Company-owned managed security technologies, in addition to more than 500 third-party technologies that Trustwave manages and monitors

Transcription

1 VENDOR PROFILE Trustwave: Solutions and Services for Security and Compliance Christina Richmond IDC OPINION Global Headquarters: 5 Speen Street Framingham, MA USA P F Trustwave is a privately held company that offers solutions delivered through cloudbased and managed security services (MSS) and integrated technologies, augmented by professional services. The company's services and technologies are positioned to help businesses of all sizes fight cybercrime, protect data, and reduce security risks. Trustwave's solutions have attracted more than 2 million businesses that are enrolled in the Trustwave TrustKeeper, the company's cloud and managed services platform. While the majority of these businesses are smaller merchants using Trustwave's SMB compliance tools, an increasing number are enterprises accessing TrustKeeper for MSS. The company's roots are in payment card industry (PCI) compliance and Trustwave claims more than one-third of the market share in the United States but the company has expanded beyond PCI compliance through acquisitions and the organic development of technology. Company strengths and key differentiators, that position Trustwave for continued growth worldwide include: A portfolio of advanced MSS, such as managed security information and event management (SIEM), secure Web gateway (SWG), Web application firewall (WAF), and managed security testing Company-owned managed security technologies, in addition to more than 500 third-party technologies that Trustwave manages and monitors An "intelligence at every level" framework that integrates Trustwave proprietary threat intelligence, from its SpiderLabs team into its MSS offerings and its global security operations centers (SOCs) The TrustKeeper portal, which gives businesses access to subscription-based offerings ranging from enterprise-grade MSS to compliance and security automation tools Vertical-specific managed services offerings for industries such as hotels, financial services companies, and franchises Trustwave's history as a pioneer in PCI compliance, which has helped Trustwave develop compliance and risk management services that help identify and resolve enterprise deficiencies Filing Information: December 2013, IDC #244994, Volume: 1 Security Services: Vendor Profile

2 IN THIS VENDOR PROFILE This IDC Vendor Profile analyzes Trustwave, which offers bundles of managed security services that are suitable for businesses ranging in size from small retail shops to Fortune 100 enterprises. Key success factors are reviewed, including go-tomarket strategy, security management platform, monitored/managed technologies, and MSS offerings. SITUATION OVERVIEW Company Overview Trustwave is a pure-play information security company that helps businesses validate compliance and augment their protection beyond Payment Card Industry Data Security Standard (PCI DSS) requirements. Trustwave's cloud and managed security services and integrated security technologies are augmented by the company's security assessors, ethical hackers, data breach investigators, and security researchers. Trustwave clients can purchase cloud-based, subscription services either directly or through partners. While most of the services and technologies are sold directly in the United States, the company sells internationally mostly through a network of channel partners. Customers can purchase technology solutions delivered as a managed security service, or they can engage the company with professional services, technology products, and systems integration services. Ongoing investments in MSS include new and enhanced offerings, global security operations centers, and acquisitions. Headquartered in Chicago, the company has regional headquarters in London, São Paulo (Brazil), and Sydney (Australia). In January 2013, the company opened its newest SOC in Manila, Philippines (see Table 1). 2 # IDC

3 TABLE 1 Trustwave Company Snapshot Category Target market Details Small, midsize, and large enterprises worldwide Founding year 1995 Number of employees 1,100+ Company headquarters Security operations centers (SOCs) Chicago, Illinois Denver, Colorado Chicago, Illinois Minneapolis, Minnesota Warsaw, Poland Manila, Philippines Web site Sales channels Direct, which accounts for most sales within the United States Indirect, which accounts for most sales internationally Revenue estimate $114 million (2012) in MSS revenue a subset of total company revenue Source: IDC, 2013 Financial Performance Trustwave is a privately held company that does not release financial information. However, the company states that its MSS business is growing at more than twice the industry rate. IDC estimates Trustwave's MSS revenue, a subset of overall company revenue, to be around $114 million for Customers and Contracts Trustwave supports more than 2 million businesses that are enrolled in the TrustKeeper cloud and managed security services platform, and it serves clients of all sizes, from multinational entities to single-location small businesses, in 96 countries. The company also has clients in verticals, including financial services, hospitality, franchise restaurants and hotels, hospitals and physician networks, and technology IDC #

