Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Trustwave Launches Enhanced Co-Managed SOC Capabilities to Help Clients Maximize SIEM Value and Productivity

Trustwave's Co-Managed SOC (Security Operations Center) is a powerful offering that has a tremendous track record of helping organizations maximize the value realized from their SIEM (Security Information and Event Management) investment, reducing alert noise by up to 90%, while maintaining a position of “your SIEM, your content.”

The service has just received a major enhancement with the addition of Trustwave’s one-of-a-kind cybersecurity collaboration platform, Security Colony, which provides instant access to the tools an organization needs to be proactive and improve their security maturity.

The offer is supported by a dedicated Cyber Success Team with decades of SIEM, SOAR, and SOC experience, and extensive certifications.

Investing in a SIEM system is an expensive endeavor for any organization, requiring not only the cost of the technology itself, but also a large and well-trained staff to properly architect, deploy, and operate. Unfortunately, many organizations take the plunge and buy a SIEM without fully understanding the underlying support functions that must be in place for it to operate correctly and deliver on expected outcomes.

This is where Trustwave's Co-Managed SOC comes into play. This service is not a Managed SIEM technology offering but rather a holistic partnership in which Trustwave helps clients with multiple aspects of their SIEM and security operations. Trustwave’s ability to improve a client’s SIEM comes from having decades of experience managing SIEMs and having been involved with some of the most prominent SIEMs currently on the market. For example, Trustwave was one of the first preferred global MSSP partners for Microsoft Sentinel, which means our teams are veterans at properly tuning it for our clients.

SIEMs are incredibly powerful tools that gather information from multiple security sources to provide a variety of use cases, often including powerful analytics, dashboards, customized reports, and the generation of security alerts—all of which require analysis, interpretation and often, action. But one point that many SIEM owners do not adequately understand is that having this capability without the ability to manage and operate it properly can be a liability.

To ensure that a SIEM is properly implemented, managed, and monitored, Trustwave has developed and recently enhanced its Co-Managed SOC offering.

What Sets Trustwave Co-Managed SOC Offering Apart

By starting with the priority of helping clients achieve maximum value realization from their technology investments, we address the most challenging and impactful aspects of SIEM architecture, implementation, management, and operations.

Where many other players in this sector will ingest and monitor whatever alerts the SIEM generates, Trustwave recognizes that this approach is ineffective – because SIEM implementations are so highly customizable, even a great security analyst will be frustrated and ineffective in analyzing use cases that are unpredictable and lacking business context.

To overcome this challenge, Trustwave begins each Co-Managed SOC project with a consulting engagement, performed by highly skilled and experienced SIEM and SOC experts, to ensure that the SIEM is configured according to best practices, enhanced with highly effective use cases from Trustwave’s extensive library, and thoroughly documented for effective downstream operations. This also ensures that client priorities are well understood, and that there is a roadmap to help a client progress towards their medium and long-term goals over time. Trustwave’s extensive use case catalog is based on years of SIEM consulting across hundreds of clients in multiple industry verticals.

This provides both field-proven use cases as well as a foundation for personalized use cases specific to the needs of our clients. SIEM monitoring use cases are generally correlations and playbooks built to aid in the job of detecting, understanding, and responding to cybersecurity threats. For SIEM-detected threats that require human analysis or action, alerts and supporting information are presented to Trustwave and/or client analysts. As both the threat landscape and an organization’s technology infrastructure are constantly changing, the planning, building, and tuning of use cases is required to continuously differentiate noise from real threats. 

Trustwave Doesn’t Hold a SIEM Hostage

Unlike many other vendors, Trustwave allows clients to retain these valuable use cases if they move on to another vendor or decide to operate their SOC independently. Not all vendors allow this to happen, many insist on removing the use cases when their agreement with the client ends, creating a vendor lock-in that is often counter to a client’s long-term investment objectives and ideal protection.

The final piece is the inclusion of a named Cyber Success Team advisor that works consistently with the same clients. This direct involvement delivers a level of intimacy that allows Trustwave to deeply understand a client’s business and implementation and continuously optimize the SIEM to deliver the best outcomes.

Trustwave's Co-Managed SOC benefits:

  • Maximize investment value through end-to-end expertise
  • Extend security teams with tenured SIEM & SOC experts
  • Stop active threats with 24x7 real-time SpiderLabs global threat monitoring
  • Optimize and tune SIEM use cases constantly for higher-fidelity threat detection
  • Avoid alert fatigue and improve the productivity of security operations team
  • Retain ownership of all SIEM improvements and use cases
  • Mature security operations leveraging enterprise-proven methodologies and processes
  • Instant access to cybersecurity tools and insights anytime with Security Colony

Trustwave Co-Managed SOC integrates with the four providers that currently control the majority of the SIEM market: Microsoft Sentinel, LogRhythm, IBM QRadar, and Splunk.

Trustwave Security Colony

Security Colony is a powerful self-service resource for CISOs that gives them direct access to a variety of tools that will allow them to self-diagnose problem. The Security Colony subscription that is included with Trustwave Co-Managed SOC gives the client access to the following Security Colony features:

  • The Resource and Video Library 
  • Maturity Assessment 
  • Vendor Risk Assessment 
  • Ransomware Readiness Assessment 
  • Breach Monitor 
  • Public and Private Forums

Co-Managed SOC and Managed Detection and Response (MDR)

While a SIEM implementation and Trustwave’s Co-Managed SOC offering help organizations detect threats, having Trustwave’s MDR service in place in parallel, greatly enhances a co-managed SOC’s capabilities. MDR gives security analysts the ability to investigate and respond to threats directly on endpoints and in multiple security controls, conduct more complete threat hunting, and understand a threat more completely including its impact and blast radius, thus allowing the security team to react very quickly and with high confidence. 

Implementing Trustwave Co-Managed SOC

Trustwave utilizes a proven approach to onboard new clients, and during the process, Trustwave maintains complete transparency and a clear delineation of responsibilities with processes put in place to avoid any potential redundancies and operational friction during steady state co-management.

Once fully optimized and implemented, Trustwave Co-Managed SOC clients can expect to receive added value for their SIEM investment, backed by a named Cyber Success Team security advisor that will ensure a superior level of direct involvement allowing Trustwave to keep its finger on the client’s pulse and continuously optimize the SIEM to deliver the best outcomes.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More