Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Trustwave MDR and Penetration Testing Solutions Win Global InfoSec Awards

Trustwave was honored during Cyber Defense Magazine in the 11th Annual Global InfoSec Awards at the 2023 RSA Conference, taking home accolades for Managed Detection and Response (MDR) Service Providers and was named the Market Leader in Penetration Testing.

Gartner Names Trustwave in 2023 Market Guide for Digital Forensics and Incident Response Retainer Services

The industry analyst firm Gartner has named Trustwave as a Representative Vendor in its 2023 Market Guide for Digital Forensics and Incident Response Retainer Services. This distinction comes on the heels of Trustwave being named a Representative Vendor in Gartner’s 2023 Market Guide for Managed Detection and Response (MDR).

Part 2: Is an RFP the Best Use of Your Organization's Resources?

Yesterday I wrote about some common Request for Proposal (RFP) pitfalls we have seen over the years at Trustwave. (part 1) Trustwave offers a wide range of services — from Managed Detection & Response (MDR), Managed SIEM services from Splunk, Qradar, and Microsoft Sentinel security testing, to complex red team engagements, so we‘ve seen numerous of styles and approaches in the format and presentation of the requests.

How to Avoid Common Cybersecurity RFP Pitfalls: Part 1

At Trustwave, we see scores of requests for proposal (RFP) in all shapes and sizes, originating from nearly every conceivable industry, seeking solutions to their specific security challenges and desired business outcomes. To help those issuing the RFP and the vendor on the receiving end, I’ve drawn up some simple guidelines to follow that will help your RFP process run smoothly.

Dissecting Buffer Overflow Attacks in MongoDB

Towards the end of 2020, a new vulnerability in MongoDB was found and published. The vulnerability affected almost all versions of MongoDB, up to v4.5.0, but was discussed and patched appropriately. The vulnerability, CVE-2020-7928, abuses a well-known component of MongoDB, known as the Handler, to carry out buffer overflow attacks by way of null-byte injections.

Pentagon Data Leak Shows the Danger an Insider Threat Presents

U.S. officials confirmed last week that a member of the military photographed and uploaded more than 50 classified documents to a Discord server and other social media sites, again reminding us of the danger insider threats can present to any organization. According to the Associated Press, a member of the U.S. Air National Guard was arrested last week in Massachusetts in connection with the leak.

How Advanced Continual Threat Hunting Takes MDR and Cybersecurity to the Next Level

When researching which managed detection and response (MDR) service provider to partner with, security professionals would do well to consider whether the provider also has experience with threat hunting, a topic we covered in a previous post. As with MDR, however, threat hunting offerings can vary dramatically, and an innovative, human-led form promises significant gains in terms of cyber protection: advanced continual threat hunting.

6 Tips Any CISO Can Use to Inform their Organization's Executives on Cybersecurity

A Chief Information Security Officer is a person who is always in a tough spot. Not only is a CISO responsible for the day-to-day safety of their organization, but they must be able to explain to the C-Suite what is going on from a cybersecurity perspective and do so in language that the other executives understand. After all, what a CISO has to say is all about protecting the business from threats to its computer system and reducing risk, items that need to be on every corporate management agenda.

Trustwave Announces Operational Technology Security Maturity Diagnostics

Trustwave has just launched OT Security Maturity Diagnostic, which is an assessment and advisory service centered on ensuring the security of industrial automation and control systems. OT Diagnostic by Trustwave is optimized to gain insight into an organization’s current state of OT security across people, processes, and technology.