4 Company Strategy Trustwave provides traditional managed services such as firewall/unified threat management (UTM), intrusion detection services/intrusion prevention system (IDS/IPS), and internal vulnerability scanning (IVS) and advanced services such as managed SIEM, SWG, WAF, and network access control (NAC). These advanced services are recent additions to the portfolio and include a new penetration testing offering. Trustwave infuses its services with threat intelligence from the company's SpiderLabs security team and external sources. Its MSS strategy is to offer services tailored to specific business types based on factors such as size, IT profile, and industry segment. The company's go-to-market plans are designed to capitalize on the following trends, which Trustwave believes are the key drivers of growth and adoption of MSS: Increasing number of new technologies within businesses as well as additional devices/platforms to secure (This trend is intensified by the increased use of social media, the cloud, and big data and growth in mobile devices and the bringyour-own-device [BYOD] phenomenon.) Controlling complexities related to day-to-day management, as well as mitigation of and response to advanced security threats Cost control, whether resulting from cuts in IT budgets or efforts to reduce operating expenses Shortage of IT resources and security skill sets Keeping pace with compliance regulations, both security controls for industry and government requirements Increased level of confidence in managing security through the cloud (As cloud solutions have evolved, many enterprises are becoming less apprehensive about working with outside security vendors.) Trustwave's go-to-market plans include several focal points: teaming with new customers, building relationships with existing customers, extending the partner network, enhancing the company's managed services portfolio, emphasizing flexibility and customer service, augmenting threat intelligence from internal and external sources, providing third-party product monitoring and management, supporting mandates and regulations beyond PCI, and focusing on vertical market offerings and international expansion. Current target markets include: Large and midmarket firms that are seeking to fully outsource their security services and/or that want to address the increase in advanced threats and cybercrime with threat intelligence 4 # IDC

5 Fortune 500 firms searching for hybrid solutions to supplement their in-house skills and resources with a shared responsibility model Midmarket firms with insufficient staff and resources to maintain an appropriate security posture Highly distributed environments including franchise-type businesses such as quick-service restaurants, hotels, and healthcare organizations (Typically, these businesses have inadequate information security skills to support remote locations.) Industry verticals, including financial services, manufacturing, retail, and utilities Services Delivered Trustwave's services are offered through cloud, customer premise equipment (CPE), and SaaS. The company supports integrations of threat intelligence, correlation, alerting, and remediation in the MSS portfolio with current and relevant attack signatures, vulnerability plug-ins, malware strains, and applied knowledge gleaned from its SpiderLabs research team as well as through proprietary and third-party sources, including penetration tests and forensic investigations. Threat intelligence is "woven into" its MSS, according to Trustwave, providing near-real-time protection from network, application, Web, and other threats. The company believes that "inline" controls, such as firewalls and intrusion prevention, are still best deployed via CPE and that other "out of band" technologies, including secure and file integrity monitoring (FIM), are better suited for the cloud. Trustwave powers its services with its own intellectual property, along with threat research and technologies. Additionally, Trustwave offers support for managing and monitoring a variety of third-party products deployed in customer environments. The company offers hybrid managed options for its managed services, especially for SIEM. Customers can opt to have Trustwave manage the health and status of a deployed SIEM appliance only or share in management support by providing supplementary log analysis services. Hybrid managed deployments are becoming more common, according to Trustwave, with SIEM hybrid managed services leading the way. The company also is seeing demand for hybrid WAF and NAC services. Trustwave provides MSS via a single monthly subscription fee that includes appliance hardware, software, and support costs. Trustwave's MSS portfolio includes: Authentication (AU) is an on-demand two-factor authentication solution. Compliance Validation Service (CVS) helps manage and monitor the overall compliance process and aids businesses in achieving compliance objectives IDC #

