Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As we look ahead to 2022, we should pause to reflect on the trends of the past year. Ransomware and supply chain attacks have become two of the top concerns for organizations following a series of high-profile attacks, such as those conducted against Colonial Pipeline, SolarWinds and Kaseya. In 2021, our Project Memoria revealed close to 100 different vulnerabilities in common TCP/IP stacks, affecting hundreds of operational technology (OT) vendors.

On November 10, 2021, Palo Alto Networks released advisories for eight different vulnerabilities affecting the company’s VPN firewall products. The vulnerabilities’ criticality ranges from ‘medium’ to ‘critical,’ with the most severe vulnerability, CVE-2021-3064 (CVSSv3.1 of 9.8), allowing for unauthenticated remote code execution, or RCE.

Today, we’re announcing our $50 million Series B funding led by Insight Partners with participation from SentinelOne, GGV Capital, and Bessemer Venture Partners. Together with them, we believe that security teams deserve better. Better ways to collaborate, better ways to work, better ways to keep our lives and livelihoods protected.

Trustwave has been accredited by the internationally-recognized professional certification board CREST for its world-class vulnerability assessment services. Trustwave is now uniquely accredited with multiple CREST accreditations across Vulnerability Assessment (VA), Intelligence-Led Penetration Testing (STAR), Penetration Testing (PEN TEST) and STAR-FS Intelligence-Led Penetration Testing.

While we are a long way from implementing Skynet, using machine learning combined with automation to make real-time decisions is here. In a recent talk at Sumo Logic Illuminate, Dave Frampton, General Manager of Cloud SIEM and Security Analytics, discusses the future of security with Vijaya Kaza, Head of Engineering and Data Science for Trust & Safety and Chief Security Officer at Airbnb. Kaza describes how automation, machine learning and AI can strengthen a company's overall security posture.

Gartner made an interesting prediction just a few years ago: “Through 2025, 99% of cloud security failures will be the customer’s fault.” Practically every single cloud security failure can be fairly described as a misconfiguration of one kind or another. The 2025 end is kind of arbitrary, really; the prediction is likely to be true until the end of time. In my previous article, I discussed targeting these misconfigurations at their root.

In our last blog post How to Pass a FedRAMP Audit for SaaS Providers: Part 1 , we looked at what FedRAMP is and why it matters for SaaS providers. We also discussed a success story with one publicly traded Teleport SaaS customer who used Teleport to pass their FedRAMP audit.