SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
#
DevOps
#
Cloud Security
#
Application Security

Video: 10 Minute IT Jams - Introducing Trustwave

Tue, 15th Nov 2022
FYI, this story is more than a year old
Author image
By Zach Thompson, News Editor

Cybersecurity threats are evolving at breakneck speed. For many businesses, keeping one step ahead is a daily struggle. That's where Craig Sill, Director of Consulting and Professional Services for the Pacific at Trustwave, says his team comes in – offering a blend of expertise, innovation, and hands-on defence against increasingly sophisticated attacks.

Trustwave protects its clients from damaging cyber incidents through a network of security consultants, threat hunters and researchers dedicated to tracking, isolating and neutralising threats around the clock. In a recent interview, Sill shed light on what sets Trustwave apart and why penetration testing is no longer something an organisation can afford to do just once a year.

"Our focus is to be a global cyber defender," Sill said. "That enables us to stop cyber threats on behalf of our customers and ensure they can do business securely."

Trustwave's core offerings revolve around managed detection and response (MDR), managed security services (MSS), and a globally recognised consulting and professional services team. The company's proprietary SpiderLabs team is at the heart of its penetration testing capability, providing what Sill describes as "award-winning threat research and intelligence".

This intelligence is not left on a shelf – it is infused directly into Trustwave's products and services, continually updating and fortifying customers' defences. "We have thousands of assessments and millions of scans per year," Sill explained. "The knowledge and intelligence that we've gained from that we're able to then bring that to bear in our other products and services. That means from a proactive perspective our customers are able to better identify threats earlier and defend their business more efficiently and effectively."

From vulnerability scanning to in-depth penetration testing and ethical hacking, SpiderLabs covers a wide range of attack vectors including forensics, application security, database security and email threats. "All of those different features and functionality are available through Trustwave," Sill said.

He stressed the unique value in Trustwave's integration of MDR and MSS with consulting services in a single, unified platform – known as Fusion. "That is a really unique point of difference," Sill said. "We're one of the only firms globally able to combine these offerings and bring that to bear through our Fusion platform."

But Sill believes that even the most advanced testing tools are not enough if used in a piecemeal or sporadic way. He advocates a programmatic approach: "Testing is not just a point-in-time activity," he said, recalling days when organisations did one test per year and considered it sufficient. "That's no longer the case. Testing needs to be done on a much more regular basis. As the client environment evolves over time, testing needs to be adapted to align with that."

He pointed out that new vulnerabilities are discovered "pretty much hourly", requiring organisations to stay perpetually on guard. "The need to stay ahead of threats is an absolute constant," he added.

Another major consideration for businesses is efficiency. Time is a finite resource, Sill noted, making it essential for security solutions to be easy to book, flexible, and quick to deliver results. Trustwave's Fusion platform, he explained, allows customers to schedule tests, access real-time and historical results, and generate custom reports, cutting down on the slow, old-fashioned process of proposals and RFPs.

On the financial side, Sill highlighted the importance of transparency and control. "Customers can define a budget they want to work within and then they have total control of that budget. There are no nasty surprises," he said.

One issue that often plagues organisations is the loss or misplacement of important security records, especially as team members change or as time passes. Trustwave customers, Sill argued, benefit from a centralised portal that "contains all of the vulnerability data, all of the results, all of the recommendations over time". This allows clients to easily refer back to earlier assessments, track progress, and derive meaningful business insights from long-term reporting and trends. "It's not just the efficiency with which testing can be conducted but it's the efficiency with which people can get access to historical records and draw their own analysis," he said.

For organisations considering engaging with a penetration testing provider, Sill recommends probing several key areas. "As a consumer, I would want to know what's the mission, what's their purpose... are they focused on getting the right outcome?" he said. He also advises checking the provider's certifications and credentials, both at the company and individual level, and their commitment to ongoing threat research.

With a rapidly evolving threat landscape, it is not enough for providers to rest on their laurels; they must be "similarly involved and engaged in making sure they understand what's happening in the threat landscape". Sill pointed out the significance of having an active threat intelligence and research team and the capacity to deliver both local and international expertise, depending on client preferences.

Other crucial questions to ask include whether the service consists of simple automated scans or more rigorous manual testing, what the reporting and recommendations look like, and if retesting is included in the price. "We're very transparent around how that gets included as part of pricing for all of our penetration testing engagements," he said.

As more organisations move to the cloud, Sill emphasised the importance of provider experience with cloud-based infrastructure and software. He also underscored the value of long-term relationships, not just one-off engagements. "You want a long-lasting partnership with a reputable provider that's going to evolve and grow with you as a customer over time," he said.

For businesses looking to work with Trustwave, Sill said there are "any number of ways" to get in touch, from calling to emailing, with local representatives available in every capital city in Australia and around the globe. What matters most, he believes, is a company's ability to offer certainty and a true partnership in navigating "an evolving threat landscape that we now see as modern-day business".

"We're very happy to talk to any customers either over the phone or in person and really make sure that we've got someone put in front of a customer who understands your requirements and we can make sure that we can get absolutely the right outcome for your security needs," Sill said. "Trying to develop a really long-lasting partnership to make sure that we can give you the certainty that you can conduct your business in a safe and secure way within an evolving threat landscape."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Mid-market APAC firms boost cybersecurity but lag in AI use
Panaseer launches tool to automate enterprise compliance tasks
Innovation forges a secure & sustainable technology future
Ransomware attacks expose urgent risks for critical utilities
Outpost24 expands platform for data & social threat defense
Top stories
DXC launches solution with SAP & Microsoft to boost AI use
Barracuda boosts threat detection with multimodal AI upgrade
Facebook ads scam uses celebrity faces to spread malware
Care & tech jobs surge as traditional roles decline in Australia
BlueVoyant launches tailored Microsoft Security optimisation service