“The attack surface along with regulatory responsibilities on how data is protected continues to evolve to a point where no single company has all the right answers when it comes to cybersecurity security,” said Rob Stitch, senior vice president of consulting and professional services at Trustwave. “By sharing successful roadmaps, security frameworks and providing meaningful peer communications, Trustwave Security Colony harnesses the power of the collective to help solve security issues organisations face.”
Trustwave Security Colony is based on thousands of hours of actual consulting projects helping organisations implement new information security programs and heightening levels of security maturity. The platform is available to any organisation as a standalone resource or can be tied to existing Trustwave Consulting and Professional Services to augment security risk assessments, technology planning and implementation and security testing.
Trustwave Security Colony includes:
· Extensive document resources library -- At the heart of Trustwave Security Colony is a large repository filled with battle-tested cybersecurity strategies, implementation frameworks, best practices and other documents. Organisations use the library to gain insights on everything from implementing a successful incident response plan and conducting internal security audits to improving threat detection and response. Grouped documents on definitive topics such as achieving certain regulatory compliance offers step by step guides for security professionals to follow.
· Security maturity assessments -- Trustwave Security Colony gives organisations the means to quickly assess security maturity and threat risk based on business size, industry and geography. The assessment applies the NIST Cybersecurity Framework along with a comprehensive questionnaire to gauge an organisation’s aptitude to identify, detect, respond and recover from security incidents. Based on results, detailed recommendations are given along with work plans and milestones to track security maturity progress over time.
· On-demand vendor risk assessments -- As businesses add to their partner network, this feature helps delineate which outside parties pose a greater security risk to operations. A vendor risk assessment tool scans and analyses third-party internet domains and generates a score reflecting vendor and supplier security integrity. The scans check email settings, domain name system configuration, sensitive ports, Transport Layer Security certificate health and signs of malicious activities such as the presence of malware or spyware.
· Breach monitoring and alerting -- Organisations can set up stored searches based on domain names, email addresses, businesses names and other unique identifiers and correlate them against dumped content on the dark web, public breach lists and popular text storage sites. Searches are monitored each day and, if a match is found, a notification is sent to give warning of a potential incident or compromise.
· Access to high-level security expertise -- Businesses can obtain answers for challenging security developments direct from the consulting team at Trustwave. Users have the option to seek advice on new projects, technologies, regulations and best practices openly in a public forum or via private one-on-one conversations.