Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

The Making of the 2014 Trustwave Global Security Report

Last week we unveiled one of our biggest projects of the year: the 2014 Trustwave Global Security Report, a beautifully designed, 123-page account of our firsthand insight into data breaches and threats bolstered by information from our security operations centers, telemetry from our security technologies and our cutting-edge research.

The annual report is one of the security industry's must-read compilations., for example, described this year's report as "bursting with valuable data." Also eWeek declared: "One of the largest, most comprehensive annual security reports in any given year is the Trustwave Global Security report, and this year's edition is no exception."

We love assembling the Global Security Report every year. Certainly it's a lot of work (as I'll explain below). But the key personnel behind it - the researchers that comprise our elite SpiderLabs team at Trustwave - are all too familiar with the limited resources and information sharing available to most organizations. As a result, these researchers understand that organizations of all sizes rely on reports such as this one to make security buying and deployment decisions specific to the current threats they face.

"Our team loves any excuse to dive deeper into any particular topic," Sam Bakken, the product marketing manager of SpiderLabs, recently told me. "We also look at this as a public service. 'Hey, we're an expert. We have a view into the threat landscape so let's put that together for people to use, as they may hopefully better protect their organization and we can arm them for making security decisions.'"

Now that the finished product has been released to the world, we thought it would be interesting to share what goes into putting together the report each year - so you can better understand the detail and depth that each edition includes.


Phase One: Review our investigations and threat intelligence

Trustwave prides itself on the information we learn from our on-the-ground data breach investigations and the threat intelligence we gather from our dozens of products and services used by customers in 96 countries. The latter, for example, helped us track down the Pony botnet.

We store this information in two proprietary databases and, throughout 2013, we monitored them to keep tabs on and extract notable data breach and threat intelligence trends.

One of the databases contains all of the aggregated and anonymized information we amassed while conducting 691 breach investigations across industries and the world in 2013. This data includes things like industry, region, when the compromise was first identified, how long it lasted, how it was detected, what the attackers were after and how they got in. The other repository we plugged into is our global threat database, which includes telemetry from our products - such as our secure web and email gateways, vulnerability scanners or managed security services - and includes ongoing research projects.


Phase Two: Construct an outline

After we collated and correlated information from these two proprietary databases, the SpiderLabs leadership team discussed the findings and drew up an outline. This outline served as the initial sketch of the content that would make its way into the report.

For example, during these planning meetings, we decided that attacks on point-of-sale devices were going to be displayed prominently in the report. That was not just because 33 percent of the attacks we investigated were on POS devices, but also because Josh Grunzweig, one of our researchers, had over the course of last year produced unique research by reverse engineering POS malware - in the process reaching fascinating conclusions regarding command-and-control and automation capabilities.


Phase Three: Pull it all together

Recognizing (and wanting) the Global Security Report to be read by people with varying security skill levels - from philistine to wonk - our goal was to create a report that was consumable by a broad audience, without it feeling watered down. To do this, we assigned writing responsibilities to roughly 20 technically minded researchers, then took their copy and ran it through our in-house team of editors who massaged the product to make it as engaging, compelling and decipherable to the reader as possible. Then, we shipped the document off to our design agency, which we challenged to be unique and bold. And they delivered.

"Our goal was to present the same hard-hitting data, which we've done, but make that data more easily digestible," Sam Bakken told me. "We purposefully designed it so that a reader could open to any one single page and pull out an idea and/or data point. You can open to any single page and get something of value and then dive deeper if you choose."

In the end, we believe we produced a report that appeals to the widest audience possible. We can't please everyone, of course. But we like to think the data speaks for itself.

Dan Kaplan is online content manager at Trustwave.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More