14 Things Trustwave Did in 2014 That Should Excite You

2014 was another busy year for Trustwave. We spent countless hours protecting businesses worldwide from sophisticated threats and crippling data breaches. We also unveiled fresh security research and announced cutting-edge security services that help businesses stay ahead of the criminals and fill the in-house security resource gap that plagues businesses worldwide.

Here are some of our crowning achievements over the past year:

1. We were named a Leader for our Managed Security Services.

   In the latest Forrester Research evaluation of managed security services providers - "The Forrester Wave™: Managed Security Services: North America, Q4 2014" - Trustwave received the highest scores possible for services delivery capability, service-level agreements (SLAs), continuous monitoring capability, 2013 North American clients, as well as client and revenue growth for 2013. It also noted that Trustwave "customers were very positive and praised the company's responsiveness."

2. In a bold move, we guaranteed zero malware.

   Through our new "Zero Malware Guarantee" program, Trustwave guaranteed to detect and stop 100 percent of malware propagated over the web for businesses that use the Trustwave Managed Anti-Malware Service. The service, which went live in 2014, gives businesses the ability to address malware and zero-day vulnerabilities, as well as blended and advanced persistent threats, without having to worry about policy adjustments, fine-tuning and device management.

3. We offered expert testimony to Congress.

   Amid an outbreak of data breaches affecting well-known retailers, the House Committee on Energy and Commerce called on Trustwave Senior Vice President of Government Solutions and Special Investigations Phil J. Smith to offer testimony about how criminals launch their attacks, who they typically target and how businesses can better prepare for, protect against and respond to breaches.

4. We helped IT pros alleviate security pressures.

   As rapidly as data breaches are occurring, IT pros are racing to keep their organizations protected from them. Our 2014 Security Pressures Report highlighted security concerns that create the largest strains for these practitioners and offered recommendations to help alleviate those strains.

5. We were shortlisted as finalists for our products and customer service.

   As part of the 2014 SC Magazine Awards, we were named finalists for Best Customer Service for Trustwave Managed Security Services, Best Web Content Management Solution for Trustwave Secure Web Gateway, Best Web Application Firewall Solution for Trustwave Web Application Firewall, and Best Network Access Control Solution for Trustwave Network Access Control.

6. We helped businesses put security first.

   Starting Jan. 1, any business that stores, processes or transmits payment card data must use version 3.0 of the Payment Card Industry Data Security Standard (PCI DSS) to attest compliance. But PCI requirements merely are the ground floor for security. Through our managed security and compliance services, we have been helping businesses enhance their security first, so they inherently achieve and maintain compliance. We also announced a new alliance with First Data, the global leader in payment technology and services solutions. By joining forces, we are bringing a new level of information security to millions of small and mid-sized businesses.

7. We used real evidence to help companies better understand threats.

   Our 2014 Trustwave Global Security Report is a landmark compendium of compromise and threat statistics that we gathered from hundreds of data breach investigations conducted across the world and telemetry pulled from our award-winning technologies and global security operations centers.

8. We strengthened our security testing services.

   In March, we acquired Cenzic, a leader in application security testing. The acquisition united Cenzic's dynamic application security testing (DAST) technologies with our Trustwave cloud-based application, database and network penetration testing and scanning services to create one of the industry's broadest, integrated security testing platforms.

9. We identified common security deficiencies and offered advice.

   IT and security professionals worldwide participated in a global survey that asked them about their organization's susceptibility to risk. We compiled the 476 responses to create the 2014 State of Risk Report. The report identifies the most common points of deficiency across organizations and offers recommendations to remediate them.

10. We identified and analyzed the "Backoff" malware.

    In partnership with the U.S. Secret Service, our forensic investigators were the first to identify and name the Backoff malware that infected more than 1,000 businesses in North America. The malware targets point-of-sale systems by exploiting weak passwords on remote access software. Law enforcement officials informed our team about a retail breach and asked us to analyze and identify the malware. We found it to be a unique family, meaning researchers had never seen it before. Check out the U.S. Department of Homeland Security alert here.

11. We expanded our ethical hacking facilities and capabilities.

    To enhance our security testing capabilities, we created a physical lab in our Chicago headquarters to give our SpiderLabs testers more room to identify and remediate security weaknesses across networks, applications, databases and devices. Inside the lab, our team uses equipment to infiltrate technologies, such as ATMs, point-of-sale devices and surveillance systems. The goal is to conduct research, assist in forensic investigations and perform security testing for clients.

12. We helped you deal with the big three: Heartbleed, Shellshock 
    and POODLE.

    As the security community worked tirelessly to deploy patches for the zero-day vulnerabilities that shook the core of the internet, we built defenses into our products and educated businesses worldwide about steps they needed to take to stay protected. Security controls such as automated vulnerability scanning and penetration testing play an essential role in identifying and remediating these kinds of vulnerabilities.

13. Our technologies received international seals of approval.

    Trustwave Secure Web Gateway and Network Access Control achieved Common Criteria Validation. The internationally approved validation gives confirmation to government agencies and enterprises across at least 26 countries that our products, through independent evaluation, have met specific security standards.

14. We verified that employees still do not know enough about security.

    Which is your favorite password? Do you click on suspicious links in emails? Have you ever lost a phone with corporate information on it? In conjunction with National Cybersecurity Awareness Month, we hit the streets of Chicago to ask employees about their #securitysmarts. We used the responses in a weeklong video series to underscore how many employees are not security savvy - which is why it's critical employers have controls in place to protect their valuable information, in case a worker has a brain freeze.

So that's a snapshot of our year. Thank you to our customers for allowing us to do what we love in 2014. And here's to an even bigger and better year in 2015.

Robert J. McCullen is Chairman and CEO of Trustwave.