Blogs & Stories

Trustwave Blog

The Trustwave Blog empowers information security professionals to achieve new heights through expert insight that addresses hot topics, trends and challenges and defines best practices.

The Human Side of MDR – What Does an Information Security Advisor (ISA) Do?

The daily work of an Information Security Advisors (ISA) at Trustwave is as diverse as our client base. I recently spoke with two of our leading advisors on the Pacific team to learn more about what they do for our clients.

A couple of the most common questions clients ask this team are: “How safe am I?” “Are we protected?” and “Do I need to be better protected?”

The primary role of an ISA is to help clients optimize the use of Trustwave managed security services, understand how a threat may impact their organisation, ensure their readiness for both industry and platform threats, and to connect them with further experts at Trustwave should they require specialist assistance.

Our ISAs are intimately involved with their key accounts. In a recent review for a client, more than 10 billion events were logged over a six-month period, with 2 billion security events analysed by Trustwave's Fusion platform. Using IOCs (indicators of compromise) and use case data and mapped against hundreds of threat feeds as well as our own threat intelligence and research, these events were drilled down to 25,000 by our Global Threat Operations team. Finally, 75 incidents were escalated to the client, with three being high priority.

The sheer volume of data is what often overwhelms clients when working with a managed detection service. Trustwave ISAs ensure the noise is not just a Geiger counter of continuous blips generated from artificial intelligence; rather, they tune the use cases to the specific needs of that business to ensure that real threats are identified – and thus remediated/contained – fast.

An ISA provides the required human interaction to resolve high-priority incidents quickly, alerting the client's key contact to the threat and ensuring the incident investigators have the data and context to analyse incidents that might have arisen from false positives, user error or misconfiguration, and actual threat actor activity.

When an Australian client was recently threatened directly, we had two ISAs working to analyse every anomaly within their network. Our global SpiderLabs team spun into action overnight to identify what type of attacks were occurring globally and if these attacks had breached the client's environment. When suspected adversaries are active, this can result in high-pressure situations. The Trustwave team's knowledge of the client's network design, architecture and environment establishes the foundation for rapid identification and remediation, significantly reducing the possibility of negative outcomes for the client.

Trustwave ISAs research each client's industry and leverage their global network of peers to alert the client of potential future threats. BGH (Big Game Hunting) is a growing trend in critical infrastructure clients, where high-value, business-critical assets are targeted for ransom. When our client asked why the massive surge in recent attacks, our ISAs were equipped with the knowledge to explain why and how. In fact, our ISAs regularly scan data noise (and the names of their clients' executive team) on the dark web to monitor for chatter in their respective industries, noting and pre-empting attack trends across Asia, EMEA and the Americas.

Having a background in cybersecurity consulting helps. Weekly or monthly participation in a client's governance forum is not unusual. In many cases, the cybersecurity staff at the client are few in number (maybe only one person), and they are constantly working against the clock to protect their organisation. Our ISAs step in as virtual SOC managers, and they can pull in a Trustwave expert on Process Control Systems, cloud platforms, or red teamers, should the need arise. With an array of security technologies available, the ISA is often asked to advise on the best products to deploy and those to avoid. They then work with the client's cyber team to help prioritize new or lagging cyber projects to quickly address any gaps in the client's security program. It may be as simple as a use case adjustment or as involved as recommending a full CSIRP (Cyber Security Incident Response Plan) be built or reviewed.

In a recent severity 1 client incident, an email compromise spurred the need for better monitoring of executive mailbox activity. After raising the IOC with the business, the ISA worked directly with a forensic investigator to resolve the incident, participating in their real-time war room cadence. Trustwave's recommendation to the client was to update the aged third-party email gateway filters and launch a program of security awareness education, which Trustwave ultimately delivered. The independent advice from our cyber industry experts was well received by the board and removed any suggestion of personal or political agendas from the equation. CISOs love having an educated, neutral party to back their cause and lobby for the right investments!

I asked our ISAs why they love their jobs. For our team, the thrill of working with the big clients – organisations at the top of their field, including large international manufacturers, energy companies and retailers – is xciting. These preeminent organisations look for industry-leading cybersecurity services. Our ISAs are not watching firewalls or confined to the VM realm; they're constantly expanding their technical knowledge with direct connections to the more than 2,000 security minded- professionals at Trustwave. They also find satisfaction applying exceptional protection to smaller clients and businesses, uplifting their security posture to levels that rival their larger peers. ISAs can act as cyber translators for the business, turning graphs and data into actionable insights, often at the board level, where cyber meets business, offering an additional value to their services.

What key advice do ISAs typically offer clients? Test early, and test often! Prioritising vulnerability management in your environment can close the gap on any zero-day breaches. Knowing your environment is up-to-date can help avoid both unsophisticated and known attacks. Testing your defences with tabletop exercises can help you rehearse your response. It both reveals all the broken communication processes ready to be fixed and enables you to build relevant use cases for your business. And test your users – social engineering is the most common way for an attack to occur. Human vs. human!

Trustwave is ready to help grow your career. If you're interested in joining us, check our open roles here: https://jobs.jobvite.com/trustwave/jobs