Trustwave Holdings

From Wikipedia, the free encyclopedia
Trustwave Holdings
Industry Technology, Information Security, PCI Compliance, Cloud computing
Founded 1995 (1995)
Headquarters Chicago, Illinois, United States
Products TrustKeeper, Internet security, Secure Web Gateway, proxy server, content filtering
Revenue US $111 million (2010)[1]
Website www.trustwave.com

Trustwave Holdings is a privately held information security company that provides on demand data security, compliance and threat intelligence solutions and services to customers in 96 countries.[2] The company’s international headquarters is located in downtown Chicago,[3] and regional offices are located in London, São Paulo, and Sydney. The company also operates Security Operations Centers in Chicago, Denver, Manilla, Minneapolis, and Warsaw. Trustwave is currently the only company that is an authorized PCI Forensic Investigator in all geographic regions.[4] On April 21, 2011 Trustwave Holdings filed for IPO.[1]

History of Acquisitions

  • Trustwave Holdings acquired SecureConnect, Inc. (4/3/13) [2]
  • Trustwave Holdings acquired M86 Security. (3/6/12) [5]
  • Trustwave Holdings acquired Breach Security. (6/22/10) [2]
  • Trustwave Holdings acquired BitArmor Systems. (1/12/10) [2]
  • Trustwave Holdings acquired Vericept. (9/10/09) [6]
  • Trustwave Holdings acquired ControlPath. (8/27/08) [2]
  • Trustwave Holdings acquired Mirage Networks. (2/17/09) [7]

Products and Technologies

TrustKeeper software is a cloud-based PCI (payment card industry) compliant application that protects credit card merchants against unauthorized access and online security breaches and provides internal and external vulnerability scanning. The cloud-based software is delivered to companies that process electronic payments, including American Express, Banc of America Merchant Services, Chase Paymentech, Discover, and Visa.[8]

PenTest Manager is a feature within TrustKeeper that provides an interactive way to view and track penetration test reports as an alternative to conventional PDF based reports. PenTest Manager won the 2012 SC Magazine Europe Innovation award.[9]

Secure Web Gateway (formerly Finjan): an appliance-based secure Web gateway that uses real-time code analysis technology, URL filtering and antivirus scanning to prevent malware and Web-based threats.[10] In January 2010, the M86 Secure Web Gateway was designated as Visionary in the 2010 Gartner Magic Quadrant Report for Secure Web Gateways.[11]

Secure Email Gateway (formerly M86 MailMarshal): an email security solution that protects against spam and data leakage. It also provides reporting, analyzes inbound and outbound content and assists with policy control.[12] In April 2010, the M86 MailMarshal SMTP product was designated Visionary in the 2010 Gartner Magic Quadrant Report for Secure Email Gateways.[13]

Associated Technologies:[14]

  • Deep Content Inspection
  • SpamBotCensor
  • Blended Threats Module

Managed Security Services is a service offering from Trustwave that involves remotely managing its and third-party products such as Network Access Control, SIEM, and United Threat Management for companies who wish to outsource their security needs.

SpiderLabs is the advanced security services and research team at Trustwave that specializes in forensic investigations, penetration testing, educations services, and security research that is used to update Trustwave's products and services with threat intelligence. SpiderLabs also authors the Trustwave Global Security Report, an annual report detailing the latest security trends and risk areas.[15][16] SpiderLabs also actively develops the open source web application firewall, ModSecurity, and a supplementary commercial rule set available for purchase.[17]

Unrestricted sub-CA scandal

Trustwave operates an X.509 certificate authority ("CA") which is trusted by default by many web browsers and other applications (a "trusted root CA"). In 2011, Trustwave sold an unidentified customer two certificates for subordinate CAs which allowed that customer to forge certificates identifying its traffic interception device as the web sites of other, unsuspecting parties which had not authorized the customer to do so (a "Man in the Middle Attack"). Though Trustwave asserts that special precautions were put in place to ensure that the customer attached its traffic interception device only to a particular network on which Trustwave asserts it was acceptable for the customer to impersonate other entities and to intercept traffic without the permission of all parties involved, this cannot be verified as Trustwave is unable identify the customer in question due to a Non-Disclosure Agreement.[18]

As a result of these actions, which contravened both Trustwave's own published Certification Practices Statement and the policies of several organizations such as Mozilla to which Trustwave had submitted its CAs (representing that they complied), Trustwave was nearly removed from the Mozilla list of trusted root CAs.[18]

External links

References

  1. 1.0 1.1 "Trustwave Files for IPO, Reveals Finances". Retrieved 2012-09-10. 
  2. 2.0 2.1 2.2 2.3 2.4 "Trustwave Holdings". Retrieved 2012-09-10. 
  3. "Trustwave Holdings, Inc.". Retrieved 2012-09-10. 
  4. "PFI Companies". Retrieved 2012-09-20. 
  5. "Trustwave Completes Acquisition of M86 Security". Retrieved 2012-09-10. 
  6. "Trustwave Acquires Vericept". Retrieved 2012-09-10. 
  7. "Trustwave Acquires Mirage Networks". Retrieved 2012-09-10. 
  8. "Trustwave Holdings, Inc.". Retrieved 2012-09-10. 
  9. "SC Europe Awards". Retrieved 2012-09-19. 
  10. Peter Stephenson (2010-01-04). "M86 Security Secure Web Gateway Review". SC Magazine US. Retrieved 2011-05-16. 
  11. “Magic Quadrant for Secure Web Gateways”, Peter Firstbrook, Lawrence Orans, January 8, 2010
  12. "MailMarshal - Leader in Enterprise Email Content Security and Anti-Spam". Messagingsolutions.com. Retrieved 2011-05-16. 
  13. “Magic Quadrant for Secure Email Gateways”, Peter Firstbrook, Eric Ouellet, April 27, 2010
  14. "Email Security » MailMarshal SMTP". Secure Content Technologies. Retrieved 2011-05-16. 
  15. "Global Security Report". Retrieved 2012-09-19. 
  16. "2012 Trustwave Global Security Report on "AttHackers" and Food Hacking Base Project - CNN iReport". Retrieved 2012-09-19. 
  17. "ModSecurity Developers". Retrieved 2012-09-19. 
  18. 18.0 18.1 "Mozilla Bug 724929". Retrieved 2013-02-10. 
This article is issued from Wikipedia. The text is available under the Creative Commons Attribution/Share Alike; additional terms may apply for the media files.