This past year was an eventful one for Trustwave - as it was for the entire information security industry. As data breaches rolled on, malware advanced and compliance requirements stiffened, Trustwave responded with updated products and services, stronger-than-ever intelligence and expertise, and unwavering curiosity.
Below is a list of some of our proudest accomplishments during this past year, starting with the most recent. This assortment of successes ranges from the wacky and wild - hacking reporters and "smart" technologies to showcase important vulnerabilities - to achievements that had immediate and far-reaching effects - discovering millions of passwords on a criminal web server - to the actionable: launching cutting-edge products and services that keep your business better protected from harm and more compliant with requirements every single day.
1. We found a server containing two million credentials - Our researchers discovered a criminally operated server that contained two million usernames and passwords for popular websites such as Facebook, Twitter, LinkedIn, Yahoo and Google. The credentials were stolen thanks to malware known as Pony.
2. We got inducted into an "Innovation" Hall of Fame - SC Magazine named us a 2013 Hall of Fame Industry Innovator for our Trustwave Secure Web Gateway technology. We also were named finalists for the 2014 SC Magazine Awards for Best Customer Service, Best Network Access Control, Best Web Application Firewall and Best Web Content Management Solution for Trustwave Secure Web Gateway. The winners will be announced in February during a ceremony coinciding with the RSA Conference.
3. We double-downed on Managed Security Services - To help alleviate pressures businesses face regarding staff and skills shortages, budget constraints, more complex threats, new technologies (i.e. BYOD) and an increasing amount of data flowing through their networks and applications, Trustwave launched a new suite of Managed Security Services. The suite includes Trustwave Managed SIEM, Managed Secure Web Gateway, Managed Web Application Firewall and Managed Email Security.
4. We acquired Application Security Inc. and SecureConnect - We made two important acquisitions this year - acquiring Application Security Inc., a leading provider of database security products, and SecureConnect, a leading managed security services provider in the franchise and hospitality industries. The acquisitions extend and enhance our capabilities in protecting information from all standpoints - network, mobile, applications and databases - and across all industries - franchises, hospitality, financial institutions, retail and more. Welcome to the family!
5. We hacked a reporter - Pandodaily editor Adam Penenberg asked our SpiderLabs research team to hack him because he was curious just how easy it is to erode someone's privacy in the digital era. In just a few weeks, after camping out near his apartment in Brooklyn, N.Y., our researchers were able to remotely gain access to Penenberg's bank account, W-2 information, Amazon account, Twitter account and other personal information. Although this project specifically focused on an individual, businesses also hire us to do these types of ethical hacks to identify weaknesses in their security and help fix them.
6. We gave you the FYI on PCI - Through various news stories and blog posts written by our risk and compliance experts, we provided fresh insight regarding the updated PCI DSS 3.0 standard, how you should tackle the new requirements and what's lacking.
7. We launched Managed Security Testing - In October, we launched our new subscription-based, penetration testing service that can more efficiently and regularly identify security weaknesses within networks and applications. Organizations can schedule, manage and adjust penetration tests based on their business priorities and security needs by using our cloud-based portal, Trustwave TrustKeeper.
8. We showed how "smart" technologies are not that smart - At Black Hat USA in Las Vegas over the summer, Trustwave researchers Daniel Crowley and David Bryan demonstrated how they hacked into "smart" automation technologies in a matter of minutes. By exploiting security vulnerabilities in these kinds of products, Crowley and Bryan were able to control door locks, lights, cameras and other devices through a few simple clicks on a laptop.
9. We launched a Mobile Security Practice - In 2013, businesses everywhere saw a continued boom in employees using their mobile devices in the workplace. To help them embrace BYOD and mobility in general, we announced the Trustwave Mobile Security Practice. It includes enterprise mobility assessments, "self-sealing" network protection and comprehensive penetration testing specifically for mobile.
10. We opened new Security Operations Centers - To support the growth of our Managed Security Services in the Asia-Pacific region, we opened a security operations center (SOC) in Manila, the capital of the Philippines. The center not only supports clients who are headquartered in Asia Pacific, but also large, multinational businesses with operations in the region. We also added a new SOC in Minneapolis through our SecureConnect acquisition. Trustwave now operates five SOCs worldwide - in Chicago, Denver, Minneapolis, Manila and Warsaw, Poland.
11. We released our annual Trustwave Global Security Report - We compiled data from global data breach investigations, penetration tests, network and vulnerability scans, and a whole lot more to produce a fascinating, 78-page industry close-up of statistics and trends. This landmark report not only helps security pros better understand where to focus their attention, but also makes IT threats and weaknesses understandable to the layperson. Among the findings: Retail was the most targeted industry in 2012, mobile malware exploded by 400 percent and businesses took an average of 210 days to detect an attack.
12. We took ethical hacking to new heights - Last but not least, Trustwave researcher Ryan Jones brought the term "ethical hacking" front and center after describing how he dresses in various costumes to break into businesses (with permission, of course) and gain access to their valuable information. Jones is part of our ethical hacking team that is hired by businesses to simulate real-life attacks to identify and help remediate security weaknesses, before it's too late.
So that's a snapshot of our year. Thank you to our customers for allowing us to do what we love in 2013. And here's to even bigger and better in 2014.