Trustwave Holdings, Inc. is an American

cybersecurity Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and networks from thr ...

subsidiary of The Chertoff Group. It focuses on providing managed detection and response (MDR), managed security services (MSS), database security, and email security to organizations around the globe. With customers in 96 countries, it has its international headquarters in downtown

Chicago Chicago is the List of municipalities in Illinois, most populous city in the U.S. state of Illinois and in the Midwestern United States. With a population of 2,746,388, as of the 2020 United States census, 2020 census, it is the List of Unite ...

and regional offices in

London London is the Capital city, capital and List of urban areas in the United Kingdom, largest city of both England and the United Kingdom, with a population of in . London metropolitan area, Its wider metropolitan area is the largest in Wester ...

São Paulo São Paulo (; ; Portuguese for 'Paul the Apostle, Saint Paul') is the capital of the São Paulo (state), state of São Paulo, as well as the List of cities in Brazil by population, most populous city in Brazil, the List of largest cities in the ...

, and

Sydney Sydney is the capital city of the States and territories of Australia, state of New South Wales and the List of cities in Australia by population, most populous city in Australia. Located on Australia's east coast, the metropolis surrounds Syd ...

. The company also operates Security Operations Centers in

Denver Denver ( ) is a List of municipalities in Colorado#Consolidated city and county, consolidated city and county, the List of capitals in the United States, capital and List of municipalities in Colorado, most populous city of the U.S. state of ...

Manila Manila, officially the City of Manila, is the Capital of the Philippines, capital and second-most populous city of the Philippines after Quezon City, with a population of 1,846,513 people in 2020. Located on the eastern shore of Manila Bay on ...

Minneapolis Minneapolis is a city in Hennepin County, Minnesota, United States, and its county seat. With a population of 429,954 as of the 2020 United States census, 2020 census, it is the state's List of cities in Minnesota, most populous city. Locat ...

Singapore Singapore, officially the Republic of Singapore, is an island country and city-state in Southeast Asia. The country's territory comprises one main island, 63 satellite islands and islets, and one outlying islet. It is about one degree ...

Tokyo Tokyo, officially the Tokyo Metropolis, is the capital of Japan, capital and List of cities in Japan, most populous city in Japan. With a population of over 14 million in the city proper in 2023, it is List of largest cities, one of the most ...

Warsaw Warsaw, officially the Capital City of Warsaw, is the capital and List of cities and towns in Poland, largest city of Poland. The metropolis stands on the Vistula, River Vistula in east-central Poland. Its population is officially estimated at ...

, and

Waterloo, Ontario Waterloo is a city in the Canadian province of Ontario. It is one of three cities in the Regional Municipality of Waterloo (formerly Waterloo County, Ontario, Waterloo County). Waterloo is situated about west-southwest of Toronto, but it is n ...

. As of 2015, the company was a standalone business unit

independent subsidiary and brand of multinational telecommunications company

Singtel Singapore Telecommunications Limited, trading as Singtel, is a Singaporean telecommunications conglomerate, the country's principal fixed-line operator and one of the four major mobile network operators operating in the country. Overview T ...

. In January 2024, it was announced that The Chertoff Group had completed its acquisition of the firm for $205 million.

History

In April 2011, Trustwave Holdings filed for its

IPO An initial public offering (IPO) or stock launch is a public offering in which shares of a company are sold to institutional investors and usually also to retail (individual) investors. An IPO is typically underwritten by one or more investment ...

, though it never completed the process. In May 2014, Trustwave withdrew its application, citing unfavorable market conditions. Trustwave's website says the company has more than 1,600 employees. In February 2014, Trustwave SVP Phillip. J. Smith offered expert testimony related to data breaches and malware as part of a Congressional hearing for The House Committee on Energy and Commerce. In his prepared testimony, he presented observations based on the company's experience investigating thousands of data breaches, ongoing malware and security research and other forms of threat intelligence. On April 8, 2015 (SGT), Singapore Telecommunications Ltd (

) announced it had entered into a definitive agreement to acquire Trustwave Holdings, Inc. for a fee of $810 million—Singtel with a 98% stake in the company leaving 2% with Trustwave's CEO and President. According to media reports and Singtel filings on the Singapore Exchange, the enterprise value of Trustwave at the time of the deal was $850 million. In October 2021, Trustwave sold its PCI compliance business to cybersecurity firm Sysnet for $80 million. The sale gave Trustwave the ability to invest more in its core capabilities of managed detection and response (MDR) and managed security services (MSS), according to research firm IDC.

Significant Discoveries

In 2013 and again in 2014 Trustwave SpiderLabs did an analysis of primary Pony botnet controllers. The results of the analysis found that the botnets had gathered more than two million passwords and credentials for accounts on ADP payroll, Facebook, Twitter, Yahoo and more, and over US $220,000 in crypto-currency like Bitcoin. In June 2020, Trustwave SpiderLabs discovered a new malware family, which they named GoldenSpy, embedded in tax payment software that a Chinese bank requires corporations to install to conduct business operations in China. Trustwave said it was uncertain whether the malware was embedded in all of the tax software or if it was deployed against specific targets. The FBI sent a subsequent warning about this malware threat to companies in healthcare, chemical, and finance industries. Leading up to the 2020 U.S. presidential election, Trustwave SpiderLabs found a hacker selling info on 186 million U.S. voters during its Dark Web and cybercriminal forum research. Trustwave turned this information over to the FBI. In February 2021, Trustwave SpiderLabs discovered two "severe" vulnerabilities in

SolarWinds SolarWinds Corporation is an American company that develops software for businesses to help manage their networks, systems, and information technology infrastructure. It is headquartered in Austin, Texas, with sales and product development offi ...

Orion. One of the flaws could’ve allowed a hacker to gain complete remote control of a targeted SolarWinds system. Patches were released January 25 and customers of SolarWinds were urged to patch immediately.

Criticism

Trustwave operates an X.509

certificate authority In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Thi ...

("CA") which is used as the top level of trust by many web browsers, operating systems, and other applications (a "trusted root CA"). In 2011, Trustwave sold a certificate for a subordinate CA which allowed a customer to present SSL certificates identifying as arbitrary entities, in a similar mechanism to a "

Man in the Middle Attack In cryptography and computer security, a man-in-the-middle (MITM) attack, or on-path attack, is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communi ...

". This type of action is similar to the practice of running an SSL proxy on a corporate network, though in this case a public subordinate CA (valid anywhere) was used instead of an internal corporate-generated domain CA (valid only for machines that accept it as part of organizational policy), making the risk of abuse much higher. In March 2014, Trustwave was named in a lawsuit filed by Trustmark National Bank and Green Bank N.A. The lawsuit alleges that Trustwave failed to provide the promised level of security to

Target Target may refer to: Warfare and shooting * Shooting target, used in marksmanship training and various shooting sports ** Bullseye (target), the goal one for which one aims in many of these sports ** Aiming point, in field artille ...

, and for failing to meet industry security standards. In April 2014, a notice of dismissal was filed by both plaintiffs, effectively withdrawing their earlier allegations.

References

External links

* {{Official website, http://www.trustwave.com Companies based in Chicago Computer security software companies Networking companies Server appliance 2024 mergers and acquisitions