We Become Sophos Authorized Partner

Trilight Security OÜ has recently been designated as Sophos Reseller. This is a title which opens to us the new opportunities to bring intelligent and reliable cybersecurity solutions to the market. These premium security solutions allow our customers to enjoy various benefits which the next-gen security tools and endpoint protections Sophos offers.

In the first place, these are small and mid-sized business that will benefit from simplified cybersecurity management offered by Sophos solutions and Trilight Security team taking advantage of the in-depth training and support by partner vendor.

Through this partnership we will be able to provide our customers with comprehensive range of Sophos solutions, securing systems and data against modern cyber threats, minimizing the risks and inspiring confidence based on earned reputation of the vendor: Sophos is well known for going above and beyond to provide partners with best industry cybersecurity solutions and superior support.

Trilight Security offers a long range of Sophos products and can assist customers with consulting, selection, installation and management of its facilities.

About Trilight Security

Trilight Security is a Managed Security Service Provider based in Estonia, European Union. We work with customers from small and medium to enterprises, with focus on providing reliable and affordable cybersecurity services to SMB from EU and Associated Countries. Our qualified cybersecurity and IT experts detect, investigate, respond to threats before they disrupt business or take necessary steps to minimize their potential or real impact. More information is available at www.trilightsecurity.com

About Sophos

As a worldwide leader in next-generation cybersecurity, Sophos protects more than 400,000 organizations of all sizes in more than 150 countries from today's most advanced cyber threats. Powered by SophosLabs's global threat intelligence and data science team, Sophos' cloud-native and AI-powered solutions secure endpoints (laptops, servers and mobile devices) and networks against evolving cyberattack techniques, including ransomware, malware, exploits, data exfiltration, active-adversary breaches, phishing, and more. Sophos Central, a cloud-native management platform, integrates Sophos' entire portfolio of next-generation products, including the Intercept X endpoint solution and the XG next-generation firewall, into a single "synchronized security" system accessible through a set of APIs. Sophos has been driving a transition to next- generation cybersecurity, leveraging advanced capabilities in cloud, machine learning, APIs, automation, managed threat response, and more, to deliver enterprise-grade protection to any size organization. Sophos sells its products and services exclusively through a global channel of more than 53,000 partners and managed service providers (MSPs). Sophos also makes its innovative commercial technologies available to consumers via Sophos Home. More information is available at www.sophos.com.

GoodFirms Publishes Interview with Trilight Security CEO

The GoodFirms.co, a renowned B2B service suppliers reviews service has chosen Trilight Security CEO for the interview.

GoodFirms: Please introduce your company and give a brief about your role within the organization.

Trilight CEO: We are Trilight Security, a cybersecurity services provider. Basically, we are the MSSP and provide managed security service to our SMB customers and larger enterprises. I'm one of the co-founders of the company and currently perform CEO duties...

Read further on the GoodFirms.co

Trilight Security Featured as One of the Most Reviewed IT Services Companies in Estonia

This year marks an important milestone for Trilight Security as we are celebrating our first year in the IT industry! Over the past year, we've been working with small and mid-market businesses across industries such as financial services, information technology, business services, and more.

The Manifest recognized our efforts and named us a Most Reviewed IT Services Company in Estonia! This award is due to the numerous positive reviews we've received so far.

Our journey began in Tallinn, Estonia when Trilight Security was founded with the mission of providing world-class cybersecurity services. Since then, we've worked with various clients in Europe and beyond.

Our collaboration with organizations from aerospace industry demonstrates the scale and impact of our work. We partnered with the Ukrainian-based aerospace agency in 2020, and we conducted tests on their IT infrastructure. We simulated attacks and identified vulnerabilities in their system. Our work allowed the client to meet their country's IT requirements. They praised our superb knowledge throughout the process.

Positive feedback from such customers led the Manifest to include us on their list of Most Reviewed IT Services Companies in Estonia for 2021!

The Manifest is a B2B resource guide that analyzes and compiles industry data. Their website features leading companies to allow entrepreneurs and business managers to connect with the perfect agencies for their needs.

We're proud to receive this award from the Manifest. This recognition speaks to our expertise as an IT agency, and it affirms our dedication to our clients. Being recognized as an industry leader is no small feat, and with this award, we're only inspired to continue improving our technology and innovating our approaches.

Do you have any projects in mind? Contact us today, and let's discuss how we can work together to reach your goals!

Trilight Security Has Been Featured 4th Among Top 40 IT Service Companies in Estonia

The Manifest, a renowned business news and how-to website, a sister website of Clutch, which is a famous B2B ratings and reviews platform. The Manifest launched in February 2018 and since then won a reputation for the data-driven benchmarks, how-to guides and agency shortlist.

