". Reuters. 24 February 2014. https://www.reuters.com/article/us-bitcoin-security-idUSBREA1N1JO20140224. 
  18. "The Golden Tax Department and the Emergence of GoldenSpy Malware" (in en-US). https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-golden-tax-department-and-the-emergence-of-goldenspy-malware/. 
  19. "FBI warns US companies about Chinese tax software embedded with hidden malware: Report" (in en-US). 2020-07-24. https://www.foxbusiness.com/technology/fbi-warns-us-companies-about-chinese-tax-software-embedded-with-hidden-malware-report-says. 
  20. "Massive US Voters and Consumers Databases Circulate Among Hackers" (in en-US). https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/massive-us-voters-and-consumers-databases-circulate-among-hackers/. 
  21. "Cybersecurity company finds hacker selling info on 186 million U.S. voters" (in en). 22 October 2020. https://www.nbcnews.com/politics/2020-election/cybersecurity-firm-finds-hacker-selling-info-148-million-u-s-n1244211. 
  22. Brewster, Thomas. "'Severe' SolarWinds Vulnerabilities Allow Hackers To Take Over Servers" (in en). https://www.forbes.com/sites/thomasbrewster/2021/02/03/severe-solarwinds-vulnerabilities-allow-hackers-to-take-over-servers-update-now/. 
  23. Schwartz, Mathew J. (26 March 2014). "Target, PCI Auditor Trustwave Sued By Banks". Darkreading. http://www.darkreading.com/risk/compliance/target-pci-auditor-trustwave-sued-by-banks/d/d-id/1127936. Retrieved 9 April 2015. 
  24. Heun, David (25 March 2014). "Banks Sue Security Vendor Trustwave After Target Data Breach". American Banker. http://www.americanbanker.com/issues/179_58/banks-sue-security-vendor-trustwave-after-target-data-breach-1066493-1.html. Retrieved 9 April 2015. 
  25. Kirk, Jeremy (1 April 2014). "Banks withdraw data breach claim against Target". Computerworld. http://www.computerworld.com/article/2489325/technology-law-regulation/banks-withdraw-data-breach-claim-against-target.html. Retrieved 9 April 2015. 
  26. "Security firm Trustwave says Target data breach claims baseless". Reuters. 29 March 2014. https://www.reuters.com/article/us-target-trustwave-lawsuit-idUSBREA2T01B20140330. Retrieved 9 April 2015. 
  27. "What's Changed: The 2019 Managed Security Services, Worldwide Magic Quadrant" (in en-US). 2019-05-08. https://solutionsreview.com/security-information-event-management/whats-changed-the-2019-managed-security-services-worldwide-magic-quadrant/. 
  28. "Trustwave Wins the Threat Indicator Top Contributor Award from Microsoft" (in en-US). https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trustwave-wins-the-threat-indicator-top-contributor-award-from-microsoft/. 
  29. "Trustwave Wins Best Managed Security Service for Second Consecutive Year at 2020 SC Awards" (in en-US). https://www.trustwave.com/en-us/company/newsroom/news/trustwave-wins-best-managed-security-service-for-second-consecutive-year-at-2020-sc-awards/. 
  30. "Trustwave Named a Leader in Two IDC MarketScapes on Asia Pacific Cybersecurity" (in en-US). https://www.trustwave.com/en-us/company/newsroom/news/trustwave-named-a-leader-in-two-idc-marketscapes-on-asia-pacific-cybersecurity/. 
  31. "The Forrester Wave™: Global Managed Security Services Providers, Q3 2020" (in en-US). https://www.trustwave.com/en-us/resources/library/documents/the-forrester-wave-global-managed-security-services-providers-q3-2020/. 
  32. "Trustwave Nominated to Join Microsoft Intelligent Security Association (MISA)" (in en-US). https://www.trustwave.com/en-us/company/newsroom/news/trustwave-nominated-to-join-microsoft-intelligent-security-association-misa/. 
  33. "World-Class MSS DNA Makes MDR All the More Powerful" (in en-US). https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/world-class-mss-dna-makes-mdr-all-the-more-powerful/. 
  34. "Trustwave Recognized as a Microsoft Security 20/20 Partner Award Winner for Top Managed SOC" (in en-US). https://www.trustwave.com/en-us/company/newsroom/news/trustwave-recognized-as-a-microsoft-security-2020-partner-award-winner-for-top-managed-soc/. 

External links