• SL-Logo-White

    With insight gathered from our advanced security research, penetration testing and incident response investigations, Trustwave's elite security team, SpiderLabs®, understands how attackers think and operate. We apply our deep, specialized knowledge to every customer engagement and use that intelligence to fuel our managed security services and technologies.

Overview

  • Businesses worldwide depend on the global SpiderLabs team at Trustwave to keep them ahead of the latest security threats.

    Our security breach investigations, malware reverse-engineering projects, millions of scans, thousands of penetration tests, leadership of open-source security projects and contributions to the security community have established Trustwave SpiderLabs as world-renowned experts on the past, present and future of security.

    The SpiderLabs team at Trustwave includes security and penetration testers, incident responders, forensic investigators, malware reversers, security researchers, published authors and sought-after speakers.

    GSR-Cover-Spread-2016

    Trustwave Global Security Report

    Read the annual reports, based on Trustwave SpiderLabs' threat intelligence, research and investigations.

  • icon-circle-white-user

    150+

    specialized security experts

    icon-circle-white-glass

    9 Million

    web application attacks researched

    icon-circle-white-wall

    2,500+

    penetration tests each year

  • Trustwave SpiderLabs is known for:

    icon-gray-check

    Incident readiness and data breach forensic investigations

    icon-gray-check

    Threat intelligence that fuels industry-leading managed security services and technologies

    icon-gray-check

    Innovative security research and major threat discoveries

    icon-gray-check

    Contributions to the community including our annual Global Security Report, the SpiderLabs blog and the open-source ModSecurity web application firewall.


How We Work

  • Intelligent adversaries, on your side

    Our experts have extensive experience using tools and techniques that rival the ingenuity of today’s advanced attackers and their methods allowing us to replicate the types of attacks your business needs to defend itself against. Our continual, impassioned research and experience investigating real world attacks allow us to anticipate tomorrow's threats. We apply those insights to Trustwave services to enable proactive threat and vulnerability management for our customers. Our security testing unearths exactly how adversaries think and act, allowing us to demonstrate how an attacker gains unauthorized access to your businesses' sensitive systems and data, so you know exactly where to focus your investment and time in protecting against actual intrusions.

    SL-Photo-11
  • SL-Photo-5
    SL-Photo-6
    SL-Photo-7
    SL-Photo-8

    Our forensics team investigates data breaches

    Responding to a data-loss incident quickly and in an organized manner is paramount in containing a breach, limiting exposure, stemming losses and preserving evidence. The costs of such an incident include not only lost data and potential fines but also brand damage and embarrassment, plus time and resources spent cleaning up the mess. Our forensic investigators determine the root cause of breaches and properly collect, handle and maintain the chain-of-custody of evidence to support litigation should you choose to pursue it. And like we have for countless other businesses, we can help you respond efficiently to manage the ramifications of a data compromise. Our expert investigators are also available to lend their expertise in training your staff to react accordingly to a security breach.

    We help you fortify your applications and products

    Close to four out of five IT professionals admit to being pressured to roll out insecure projects, including applications and new products. You probably understand the risks inherent in going to market with a potentially vulnerable product. You want to be proactive to protect not only your organization but also your customers and partners. Our range of security testing and review services make sure you’ve done your due diligence wherever you might be in the product development lifecycle.

  • Innovative research is at our core

    Our world-renowned security research team studies attackers’ latest techniques to better understand both what’s happening now and what methods and vectors will challenge businesses next. The team makes Trustwave services and products more effective by analyzing recent attacks, threats and vulnerabilities, and then creating update detection rules for dozens of Trustwave solutions. In addition to their daily duties investigating malware, web clients and servers, email, databases, applications and major vulnerabilities, our researchers are sought-after speakers, trusted media sources, published authors and leaders of major industry projects.

