Trustwave Holdings

Last updated
Trustwave Holdings, Inc.
Type Subsidiary
Industry Managed Security Services, Information Security, Cloud computing
Founded1995 (1995)
Area served
Worldwide (Customers in 96 countries)
Key people
Eric Harmon, CEO [1]
RevenueUS $216 million [2]  (2014)
Number of employees
1,600+ [3]
Parent Singtel [4]

Trustwave Holdings is an American independent [5] standalone business unit and cybersecurity brand of Singaporean telecommunications company Singtel Group Enterprise. It focuses on providing managed detection and response (MDR), managed security services (MSS), database security, and email security to organizations around the globe.


The company's international headquarters is located in downtown Chicago, [6] and regional offices are located in London, São Paulo, and Sydney. The company also operates Security Operations Centers in Chicago, Denver, Manila, Minneapolis, Singapore, Sydney, Tokyo, Warsaw, and Waterloo, Ontario. [7]

Trustwave has customers in 96 countries.


In April 2011, Trustwave Holdings filed for its IPO [8] though the company is now a standalone subsidiary of Singtel. Trustwave's website says the company has more than 1,600 employees. [3]

In February 2014, Trustwave SVP Phillip. J. Smith offered expert testimony related to data breaches and malware as part of a Congressional hearing for The House Committee on Energy and Commerce. In his prepared testimony, he presented observations based on the company's experience investigating thousands of data breaches, ongoing malware and security research and other forms of threat intelligence. [9]

On April 8, 2015 (SGT), Singapore Telecommunications Ltd (Singtel) announced it had entered into a definitive agreement to acquire Trustwave Holdings, Inc. for a fee of $810 million—Singtel with a 98% stake in the company leaving 2% with Trustwave's CEO and President. [2] [10] According to media reports and Singtel filings on the Singapore Exchange, the enterprise value of Trustwave at the time of the deal was $850 million. [11]

In October 2021, Trustwave sold its PCI compliance business to cybersecurity firm Sysnet for $80 million. [12] The sale gave Trustwave the ability to invest more in its core capabilities of managed detection and response (MDR) and managed security services (MSS), according to research firm IDC. [13]

Significant Discoveries

In 2013 and again in 2014 Trustwave SpiderLabs did an analysis of primary Pony botnet controllers. The results of the analysis found that the botnets had gathered more than two million passwords and credentials for accounts on ADP payroll, Facebook, Twitter, Yahoo and more, [14] and over US $220,000 in crypto-currency like Bitcoin. [15]

In June 2020, Trustwave SpiderLabs discovered a new malware family, which they named GoldenSpy, embedded in tax payment software that a Chinese bank requires corporations to install to conduct business operations in China. [16] Trustwave said it was uncertain whether the malware was embedded in all of the tax software or if it was deployed against specific targets. The FBI sent a subsequent warning about this malware threat to companies in healthcare, chemical, and finance industries. [17]

Leading up to the 2020 U.S. presidential election, Trustwave SpiderLabs found a hacker selling info on 186 million U.S. voters during its Dark Web and cybercriminal forum research. [18] Trustwave turned this information over to the FBI. [19]

In February 2021, Trustwave SpiderLabs discovered two "severe" vulnerabilities in SolarWinds Orion. One of the flaws could’ve allowed a hacker to gain complete remote control of a targeted SolarWinds system. Patches were released January 25 and customers of SolarWinds were urged to patch immediately. [20]


Trustwave operates an X.509 certificate authority ("CA") which is used as the top level of trust by many web browsers, operating systems, and other applications (a "trusted root CA").[ citation needed ] In 2011, Trustwave sold a certificate for a subordinate CA which allowed a customer to present SSL certificates identifying as arbitrary entities, in a similar mechanism to a "Man in the Middle Attack". This type of action is similar to the practice of running an SSL proxy on a corporate network, though in this case a public subordinate CA (valid anywhere) was used instead of an internal corporate-generated domain CA (valid only for machines that accept it as part of organizational policy), making the risk of abuse much higher.

In March 2014, Trustwave was named in a lawsuit filed by Trustmark National Bank and Green Bank N.A. The lawsuit alleges that Trustwave failed to provide the promised level of security to Target, and for failing to meet industry security standards. [21] [22] In April 2014, a notice of dismissal was filed by both plaintiffs, effectively withdrawing their earlier allegations. [23] [24]


In May 2019, Trustwave was named a leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide. [25]

In August 2019, Trustwave won Threat Indicator Top Contributor Award from Microsoft. [26]

Trustwave was named a winner in the Best Managed Security Service category of the SC Awards for the second consecutive year in February 2020. [27]

In March 2020, Trustwave was named a leader in both the IDC MarketScape: Asia/Pacific Managed Security Services 2020 Vendor Assessment and the IDC MarketScape: Asia/Pacific Professional Security Services — Advisory, Assessment, and Awareness 2020 Vendor Assessment. [28]

In August 2020, Trustwave was named a leader in the Forrester Wave: Global Managed Security Services Providers, 2020 report. [29]

Trustwave joined the Microsoft Intelligent Security Association (MISA) in April 2021. [30]

In March 2021, Trustwave was named a Strong Performer and one of the top 9 "Providers That Matter Most" to clients in terms of current capability in the Forrester Wave for Managed Detection and Response (MDR). [31]

Trustwave was recognized as a Microsoft Security 20/20 Partner Award Winner for Top Managed SOC in May 2021. [32]

Related Research Articles

Cybercrime Term for an online crime

Cybercrime is a crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Cybercrime may harm someone's security and financial health.