6 File Integrity Monitoring is a cloud-based solution that monitors OS and registry file data on Windows-based POS devices, laptops, desktops, and servers. Intrusion Prevention System is an asset-centric, enforcement technology that autotunes in real time to address vulnerabilities specific to the network complementing the firewall perimeter. Managed Security Information and Event Management solution collects, analyzes, and stores logs from networks, hosts, and critical applications. Managed Network Access Control provides full-feature NAC as a managed security service with proactive management, maintenance, and monitoring. Managed Security Testing is a subscription-based penetration testing service. Managed Secure Web Gateway addresses malware, zero-day vulnerabilities, and blended and advanced persistent threats (APTs). Secure service quarantines questionable traffic before it enters the network; protects confidential content via encryption; blocks spam, viruses, and malicious software; and inspects incoming and outgoing for inappropriate and unauthorized content. SpiderLabs Threat Intelligence includes daily feeds and quarterly summaries that supplement internal security expertise to improve an organization's ability to detect threats and prevent data breaches. Vulnerability Scanning Service enables an organization to meet compliance requirements while providing security, support, self-scan, and reporting capabilities. In more detail: External Vulnerability Scanning (EVS) is delivered via TrustKeeper Agent, a proprietary, automated vulnerability scanning engine within TrustKeeper, which tests for more than 3,000 unique vulnerabilities. Internal Vulnerability Scanning is a managed service delivered via a device or Trustwave Unified Threat Management that assesses and detects vulnerabilities across a company's internal network. Unified threat management is a managed service that provides security consolidated in a single piece of equipment that addresses security concerns and controls at the network perimeter. Web Application Firewall provides real-time, continuous security against attacks and data loss while maintaining compliance with industry regulations. Trustwave also offers optional fee-based consulting services specific to MSS support, called Trustwave Information Security Advisor consulting services. They help customers transition to a managed environment through scoping and implementation of services based on security gaps and the level of in-house information security expertise and support. 6 # IDC

7 In addition, Trustwave added new enterprise risk assessment services in 2013 that identify security gaps that managed services can address, provided a customer has the internal resources to support them (e.g., a mobile security assessment may suggest that NAC or SWG technology would control rogue access and malware in the environment). Platform/Technologies Trustwave's TrustKeeper portal/platform enables businesses to access subscriptionbased Trustwave offerings. The portal unifies the cloud and managed services developed by Trustwave's three business units: Compliance and Risk Management, Security Solutions/MSS, and Threat Intelligence and Research (aka SpiderLabs). The TrustKeeper portal offers customers a view into their events, alerts, and trends and provides self-service interaction with the SOC staff for change requests, ticketing, and other requests. Telephone support is available 24 x 7 in multiple languages, and the SOCs and staff are located to enable a follow-the-sun model. Over the past few years, Trustwave has increased the number of applications including some from acquisitions that can be accessed through the portal and expects to continue this effort. A standard operating system based on Linux called TrustOS and its TrustedSentry appliance provide standard platforms that promote integration and interoperability, as well as device and threat management from the SOCs. Trustwave's multitenant SIEM technology is used in Trustwave SOCs as a foundation for the company's MSS, providing data acquisition, normalization, correlation, analysis, and real-time reporting capabilities for vendors and open source data sources. Optionally, customers can employ log management appliances, designed for use with both MSS and licensed products, to extend their on-premise capabilities. Monitored/Managed Technologies In addition to delivering, monitoring, and managing its own set of security technologies, Trustwave also monitors more than 500 third-party devices and manages widely used third-party products. When bringing on a new client and throughout the relationship, Trustwave has a formalized process by which clients can request support and management for additional third-party products. Third-party device management gives Trustwave visibility and control (install, configure, monitor, correlate, analyze, etc.) for technologies from: Juniper NetScreen Fortinet Websense Sourcefire 2013 IDC #

8 Cisco Standards Trustwave supports the following standards: PCI DSS FFIEC GLBA HIPAA FISMA SOX NIST FIPS ISO 27001/2 With respect to security and threat intelligence capabilities, the company's support staff receives regular training and holds advanced certifications. The average staff member's tenure is 15 years. Partnerships Trustwave partners with a range of organizations, including global financial institutions, telecommunications companies, hosting providers, service providers, security integrators, and value-added resellers. The company supports its partners alliance, technology, and channel with specific programs to address each organization's needs and objectives through its portfolio. Geographic Coverage Trustwave operates in all major geographies worldwide, with customers in 96 countries. Operating with more than 1,100 employees, the company maintains a local presence in 26 countries. The company operates five SOCs in the cities of Chicago, Denver, Minneapolis, Manila (Philippines), and Warsaw (Poland). Additionally, the company says it has globally dispersed technical assistance, provisioning, and distribution centers. 8 # IDC

