Threat detection and response services provider Trustwave has launched its Trustwave Fusion platform on Amazon Web Services GovCloud – letting Federal agencies and government contractors take advantage of the cloud-native cybersecurity platform to combat ever-changing security threats.
The Trustwave Fusion platform – which originally debuted for the private sector in 2019 – now allows government customers to enlist Trustwave’s help in creating hybrid security operations center (SOC) structures that meet stringent Federal security requirements. Notably, Trustwave Fusion platform leverages a U.S. personnel-only managed services team, and is in process to obtain FedRAMP authorization.
The Trustwave Fusion platform is coming to government just in time for agencies to complete SOC maturation, consolidation, or migration to SOC-as-a-Service by September 2020, as directed by the Office of Management and Budget following the release of its 2018 Federal Cybersecurity Risk Determination and Action Plan.
Platform capabilities are strengthened by Trustwave’s data lake, advanced analytics, and actionable threat intelligence. Federal customers also can add to their own security teams the advantage of elite security specialists from the Trustwave SpiderLabs operation – providing a quick remedy for the perennial problem of competing for scarce security talent in the marketplace. Finally, the platform unites capabilities on a single pane of glass that can be managed via desktop, tablet, or mobile phone.
“The scale and scope of government cybersecurity challenges are bigger than ever,” said Bill Rucker, president of Trustwave Government Solutions. “The adversarial landscape is so complex, and agencies continue to face a massive cyber workforce gap. As mobility and cloud widen the attack surface, user behavior patterns have become more difficult to monitor. By unifying powerful threat detection and response services and technologies with some of the top talent in cybersecurity, Trustwave can help agencies respond to attackers’ evolving tactics,” he said.
U.S.-Only Security
Of particular importance for Federal agencies, Trustwave said the Fusion platform “runs completely in-country and enforces a ‘U.S. eyes only’ policy, helping ensure that prime contractors and the cyber supply chain are secure.”
Trustwave Government Solutions carries a “Superior” rating from the Defense Counterintelligence and Security Agency (DCSA), and enables customers to adhere to International Traffic in Arms (ITAR) regulations, FedRAMP requirements, Defense Federal Acquisition Regulation Supplement (DFARS) rules, along with Defense Department Impact Levels 2, 4, and 5, and Cybersecurity Maturity Model Certification (CMMC) requirements.
“We’ve been delivering this solution globally for about four years, and now we’ve taken the necessary steps to make this offering consumable by the U.S. government,” Rucker said in an interview with MeriTalk. He said Trustwave’s investment in making the product a cloud-native solution for AWS GovCloud has been geared toward making it highly secure for government agencies to use. That includes “making sure that U.S. citizens are the only people that have access to the data, so the level of integrity and security from an access perspective is very high.”
“In our global operations, we have nine SOCs around the world, and a lot of different people interacting with data. But for Fusion on GovCloud, it’s only dedicated staff who are U.S. citizens,” Rucker said. “No other people outside the group have access to the platform, therefore the government can be assured that their data isn’t being viewed offshore, or by anyone that’s not a U.S. citizen.”
SOC Evolution
Rucker said the Trustwave Fusion platform can advance the capabilities of Federal government security operations by expanding available resources, and going beyond the traditional mindset of endpoint security.
“The concept of a SOC, or the concept of a managed service provider, isn’t this new revolutionary thing,” Rucker told MeriTalk. “But what’s new is the ability to have eyes on glass anywhere at any time, and to try to take that level of service to the next step. In the past, it’s just been on the edge, and from a network operations perspective is the edge up or down, and is the firewall up or down. But this platform is providing proactive, advanced cyber professionals that extend your existing team, and give you that 24-by-7 extra level of expertise and granularity into your environment from a security operations perspective.”
“The industry is evolving away from the concept of calling it a SOC, or calling it managed services, and more toward calling it managed threat detection and response. And that’s really where we break through with the platform,” Rucker said. “There are a lot of different endpoint protection tools, but when we look at managed threat detection, that’s going beyond the edge, and that’s putting in experts with cybersecurity endpoint detection threat tools that are able to do threat hunting in real time and incident response and investigation in real time to quarantine assets and eradicate threats.”
“It gives our customers what we call a ‘traffic light protocol’ that allows us to take action based on something we are seeing so we can isolate a host and eradicate a threat, or we ask for some interaction between the end user if we believe something to be bad, and provide some enrichment by using additional data if we think this is something you should be aware of. Then the customer can take that next step to look beyond that to see if they truly want to isolate a host.”
Workforce Augmentation
The ability to add muscle to cybersecurity operations through remote means makes even more sense when the coronavirus pandemic has served to separate the human elements of the workforce – and may continue to do so far down the road.
Rucker said the economics of running increasingly expensive security operations has led organizations to adopt more “hybrid” SOC models where offsite contractors help in the overall security effort but don’t come to work every day at a Federal SOC facility. During the pandemic, he noted, “there’s been a big scurry for everyone to get remote access” to be able to keep SOC operations running as the pandemic forces more remote work.
“In a hybrid SOC model or hybrid managed services model, you already have those economies of scale built in, whether your data is already in a hybrid transformation where some of the data is on site on prem, or some of it is in the cloud, you have people now that have the ability to give additional support,” he said.
Cost Factors
Never far from the government equation on whether to adopt new services are the costs to implement them, and that factor will only become more important when the full cost of the Federal switch to telework becomes more clear in the coming months.
On the cost front, Rucker talked about why Federal agencies turn to managed services. “The reason that the government has embraced managed services historically is because of the potentially huge cost savings,” he said. “It’s about economies of scale, the ability to have the support of software, and the ability to consolidate tools you may already be using.”
With the Trustwave Fusion platform, he said, “there are staff members you don’t have to worry about, there is staff turnover that doesn’t come into play, there is training that is already taken care of, and there is the latest and greatest in cybersecurity expertise. You can have threat hunters that are doing proactive threat hunts all the time.”
“The biggest difference is you can have those extra hands, if you will, constantly servicing you from the cyber perspective in a heightened threat landscape,” Rucker said. “In a very short period of time, the expertise of the adversary has grown beyond what we’ve ever seen, and we’re constantly chasing to be able to keep pace with the new threats are evolving. Without proactive measures like the Trustwave Fusion platform, security has to spend all their time chasing the incident, rather than intercepting the threat.”