Bitdefender is a Romanian cybersecurity technology company headquartered in Bucharest, Romania, with offices in the United States, Europe, Australia and the Middle East.

Storm botnet Computer botnet

The Storm botnet or Storm worm botnet was a remotely controlled network of "zombie" computers that have been linked by the Storm Worm, a Trojan horse spread through e-mail spam. At its height in September 2007, the Storm botnet was running on anywhere from 1 million to 50 million computer systems, and accounted for 8% of all malware on Microsoft Windows computers. It was first identified around January 2007, having been distributed by email with subjects such as "230 dead as storm batters Europe," giving it its well-known name. The botnet began to decline in late 2007, and by mid-2008 had been reduced to infecting about 85,000 computers, far less than it had infected a year earlier.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

SolarWinds Corporation is an American company that develops software for businesses to help manage their networks, systems, and information technology infrastructure. It is headquartered in Austin, Texas, with sales and product development offices in a number of locations in the United States and several other countries. The company was publicly traded from May 2009 until the end of 2015, and again from October 2018. It has also acquired a number of other companies, some of which it still operates under their original names, including Pingdom, Papertrail and Loggly. It had about 300,000 customers as of December 2020, including nearly all Fortune 500 companies and numerous federal agencies.

Trellix is a privately held cybersecurity company founded in 2004. It has been involved in the detection and prevention of major cyber attacks. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks.

Kaspersky Lab Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky, and Alexey De-Monderik; Eugene Kaspersky is currently the CEO. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

Secureworks Inc. is an American cybersecurity company. The company has approximately 4,000 customers in more than 50 countries, ranging from Fortune 100 companies to mid-sized businesses in a variety of industries.

Kiteworks, formerly known as Accellion, Inc., is an American technology company that secures sensitive content communications over channels such as email, file share, file transfer, managed file transfer, web forms, and application programming interfaces. The company was founded in 1999 in Singapore and is now based in Palo Alto, California.

Palo Alto Networks American technology company

Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. Its core products are a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference.

Cyren Inc. is a cloud-based, Internet security technology company providing security as a service (SECaaS) and threat intelligence services to businesses. Services include email security, web security, DNS security, cloud sandboxing, inbound/outbound anti-spam services, real-time phishing detection and blocking, ransomware protection, URL filtering, IP reputation for email, malware attack detection, anti-malware and IP intelligence, botnet attack prevention, and cloud threat lookup. Cyren also provides endpoint protection, including anti-malware for mobile, URL filtering for mobile, and inbound/outbound Internet of Things (IoT) gateway protection. Major corporate clients using Cyren's services include Microsoft, Google, Check Point, Dell, T-Mobile, and Intel.

Cozy Bear, classified by the United States federal government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with one or more intelligence agencies of Russia. The Dutch General Intelligence and Security Service (AIVD) deduced from security camera footage that it is led by the Russian Foreign Intelligence Service (SVR); this view is shared by the United States. Cybersecurity firm CrowdStrike also previously suggested that it may be associated with either the Russian Federal Security Service (FSB) or SVR. The group has been given various nicknames by other cybersecurity firms, including CozyCar, CozyDuke, Dark Halo, The Dukes, NOBELIUM, Office Monkeys, StellarParticle, UNC2452, and YTTRIUM.

Fancy Bear is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165.

Itzik Kotler

Itzik Kotler is an Israeli entrepreneur, inventor, and information security specialist who is the co-founder and CTO of SafeBreach, an Israeli cybersecurity firm. Kotler was previously the Security Operation Center Team Leader at Tel Aviv-based Radware. He has given multiple talks at DEF CON, the world's largest hacker convention.

Lazarus Group is a cybercrime group made up of an unknown number of individuals run by the North Korean state. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them between 2010 and 2021. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include HIDDEN COBRA and Zinc.

CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides cloud workload and endpoint security, threat intelligence, and cyberattack response services. The company has been involved in investigations of several high-profile cyberattacks, including the 2014 Sony Pictures hack, the 2015–16 cyber attacks on the Democratic National Committee (DNC), and the 2016 email leak involving the DNC.

Cryptocurrency and crime describes notable examples of cybercrime related to theft of cryptocurrencies and some of the methods or security vulnerabilities commonly exploited. Cryptojacking is a form of cybercrime specific to cryptocurrencies that has been used on websites to hijack a victim's resources and use them for hashing and mining cryptocurrencies.

