Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

The Human Side of MDR – What Does an Information Security Advisor (ISA) Do?

The daily work of an Information Security Advisors (ISA) at Trustwave is as diverse as our client base. I recently spoke with two of our leading advisors on the Pacific team to learn more about what they do for our clients.

A couple of the most common questions clients ask this team are: “How safe am I?” “Are we protected?” and “Do I need to be better protected?”

The primary role of an ISA is to help clients optimize the use of Trustwave managed security services, understand how a threat may impact their organization, ensure their readiness for both industry and platform threats, and to connect them with further experts at Trustwave should they require specialist assistance.

Our ISAs are intimately involved with their key accounts. In a recent review for a client, more than 10 billion events were logged over a six-month period, with 2 billion security events analyzed by Trustwave's Fusion platform. Using IOCs (indicators of compromise) and use case data and mapped against hundreds of threat feeds as well as our own threat intelligence and research, these events were drilled down to 25,000 by our Global Threat Operations team. Finally, 75 incidents were escalated to the client, with three being high priority.

The sheer volume of data is what often overwhelms clients when working with a managed detection service. Trustwave ISAs ensure the noise is not just a Geiger counter of continuous blips generated from artificial intelligence; rather, they tune the use cases to the specific needs of that business to ensure that real threats are identified – and thus remediated/contained – fast.

An ISA provides the required human interaction to resolve high-priority incidents quickly, alerting the client's key contact to the threat and ensuring the incident investigators have the data and context to analyze incidents that might have arisen from false positives, user error or misconfiguration, and actual threat actor activity.

When an Australian client was recently threatened directly, we had two ISAs working to analyze every anomaly within their network. Our global SpiderLabs team spun into action overnight to identify what type of attacks were occurring globally and if these attacks had breached the client's environment. When suspected adversaries are active, this can result in high-pressure situations. The Trustwave team's knowledge of the client's network design, architecture and environment establishes the foundation for rapid identification and remediation, significantly reducing the possibility of negative outcomes for the client.

Trustwave ISAs research each client's industry and leverage their global network of peers to alert the client of potential future threats. BGH (Big Game Hunting) is a growing trend in critical infrastructure clients, where high-value, business-critical assets are targeted for ransom. When our client asked why the massive surge in recent attacks, our ISAs were equipped with the knowledge to explain why and how. In fact, our ISAs regularly scan data noise (and the names of their clients' executive team) on the dark web to monitor for chatter in their respective industries, noting and pre-empting attack trends across Asia, EMEA and the Americas.

Having a background in cybersecurity consulting helps. Weekly or monthly participation in a client's governance forum is not unusual. In many cases, the cybersecurity staff at the client are few in number (maybe only one person), and they are constantly working against the clock to protect their organization. Our ISAs step in as virtual SOC managers, and they can pull in a Trustwave expert on Process Control Systems, cloud platforms, or red teamers, should the need arise. With an array of security technologies available, the ISA is often asked to advise on the best products to deploy and those to avoid. They then work with the client's cyber team to help prioritize new or lagging cyber projects to quickly address any gaps in the client's security program. It may be as simple as a use case adjustment or as involved as recommending a full CSIRP (Cyber Security Incident Response Plan) be built or reviewed.

In a recent severity 1 client incident, an email compromise spurred the need for better monitoring of executive mailbox activity. After raising the IOC with the business, the ISA worked directly with a forensic investigator to resolve the incident, participating in their real-time war room cadence. Trustwave's recommendation to the client was to update the aged third-party email gateway filters and launch a program of security awareness education, which Trustwave ultimately delivered. The independent advice from our cyber industry experts was well received by the board and removed any suggestion of personal or political agendas from the equation. CISOs love having an educated, neutral party to back their cause and lobby for the right investments!

I asked our ISAs why they love their jobs. For our team, the thrill of working with the big clients – organizations at the top of their field, including large international manufacturers, energy companies and retailers – is exciting. These preeminent organizations look for industry-leading cybersecurity services. Our ISAs are not watching firewalls or confined to the VM realm; they're constantly expanding their technical knowledge with direct connections to the more than 2,000 security minded- professionals at Trustwave. They also find satisfaction applying exceptional protection to smaller clients and businesses, uplifting their security posture to levels that rival their larger peers. ISAs can act as cyber translators for the business, turning graphs and data into actionable insights, often at the board level, where cyber meets business, offering an additional value to their services.

What key advice do ISAs typically offer clients? Test early, and test often! Prioritizing vulnerability management in your environment can close the gap on any zero-day breaches. Knowing your environment is up-to-date can help avoid both unsophisticated and known attacks. Testing your defences with tabletop exercises can help you rehearse your response. It both reveals all the broken communication processes ready to be fixed and enables you to build relevant use cases for your business. And test your users – social engineering is the most common way for an attack to occur. Human vs. human!

Trustwave is ready to help grow your career. If you're interested in joining us, check our open roles here.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More