Trustwave blocks Web-borne malware - guaranteed, or your money back

Similar documents
With Cloud Defender, Alert Logic combines products to deliver outcome-based security

2012 North American Managed Security Service Providers Growth Leadership Award

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

Skyhigh looks down to see competition heating up in cloud-app control market

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!

Secure Your Mobile Workplace

INTRODUCING isheriff CLOUD SECURITY

Market Guide for Network Sandboxing

Zscaler Cloud Web Gateway Test

End-user Security Analytics Strengthens Protection with ArcSight

Braindumps QA

White Paper. Time for Integrated vs. Bolted-on IT Security. Cyphort Platform Architecture: Modular, Open and Flexible

Fighting Advanced Threats

How to Choose the Right Security Information and Event Management (SIEM) Solution

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

WildFire. Preparing for Modern Network Attacks

Symantec Endpoint Security Management Solutions Presentation and Demo for:

Threat landscape how are you getting attacked and what can you do better protect yourself and your e-commerce platform

McAfee Security Architectures for the Public Sector

KEYW uses acquired Sensage technology to form Hexis Cyber Solutions

W H I T E P A P E R A T r u s t e d S e c u r i t y P a r t n e r : A M u s t - H a v e i n T o d a y ' s T h r e a t L a n d s c a p e

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Critical Watch aims to reduce countermeasure deployment pain by doing it all for you

Smarter Security for Smarter Local Government. Craig Sargent, Solutions Specialist

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Market Share Leadership of the Year, Vulnerability Assessment Global, 2010

Bringing Continuous Security to the Global Enterprise

The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst

Why The Security You Bought Yesterday, Won t Save You Today

Sluggish Incident Response: Next-Generation Security Problems and Solutions

Cisco Advanced Malware Protection for Endpoints

Rethinking IT and IT Security Strategies in an Era of Advanced Attacks, Cloud and Consumerization

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Managing Web Security in an Increasingly Challenging Threat Landscape

How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform

McAfee Network Security Platform

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for

Check Point submitted the SWG Secure Web Gateway for

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

$ Drive awareness and increase participation. National account program. Flexible managed Security Solutions for hospitality

Combating a new generation of cybercriminal with in-depth security monitoring

ENABLING FAST RESPONSES THREAT MONITORING

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

Splunk expands operational intelligence to mobile apps with MINT

WhatWorks in Detecting and Blocking Advanced Threats:

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

IT Security Strategy and Priorities. Stefan Lager CTO Services

End to End Security do Endpoint ao Datacenter

Analysis of the Global Security Information and Event Management (SIEM) and Log Management (LM) Market All Information Becomes Actionable

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

overview Enterprise Security Solutions

Lab Testing Summary Report

Magic Quadrant for Global MSSPs

Top five strategies for combating modern threats Is anti-virus dead?

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

Trend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond

Integrating MSS, SEP and NGFW to catch targeted APTs

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

You ll learn about our roadmap across the Symantec and gateway security offerings.

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

Find the needle in the security haystack

Vulnerability Management

OVERVIEW. Enterprise Security Solutions

Unified Threat Management, Managed Security, and the Cloud Services Model

WEBSENSE TRITON SOLUTIONS

Content Security: Protect Your Network with Five Must-Haves

Cisco Advanced Malware Protection for Endpoints

Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS

Enterprise Buyer Guide

The top five enterprise mobility management vendors: product focus and financials

Trends in Zero-Day Kernel Exploits and Protection 2015

Secure Web Gateways Buyer s Guide >

Towards Threat Wisdom

Cisco Advanced Malware Protection

Payment Card Industry Data Security Standard

Ibrahim Yusuf Presales Engineer at Sophos Smartphones and BYOD: what are the risks and how do you manage them?

eguide: Designing a Continuous Response Architecture Disrupting the Threat: Identify, Respond, Contain & Recover in Seconds

High End Information Security Services

OVERVIEW. Enterprise Security Solutions

Next-Generation Firewalls: CEO, Miercom

Securing the endpoint and your data

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

Endpoint Security for DeltaV Systems

ISB13 Web security deployment options - which is really best for you? Duncan Mills, Piero DePaoli, Stuart Jones

IBM Security X-Force Threat Intelligence

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

Risk-based security buyer s guide:

Managed Security Monitoring Quick Guide 5/26/ EarthLink. Trademarks are property of their respective owners. All rights reserved.