2020 United States federal government data breach US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

Cyclops Blink is malware targeting network hardware with the goal of adding the targeted device to a botnet for command and control (C&C). The malware targets routers and firewall devices sold by the companies WatchGuard and ASUS.


  1. "Trustwave Leadership".
  2. 1 2 Aravindan, Aradhana (7 April 2015). "Singtel buying U.S. cyber security firm Trustwave for $810 million". Reuters . Retrieved 9 April 2015.
  3. 1 2 "Trustwave: Our Story" . Retrieved 25 May 2016.
  4. "TRUSTWAVE PTE. LTD. (200616191R) - Singapore Business Directory". Retrieved 30 August 2017.
  5. "Singtel acquires Trustwave in $810M security services deal".
  6. "Company Overview of TrustWave Holdings, Inc". Bloomberg . Retrieved 9 April 2015.
  7. "Trustwave security firm opens first Canadian security operations centre in Kitchener-Waterloo". Global News. 12 August 2015. Retrieved 30 September 2015.
  8. Lennon, Mike (22 April 2011). "Trustwave Files for IPO, Reveals Finances". SecurityWeek. Retrieved 8 April 2015.
  9. "Protecting Consumer Information: Can Data Breaches Be Prevented?" United States House Committee on Energy and Commerce. 5 February 2014. Retrieved 8 April 2015.
  10. "Singtel to Acquire Trustwave to Bolster Global Cyber Security Capabilities". Trustwave. 7 April 2015. Retrieved 9 April 2015.
  11. Shu, Catherine (7 April 2015). "Singtel Acquires Chicago-based Cybersecurity Firm Trustwave For $810M". TechCrunch. Retrieved 13 April 2015.
  12. Novinson, Michael (2021-10-24). "Trustwave Sells PCI Compliance Business To Sysnet For $80M". CRN. Retrieved 2022-04-27.
  13. "IDC Report | A Strategic Move to Make Trustwave Laser-focused in its Core Offerings". Trustwave. Retrieved 2022-04-27.
  14. "Two million stolen Facebook, Twitter, Yahoo, ADP passwords found on Pony Botnet server". ZDNet. 4 December 2013. Retrieved 21 April 2015.
  15. "'Pony' botnet steals bitcoins, digital currencies: Trustwave". Reuters. 24 February 2014. Retrieved 21 April 2015.
  16. "The Golden Tax Department and the Emergence of GoldenSpy Malware". Trustwave. Retrieved 2022-04-27.
  17. "FBI warns US companies about Chinese tax software embedded with hidden malware: Report". FOXBusiness. 2020-07-24. Retrieved 2022-04-27.
  18. "Massive US Voters and Consumers Databases Circulate Among Hackers". Trustwave. Retrieved 2022-04-27.
  19. "Cybersecurity company finds hacker selling info on 186 million U.S. voters". NBC News. Retrieved 2022-04-27.
  20. Brewster, Thomas. "'Severe' SolarWinds Vulnerabilities Allow Hackers To Take Over Servers". Forbes. Retrieved 2022-04-27.
  21. Schwartz, Mathew J. (26 March 2014). "Target, PCI Auditor Trustwave Sued By Banks". Darkreading. Retrieved 9 April 2015.
  22. Heun, David (25 March 2014). "Banks Sue Security Vendor Trustwave After Target Data Breach". American Banker. Retrieved 9 April 2015.
  23. Kirk, Jeremy (1 April 2014). "Banks withdraw data breach claim against Target". ComputerWorld . Retrieved 9 April 2015.
  24. "Security firm Trustwave says Target data breach claims baseless". Reuters. 29 March 2014. Retrieved 9 April 2015.
  25. "What's Changed: The 2019 Managed Security Services, Worldwide Magic Quadrant". Best Information Security SIEM Tools, Software, Solutions & Vendors. 2019-05-08. Retrieved 2022-04-27.
  26. "Trustwave Wins the Threat Indicator Top Contributor Award from Microsoft". Trustwave. Retrieved 2022-04-27.
  27. "Trustwave Wins Best Managed Security Service for Second Consecutive Year at 2020 SC Awards". Trustwave. Retrieved 2022-04-27.
  28. "Trustwave Named a Leader in Two IDC MarketScapes on Asia Pacific Cybersecurity". Trustwave. Retrieved 2022-04-27.
  29. "The Forrester Wave™: Global Managed Security Services Providers, Q3 2020". Trustwave. Retrieved 2022-04-27.
  30. "Trustwave Nominated to Join Microsoft Intelligent Security Association (MISA)". Trustwave. Retrieved 2022-04-27.
  31. "World-Class MSS DNA Makes MDR All the More Powerful". Trustwave. Retrieved 2022-04-27.
  32. "Trustwave Recognized as a Microsoft Security 20/20 Partner Award Winner for Top Managed SOC". Trustwave. Retrieved 2022-04-27.