Trustwave Holdings

Trustwave Holdings is a standalone business unit and cybersecurity brand of Singaporean telecommunications company Singtel Group Enterprise and focuses in enterprise network security and internet security.[citation needed]

Trustwave Holdings, Inc.
IndustryManaged Security Services, Information Security, Cloud computing
Founded1995 (1995)
Area served
Worldwide (Customers in 96 countries)
Key people
Eric Harmon, CEO[1]
RevenueUS $216 million [2] (2014)
Number of employees
1,600+ [3]

The company's international headquarters is located in downtown Chicago,[5] and regional offices are located in London, São Paulo, and Sydney. The company also operates Security Operations Centers in Chicago, Denver, Manila, Minneapolis, Singapore, Sydney, Tokyo, Warsaw, and Waterloo, Ontario.[6]

Trustwave is currently the only company that is an authorized PCI Forensic Investigator in all geographic regions.[7]


In April 2011, Trustwave Holdings filed for its IPO[8] though the company is now a standalone subsidiary of Singtel. Trustwave's website says the company has more than 1,600 employees.[3]

In February 2014, Trustwave SVP Phillip. J. Smith offered expert testimony related to data breaches and malware as part of a Congressional hearing for The House Committee on Energy and Commerce. In his prepared testimony, he presented observations based on the company's experience investigating thousands of data breaches, ongoing malware and security research and other forms of threat intelligence.[9]

On April 8, 2015 (SGT), Singapore Telecommunications Ltd (Singtel) announced it had entered into a definitive agreement to acquire Trustwave Holdings, Inc. for a fee of $810 million—Singtel with a 98% stake in the company leaving 2% with Trustwave's CEO and President.[2][10] According to media reports and Singtel filings on the Singapore Exchange, the enterprise value of Trustwave at the time of the deal was $850 million.[11]

Significant discoveriesEdit

In 2013 and again in 2014 Trustwave SpiderLabs did an analysis of primary Pony botnet controllers. The results of the analysis found that the botnets had gathered more than two million passwords and credentials for accounts on ADP payroll, Facebook, Twitter, Yahoo and more,[12] and over US$220,000 in crypto-currency like Bitcoin.[13]


Trustwave operates an X.509 certificate authority ("CA") which is used as the top level of trust by many web browsers, operating systems, and other applications (a "trusted root CA").[citation needed] In 2011, Trustwave sold a certificate for a subordinate CA which allowed a customer to present SSL certificates identifying as arbitrary entities, in a similar mechanism to a "Man in the Middle Attack". This type of action is similar to the practice of running an SSL proxy on a corporate network, though in this case a public subordinate CA (valid anywhere) was used instead of an internal corporate-generated domain CA (valid only for machines that accept it as part of organizational policy), making the risk of abuse much higher.

In March 2014, Trustwave was named in a lawsuit filed by Trustmark National Bank and Green Bank N.A. The lawsuit alleges that Trustwave failed to provide the promised level of security to Target, and for failing to meet industry security standards.[14][15] In April 2014, a notice of dismissal was filed by both plaintiffs, effectively withdrawing their earlier allegations.[16][17]


In 2018, Gartner named Trustwave a Leader in its Gartner MQ for Managed Security Service Providers, Worldwide. It was the first vendor to move into the leader's quadrant since inception of the global report.[18] In 2016, IDC named Trustwave a Leader in the IDC MarketScape for Emerging Managed Security Services Providers based on industry analysis and buyer perception.[19][third-party source needed]

In the 2015 "Gartner Magic Quadrant for Managed Security Services, Worldwide," a report that evaluated 14 different global managed security service providers, Trustwave was named an industry challenger “due to the access it gained to greater resources and new markets resulting from the acquisition by Singtel, and its increasing investments in competing for enterprise customers.” [20][third-party source needed]


  1. ^
  2. ^ a b Aravindan, Aradhana (7 April 2015). "Singtel buying U.S. cyber security firm Trustwave for $810 million". Reuters. Retrieved 9 April 2015.
  3. ^ a b "Trustwave: Our Story". Retrieved 25 May 2016.
  4. ^ "TRUSTWAVE PTE. LTD. (200616191R) - Singapore Business Directory". Retrieved 30 August 2017. CS1 maint: discouraged parameter (link)
  5. ^ "Company Overview of TrustWave Holdings, Inc". Bloomberg. Retrieved 9 April 2015. CS1 maint: discouraged parameter (link)
  6. ^ "Trustwave security firm opens first Canadian security operations centre in Kitchener-Waterloo". Global News. 12 August 2015. Retrieved 30 September 2015. CS1 maint: discouraged parameter (link)
  7. ^ "PFI Companies". Payment Card Industry Security Standards Council. Retrieved 9 April 2015. CS1 maint: discouraged parameter (link)
  8. ^ Lennon, Mike (22 April 2011). "Trustwave Files for IPO, Reveals Finances". SecurityWeek. Retrieved 8 April 2015.
  9. ^ "Protecting Consumer Information: Can Data Breaches Be Prevented?" United States House Committee on Energy and Commerce. 5 February 2014. Retrieved 8 April 2015.
  10. ^ "Singtel to Acquire Trustwave to Bolster Global Cyber Security Capabilities". Trustwave. 7 April 2015. Retrieved 9 April 2015.
  11. ^ Shu, Catherine (7 April 2015). "Singtel Acquires Chicago-based Cybersecurity Firm Trustwave For $810M". TechCrunch. Retrieved 13 April 2015.
  12. ^ "Two million stolen Facebook, Twitter, Yahoo, ADP passwords found on Pony Botnet server". ZDNet. 4 December 2013. Retrieved 21 April 2015.
  13. ^ "'Pony' botnet steals bitcoins, digital currencies: Trustwave". Reuters. 24 February 2014. Retrieved 21 April 2015.
  14. ^ Schwartz, Mathew J. (26 March 2014). "Target, PCI Auditor Trustwave Sued By Banks". Darkreading. Retrieved 9 April 2015. CS1 maint: discouraged parameter (link)
  15. ^ Heun, David (25 March 2014). "Banks Sue Security Vendor Trustwave After Target Data Breach". American Banker. Retrieved 9 April 2015. CS1 maint: discouraged parameter (link)
  16. ^ Kirk, Jeremy (1 April 2014). "Banks withdraw data breach claim against Target". ComputerWorld. Retrieved 9 April 2015. CS1 maint: discouraged parameter (link)
  17. ^ "Security firm Trustwave says Target data breach claims baseless". Reuters. 29 March 2014. Retrieved 9 April 2015. CS1 maint: discouraged parameter (link)
  18. ^ "Gartner Magic Quadrant Analysis". MSSP Alert. 1 March 2018. Retrieved 4 July 2018. CS1 maint: discouraged parameter (link)
  19. ^ "Trustwave Named a Leader in IDC MarketScape for Emerging Managed Security Services Providers". Marketwired. 2 September 2016. Retrieved 12 September 2016. CS1 maint: discouraged parameter (link)
  20. ^ "Trustwave Named a Challenger in 2015 Gartner Magic Quadrant for Global Managed Security Service Providers". Marketwired. 4 January 2016. Retrieved 17 January 2016. CS1 maint: discouraged parameter (link)