Tag: trustwave

Security vendor sued for poor security

courtroom_1_lgSecurity resellers will be a bit nervous about the outcome of a court case in the US where an anti-virus software maker has been sued after a casino became infected with malware.

If the case against Trustwave succeeds it could mean that security companies could be sued if they fail to stop serious breaches.

US casino chain Affinity Games is suing Trustwave, a cyber-security vendor that was brought in to investigate a card breach but failed to detect and stop a malware incident on Affinity’s servers, which led to the escalation of a previous card breach.

In October 2013 Affinity Games was notified of fraudulent credit card activity on the bank accounts of numerous victims and it hired Trustwave to sort out what was believed to be malware on its system.

Trustwave was hired to investigate and stop a credit card breach. In January 13, 2014, Trustwave reassured the casino chain that the incident “has been contained” and that a “backdoor component appears to exist within the code base, but was inert.”

Trustwave also said that the malware’s author became aware that he was detected, and stopped all activity on October 16, 2013, also removing and deactivating some of the malware’s components.

In April 2014 the server and the application from where the suspicious activity was coming were previously tested and deemed safe in Trustwave’s report.

On April 19, 2014, Affinity hired another cyber-security investigator, Mandiant, a FireEye subsidiary, to investigate these new findings in depth. It found that the breach thought shut down by Trustwave had continued to be open until April 27, 2014, when Mandiant security experts shut it down.

Affinity says that Trustwave failed to remove the malware it discovered, failed to find all pieces of the malware, and also failed to identify evidence in some logs it looked at.

In its lawsuit, Affinity claims that “Mandiant’s investigation and remediation confirmed that Trustwave’s representations were clearly inaccurate, and its efforts woefully lacking.”

Affinity is looking for damages in excess of $100,000.

Singtel buys US security outfit

history-of-headphones-1895Singapore Telecommunications, or Singtel, is buying US-based cyber-security firm Trustwave for $810 million.

The move is the outfit’s biggest acquisition outside the main telecoms sector and is being touted as a Singtel moving away from being a pure-play telecoms company.

Apparently it wants to be involved in something analysts are calling “digital life”, which includes mobile video and digital advertising, and cyber security through partnerships with FireEye and Akamai, among others. Failing that it wants to be lumberjack.

Even if Singtel had no cunning plans, there is money to be made in the managed security services industry according to Gartner Group. Managed security will grow 15 percent annually from 2014 to reach $24 billion in 2018.
That growth potential has already stoked other acquisitions in the cyber-security business, including BAE’s $232.5 million deal to buy SilverSky and FireEye’s $1 billion takeover of Mandiant, both in 2014.

Singtel, which owns stakes in regional operators including India’s Bharti Airtel and Thailand’s Advanced Info Service, will buy a 98 percent equity stake in the company from a group of investors assembled by Trustwave’s chairman and chief executive officer, Robert McCullen. He will hold the remaining 2 percent.

Trustwave will continue to operate as a stand-alone business unit, Singtel said.
Trustwave, which has over 3 million business subscribers, offers a range of services, including scanning of databases, risk identification and payment compliance. Singtel declined to provide names of specific clients.