In August, 2021, The Manifest published its new shortlist TOP 40 IT SERVICES COMPANIES IN ESTONIA, where Trilight Security has been featured at high fourth place among top Estonian IT Services companies, and basically, the top company regarding cybersecurity specialization.

Trilight Security Team is proud to get yet another confirmation of its skills and efforts in cybersecurity field.

Read the shortlist on The Manifest

Trilight Security Featured among Top Cybersecurity Consulting Companies 2021 by Superbcompanies.com

Trilight Security is proud to announce that we were ranked in the list of top Cybersecurity Consulting Companies.

Superbcompanies.com is a portal that helps companies looking for IT, Cybersecurity, Software Development etc. service providers find reliable partner. To achieve this goal companies featured on Superbcompanies.com undergo thorough assessment based on such criteria as industry presence, expertise level, quality and reliability of services, and more.

Superbcompanies.com has more than 10 years of experience analyzing businesses and their qualification worldwide. Creating list of top providers of IT-related services, this portal helps potential customers make justified buying decisions.

Trilight Security was featured among Cybersecurity Consulting Companies due to recognition by existing customers and demonstrated ability to provide high-quality cybersecurity services such as Managed Security and more:

  • Penetration Testing
  • Vulnerability Analysis
  • Security Monitoring
  • Threat Analysis & Management
  • Incident Response
  • SOC-as-a-Service
  • Cybersecurity Audit
  • Cybersecurity Outsourcing & Outstaffing

Trilight Security is a Managed Security Services Provider (MSSP) with focus on customers from small and medium businesses. We also provide managed IT services and cloud services to have all IT assets of our customers running smoothly and protected reliably.

Thank you to the Superbcompanies team.

How to Choose MSSP?

When you decide to find a Managed Security Services Provider (MSSP) which will meet your technological needs and business requirements, the most important thing is to develop a list of criteria to make a proper selection. MSSPs come to stay with you for a long period of time so you should better minimize the number of known unknowns to avoid risks and build successful partnership.

To find a good fit among various MSSPs pay attention to the following:


Customer references will always be the ultimate measure for B2B solutions and services providers. The easiest way is to check whether online reviews of the company in question are available for you. Go to Clutch, GoodFirms, etc or at least use Google and you will definitely find enough pro (or contra) information.

Such references can give you rather realistic idea of how relations with MSSP will develop. In addition, there is always a chance to find some secondary technical or business details which might prove to be valuable exactly for you.

The more sources offer references about your potential partner the better it is for you.

Internal Security

As we all know by now, even cybersecurity companies have no guarantee against cyber attacks. Attacking cybersecurity vendor or service provider may open backdoors to IT assets of dozens and hundreds of their customers. So, a mandatory requirement to every cybersecurity company, including but not limited to MSSPs, is that they have an extremely reliable internal cybersecurity program.

Just get clear and concise answers from MSSP to such questions as where your data will be stored, what kind of encryption is used and what backup and restore policy/solutions are used by MSSP itself and for its customers. As you are going to have nearly the same level of security for your data with this provider.

When MSSP has respective certification, such as ISO 27001, is a very good sign. However, as a rule, they are not mandatory for MSSPs and quite expensive to get. For these reasons they are usually obtained by large MSSPs, but not mid-sized or small. With smaller MSSPs you should first check personal certificates of employees.


Once again, MSSPs can have or can have no certifications from ISO or vendors. If they have, that's great, but do not forget to check their authenticity at websites of issuing bodies. Just to make sure :).

This is a rare occasion that some unscrupulous group of people calling themselves MSSP will forge such certificates. Still, there is sense in going to vendors' sites and checking existence of the partnership status in question.

As far as vendor partnership suggest partner agreements with certain obligations as to selling, MSSP will not necessarily have such statuses. Their managed security provision platforms for surely will be based on solutions and products by some vendors. But MSSP can very well just use them, not sell, as partnership suggests. How will you check credibility of MSSP in such a case? Again, go for personal certificates. All-in-all, it is the MSSP team that guarantees your security, and not simply a set of cybersecurity solutions.


MSSP will have its cybersecurity services platform based on carefully selected and integrated solutions. In most cases the customers will also have their cybersecurity solutions. Sometimes, MSSP might accept your solutions and integrate them into managed security services delivery process. This might simplify transition to partnership for you and increase ROI of your cybersecurity program.

In most cases it will be a preferred scenario for you as a customer, yet MSSP might decline your existing cybersecurity infrastructure because it is outdated compared to its platform, or its platform is perfectly sufficient for selected package of services and MSSP doesn't want additional efforts (and expenses for both of you). Sometimes, MSSP will suggest an alternative to cybersecurity solutions currently used by you. Anyway, if you already have implemented cybersecurity infrastructure, discuss its destiny with your potential managed security provider.


