|Industry||Technology, Information Security, PCI Compliance, Cloud computing|
|Headquarters||Chicago, Illinois, United States|
|Products||Managed Security Services, SIEM, Web Application Firewall, Secure Web Gateway, Anti-malware, Security Testing, Compliance & Risk Management, PCI Compliance, TrustKeeper Cloud Platform, Internet security|
|Revenue||US $111 million (2010)|
Trustwave Holdings is a privately held information security company that provides on demand data security, compliance and threat intelligence solutions and services to more than 2.5 million business customers in 96 countries. The company’s international headquarters is located in downtown Chicago, and regional offices are located in London, São Paulo, and Sydney. The company also operates Security Operations Centers in Chicago, Denver, Manilla, Minneapolis, and Warsaw. Trustwave is currently the only company that is an authorized PCI Forensic Investigator in all geographic regions. On April 21, 2011 Trustwave Holdings filed for IPO though the company remains private today. Trustwave's website says the company has more than 1,100 employees.
History of Acquisitions
- Trustwave Holdings acquired Cenzic, Inc. (3/18/14)
- Trustwave Holdings acquired Application Security, Inc. (11/11/13) 
- Trustwave Holdings acquired SecureConnect, Inc. (4/3/13) 
- Trustwave Holdings acquired M86 Security. (3/6/12) 
- Trustwave Holdings acquired Breach Security. (6/22/10) 
- Trustwave Holdings acquired BitArmor Systems. (1/12/10) 
- Trustwave Holdings acquired Vericept. (9/10/09) 
- Trustwave Holdings acquired ControlPath. (8/27/08) 
- Trustwave Holdings acquired Mirage Networks. (2/17/09) 
Products and Technologies
TrustKeeper is a cloud-based platform that ties together Trustwave's various compliance, information security and threat intelligence services. Through TrustKeeper businesses can access a variety of Trustwave "apps" ranging from enterprise-class managed security services to PCI compliance automation tools designed to help credit card merchants protect themselves against unauthorized access.
Managed Security Testing is an application within TrustKeeper that provides an interactive way to view and track penetration test reports as an alternative to conventional PDF based reports. Earlier versions were called Trustwave PenTest Manager, and it won the 2012 SC Magazine Europe Innovation award.
Secure Web Gateway (formerly Finjan): an appliance-based secure Web gateway that uses real-time code analysis technology, URL filtering and antivirus scanning to prevent malware and Web-based threats. In January 2010, the M86 Secure Web Gateway was designated as Visionary in the 2010 Gartner Magic Quadrant Report for Secure Web Gateways.
Secure Email Gateway (formerly M86 MailMarshal): an email security solution that protects against spam and data leakage. It also provides reporting, analyzes inbound and outbound content and assists with policy control. In April 2010, the M86 MailMarshal SMTP product was designated Visionary in the 2010 Gartner Magic Quadrant Report for Secure Email Gateways.
- Deep Content Inspection
- Blended Threats Module
Managed Security Services is a service offering from Trustwave that involves remotely managing its and third-party products such as Network Access Control, SIEM, and United Threat Management for companies who wish to outsource their security needs.
SpiderLabs is the advanced security services and research team at Trustwave that specializes in forensic investigations, penetration testing, educations services, and security research that is used to update Trustwave's products and services with threat intelligence. SpiderLabs also authors the Trustwave Global Security Report, an annual report detailing the latest security trends and risk areas.[unreliable source?] SpiderLabs also actively develops the open source web application firewall, ModSecurity, and a supplementary commercial rule set available for purchase.
Unrestricted sub-CA scandal
Trustwave operates an X.509 certificate authority ("CA") which is trusted by default by many web browsers and other applications (a "trusted root CA"). In 2011, Trustwave sold an unidentified customer two certificates for subordinate CAs which allowed that customer to forge certificates identifying its traffic interception device as the web sites of other, unsuspecting parties which had not authorized the customer to do so (a "Man in the Middle Attack"). Though Trustwave asserts that special precautions were put in place to ensure that the customer attached its traffic interception device only to a particular network on which Trustwave asserts it was acceptable for the customer to impersonate other entities and to intercept traffic without the permission of all parties involved, this cannot be verified as Trustwave is unable to identify the customer in question due to a Non-Disclosure Agreement.
As a result of these actions, which contravened both Trustwave's own published Certification Practices Statement and the policies of several organizations such as Mozilla to which Trustwave had submitted its CAs (representing that they complied), Trustwave was nearly removed from the Mozilla list of trusted root CAs.
- Unofficial Guide to the M86 Web Filter – a summary of the M86 Web Filter's specs and features
- "Trustwave Files for IPO, Reveals Finances". Retrieved 2012-09-10.
- "Trustwave Holdings". Retrieved 2012-09-10.
- "Trustwave Holdings, Inc.". Retrieved 2012-09-10.
- "PFI Companies". Retrieved 2012-09-20.
- "Trustwave Completes Acquisition of M86 Security". Retrieved 2012-09-10.
- "Trustwave Acquires Vericept". Retrieved 2012-09-10.
- "Trustwave Acquires Mirage Networks". Retrieved 2012-09-10.
- "SC Europe Awards". Retrieved 2012-09-19.
- Peter Stephenson (2010-01-04). "M86 Security Secure Web Gateway Review". SC Magazine US. Retrieved 2011-05-16.
- “Magic Quadrant for Secure Web Gateways”, Peter Firstbrook, Lawrence Orans, January 8, 2010
- "MailMarshal - Leader in Enterprise Email Content Security and Anti-Spam". Messagingsolutions.com. Retrieved 2011-05-16.
- “Magic Quadrant for Secure Email Gateways”, Peter Firstbrook, Eric Ouellet, April 27, 2010
- "Email Security » MailMarshal SMTP". Secure Content Technologies. Retrieved 2011-05-16.
- "Global Security Report". Retrieved 2012-09-19.
- "2012 Trustwave Global Security Report on "AttHackers" and Food Hacking Base Project - CNN iReport". Retrieved 2012-09-19.
- "ModSecurity Developers". Retrieved 2012-09-19.
- "Mozilla Bug 724929". Retrieved 2013-02-10.