Trustwave unveiled the Trustwave SpiderLabs Fusion Center, a cybersecurity command center that employs threat intelligence to track threat actors, detect them with their clients, and kill those threats inside an organization down to individual endpoints.
Located in Chicago, the 6,000 square foot facility serves as the central hub for Trustwave’s global network of ten Advanced Security Operation Centers (ASOCs), edifices that identify, track, and collect cybersecurity threat intelligence while serving as the delivery framework for Trustwave Managed Security Services.
Housed within the center are strike teams formed by “fusing” the capabilities of the Trustwave SpiderLabs team of ethical hackers, advanced researchers, threat hunters and incident responders into units.
These units amalgamated into the ASOCs spearhead action and response as security incidents emerge. In addition, the Trustwave SpiderLabs Fusion Center serves as ground-zero for hybrid cyber range training and real-world threat simulation exercises internally and with customers.
“The realization is that organizations today are under constant attack and require the ability to take swift action when facing certain compromise,” said Chris Schueler, senior vice president of managed security services at Trustwave.
“The quantum leap of actionable threat intelligence achieved through the Trustwave SpiderLabs Fusion Center levels the playing field against cybercriminals employing incredibly sophisticated means to breach networks and remain undetected. Leveraging the managed security services model, organizations of any size can now greatly enhance their security posture to take preemptive steps against rapidly spreading malware, annihilate attacks in progress or strategically distribute security reinforcements to any point on the globe.”
The Trustwave SpiderLabs Fusion Center operates as command and control of the proprietary Point of Delivery (POD) system that helps ensure customer-centric delivery and actionable threat intelligence.
In a POD setting, Trustwave security experts are grouped and focused on customers and industries that result in knowledge of client environments and response playbooks for any given threat situation.
The PODs leverage a three-tier threat model to investigate threats and seamlessly escalate analysis from initial detection to proactive hunter/killer response and digital forensic investigations.
The Trustwave SpiderLabs Fusion Center threat model includes:
Continuous and proactive threat hunting — Threat hunters adept at building a threat taxonomy which plots known attackers against the clients’ industry and business. They then seek to identify anomalous activities closely monitoring for unusual markers indicating compromise using Trustwave’s threat intelligence paired with big data analytics and machine learning. When threats are detected, these hunters initiate the proper sequence of action.
Advance response and containment — If a threat is escalated, incident responders move in for technical analysis such as malware signatures, payload delivery methods and threat trend correlation with the primary objective of threat containment and breach triage. Incident responders function as the primary squad for terminating threats anywhere in the clients’ environment before they have a chance to spread or do serious damage.
Forensic investigations and reverse engineering — In situations requiring the highest level of investigation with associated response, a third line housing some of the most progressive minds in security are called to perform forensic investigations, reverse engineer malware or track down the persistent threats. If a threat actor is hiding, they will find them.
“Top security programs are built by combining the right people and advanced processes with the best technologies. Our new center helps ensure all three,” added Schueler.
The Trustwave SpiderLabs Fusion Center also serves as an education and training center for security practitioners ranging from entry-level IT to accomplished CISOs running large enterprise operations.
Within its walls sits a large auditorium for delivering on-premise and remote training curriculums taught by security experts.
Participants learn techniques for detecting threats and defending networks and can earn industry recognized certifications and accreditation in penetration testing, data forensics, incident response and many other fields.
The auditorium also hosts industry gatherings and think tank events to debate on practical and theoretical applications of new technologies and approaches in relation to the constantly evolving security threat landscape.