9 Mergers and Acquisitions Acquisitions include: Application Security Inc. (2013) for database and big data scanning technology, which is expected to augment MSS offerings SecureConnect (2013), which added MSS services for hospitality and retail verticals as well as customers operating in distributed environments (Trustwave also gained a SOC in Minneapolis through the acquisition.) M86 Security (2012) for advanced antimalware technology, secure Web gateway, secure gateway, and Web security (Trustwave has launched a managed SWG based on M86 technology.) Intellitactics (2010) for SIEM, which Trustwave uses both in its SOC and as a managed SIEM offering Breach Security (2010) for WAF and application security, which Trustwave uses for its managed WAF offering BitArmor (2010) for encryption Vericept (2009) for data loss prevention Mirage Networks (2009) for network access control, which Trustwave uses for its managed NAC offering FUTURE OUTLOOK IDC research indicates that MSS is growing at a double-digit growth rate of more than 10% in a five-year forecast period. IDC expects to publish its finalized forecast of this market by the end of 1Q14. Several factors are driving this trend: Increased complexity of security threats drives the need for a more holistic security posture. IT managers' knowledge that at a minimum in addition to a SOC they must have enhanced analytics, data consolidation, and global threat intelligence knowledge of advanced persistent threats and other adaptive, complex, and dynamic threats. 24 x 7 in-house security solutions are expensive, and expertise is scarce. In addition, IT managers know that they must have the correlation capability to keep the information of these threats flowing to critical areas of the organization. Budgetary pressures faced by chief information security officers (CISOs) can lead to "build versus buy" discussions. Engaging a security services provider can enable an organization to transfer the cost of ownership, thereby reducing capex and transferring the budget line item to opex. This step creates a predictable expense with a regular cadence in the budget cycle IDC #

10 The need for advanced security features leads companies to seek out a provider, such as Trustwave, that has enhanced security capabilities, with scalable and flexible security platforms capable of handling future expansion. And, like Trustwave, these providers often have research labs that study and monitor threat trends on a global basis, and the findings from these organizations are critical to helping enterprises deal with the latest threats. Correlation and analytics of data that comes from a large number of customers and sources enable a managed security services provider to have visibility into a large variety of threats on a global basis. Leveraging the scale and expertise of a service provider like Trustwave, therefore, can be beneficial to companies with geographically dispersed sites. ESSENTIAL GUIDANCE Advice for T r ustwave Trustwave has done a very good job of growing its MSS offering both organically and through acquisition. It continues to move its services both managed and professional up the stack to provide increased benefit to its customers. This year alone, Trustwave has invested in an additional SOC and added several advanced services. While market misperception has pigeonholed Trustwave into a PCIcompliance-only security services provider, the company has leveraged its knowledge and processes in the PCI arena to build out and provide compliance offerings across other regulatory standards as well. IDC believes that the hard work Trustwave has done will pay off in the coming years. There is a blessing and a curse of being one of the few remaining pure-play security services firms left standing. As this dynamic and disaggregated market consolidates, other larger firms will create significant competition for Trustwave. This could make Trustwave a significant acquisition, which may allow it to dictate its price when suitors come to call. All in all, IDC is impressed with the scale of Trustwave's offerings and looks forward to witnessing the company's future growth, in whatever form it may come to fruition. LEARN MORE Related Research Worldwide and U.S. Professional Security Services Forecast (IDC #241958, July 2013) 10 # IDC

11 Copyright Notice This IDC research document was published as part of an IDC continuous intelligence service, providing written research, analyst interactions, telebriefings, and conferences. Visit to learn more about IDC subscription and consulting services. To view a list of IDC offices worldwide, visit Please contact the IDC Hotline at , ext (or ) or sales@idc.com for information on applying the price of this document toward the purchase of an IDC service or for information on additional copies or Web rights. Copyright 2013 IDC. Reproduction is forbidden unless authorized. All rights reserved IDC #