    SL-Photo-1
  • Threat intelligence powers our services

    Enhanced by our applied research and experiences from the field, Trustwave’s large, global client footprint offers us unmatched visibility into security threats. We gain key insights from our analysis of hundreds of data breach investigations, threat intelligence from our global security operations centers, telemetry from security technologies and industry-leading security research. Finally, we make Trustwave managed services more effective by feeding them with our proprietary threat intelligence.

    SL-Photo-2
  • SL-Photo-3

    Our experts are yours

    Trustwave offers you access to our personal information security advisors, serving as your one-on-one contacts to keep your business safer and help ensure that you have the services, technologies and tools you need to meet your future business goals. For example, maybe you don't have the resources to build an internal security testing team for all of your applications, databases and networks. Trustwave augments your internal security resources by providing a combination of tools-based testing with the expertise of the industry’s top penetration testers to provide a range of options to identify vulnerabilities so you can better manage them.

  • SL-Photo-9
    SL-Photo-10

    We hire top talent

    Our SpiderLabs experts are distributed across ten countries and include security and penetration testers, incident responders, forensic investigators, malware reverse-engineers, security researchers, published authors and sought-after speakers with an average of more than a dozen years in the business. We recruit and hire top members of the community who speak regularly at industry events such as Black Hat and DefCon and make pivotal contributions to the information security community. If you’re interested in working at Trustwave SpiderLabs, check out our careers page. We are always on the hunt for the top talent of today and the rock stars of the future.

  • SL-Photo-4

    We offer insightful stats and analysis

    Based on our proprietary threat intelligence and insights from our data breach investigations, the annual Trustwave Global Security Report reveals information about, what information attackers want and how they obtain it. SpiderLabs offers this free resource full of insightful stats and threat trends, as well as actionable advice to help businesses improve their security programs. We also feature novel research, attack and penetration techniques, and trend analysis on the SpiderLabs blog, and our findings are regularly featured in major media outlets worldwide.

    We lead security community projects

    Trustwave is the primary custodian of the open-source ModSecurity web application firewall, the most widely deployed in the world. We’re committed to supporting ModSecurity and its diverse and widespread user base. Our team also contributes to and develops community-revered tools, such as those hosted at our GitHub project page, the OWASP ModSecurity Core Rule Set project and the OWASP Web Application Security Consortium Web Hacking Incident Database (WHID) project.

Services

    • Managed security services for scanning, testing and remediation of vulnerabilities.

      • Find, fix and remediate
      • Spanning applications, databases and networks
      • Mix automated scanning with expert testing
      • For mission-critical systems on down
    • Offensive security testing delivered on time, on budget, on demand.

      • Flexible testing options
      • Clearly-defined pricing and testing tiers
      • Delivered by SpiderLabs penetration testers
    • Preparation for data breaches and response to compromises if they occur.

      • Simulated exercises
      • Forensic data acquisition and analysis
      • Malware reverse engineering
      • Containment and remediation

Resources

  • Documents


  • SpiderLabs Blog

    Steganography... what is that?

    When people think about Information Security the first word that generally comes mind is "Hacking", but there are many disciplines in security and one of them is called "Steganography", an offshoot of encryption and "data hiding". The word "steganography" can...

    Necurs – the Heavyweight Malware Spammer

    Today we want to dwell upon a pesky botnet that goes by the name of Necurs, and in particular its spamming activities. The botnet has been responsible for a massive amount of malware distributed via spam over the last 18...

    TrustKeeper Scan Engine Update for September 09, 2016

    Summary The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy! New Vulnerability Test Highlights Some of the more interesting vulnerability tests we added...

    Microsoft Patch Tuesday, September 2016

    September's Patch Tuesday is upon us and it's the biggest one so far this year. While past months have been relatively light, September has nearly twice as many vulnerabilities patched compared to August. All told September contains 14 bulletins patching...

    Trustwave Web Application Firewall Signature Update 4.43 Now Available

    We've just released a new version (4.43) of Corsigs for users of Trustwave Web Application Firewall (WAF) version 7.0. These new rules help protect users' web applications against malicious traffic targeting the vulnerabilities listed below. Release Summary ImageMagick Remote Code...