VMware Integrated Partner Solutions for Networking and Security

HP officially launches Cloud Services key to its vision of hybrid IT service delivery

Security Services. 30 years of experience in IT business

Transcription:

Trustwave blocks Web-borne malware - guaranteed, or your money back Analyst: Adrian Sanabria 16 Jul, 2014 Today, Trustwave makes a bold announcement a zero malware guarantee. The anti-malware market has no lack of bold marketing, but most are based on comparisons with competitors. It is one thing to say product A is better at preventing malware than product B, and quite another to guarantee that malware will be stopped. The 451 Take Although a guarantee to 'detect and stop 100% of malware propagated over the Web' initially made us cringe, we now see this as a win/win situation for both the customer and Trustwave. The company is obviously confident in the product, and the cost of paying for failures seems to be small compared with the opportunity to further improve the product when those failures occur. Besides, a failure means an opportunity to advertise SpiderLabs' incident response services. Still, in an age where we're told that breaches and compromise are inevitable, the anti-malware industry could use some guarantees. Context Trustwave has been busy rounding out its offering with a total of 14 tech acquisitions since 2006. An additional two were primarily services-related acquisitions. Application security testing vendor Cenzic was acquired earlier this year, shortly after the acquisition of the confusingly named database security vendor Application Security Inc in November 2013. However, it hasn't just been turning around and selling this technology as managed services. The company has focused on developing a centralized back-end and user-facing portal to tie everything together. Copyright 2014 - The 451 Group 1

Long associated with its PCI consulting practice and payment card-related managed security service provider (MSSP) services, Trustwave has been working to break free of that mold. Its SpiderLabs research and services division, for example, has built a reputation for solid original security research. Trustwave's product offerings go far beyond what is required by PCI as well. In fact, it is one of few MSSPs that can deliver a wide range of fully owned, in-house-developed products rather than a white-labeled or 'bring your own' model. Trustwave filed for an IPO in 2011, but due to stock market uncertainty, postponed later in 2011 and finally withdrew in May of this year. The company didn't seem to be hurting for cash because it spent hundreds of millions in no fewer than four acquisitions between the IPO filing and retraction. Products The product attached to the guarantee is Trustwave's Secure Web Gateway (SWG). With surveys and studies showing that the bulk of malware focused on the Web as an attack vector, Trustwave has chosen to apply the guarantee specifically to this fully managed gateway service. The guarantee allows customers to make claims up to once a quarter. A SpiderLabs forensic team investigates, and if the malware is determined to have been missed by the SWG, the customer receives a free month taken off the subscription and doesn't pay for the forensic investigation. We see the guarantee as a win for both the customer and Trustwave. Trustwave is showing a great deal of confidence in the product, which is likely to inspire confidence in the customer as well. If it fails, the customer doesn't pay for the service or the investigation. Trustwave wins in that it's already set positive expectations should the product fail, and has an opportunity to demonstrate and advertise its forensic services. The results of the investigation can then be used to improve the efficacy of the product. In addition to the zero malware guarantee, this announcement also debuts a new SWG dashboard, allowing customers to drill down into each individual Web transaction (yes, every individual GET and POST) and alert. Accompanying the front end is a new big data back end to handle storage and analytics for the huge influx of data this service will produce. Technology The SWG is available as a fully managed on-premises appliance, or licensed software/appliance available in virtual or physical form, with a pre-built EC2 version of the virtual appliance also available. A multi-tenant cloud-based version of the proxy is on the roadmap, which will have Trustwave competing from a technical perspective with non-mssp offerings like that of Zscaler and Copyright 2014 - The 451 Group 2