When signing agreement with MSSP it must define, in addition to different SLA aspects, such thing as frequency of communications under normal conditions, when no attack is in progress or no incidents require immediate attention.

Always ask for clearly defined schedule of communications with MSSP. Those can be quarterly, monthly or weekly reports of number of vulnerabilities discovered and removed, incidents handled and so on, weekly video conferences with fixed duration, just to make sure that joint cybersecurity process goes on the way it has to.

Make sure that emergency communications are clearly defined as well, as this is what you are partnering with MSSP for. Readiness of MSSP to meet your expectations in this area will be a clear sign of smooth communications after the contract is signed.

How MSSP Will Close Gaps in Cybersecurity of Your Business?

Security gaps in any business or organization are most commonly caused by:

  1. Absent or insufficient cybersecurity personnel, thus unable to react or react timely on cybersecurity incidents and not available 24x7.
  2. Absent or insufficient cybersecurity solutions protecting your IT assets, leaving vulnerabilities not removed, threats not mitigates and incidents not even detected before it's too late.
  3. Absent or insufficient processes to maintain cybersecurity at a proper level (awareness trainings etc).

All of these issues are addressed by partnership with MSSP:

  1. MSSPs will complement or fully replace the in-house cybersecurity team and in most cases, especially for SMB, the MSSP's personnel will be better trained for mitigating cybersecurity threats in real-time mode. One more important thing it that MSSP can provide SOC services in 24x7x365 mode and they will be much more affordable than in-house team working in such mode.
  2. Collection of cybersecurity tools and solutions is in no way a guarantee for reliable protection. Those tools and solutions have to be properly set up, operated, maintained and, which is critically important, integrated. Data exchange and correlation have to be efficiently done. This is something not always found even in large corporations, to say nothing of SMBs. MSSPs, on the contrary, have their managed security platforms designed, implemented and operated in very high quality and up-to-date manner in most cases, which makes them efficient and adequate to modern cybercrime treats. And this cybersecurity infrastructure with guaranteed efficiency can be made available to customer at very reasonable cost. What's important, the customers will not have to take care of or bear the costs of keeping this cybersecurity platform up-to-date.
  3. It's important to understand that whether you have or have no partnership with MSSP, your personnel has to have proper training in cybersecurity for their usual operational and business activities. Phishing, malwares, ransomware, social engineering etc. But if something goes wrong and some employee makes a mistake or just gets mislead by some cunning attack, MSSP will greatly increase chances that no damage will be caused or it will be minimized to a tolerable level.

Cybersecurity Market in 2021

Cybersecurity remains one of the critically important priorities all around the world, especially in view of the fact that there appear more and more threats, emerge new vulnerabilities and frequency of attacks is very unlikely to subside. Based on it, Canalys analysts forecast further growth of investments into cybersecurity. Below are some considerations by Canalys™ experts.

It is estimated that global cybersecurity spending will grow by 10% in 2021 to surpass $60 billion. According to Canalys this market reached the size of $54 billion in 2020. This amount includes expenses on endpoint security solutions, web and email security, data security, vulnerability analysis as well as identification and access management solutions.

Experts note, that even in the worst case scenario global expenses on cybersecurity will grow by 6,6% in 2021 to reach $57,7. This forecast takes into account the significant and long-lasting economic effect of numerous pandemic limitations as well as proliferation of new virus strains. Canalys analysis shows that despite pandemic, cyber security budgets remain mostly unchanged or even grow. On the other hand, SMB expenses suffered limitations and personnel reduction had an impact on some cyber security contracts, especially in HoReCa, retail and transport. Logistic issues had negative impact on cybersecurity hardware supplies in early 2020 but later the situation normalized. Despite growing cybersecurity expenses the number of incidents including personal data leaks and compromise, as well as ransomware attacks reached a record level in 2020.

According to Canalys, more than 12 records personal data entries were leaked in 2020 while the number of ransomware attacks grew by 60% Among main reasons for growing number of cybersecurity incidents there are errors in cloud data bases settings and phishing campaigns launched against remote employees lacking sufficient cybersecurity protection and training. As far as remote work and education go on and digitalization is developing, analysts expect negative trends in cybersecurity to persist in 2021.


Christmas Fraud or How to Defend Your Money and Business During Sales Time and After

Black Friday is behind with all new online sales and cybercrime records (thanks to COVID-19). The Christmas time has come and new sales seasons are to come so there is no good time to forget about cybersecurity risks of every holiday season. Below are some recommendations from Trilight experts.

If you are a buyer, think twice before trusting e-mails and websites during your deals. While millions of buyers go to online shops for pleasant emotions hackers search for confidential personal and financial data.

