The Microsoft 365 E5 license gives users entitlements to numerous Microsoft Security products—so many, in fact, that as companies deploy the Microsoft Security suite, they may need a managed detection and response (MDR) service to get the most out of it. Enter Trustwave Managed Extended Detection and Response (MXDR) for Microsoft, an MDR service built specifically for Microsoft Security customers.

Over the years, several security defense architectures have merged into a single solution. Endpoint detection tools can perform sophisticated detections and correlations that used to require a Network Intrusion Detection System (NIDS), Web Proxy, and SIEM. Application Firewalls often provide features like Proxy, antivirus, and NIDS, and now we have Secure Access Service Edge (SASE), which promises to be the next multi-tool security solution. Let’s give SASE a closer look.

The recent cyberattack on Ascension Medical, Change Healthcare and several UK hospitals is a stark reminder of the vulnerabilities within the healthcare sector. The May 8, 2024, attack disrupted access to Electronic Health Records (EHR) for two weeks across Ascension's 140-hospital system, forced some hospitals to divert ambulances and rely on manual record-keeping, and has led to patient class-action lawsuits regarding potential data exposure.

Trustwave SpiderLabs has detected a sophisticated malware campaign that leverages the Windows search functionality embedded in HTML code to deploy malware. We found the threat actors utilizing a sophisticated understanding of system vulnerabilities and user behaviors. Let’s break down the HTML and the Windows search code to better understand their roles in the attack chain.

As businesses continue to rely on cloud services for all sorts of applications, computing, and storage services, each with its APIs, they dramatically increase their attack surface. It’s a situation that results in prime breeding grounds for cyber threats and, therefore, drives the need for managed detection and response (MDR) services. Consider the software-as-a-service (SaaS) market. It has grown steadily from a $31.4 billion market in 2015 to $232.3 billion in 2024, according to Techopedia.

Imagine being on shift as the guard of a fortress. Your job is to identify threats as they approach the perimeter. The more methods you have for detecting those threats, the better your chances of succeeding. A good security reporting framework works the same way and can help a security team develop the insights needed for an effective threat monitoring strategy.

In the dynamic world of cybersecurity, creating an effective offensive security program is paramount for organizations seeking to proactively identify and mitigate potential threats. An offensive security program encompasses a suite of strategic components designed to test and strengthen an organization's defenses. An effective offensive security program includes various components, such as penetration testing, red/purple teaming, managed vulnerability scanning, and bug bounty programs, to name a few.

Trustwave's just-released Microsoft Security-focused solutions are designed to bring clients greater security, resilience, and a higher return on their investment by helping optimize their Microsoft 365 enterprise plan. Let's drill down and see exactly how organizations will gain the most from the Microsoft 365 enterprise plan, (including E5 and G5) by partnering with Trustwave.

During a recent client investigation, Trustwave SpiderLabs found a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module. Our client had been searching for the Advanced IP Scanner tool online and inadvertently downloaded the compromised installer from a typo-squatted domain that appeared in their search results. Figure 1. Search results for Advanced IP Scanner may direct users to a malicious domain.

On May 20, 2024, Live Nation discovered and disclosed an unauthorized activity in its third-party cloud database environment, which was eventually identified to be Snowflake, in its SEC filing. The database contains information regarding the company, primarily from its Ticketmaster subsidiary. Following this filing and in the following days, analysts discovered multiple clients of Snowflake have had data posted on the Dark Web for sale.