Sophos. To be clear, only the physical on-premises appliance is currently available as a managed service. The virtual versions, whether on-premises or in the cloud, are available only as unmanaged services. In addition, the zero malware guarantee applies only to the managed version. At the heart of Trustwave's anti-malware offerings is its Global Threat Database, which consumes data from its own customers as well as third-party feeds, SpiderLabs and data from consulting services (e.g., incident response, penetration testing). An open API allows Trustwave products like SWG to consume this data, and also allows the company to customize the data and sell it as a variety of threat intelligence feeds. To back up the zero malware guarantee, Trustwave combines its threat intelligence data with a varied and layered approach to keep threats from getting through. In real time, the SWG scans for threats using static, dynamic and behavioral code analysis. As part of testing behavior, the SWG runs code in a headless browser running in a sandbox on the appliance. Although short of running the code in a full OS sandbox, the compromise is necessary to keep the service real time. Real-time blocking is an important aspect of the service because Trustwave contrasts this approach with the 'someone's got to be patient zero' approach of most network-based anti-malware sandboxes. In this product category, due to the time necessary to let executables run to determine malicious intent, real-time protection isn't possible. A virtual patching approach also allows the SWG to protect against known Web/browser-related vulnerabilities. In addition to all these approaches, commodified signature and heuristic techniques are used as well. If it is already known to be bad, this is (computationally) a low-cost method to stop threats. Architecturally, the SWG is a traditional forward proxy that is deployed on-premises as a physical or virtual appliance. If placed in a DMZ, off-premises laptops, tablets and smartphones can be funneled through the proxy, although we've spoken to enterprises with mixed results (mostly performance issues) with that approach. Trustwave deploys, installs, configures and maintains the appliance throughout its life. Although the TrustKeeper portal allows the customer to view all events and alerts, Trustwave's SOC will monitor for notable events and notify customers of issues as well. An EC2 version of the appliance is available for cloudy deployments. Competition The only other similar anti-malware guarantee we've seen is with Symantec's Norton Small Business security software suite, which is an endpoint anti-virus suite aimed at a different market. If an infection is found or suspected, Norton offers to remove it for free, and to refund the cost of the software if it can't. Copyright 2014 - The 451 Group 3

On the smaller scale, we see Trustwave's SWG and zero malware guarantee competing with not only other Web gateways from the likes of Blue Coat, Websense and Sophos, but also cloud-based gateways from the likes of Zscaler. On the larger scale, Trustwave is competing with the general anti-malware budget. We've yet to see any enterprises bold enough to remove anti-malware from the endpoint, so a secure Web gateway is always a complementary control to be purchased with whatever budget is left over after traditional anti-virus is paid for. We believe that it will be necessary in the long run for vendors to aim to supersede or replace traditional anti-malware products. This is partially because security budgets are finite, but mostly because we believe next-generation offerings will be capable of replacing traditional anti-virus in the near future. If this occurs, and the endpoint of the future is capable of adequately defending itself, network-based anti-malware offerings could become obsolete. The fact that Trustwave's product is fully managed hasn't escaped us. The competition in that market is considerably smaller, with Trustwave's primary advantage and differentiator being its broad set of integrated offerings and the TrustKeeper portal that ties it all together. Symantec, IBM, HP, Verizon, Dell SecureWorks, Alert Logic and AT&T are all competitors, although most don't appear to have offerings as tightly integrated or as comprehensive and only a few of them own and develop near 100% of what they offer. SWOT Analysis Strengths Weaknesses The campaign itself is a strength for Trustwave. Especially in the anti-malware space, we'd love to see products solid enough and companies bold enough to make similar guarantees. If it proves itself, this campaign could put Trustwave in the anti-malware spotlight in a very good way. The product addresses only a single attack vector. If we've learned anything about determined attackers, it's that they don't just stop when they fail when they try again, you can be sure they'll choose a weaker point to attack. Opportunities Threats If this campaign is successful, we hope to see Trustwave extend the approach and guarantee to products that cover other vectors and attack surfaces as well. If some next-generation anti-malware products are as effective and comprehensive as they claim, network-based approaches could become redundant in just a few years. Copyright 2014 - The 451 Group 4

Reproduced by permission of The 451 Group; 2014. This report was originally published within 451 Research's Market Insight Service. For additional information on 451 Research or to apply for trial access, go to: www.451research.com Copyright 2014 - The 451 Group 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information