Trustwave is promising to stop any data hacking attempts against a client made through a Web browser, but the tradeoff is the client has to give Trustwave hands-on control of its Web security.
"In a managed service environment, instead of a company having their IT guys go in and make changes to a policy, they get out of our way," says Stephen Brunetto, director of product management at Trustwave. "We make those [requested] changes in a secure fashion to accommodate their business processes."
Trustwave guarantees to detect and stop 100% of malware coming through the Web for companies using the managed service. If a client has experienced a malware infection through a Web browser despite using Trustwave's service, and Trustwave confirms this, the client gets a one-month extension of security service.
If an attack comes through an open port in another part of the system, it is not covered as part of this particular malware guarantee. Trustwave offers other security services for firewalls and other ports.
In a recent survey sponsored by the Chicago-based company, 74% of nearly 160 organizations polled in a survey said they suffered a malware infection through the Web in the past year.
"The Web is one of the primary attack vectors for malware infecting systems and giving criminals access to sustained attacks," Brunetto says.
Brunetto could not specifically address the highly publicized Target data breach in which banks filed a lawsuit questioning Trustwave's liability in the incident.
The banks dropped their lawsuit about a week later, as information became public about how Target's system was compromised through stolen HVAC system credentials, not through Web applications. In addition, a letter from Trustwave CEO Robert McCullen asserted Trustwave had no involvement with Target's breach and did not provide security services to the retailer.
This week, Trustwave is also rolling a Big Data Backend threat intelligence component to its managed services, Brunetto says.
"That means we are going to see all of the transactions, the blocks and allows, everything that the users of the company are doing," Brunetto says. Such surveillance allows Trustwave to complete thorough investigations if a suspected malware incident occurs, he adds.
Trustwave is demonstrating confidence in its managed anti-malware service by "upping the ante and putting some financial teeth behind it, says Michael Osterman, a Web security expert and industry analyst at Black Diamond, Wash.-based Osterman Research Inc.
"I am not aware of any other guarantees like this," Osterman says. "It used to be that e-mail was the primary attack vector, but now it is the Web."
Many applications now operate in browsers and the proliferation of social media has heavily increased browser use, Osterman says.
Trustwave's anti-malware managed service also protects against zero day threats, which are security flaws that have been discovered but do not yet have an available fix.
"There is no patch for zero day malware, so what we are saying is we can virtually patch the browser," Brunetto says. "When an attack takes place, we have it on our server and we can see it taking place, and don't even have to recognize the code. We see bad behavior and block it."