SpiderLabs is among the most well-respected teams in the cybersecurity industry, having gained a reputation for conducting cutting-edge research, plying the foggy corners of the darkweb for information, and detecting and hunting down threats.
What is less well known is how Trustwave’s SpiderLabs’ various teams’ function and then pull together to create the formidable force that is the backbone of all of Trustwave’s offerings.
With this article, Trustwave is kicking off a blog series that will take deep dives into each of the SpiderLabs teams, discuss exactly what each is responsible for, some of their more notable achievements, and how they work to keep our clients safe.
But first a quick overview.
Trustwave SpiderLabs Basic Structure
SpiderLabs is comprised of four primary teams, Security Research, Security Testing, Threat Hunting and Digital Forensics and Incident Response. Each is tasked with a specific set of goals and all work to support Trustwave’s world-class product line-up.
Security Research – This team has dozens of security experts who collect, analyze, and share intelligence from multiple sources, such as the darkweb and open-source intel. The team makes Trustwave services and products more effective by analyzing recent attacks, threats, and vulnerabilities, and then creating update detection rules across our solutions.
The team also attempts to help the broader cybersecurity community by discovering and then alerting organizations of vulnerabilities in their products so they can be quickly mitigated. This information is dispersed through publishing more than 50 blogs and advisories per year.
50+ security blogs and advisories published annually
Dozens of vendor product vulnerabilities discovered annually
Innovative machine learning tactics for inspecting web content and the Trustwave MailMarshal product to identify malicious email threats
Contributors to the cyber security industry with new tools (Responder, SocialMapper, CrackQ, etc.) and additions to the MITRE and ATT&CK frameworks
Security Testing – These SpiderLabs members ensure clients are safe, that there are no threats residing inside their systems, and that they are prepared to defend themselves in the event of an attack.
These team members spend their days scanning client environments to identify known vulnerabilities and attempting to expose any weaknesses by proving they can be exploited. This team also has a proactive role and can conduct simulated attacks to test defenses.
Conversely, they can take on the role of defender and conduct simulated defense scenarios to thwart simulated attacks.
Finally, with all of this information gathered, the security testers can provide advice on how a client can properly defend itself.
Threat Hunting – This SpiderLabs team’s activities reflect its name by proactively searching for and finding threats and vulnerabilities before they can cause a problem.
Threat hunters conduct recurring strategic hunts against a specific threat for subscribed clients and in other cases set up and run one-time strategic hunts per a client request.
In both cases, they are able to identify active adversaries ‘living’ in environments and discover unknown vulnerabilities that if left unchecked, can put clients at risk of compromise.
Digital Forensics and Incident Response (DFIR) – These team members are Trustwave’s first responders. DFIR is on call 24x7 for retainer-based clients or can be brought in by an organization that has been struck by a cyber incident.
DFIR members are trained for rapid engagement for emergency breaches for any company, capable of identifying the source of the breach and the extent of the damage and starting the process of mitigation and recovery.
DFIR also holds proactive consulting and preparedness training for clients, so they are ready to handle an emergency.
In the coming weeks leadership from each SpiderLabs team will break down their team’s activity, big wins and how each is integral to helping Trustwave ensure the cyber safety of its clients.
8 Reasons to use a Programmatic Approach to Penetration Testing
One of the essentials of your security defenses should be an organized and programmatic approach to penetration testing.