In a Nutshell: Cybercrime and information security breaches are increasing at alarming rates, and the FBI estimates losses each year run into the trillions of dollars. Working to slow this trend is Trustwave, a cybersecurity solutions and managed security services provider that specializes in the monitoring, assessment, analysis, and mitigation of information security threats to data, including sensitive financial information. The SpiderLabs team within Trustwave is an elite group of specialized security experts working to protect sensitive information like that found at banks and other financial institutions. Trustwave and the SpiderLabs team use advanced tools and techniques to track down malicious activity before it can impact us.
Have you ever wondered why superhero movies are always such blockbuster hits?
Maybe it’s the epic battle between good and evil, where the archvillain nearly wins, but our hero ultimately prevails. Think Superman and Lex Luthor, Spiderman and the Green Goblin, Batman and the Joker. We have to believe that good will triumph over evil because there’s so much at stake if it doesn’t.
If the fight to protect your personal financial information seems like a big-screen superhero battle, you’re not far off the mark. The villains in this epic struggle are ruthless and determined cybercriminals with access to greater resources than ever before. And, to triumph over this growing threat, we need the help of some real-life superheroes. That’s where Trustwave comes in.
Trustwave helps businesses, including financial institutions, protect sensitive data and prevcent identity theft. As a full-service data protection and threat management firm, Trustwave is one of the leading information security firms in the world. Its cybersecurity experts are up against cybercriminals every day and fight the good fight to protect the sensitive financial information that’s so crucial to our way of life.
The FBI estimates that each year the financial losses from cybertheft run into the trillions of dollars, with predictions they will top $6 trillion by 2021. Cybercrime, which includes identity theft, online credit card fraud, ransomware attacks, and the theft of personal financial data, is on the rise and becoming more sophisticated.
Among the more than 1,500 cybersecurity professionals at Trustwave is an elite group of specialized security experts called the SpiderLabs team. Now, doesn’t that sound like something straight out of the latest Marvel film? SpiderLabs’ information security experts are at the leading edge of cybercrime deterrence, data protection, threat analysis, and incident response.
Shawn Kanady is Principal Security Consultant for SpiderLabs at Trustwave. We recently had a conversation with him about just how Trustwave and the SpiderLabs team goes about protecting sensitive data, including data at financial institutions.
“When companies get breached, they call us and we get started doing a full analysis of systems, incident response investigation, and forensic investigation of the breach,” Kanady said. “A small- to medium-sized company will often have an IT staff, but they may not have the security expertise on hand. That’s where we come in.”
Network Security Requires Constant Evolution
To understand how sensitive data and personal information can be compromised, it’s important to know how this information is stored. A company may have data stored in various locations all around the country, and even in other locations around the world.
All of the systems where this information is stored are connected by a secure network. If cybercriminals can infiltrate that network at any point, they could gain access to protected data.
The amount of personal information is growing leading to larger data storage systems, both of which create an increasing number of entry points for attackers to exploit. As these networks evolve and grow, so must the methods for protecting them. Trustwave has built a world-renowned reputation for helping businesses overcome their security challenges.
“The first step is to do an assessment of a company’s systems and the critical data,” Kanady said. “That means understanding what and where the data is and classifying it. We ask, ‘What are the open vulnerabilities to this data?’ and ‘What can an attacker leverage to gain access to that data?’”
Identifying and mitigating risks to personal financial data helps reduce the chances of it being compromised or stolen. Trustwave and the SpiderLabs security team are experts at this type of threat management. They understand the techniques used by hackers to exploit network vulnerabilities and maintain an active repository of these threats.
“Within Trustwave, we have our research team and reverse engineers — the guys who are constantly taking what’s learned in the field and using it to make our response to these threats better,” Kanady said. “Furthermore, we compile this information and provide it to the community of security experts out there.”
Financial Firms are Key Targets for Cyberthieves
Because cybercriminals are often after information they can sell or use for economic gain, banks and financial institutions are particularly at risk. The juiciest targets are those that can provide sensitive personal information and credit card data from consumers like us. Trustwave helps enhance the existing security of financial institutions by monitoring, assessing, and analyzing the state of their data security.
“Any place that has personal financial information and card data is going to be a heavy target,” Kanady said. “The cyberthieves are mostly financially driven, and many are tied to organized crime. These people run their criminal enterprises like Fortune 500 companies.”
Banks and other financial services companies have varying degrees of protection for their systems. One of the ways Trustwave helps to enhance security at these firms is with its Managed Security Services offering. This involves monitoring a company’s network 24/7, and not only to detect for intrusions, but also to test for vulnerabilities and compliance with security best practices.
“As a part of our Managed Security offering, we perform incident readiness services, helping companies prepare their incident response policies and procedures,” Kanady said. “We also do simulation testing, where we simulate an actual breach, testing the response of the in-house team.”
It’s this high degree of proactive network security protection that has earned Trustwave yet another Gartner Magic Quadrant recognition, this time in the Leaders Quadrant for Managed Security Services, Worldwide. This prestigious placement recognizes Trustwave’s ability to protect, detect, and remediate threats to a company’s network security.
How Trustwave Stays One Step Ahead of the Bad Guys
Preventing and protecting against network intrusions isn’t the only way Trustwave helps to ensure financial data is secure. Using so-called “white hat,” or ethical, hacking practices, Trustwave security experts also monitor and, when necessary, communicate with hackers and others who would try to steal data.
By keeping their true identities hidden, the good guys at Trustwave can gain important knowledge about how criminals are infiltrating systems. They can also monitor credit card and other personal information that is offered for sale through dark web markets.
“We do monitor the dark web; it’s how we stay on top of what’s out there, how much the data is worth, where it’s going, things like that,” Kanady said. “When an incident occurs, we’re looking at and monitoring the dark markets, looking for that data, and trying to see what’s out there in terms of breached data for sale.”
In this way, Trustwave is able to stay up to date on what data has been stolen, and the techniques used to obtain it. Fighting cybercriminals by using their own techniques and ploys feels a little like poetic justice — it’s like beating them at their own game. And if that sounds a little bit like the superheroes overcoming the odds and defeating the villains, well, we’re not going to discourage that image at all.