Trustwave SpiderLabs is among the most well-respected teams in the cybersecurity industry, having gained a reputation for conducting cutting-edge research, plying the foggy corners of the darkweb for information, and detecting and hunting down threats.
What is less well known is how Trustwave’s SpiderLabs’ various teams’ function and then pull together to create the formidable force that is the backbone of all Trustwave’s offerings.
Here is the first in what will be a series of blogs breaking down how SpiderLabs works to ensure the security of Trustwave’s clients.
In short, Trustwave Security Testing looks to increase an organization’s security maturity through a programmatic Security Testing program.
While the above is true, this question deserves a much more detailed answer. We know that organizations, both large and small, are coming under increasing pressures around the security of their clients, users, and data. In fact, I’d go a step further, there is now an expectation of security from clients. This burden and ROI can be difficult to quantify, so what’s the solution?
Given that we know cybersecurity is important, the solution is a programmatic method of security testing that, over time, increases an organizations security maturity. Security maturity is the method of ensuring best practice security guidelines are enabled and used within an organization, these guidelines are constantly being evaluated and refined to match the increasing threat landscape. That sounds very grand, in short, it’s always looking to increase your cyber security.
For various different reasons, there is no such thing as an organization that is 100% secure. Organizations are too complex, technology too embedded and people too involved to make things 100% secure. Organizations tend to strive for measurable and actionable improvements in their maturity that increases their overall security posture. This is where Trustwave’s Security Testing comes into play by helping to increase an organization’s security maturity.
Security testing is normally considered a transactional event i.e., we scope, perform, and deliver a penetration test and that’s it until next year. What we do at Trustwave is different, we elevate the event from a transactional to a strategic one through a programmatic Security Testing program that covers people, process and technology. This includes Enterprise Penetration Testing (EPT) during which Trustwave delivers scalable, flexible, and high-quality pen testing by a global testing team to find the most difficult vulnerabilities.
Putting the client at the center of everything is core to Trustwave. Having the ability to understand what the entire security eco-system looks like is important because once you understand what you have, then you can begin to deploy resources to areas that require it e.g., patch management.
Ensuring the scope is accurate, high levels of communication throughout the engagement, and a clear deliverable are key to clients. The delivery of the final report isn’t then the end of the engagement, but the beginning of the next phase. All too often, clients require additional information around the mitigation and remediation of issues, and we’re always on hand to help.
Once issues have been mitigated and remediated, we will recommend a re-test, and one is normally included within the scope…as an aside, the re-testing of issues is critical; through the law of unintended consequences, we’ve seen instances where the fixing of one issue has created another issue.
In Trustwave we use the Fusion platform for the delivery of Security Testing, having a robust security cloud comprised of the Trustwave data lake, advanced analytics, actionable threat intelligence and flexibility around delivery gives our client the ability to understand root cause issues.
Understanding gaps in patching, passwords and policy are critical to gaining cyber maturity. These are often considered the basics, not because they are easy, but because they are critical in achieving a level of cyber maturity. Across large, complex environments these types of issues it can be difficult to identify the root cause issue. Adding our Technical Account Managers (TAM), who are management consultants and above, to larger programs quickly drives the correct changes where they are needed.
Security needs to work for today and tomorrow, maturity is gained over time. It’s important to consider which direction the direction of travel, and a programmatic Security Testing program helps to achieve this.
At its very heart, Trustwave’s Security Testing is about enabling our clients to understand what they have and how to secure it.
Trustwave offers a full suite of security testing capabilities managed within a unified portal. You get a dashboard view of your entire asset catalog to gain a comprehensive understanding of your risk exposure so that you can spend more time on the findings and less time on the mechanics of testing.