Trustwave Managed Threat Analysis
Enhance identification of emerging threats
Trustwave SIEM Enterprise and SIEM Operations Edition customers can enhance identification of emerging threats and leverage intelligence and learnt knowledge by adding our Managed Threat Analysis Service.
Improve Your Foresight
Information sharing has been helping law enforcement and intelligence communities improve their capabilities for a long time. Trustwave Managed Threat Analysis Service brings the same concept to our SIEM Enterprise and SIEM Operations Edition customers, integrating automatically analyzed threat intelligence and reputation information into the SIEM. This enables forward warning and emerging threat detection within the SIEM, securely synchronized from the Trustwave Cloud.
This service includes 19 SIEM correlations which leverage Open Source, Crowd Source, and Enterprise Source intelligence provided by the service.
Portal User Interface
Included with this service is a configuration and management web based portal. Customers can test the service, review statistics on synchronized and updated threat intelligence through dashboards, and manage configuration of the service with the Trustwave Cloud.
How It Works:
Sources of Intelligence
Trustwave scrutinize and ascertain a minimum level of confidence in the threat data we obtain. The output of this analysis is the intelligence used with the service. Sources of information include:
- A large variety of openly available lists of threat information such as:
- Botnet Domains
- Botnet URLs
- Malware Domains
- Email Phishing
- Phishing Domains
- Phishing URLs
- Information on correlated threats from Trustwave SIEM Enterprise and SIEM Operations Edition customers who opt into crowd-sourcing intelligence.
- May contain true positive information about compromised hosts and malware domains derived from automated SpiderLabs research and behavioral analysis from deployed Trustwave security products such as our Secure Web Gateway.
- Powerful correlations derived from best practices and specific configuration settings to meet customers own local policies and requirements, within their SIEM product.
- Environmental metadata specific to each customer's environment and assets, within their SIEM product.
Trustwave Managed Threat Analysis Service is after all, a service. We guide customers through provisioning, registration and secure information synchronization setup, initial SIEM correlation setup with the 19 included TTCS correlations, test the service with the customers SIEM to ensure the service is functioning and operational, and provide knowledge transfer on the service to Security Analysts and Business owners.
Setting up the service is completed typically within a day. Most customers choose to have services delivered on-site however services can also be delivered remotely.
Download the Trustwave SIEM Data Sheet (PDF).