Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Spotlight on Trustwave SpiderLabs, Part 1: Proactive Threat Intelligence

This two-part article will introduce and provide an overview of the SpiderLabs team at Trustwave dedicated to finding and analyzing new threats, helping clients detect, fight, and recover from security compromises, and helping the cybersecurity field with original research and intelligence. To get a deeper understanding of what Trustwave SpiderLabs does and how it works, we spoke to Mark Whitehead, Global Vice President, SpiderLabs Consulting, Ziv Mador, VP of Security Research, and Brian Hussey, VP of Cyber Threat Detection and Response.

Introducing SpiderLabs

Trustwave SpiderLabs has security researchers, ethical hackers, forensic security investigators, and incident responders across the world who look for the new threats, attack methods, nation-state actors and criminal hackers to know what kinds of current risk organizations face on a daily basis. “Trustwave SpiderLabs grew organically with only five people, starting in 2005”, recalls Ziv, “and now we’re 200+ experts with the most hands-on experience in cybersecurity.”

Aiding Trustwave clients with managed threat detection and response and proactive testing and response engagements, Trustwave SpiderLabs helps companies prevent, detect and recover from security compromises while also helping the security intelligence community at large. Trustwave SpiderLabs maintains a huge database of threat intelligence that's constantly evolving as the team takes in tens of millions of data points a week.

Threat intelligence - the research

On any given day, the Trustwave SpiderLabs team collects millions of security events, such as client events, antivirus events, events from intrusion detection and prevention systems, networks endpoints, database scanners, domain controllers, honeypots, and several other security products. These events are brought into the global network of Trustwave Security Operation Centers (SOCs), where they’re processed, parsed, identified, monitored and acted upon.

Effective monitoring of events from so many geographies and environments is possible due to the vast threat intelligence that Trustwave SpiderLabs maintains. The data ranges from malware samples, email threats, phishing attacks, business email compromise attacks (BEC), malicious codes, network threats, and web-based threats. But the team isn’t looking for only threats—they can also identify security issues within an organization like patch gaps, outdated or vulnerable software, access to databases and requests that don’t follow established policies, and other signs of poor security hygiene.

Trustwave SpiderLabs ethical hackers are also doing their own active research and testing new methods of attacks on different environments and software so they can pre-empt hackers, notify manufacturers, and get them patched before the vulnerability gets into the hands of any bad actors.

A specialized team also monitors the dark web, criminal forums, and hacker forums to learn about what kind of hacker tools are being developed, exploits that are being shared, how criminal hackers and hacker groups are advertising their services, how they’re using malware, and what companies they’re looking to target.

Taking it all together, the team is able to find new kinds of threats, behaviors, and trends that they can share with their clients and the cybersecurity intelligence community at large. Moreover, Trustwave SpiderLabs researchers use this knowledge for creating and updating detection rules for the different product lines, like our range of services for Managed Security, our Secure Email Gateway, Trustwave DbProtect, and various scanners.

Active defense – Penetration Testing, Purple teams and tabletop exercises

Trustwave SpiderLabs also has an extensive global team of expert penetration testers, also known as ethical hackers, that will conduct mock phishing and hacking attacks on a client’s environment. This helps ensure their defenses, processes and protocols are up to snuff and will also flag anything that might be out of compliance. For organizations that leverage applications, mobile, cloud resources or bring your own devices (BYOD) policies, Trustwave SpiderLabs knows how to test those with the mindset of an adversary looking to gain access to the most sensitive data. However, their pentesting goes further than just remote attacks.

The team will conduct advanced testing that simulates advanced persistent threats (APTs), attacks, continuously looking for weakness in digital footprints, and they’ll even fly out to a company’s headquarters to see if they can sniff out the building’s wi-fi, find their way in, and even conduct social engineering attacks .They also do those simulations working hand and hand with an organizations defenders to focus on weaknesses before the adversaries do in purple team exercises. Through all these engagements, Trustwave SpiderLabs’ goal is to improve digital resilience to a cyberattack.

To help clients prepare for a potential breach, they can also run what is called tabletop exercises - which simulates an organization’s behavior in the event of a breach leveraging some of the top expertise in digital forensics and investigations. Mark lists some of the questions that are asked:

  • Who will be on call if a breach happens?
  • What are the communication branches?
  • How will the breach be contained? Can it be fixed, patched, or isolated?
  • How quickly can an organization and security department mobilize?

This hands-on approach helps an organization go through the hypothetical motions of a security compromise and highlight any potential response gaps that a company wasn’t even aware of.

How Trustwave SpiderLabs uses threat intelligence

With all the research and information that’s gathered by Trustwave SpiderLabs, they’re able to use that to develop new tools, alert any manufacturers of potential vulnerabilities, share threat intelligence with the community, and also feed the info into the managed work that’s done with Trustwave clients.

Some of the research and real world tests conducted by Trustwave SpiderLabs is published on their blog, where they go over new kinds of attack methods, active attacks they’ve observed in the wild, and even information found in the dark web. The team is also responsible for the annual Trustwave Global Security Report, a data-driven research report that goes over the recent threats, behaviors, and trends organizations should be aware of.

In Part 2 of this article series, we’ll go over how the Trustwave SpiderLabs team works with Trustwave clients and works with the intelligence community.

Ready to see how Trustwave SpiderLabs can help protect your organization? Learn more about this elite group of researchers, penetration testers and incident responders today.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More