A popular fraud scheme is based on phishing letters are messages faking well known online brands and online sellers. Take some simple proactive steps to avoid a catch like this:

1. Before trusting the email which you seem to have received from your favourite retail brands or online platforms, make sure you've read its contents attentively. Unusual grammatical or spelling mistakes make a first hint. A good example here are numerous phishing sites gone online during recent Amazon sales on Prime Day. Study sender's email to find more proofs to your suspicions.

2. Do not succumb to temptation of downloading special holiday seasonal subscription or promo codes from suspicious letter. And, of course, never follow the links from such messages. Fraud phishing messages might contain malware or links to wrong URL-addresses which will download to your device zero day malwares or extortion software putting financial and private data at serious risk.

3. If you are not sure about specific messages, try to correlate link in email address with the target link address by pointing to it. If they lead to different addresses, you may inform your Internet access or security service provider of this email to put an end to spreading potential vulnerability among online buyers.

4. And last but not least. Be careful entering URL-addresses manually. One error and you get to erroneous domain with misprint (similar, yet fake URL-address is often a phishing site). To avoid such risks, think about password manager. They are not only a good line of defense from weak passwords, but they also will not be fooled by malicious URL-addresses often overlooked by human eye prone to errors.For sellers: keep your security systems active, duly protected and compatible with PCI DSS.

As we mentioned above not only buyers can become victims of cybercrimes. Below are the action points for sellers to increase their cybercrime resilience.

1. Start with the security training to introduce latest phishing attacks to your team, including data types hunted for by cybercriminals, as well as cunning fraud emails. Give your team a simple way to inform your cybersecurity personnel of such suspicious emails or similar activities.

2. If you plan to keep your physical shops running, make sure all operating systems used at your points of sale have latest security updates. Consider additional security measures such as effective defense against malwares, NGFW, server protection and encryption to protect critically important systems of your retail network. Network segmentation will also help create limited and isolated zones managed with more refined access control.

3. If your retail business uses cloud applications and you have an extended multisite network of branches, franchise and delivery partners then zero trust philosophy becomes critically important. Basic principle is to trust nothing and check everything. It will help establish reliable access to distributed retail network with higher privacy of card holders.

4. Go through mandatory audit to make sure your existing cybersecurity system meets PCI DSS recommendations.

If your retail business does not have sufficient internal experience with cybersecurity or your IT team is not big enough then it is a good reason to engage a cybersecurity partner which will establish continuous monitoring and protection of your retail network, online system etc. from suspicious activities.

Cybersecurity Illusions or Why MSSP Matters

Today all know that building an unbreakable shield is next to impossible. Surprisingly, quite a lot of IT professionals believe that enterprise IT perimeter will stop any attacks. On the one hand, it’s partially true that you can make penetrating perimeter very difficult and expensive, on the other hand, nobody can guarantee that some perimeter is truly unbreakable.

When IT manager realizes that however strong the perimeter might be it can not guarantee absolute security the next step will be understanding that one now needs invest attention and financial resources into IT infrastructure. It is necessary to create the ability to monitor it, find traces of attackers’ actions and take countermeasures to prevent achievement of attack objectives (theft or destruction of information, financial frauds, extortions, etc.).

Let us stress the importance of it once again:

First and foremost, it is always a very good idea to have information about what is happening in IT infrastructure and not only for security reasons.

Second, no attack develops with lightning speed. Attackers need time to recognize hosts and resources, get understanding of internal infrastructure, access data and execute harmful action. See attack stages as explained by MITRE ATT&CK which is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

The bottom line is that we need to track attackers’ activity and catch them ASAP, before they really get access to data.

According to analytics, time between initial compromise and getting access to data ranges between couple of hours or a day. So we need fast and effective search of suspicious or uncommon actions to find tracks of attackers and localize the attack.

Sure, searching and tracking require certain level of expertise and competence of cybersecurity experts. But it is the only way to increase security to level where attempt to attack your infrastructure will become unprofitable for hacker team.  This is a reason behind dramatic growth of interest to SIEM systems, building on-site cybersecurity teams or switching to services of external teams, or MSSPs.

To achieve necessary level of security one needs to get logs and events from infrastructure to track the inside activities. We rely our experience to create minimal set of such sources to get sufficient enough overview of events and have ability to catch suspicious or uncommon actions:

  • System logs from servers and workstation logs;
  • Specific database logs;
  • Events from antimalware software, antivirus/endpoint protection system/endpoint detection & response;
  • Next Generation Firewall/ IPS/IDS logs & events
  • Router/gateway logs;

Besides, a very effective tool will be Deception or Honeypot systems, which simulate defenseless resources which will be very attractive for hackers, like Domain Server, Data Base, etc. Any attempt to attack or interact with this ghost will be logged and analyzed because real user will not access such Honeypot. They just don’t know about such fake resources setup like traps.

Cybersecurity team or MSSP will process total amount of logs and events from all systems, correlate this information, analyze and discover security events (incidents) to investigate, localize and stop harmful activities.